git.samba.org / metze / wireshark / wip.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixup: tvb_get_string(z) -> tvb_get_string(z)_enc
[metze/wireshark/wip.git] / epan / dissectors / packet-sflow.c
1 /* packet-sflow.c
2  * Routines for sFlow v5 dissection implemented according to the specifications
3  * at http://www.sflow.org/sflow_version_5.txt
4  *
5  * Additional 802.11 structures support implemented according to the
6  * specifications at http://www.sflow.org/sflow_80211.txt
7  *
8  * By Yi Yu <yiyu.inbox@gmail.com>
9  *
10  * TODO:
11  *   802.11 aggregation data dissection                         (sFlow v5)
12  *
13  *
14  * Based on Jeff Rizzo's <riz@boogers.sf.ca.us> dissector for sFlow v2/4
15  * in Wireshark 1.0.8 public release.
16  *
17  * Wireshark - Network traffic analyzer
18  * By Gerald Combs <gerald@wireshark.org>
19  * Copyright 1998 Gerald Combs
20  *
21  * This program is free software; you can redistribute it and/or
22  * modify it under the terms of the GNU General Public License
23  * as published by the Free Software Foundation; either version 2
24  * of the License, or (at your option) any later version.
25  *
26  * This program is distributed in the hope that it will be useful,
27  * but WITHOUT ANY WARRANTY; without even the implied warranty of
28  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
29  * GNU General Public License for more details.
30  *
31  * You should have received a copy of the GNU General Public License
32  * along with this program; if not, write to the Free Software
33  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
34  *
35  *
36  * This file (mostly) implements a dissector for sFlow (RFC3176),
37  * from the version 4 spec at http://www.sflow.org/SFLOW-DATAGRAM.txt .
38  *
39  * TODO:
40  *   Fix the highlighting of the datastream when bits are selected
41  *   split things out into packet-sflow.h ?
42  *   make routines more consistent as to whether they return
43  *     'offset' or bytes consumed ('len')                       (sFlow v2/4)
44  *   implement sampled_ipv4 and sampled_ipv6 packet data types  (sFlow v2/4)
45  *   implement extended_user                                    (sFlow v2/4)
46  *   implement extended_url                                     (sFlow v2/4)
47  *   implement non-generic counters sampling                    (sFlow v2/4)
48  */
49
50 #include "config.h"
51
52 #include <glib.h>
53
54 #include <epan/packet.h>
55 #include <epan/exceptions.h>
56 #include <epan/prefs.h>
57 #include <epan/expert.h>
58 #include <epan/to_str.h>
59 #include <epan/ipproto.h>
60
61 #define SFLOW_UDP_PORTS "6343"
62
63 void proto_register_sflow(void);
64
65 static dissector_handle_t sflow_handle;
66
67 /*
68  *  global_sflow_ports : holds the configured range of ports for sflow
69  */
70 static range_t *global_sflow_ports = NULL;
71
72 /*
73  *  sflow_245_ports : holds the currently used range of ports for sflow
74  */
75 static gboolean global_dissect_samp_headers = TRUE;
76 static gboolean global_analyze_samp_ip_headers = FALSE;
77
78 #define ENTERPRISE_DEFAULT 0
79
80 #define ADDR_TYPE_UNKNOWN 0
81 #define ADDR_TYPE_IPV4    1
82 #define ADDR_TYPE_IPV6    2
83
84 #define FLOWSAMPLE 1
85 #define COUNTERSSAMPLE 2
86 #define EXPANDED_FLOWSAMPLE 3
87 #define EXPANDED_COUNTERSSAMPLE 4
88
89 static const value_string sflow_245_sampletype[] = {
90     { FLOWSAMPLE,              "Flow sample"},
91     { COUNTERSSAMPLE,          "Counters sample"},
92     { EXPANDED_FLOWSAMPLE,     "Expanded flow sample"},
93     { EXPANDED_COUNTERSSAMPLE, "Expanded counters sample"},
94     { 0, NULL}
95 };
96
97 #define SFLOW_5_IEEE80211_VERSION_A 1
98 #define SFLOW_5_IEEE80211_VERSION_B 2
99 #define SFLOW_5_IEEE80211_VERSION_G 3
100 #define SFLOW_5_IEEE80211_VERSION_N 4
101
102 static const value_string sflow_5_ieee80211_versions [] = {
103     { SFLOW_5_IEEE80211_VERSION_A, "802.11a"},
104     { SFLOW_5_IEEE80211_VERSION_B, "802.11b"},
105     { SFLOW_5_IEEE80211_VERSION_G, "802.11g"},
106     { SFLOW_5_IEEE80211_VERSION_N, "802.11n"},
107     { 0, NULL}
108 };
109
110 /* interface counter types */
