Howdy, I've submitted bug 5242 with an attached patch diff for supporting the IPFIX file format, per RFC 5655. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5242
The one open issue/question I have regards a heuristic for determining if it's the right file type. Unfortunately, the IPFIX file format has no magic sequence, and is literally just the IPFIX/Netflow_v10 messages in a file. Right now, the open routine just checks if the first byte is the right version number, i.e. that the first two bytes of the file are 0x000A. That's good enough to separate it from ascii files, obviously, but will probably collide with other binary file formats. So... should I have the open routine also try to parse the messages further, or parse multiple messages? or should I just leave it as is? -hadriel ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