111 #define SFLOW_245_COUNTERS_GENERIC 1
112 #define SFLOW_245_COUNTERS_ETHERNET 2
113 #define SFLOW_245_COUNTERS_TOKENRING 3
114 #define SFLOW_245_COUNTERS_FDDI 4
115 #define SFLOW_245_COUNTERS_VG 5
116 #define SFLOW_245_COUNTERS_WAN 6
117 #define SFLOW_245_COUNTERS_VLAN 7
118
119 static const value_string sflow_245_counterstype[] = {
120     { SFLOW_245_COUNTERS_GENERIC,  "Generic counters"},
121     { SFLOW_245_COUNTERS_ETHERNET, "Ethernet counters"},
122     { SFLOW_245_COUNTERS_FDDI,     "FDDI counters"},
123     { SFLOW_245_COUNTERS_VG,       "100baseVG counters"},
124     { SFLOW_245_COUNTERS_WAN,      "WAN counters"},
125     { SFLOW_245_COUNTERS_VLAN,     "VLAN counters"},
126     { 0, NULL}
127 };
128
129 #define MAX_HEADER_SIZE 256
130
131 #define SFLOW_245_PACKET_DATA_TYPE_HEADER 1
132 #define SFLOW_245_PACKET_DATA_TYPE_IPV4 2
133 #define SFLOW_245_PACKET_DATA_TYPE_IPV6 3
134
135 static const value_string sflow_245_packet_information_type[] = {
136     { SFLOW_245_PACKET_DATA_TYPE_HEADER, "Packet headers are sampled"},
137     { SFLOW_245_PACKET_DATA_TYPE_IPV4,   "IP Version 4 data"},
138     { SFLOW_245_PACKET_DATA_TYPE_IPV6,   "IP Version 6 data"},
139     { 0, NULL}
140 };
141
142 static const value_string extended_80211_suite_type_vals[] = {
143     { 0, "Use group cipher suite"},
144     { 1, "WEP-40"},
145     { 2, "TKIP"},
146     { 4, "CCMP"},
147     { 5, "WEP-104"},
148     { 0, NULL}
149 };
150
151 static const value_string sflow_ifdirection_vals[] = {
152     { 1, "Full-Duplex"},
153     { 2, "Half-Duplex"},
154     { 3, "In"},
155     { 4, "Out"},
156     { 0, NULL}
157 };
158
159 const true_false_string tfs_low_normal = { "Low", "Normal" };
160 const true_false_string tfs_high_normal = { "High", "Normal" };
161 const true_false_string tfs_minimize_monetary_normal = { "Minimize Monetary", "Normal" };
162 const true_false_string tfs_up_down = { "Up", "Down" };
163
164 #define SFLOW_245_HEADER_ETHERNET            1
165 #define SFLOW_245_HEADER_TOKENBUS            2
166 #define SFLOW_245_HEADER_TOKENRING           3
167 #define SFLOW_245_HEADER_FDDI                4
168 #define SFLOW_245_HEADER_FRAME_RELAY         5
169 #define SFLOW_245_HEADER_X25                 6
170 #define SFLOW_245_HEADER_PPP                 7
171 #define SFLOW_245_HEADER_SMDS                8
172 #define SFLOW_245_HEADER_AAL5                9
173 #define SFLOW_245_HEADER_AAL5_IP            10
174 #define SFLOW_245_HEADER_IPv4               11
175 #define SFLOW_245_HEADER_IPv6               12
176 #define SFLOW_245_HEADER_MPLS               13
177 #define SFLOW_5_HEADER_POS                  14
178 #define SFLOW_5_HEADER_80211_MAC            15
179 #define SFLOW_5_HEADER_80211_AMPDU          16
180 #define SFLOW_5_HEADER_80211_AMSDU_SUBFRAME 17
181
182 static const value_string sflow_245_header_protocol[] = {
183     { SFLOW_245_HEADER_ETHERNET,           "Ethernet"},
184     { SFLOW_245_HEADER_TOKENBUS,           "Token Bus"},
185     { SFLOW_245_HEADER_TOKENRING,          "Token Ring"},
186     { SFLOW_245_HEADER_FDDI,               "FDDI"},
187     { SFLOW_245_HEADER_FRAME_RELAY,        "Frame Relay"},
188     { SFLOW_245_HEADER_X25,                "X.25"},
189     { SFLOW_245_HEADER_PPP,                "PPP"},
190     { SFLOW_245_HEADER_SMDS,               "SMDS"},
191     { SFLOW_245_HEADER_AAL5,               "ATM AAL5"},
192     { SFLOW_245_HEADER_AAL5_IP,            "ATM AAL5-IP (e.g., Cisco AAL5 mux)"},
193     { SFLOW_245_HEADER_IPv4,               "IPv4"},
194     { SFLOW_245_HEADER_IPv6,               "IPv6"},
195     { SFLOW_245_HEADER_MPLS,               "MPLS"},
196     { SFLOW_5_HEADER_POS,                  "PPP over SONET/SDH (RFC 1662, 2615)"},
197     { SFLOW_5_HEADER_80211_MAC,            "802.11 MAC"},
198     { SFLOW_5_HEADER_80211_AMPDU,          "802.11n Aggregated MPDU"},
199     { SFLOW_5_HEADER_80211_AMSDU_SUBFRAME, "A-MSDU Subframe"},
200     { 0, NULL}
201 };
202 static value_string_ext sflow_245_header_protocol_ext = VALUE_STRING_EXT_INIT(sflow_245_header_protocol);
203
204 /* extended packet data types */
205 #define SFLOW_245_EXTENDED_SWITCH 1
206 #define SFLOW_245_EXTENDED_ROUTER 2
207 #define SFLOW_245_EXTENDED_GATEWAY 3
208 #define SFLOW_245_EXTENDED_USER 4
209 #define SFLOW_245_EXTENDED_URL 5
210
211 static const value_string sflow_245_extended_data_types[] = {
212     { SFLOW_245_EXTENDED_SWITCH, "Extended switch information"},
213     { SFLOW_245_EXTENDED_ROUTER, "Extended router information"},
214     { SFLOW_245_EXTENDED_GATEWAY, "Extended gateway information"},
215     { SFLOW_245_EXTENDED_USER, "Extended user information"},
216     { SFLOW_245_EXTENDED_URL, "Extended URL information"},
217     { 0, NULL}
218 };
219
220
221 #define SFLOW_245_AS_SET 1
222 #define SFLOW_245_AS_SEQUENCE 2
223
224 static const value_string sflow_245_as_types[] = {
225     { SFLOW_245_AS_SET, "AS Set"},
226     { SFLOW_245_AS_SEQUENCE, "AS Sequence"},
227     { 0, NULL}
228 };
229
230 #define SFLOW_245_IPV4_PRECEDENCE_ROUTINE 0
231 #define SFLOW_245_IPV4_PRECEDENCE_PRIORITY 1
232 #define SFLOW_245_IPV4_PRECEDENCE_IMMEDIATE 2
233 #define SFLOW_245_IPV4_PRECEDENCE_FLASH 3
234 #define SFLOW_245_IPV4_PRECEDENCE_FLASH_OVERRIDE 4
235 #define SFLOW_245_IPV4_PRECEDENCE_CRITIC_ECP 5
236 #define SFLOW_245_IPV4_PRECEDENCE_INTERNETWORK_CONTROL 6
237 #define SFLOW_245_IPV4_PRECEDENCE_NETWORK_CONTROL 7
238
239 static const value_string sflow_245_ipv4_precedence_types[] = {
240     { SFLOW_245_IPV4_PRECEDENCE_ROUTINE, "Routine"},
241     { SFLOW_245_IPV4_PRECEDENCE_PRIORITY, "Priority"},
242     { SFLOW_245_IPV4_PRECEDENCE_IMMEDIATE, "Immediate"},
243     { SFLOW_245_IPV4_PRECEDENCE_FLASH, "Flash"},
244     { SFLOW_245_IPV4_PRECEDENCE_FLASH_OVERRIDE, "Flash Override"},
245     { SFLOW_245_IPV4_PRECEDENCE_CRITIC_ECP, "CRITIC/ECP"},
246     { SFLOW_245_IPV4_PRECEDENCE_INTERNETWORK_CONTROL, "Internetwork Control"},
247     { SFLOW_245_IPV4_PRECEDENCE_NETWORK_CONTROL, "Network Control"},
248     { 0, NULL}
249 };
250
251 /* sFlow v5 flow record formats */
252 #define SFLOW_5_RAW_PACKET_HEADER    1
253 #define SFLOW_5_ETHERNET_FRAME       2
254 #define SFLOW_5_IPV4                 3
255 #define SFLOW_5_IPV6                 4
256 #define SFLOW_5_SWITCH            1001
257 #define SFLOW_5_ROUTER            1002
258 #define SFLOW_5_GATEWAY           1003
259 #define SFLOW_5_USER              1004
260 #define SFLOW_5_URL               1005
261 #define SFLOW_5_MPLS_DATA         1006
262 #define SFLOW_5_NAT               1007
263 #define SFLOW_5_MPLS_TUNNEL       1008
264 #define SFLOW_5_MPLS_VC           1009
265 #define SFLOW_5_MPLS_FEC          1010
266 #define SFLOW_5_MPLS_LVP_FEC      1011
267 #define SFLOW_5_VLAN_TUNNEL       1012
268 #define SFLOW_5_80211_PAYLOAD     1013
269 #define SFLOW_5_80211_RX          1014
270 #define SFLOW_5_80211_TX          1015
271 #define SFLOW_5_80211_AGGREGATION 1016
272
273
274 static const value_string sflow_5_flow_record_type[] = {
275     { SFLOW_5_RAW_PACKET_HEADER, "Raw packet header"},
276     { SFLOW_5_ETHERNET_FRAME,    "Ethernet frame data"},
277     { SFLOW_5_IPV4,              "IPv4 data"},
278     { SFLOW_5_IPV6,              "IPv6 data"},
279     { SFLOW_5_SWITCH,            "Extended switch data"},
280     { SFLOW_5_ROUTER,            "Extended router data"},
281     { SFLOW_5_GATEWAY,           "Extended gateway data"},
282     { SFLOW_5_USER,              "Extended user data"},
283     { SFLOW_5_URL,               "Extended URL data"},
284     { SFLOW_5_MPLS_DATA,         "Extended MPLS data"},
285     { SFLOW_5_NAT,               "Extended NAT data"},
286     { SFLOW_5_MPLS_TUNNEL,       "Extended MPLS tunnel data"},
287     { SFLOW_5_MPLS_VC,           "Extended MPLS VC data"},
288     { SFLOW_5_MPLS_FEC,          "Extended MPLS FEC data"},
289     { SFLOW_5_MPLS_LVP_FEC,      "Extended MPLS LVP FEC data"},
290     { SFLOW_5_VLAN_TUNNEL,       "Extended VLAN tunnel"},
291     { SFLOW_5_80211_PAYLOAD,     "Extended 802.11 payload"},
292     { SFLOW_5_80211_RX,          "Extended 802.11 RX"},
293     { SFLOW_5_80211_TX,          "Extended 802.11 TX"},
294     { SFLOW_5_80211_AGGREGATION, "Extended 802.11 aggregation"},
295     { 0, NULL}
296 };
297 static value_string_ext sflow_5_flow_record_type_ext = VALUE_STRING_EXT_INIT(sflow_5_flow_record_type);
298
299 /* sFlow v5 counters record formats */
300 #define SFLOW_5_GENERIC_INTERFACE 1
301 #define SFLOW_5_ETHERNET_INTERFACE 2
302 #define SFLOW_5_TOKEN_RING 3
303 #define SFLOW_5_100BASE_VG_INTERFACE 4
304 #define SFLOW_5_VLAN 5
305 #define SFLOW_5_80211_COUNTERS 6
306 #define SFLOW_5_PROCESSOR 1001
307 #define SFLOW_5_RADIO_UTILIZATION 1002
308
309 static const value_string sflow_5_counters_record_type[] = {
310     { SFLOW_5_GENERIC_INTERFACE,    "Generic interface counters"},
311     { SFLOW_5_ETHERNET_INTERFACE,   "Ethernet interface counters"},
312     { SFLOW_5_TOKEN_RING,           "Token ring counters"},
313     { SFLOW_5_100BASE_VG_INTERFACE, "100 Base VG interface counters"},
314     { SFLOW_5_VLAN,                 "VLAN counters"},
315     { SFLOW_5_80211_COUNTERS,       "IEEE 802.11 counters"},
316     { SFLOW_5_PROCESSOR,            "Processor information"},
317     { SFLOW_5_RADIO_UTILIZATION,    "Radio utilization"},
318     { 0, NULL}
319 };
320
321 /* ethernet counters.  These will be preceded by generic counters. */
322 struct ethernet_counters {
323     guint32 dot3StatsAlignmentErrors;
324     guint32 dot3StatsFCSErrors;
325     guint32 dot3StatsSingleCollisionFrames;
326     guint32 dot3StatsMultipleCollisionFrames;
327     guint32 dot3StatsSQETestErrors;
328     guint32 dot3StatsDeferredTransmissions;
329     guint32 dot3StatsLateCollisions;
330     guint32 dot3StatsExcessiveCollisions;
331     guint32 dot3StatsInternalMacTransmitErrors;
332     guint32 dot3StatsCarrierSenseErrors;
333     guint32 dot3StatsFrameTooLongs;
334     guint32 dot3StatsInternalMacReceiveErrors;
335     guint32 dot3StatsSymbolErrors;
336 };
337
338 struct sflow_address_type {
339     int hf_addr_v4;
340     int hf_addr_v6;
341 };
342
343 struct sflow_address_details {
344     int addr_type;              /* ADDR_TYPE_IPV4 | ADDR_TYPE_IPV6 */
345     union {
346         guint8 v4[4];
347         guint8 v6[16];
348     } agent_address;
349 };
350
351 /* Initialize the protocol and registered fields */
352 static int proto_sflow = -1;
353 static int hf_sflow_version = -1;
354 /*static int hf_sflow_245_agent_address_type = -1; */
355 static int hf_sflow_agent_address_v4 = -1;
356 static int hf_sflow_agent_address_v6 = -1;
357 static int hf_sflow_5_sub_agent_id = -1;
358 static int hf_sflow_5_sample_length = -1;
359 static int hf_sflow_5_flow_data_length = -1;
360 /* static int hf_sflow_5_counters_data_length = -1; */
361 static int hf_sflow_245_seqnum = -1;
362 static int hf_sflow_245_sysuptime = -1;
363 static int hf_sflow_245_numsamples = -1;
364 static int hf_sflow_245_header_protocol = -1;
365 static int hf_sflow_245_sampletype = -1;
366 static int hf_sflow_245_sampletype12 = -1;
367 static int hf_sflow_245_ipv4_precedence_type = -1;
368 static int hf_sflow_5_flow_record_format = -1;
369 static int hf_sflow_5_counters_record_format = -1;
370 static int hf_sflow_245_header = -1;
371 static int hf_sflow_245_packet_information_type = -1;
372 static int hf_sflow_245_extended_information_type = -1;
373 static int hf_sflow_245_vlan_in = -1; /* incoming 802.1Q VLAN ID */
374 static int hf_sflow_245_vlan_out = -1; /* outgoing 802.1Q VLAN ID */
375 static int hf_sflow_245_pri_in = -1; /* incominging 802.1p priority */
376 static int hf_sflow_245_pri_out = -1; /* outgoing 802.1p priority */
377 static int hf_sflow_245_nexthop_v4 = -1; /* nexthop address */
378 static int hf_sflow_245_nexthop_v6 = -1; /* nexthop address */
379 static int hf_sflow_245_ipv4_src = -1;
380 static int hf_sflow_245_ipv4_dst = -1;
381 static int hf_sflow_245_ipv6_src = -1;
382 static int hf_sflow_245_ipv6_dst = -1;
383 static int hf_sflow_245_nexthop_src_mask = -1;
384 static int hf_sflow_245_nexthop_dst_mask = -1;
385
386
387 /* extended gateway (all versions) */
388 static int hf_sflow_245_as = -1;
389 static int hf_sflow_245_src_as = -1;
390 static int hf_sflow_245_src_peer_as = -1;
391 static int hf_sflow_245_dst_as_entries = -1; /* aka length */
392 static int hf_sflow_245_dst_as = -1;
393 /* extended gateway (>= version 4) */
394 static int hf_sflow_245_community_entries = -1;
395 /* static int hf_sflow_245_community = -1; */
396 static int hf_sflow_245_localpref = -1;
397
398 /* generic interface counter */
399 static int hf_sflow_245_ifindex = -1;
400 static int hf_sflow_245_iftype = -1;
401 static int hf_sflow_245_ifspeed = -1;
402 static int hf_sflow_245_ifdirection = -1;
403 static int hf_sflow_245_ifadmin_status = -1;
404 static int hf_sflow_245_ifoper_status = -1;
405 static int hf_sflow_245_ifinoct = -1;
406 static int hf_sflow_245_ifinpkt = -1;
407 static int hf_sflow_245_ifinmcast = -1;
408 static int hf_sflow_245_ifinbcast = -1;
409 static int hf_sflow_245_ifinerr = -1;
410 static int hf_sflow_245_ifindisc = -1;
411 static int hf_sflow_245_ifinunk = -1;
412 static int hf_sflow_245_ifoutoct = -1;
413 static int hf_sflow_245_ifoutpkt = -1;
414 static int hf_sflow_245_ifoutmcast = -1;
415 static int hf_sflow_245_ifoutbcast = -1;
416 static int hf_sflow_245_ifoutdisc = -1;
417 static int hf_sflow_245_ifouterr = -1;
418 static int hf_sflow_245_ifpromisc = -1;
419
420 /* ethernet interface counter */
421 static int hf_sflow_245_dot3StatsAlignmentErrors = -1;
422 static int hf_sflow_245_dot3StatsFCSErrors = -1;
423 static int hf_sflow_245_dot3StatsSingleCollisionFrames = -1;
424 static int hf_sflow_245_dot3StatsMultipleCollisionFrames = -1;
425 static int hf_sflow_245_dot3StatsSQETestErrors = -1;
426 static int hf_sflow_245_dot3StatsDeferredTransmissions = -1;
427 static int hf_sflow_245_dot3StatsLateCollisions = -1;
428 static int hf_sflow_245_dot3StatsExcessiveCollisions = -1;
429 static int hf_sflow_245_dot3StatsInternalMacTransmitErrors = -1;
430 static int hf_sflow_245_dot3StatsCarrierSenseErrors = -1;
431 static int hf_sflow_245_dot3StatsFrameTooLongs = -1;
432 static int hf_sflow_245_dot3StatsInternalMacReceiveErrors = -1;
433 static int hf_sflow_245_dot3StatsSymbolErrors = -1;
434
435 /* token ring counter */
436 static int hf_sflow_245_dot5StatsLineErrors = -1;
437 static int hf_sflow_245_dot5StatsBurstErrors = -1;
438 static int hf_sflow_245_dot5StatsACErrors = -1;
439 static int hf_sflow_245_dot5StatsAbortTransErrors = -1;
440 static int hf_sflow_245_dot5StatsInternalErrors = -1;
441 static int hf_sflow_245_dot5StatsLostFrameErrors = -1;
442 static int hf_sflow_245_dot5StatsReceiveCongestions = -1;
443 static int hf_sflow_245_dot5StatsFrameCopiedErrors = -1;
444 static int hf_sflow_245_dot5StatsTokenErrors = -1;
445 static int hf_sflow_245_dot5StatsSoftErrors = -1;
446 static int hf_sflow_245_dot5StatsHardErrors = -1;
447 static int hf_sflow_245_dot5StatsSignalLoss = -1;
448 static int hf_sflow_245_dot5StatsTransmitBeacons = -1;
449 static int hf_sflow_245_dot5StatsRecoveries = -1;
450 static int hf_sflow_245_dot5StatsLobeWires = -1;
451 static int hf_sflow_245_dot5StatsRemoves = -1;
452 static int hf_sflow_245_dot5StatsSingles = -1;
453 static int hf_sflow_245_dot5StatsFreqErrors = -1;
454
455 /* 100 BaseVG interface counters */
456 static int hf_sflow_245_dot12InHighPriorityFrames = -1;
457 static int hf_sflow_245_dot12InHighPriorityOctets = -1;
458 static int hf_sflow_245_dot12InNormPriorityFrames = -1;
459 static int hf_sflow_245_dot12InNormPriorityOctets = -1;
460 static int hf_sflow_245_dot12InIPMErrors = -1;
461 static int hf_sflow_245_dot12InOversizeFrameErrors = -1;
462 static int hf_sflow_245_dot12InDataErrors = -1;
463 static int hf_sflow_245_dot12InNullAddressedFrames = -1;
464 static int hf_sflow_245_dot12OutHighPriorityFrames = -1;
465 static int hf_sflow_245_dot12OutHighPriorityOctets = -1;
466 static int hf_sflow_245_dot12TransitionIntoTrainings = -1;
467 static int hf_sflow_245_dot12HCInHighPriorityOctets = -1;
468 static int hf_sflow_245_dot12HCInNormPriorityOctets = -1;
469 static int hf_sflow_245_dot12HCOutHighPriorityOctets = -1;
470
471 /* VLAN counters */
472 static int hf_sflow_245_vlan_id = -1;
473 static int hf_sflow_245_octets = -1;
474 static int hf_sflow_245_ucastPkts = -1;
475 static int hf_sflow_245_multicastPkts = -1;
476 static int hf_sflow_245_broadcastPkts = -1;
477 static int hf_sflow_245_discards = -1;
478
479 /* 802.11 interface counters */
480 static int hf_sflow_5_dot11TransmittedFragmentCount = -1;
481 static int hf_sflow_5_dot11MulticastTransmittedFrameCount = -1;
482 static int hf_sflow_5_dot11FailedCount = -1;
483 static int hf_sflow_5_dot11RetryCount = -1;
484 static int hf_sflow_5_dot11MultipleRetryCount = -1;
485 static int hf_sflow_5_dot11FrameDuplicateCount = -1;
486 static int hf_sflow_5_dot11RTSSuccessCount = -1;
487 static int hf_sflow_5_dot11RTSFailureCount = -1;
488 static int hf_sflow_5_dot11ACKFailureCount = -1;
489 static int hf_sflow_5_dot11ReceivedFragmentCount = -1;
490 static int hf_sflow_5_dot11MulticastReceivedFrameCount = -1;
491 static int hf_sflow_5_dot11FCSErrorCount = -1;
492 static int hf_sflow_5_dot11TransmittedFrameCount = -1;
493 static int hf_sflow_5_dot11WEPUndecryptableCount = -1;
494 static int hf_sflow_5_dot11QoSDiscardedFragmentCount = -1;
495 static int hf_sflow_5_dot11AssociatedStationCount = -1;
496 static int hf_sflow_5_dot11QoSCFPollsReceivedCount = -1;
497 static int hf_sflow_5_dot11QoSCFPollsUnusedCount = -1;
498 static int hf_sflow_5_dot11QoSCFPollsUnusableCount = -1;
499 static int hf_sflow_5_dot11QoSCFPollsLostCount = -1;
500 /* static int hf_sflow_5_ieee80211_version = -1; */
501
502
503 /* processor information */
504 static int hf_sflow_5_cpu_5s = -1;
505 static int hf_sflow_5_cpu_1m = -1;
506 static int hf_sflow_5_cpu_5m = -1;
507 static int hf_sflow_5_total_memory = -1;
508 static int hf_sflow_5_free_memory = -1;
509
510 /* radio utilisation */
511 static int hf_sflow_5_elapsed_time = -1;
512 static int hf_sflow_5_on_channel_time = -1;
513 static int hf_sflow_5_on_channel_busy_time = -1;
514
515 /* Generated from convert_proto_tree_add_text.pl */
516 static int hf_sflow_5_extended_80211_suite_type = -1;
517 static int hf_sflow_5_extended_80211_rx_channel = -1;
518 static int hf_sflow_flow_sample_input_interface = -1;
519 static int hf_sflow_counters_sample_sampling_interval = -1;
520 static int hf_sflow_5_extended_url_host_length = -1;
521 static int hf_sflow_245_ip_tcp_flag_syn = -1;
522 static int hf_sflow_flow_sample_output_interface = -1;
523 static int hf_sflow_245_length_of_ip_packet = -1;
524 static int hf_sflow_counters_sample_counters_type = -1;
525 static int hf_sflow_5_extended_mpls_tunnel_id = -1;
526 static int hf_sflow_flow_sample_sample_pool = -1;
527 static int hf_sflow_5_extended_80211_tx_speed = -1;
528 static int hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair = -1;
529 static int hf_sflow_245_extended_mpls_out_label_stack_entries = -1;
530 static int hf_sflow_flow_sample_input_interface_value = -1;
531 static int hf_sflow_flow_sample_sampling_rate = -1;
532 static int hf_sflow_5_extended_80211_rx_rcpi = -1;
533 static int hf_sflow_enterprise = -1;
534 static int hf_sflow_245_header_frame_length = -1;
535 static int hf_sflow_5_extended_user_destination_character_set = -1;
536 static int hf_sflow_5_extended_80211_rx_bssid = -1;
537 static int hf_sflow_5_extended_80211_tx_retransmission_duration = -1;
538 static int hf_sflow_245_ethernet_length_of_mac_packet = -1;
539 static int hf_sflow_245_ip_tcp_flag_psh = -1;
540 static int hf_sflow_flow_sample_flow_record = -1;
541 static int hf_sflow_245_extended_mpls_in_label = -1;
542 static int hf_sflow_5_extended_user_source_character_set = -1;
543 static int hf_sflow_5_extended_user_destination_user_string_length = -1;
544 static int hf_sflow_counters_sample_sequence_number = -1;
545 static int hf_sflow_5_extended_80211_rx_speed = -1;
546 static int hf_sflow_5_extended_80211_rx_rsni = -1;
547 static int hf_sflow_flow_sample_source_id_index = -1;
548 static int hf_sflow_245_ip_tcp_flag_ece = -1;
549 static int hf_sflow_245_ipv4_throughput = -1;
550 static int hf_sflow_5_extended_80211_oui = -1;
551 static int hf_sflow_counters_sample_source_id_type = -1;
552 static int hf_sflow_flow_sample_input_interface_format = -1;
553 static int hf_sflow_5_extended_80211_tx_channel = -1;
554 static int hf_sflow_245_ip_tcp_flag_urg = -1;
555 static int hf_sflow_5_extended_mpls_tunnel_name_length = -1;
556 static int hf_sflow_5_extended_80211_tx_version = -1;
557 static int hf_sflow_245_ipv4_delay = -1;
558 static int hf_sflow_flow_sample_source_id_class = -1;
559 static int hf_sflow_245_ethernet_source_mac_address = -1;
560 static int hf_sflow_5_extended_mpls_ftn_mask = -1;
561 static int hf_sflow_245_extended_mpls_out_label = -1;
562 static int hf_sflow_245_ipv6_priority = -1;
563 static int hf_sflow_245_ip_tcp_flag_fin = -1;
564 static int hf_sflow_245_ip_destination_port = -1;
565 static int hf_sflow_5_extended_mpls_vc_label_cos_value = -1;
566 static int hf_sflow_5_extended_80211_rx_packet_duration = -1;
567 static int hf_sflow_5_extended_80211_tx_packet_duration = -1;
568 static int hf_sflow_245_ipv4_reliability = -1;
569 static int hf_sflow_5_extended_80211_tx_power = -1;
570 static int hf_sflow_flow_sample_multiple_outputs = -1;
571 static int hf_sflow_5_extended_user_source_user_string_length = -1;
572 static int hf_sflow_5_extended_80211_payload_length = -1;
573 static int hf_sflow_flow_sample_output_interface_format = -1;
574 static int hf_sflow_245_ethernet_packet_type = -1;
575 static int hf_sflow_counters_sample_expanded_source_id_type = -1;
576 static int hf_sflow_245_ip_source_port = -1;
577 static int hf_sflow_245_extended_mpls_in_label_stack_entries = -1;
578 static int hf_sflow_5_extended_mpls_vc_instance_name_length = -1;
579 static int hf_sflow_245_ipv4_cost = -1;
580 static int hf_sflow_5_extended_mpls_ftn_description_length = -1;
581 static int hf_sflow_5_extended_vlan_tunnel_number_of_layers = -1;
582 static int hf_sflow_5_extended_80211_tx_bssid = -1;
583 static int hf_sflow_245_ip_tcp_flag_rst = -1;
584 static int hf_sflow_245_ip_tcp_flag_ack = -1;
585 static int hf_sflow_245_ip_tcp_flag_cwr = -1;
586 static int hf_sflow_5_extended_80211_tx_retransmissions = -1;
587 static int hf_sflow_5_extended_80211_rx_version = -1;
588 static int hf_sflow_flow_sample_dropped_packets = -1;
589 static int hf_sflow_counters_sample_expanded_source_id_index = -1;
590 static int hf_sflow_245_header_payload_removed = -1;
591 static int hf_sflow_245_ethernet_destination_mac_address = -1;
592 static int hf_sflow_counters_sample_source_id_class = -1;
593 static int hf_sflow_5_extended_url_url_length = -1;
594 static int hf_sflow_flow_sample_source_id_type = -1;
595 static int hf_sflow_5_extended_mpls_fec_address_prefix_length = -1;
596 static int hf_sflow_flow_sample_sequence_number = -1;
597 static int hf_sflow_counters_sample_source_id_index = -1;
598 static int hf_sflow_counters_sample_counters_records = -1;
599 static int hf_sflow_5_extended_mpls_tunnel_cos_value = -1;
600 static int hf_sflow_5_extended_mpls_vc_id = -1;
601 static int hf_sflow_flow_sample_output_interface_value = -1;
602 static int hf_sflow_5_extended_user_destination_user = -1;
603 static int hf_sflow_245_as_type = -1;
604 static int hf_sflow_counters_sample_index = -1;
605 static int hf_sflow_5_extended_url_url = -1;
606 static int hf_sflow_flow_sample_index = -1;
607 static int hf_sflow_5_extended_80211_rx_ssid = -1;
608 static int hf_sflow_5_extended_mpls_vc_instance_name = -1;
609 static int hf_sflow_5_extended_mpls_tunnel_name = -1;
610 static int hf_sflow_5_extended_80211_payload = -1;
611 static int hf_sflow_5_extended_user_source_user = -1;
612 static int hf_sflow_5_extended_url_host = -1;
613 static int hf_sflow_5_extended_80211_tx_ssid = -1;
614 static int hf_sflow_5_extended_url_direction = -1;
615 static int hf_sflow_5_extended_mpls_ftn_description = -1;
616 static int hf_sflow_245_ip_protocol = -1;
617
618 /* Initialize the subtree pointers */
619 static gint ett_sflow_245 = -1;
620 static gint ett_sflow_245_sample = -1;
621 static gint ett_sflow_5_flow_record = -1;
622 static gint ett_sflow_5_counters_record = -1;
623 static gint ett_sflow_5_mpls_in_label_stack = -1;
624 static gint ett_sflow_5_mpls_out_label_stack = -1;
625 static gint ett_sflow_245_extended_data = -1;
626 static gint ett_sflow_245_gw_as_dst = -1;
627 static gint ett_sflow_245_gw_as_dst_seg = -1;
628 static gint ett_sflow_245_gw_community = -1;
629 static gint ett_sflow_245_sampled_header = -1;
630
631 static expert_field ei_sflow_invalid_address_type = EI_INIT;
632
633 /* dissectors for other protocols */
634 static dissector_handle_t eth_withoutfcs_handle;
635 static dissector_handle_t tr_handle;
636 static dissector_handle_t fddi_handle;
637 static dissector_handle_t fr_handle;
638 static dissector_handle_t x25_handle;
639 static dissector_handle_t ppp_hdlc_handle;
640 static dissector_handle_t smds_handle;
641 static dissector_handle_t aal5_handle;
642 static dissector_handle_t ipv4_handle;
643 static dissector_handle_t ipv6_handle;
644 static dissector_handle_t mpls_handle;
645 static dissector_handle_t pos_handle;
646 static dissector_handle_t ieee80211_mac_handle;
647 static dissector_handle_t ieee80211_ampdu_handle;
648 static dissector_handle_t ieee80211_amsdu_subframe_handle;
649 /* don't dissect */
650 static dissector_handle_t data_handle;
651
652 void proto_reg_handoff_sflow_245(void);
653
654 /* dissect a sampled header - layer 2 protocols */
655 static gint
656 dissect_sflow_245_sampled_header(tvbuff_t *tvb, packet_info *pinfo,
657                                  proto_tree *tree, volatile gint offset) {
658     guint32           version, header_proto, frame_length;
659     volatile guint32  header_length;
660     tvbuff_t         *next_tvb;
661     proto_tree       *sflow_245_header_tree;
662     proto_item       *ti;
663     /* stuff for saving column state before calling other dissectors.
664      * Thanks to Guy Harris for the tip. */
665     gboolean          save_writable;
666     gboolean          save_in_error_pkt;
667     address           save_dl_src, save_dl_dst, save_net_src, save_net_dst, save_src, save_dst;
668     void             *pd_save;
669
670     version = tvb_get_ntohl(tvb, 0);
671     header_proto = tvb_get_ntohl(tvb, offset);
672     proto_tree_add_item(tree, hf_sflow_245_header_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
673     offset += 4;
674     frame_length = tvb_get_ntohl(tvb, offset);
675     proto_tree_add_item(tree, hf_sflow_245_header_frame_length, tvb, offset, 4, ENC_BIG_ENDIAN);
676     offset += 4;
677
678     if (version == 5) {
679         proto_tree_add_item(tree, hf_sflow_245_header_payload_removed, tvb, offset, 4, ENC_BIG_ENDIAN);
680         offset += 4;
681     }
682
683     header_length = tvb_get_ntohl(tvb, offset);
684     offset += 4;
685
686     if (header_length % 4) /* XDR requires 4-byte alignment */
687         header_length += (4 - (header_length % 4));
688
689
690     ti = proto_tree_add_item(tree, hf_sflow_245_header, tvb, offset, header_length, ENC_NA);
691     sflow_245_header_tree = proto_item_add_subtree(ti, ett_sflow_245_sampled_header);
692
693     /* hand the header off to the appropriate dissector.  It's probably
694      * a short frame, so ignore any exceptions. */
695     next_tvb = tvb_new_subset(tvb, offset, header_length, frame_length);
696
697     /* save some state */
698     save_writable = col_get_writable(pinfo->cinfo);
699
700     /*
701        If sFlow samples a TCP packet it is very likely that the
702        TCP analysis will flag the packet as having some error with
703        the sequence numbers.  sFlow only report on a "sample" of
704        traffic so many packets will not be reported on.  This is
705        most obvious if the colorizing rules are on, but will also
706        cause confusion if you attempt to filter on
707        "tcp.analysis.flags".
708
709        The following only works to suppress IP/TCP errors, but
710        it is a start anyway.  Other protocols carried as payloads
711        may exhibit similar issues.
712
713        I think what is really needed is a more general
714        "protocol_as_payload" flag.  Of course then someone has to
715        play whack-a-mole and add code to implement it to any
716        protocols that could be carried as a payload.  In the case
717        of sFlow that pretty much means anything on your network.
718      */
719     save_in_error_pkt = pinfo->flags.in_error_pkt;
720     if (!global_analyze_samp_ip_headers) {
721         pinfo->flags.in_error_pkt = TRUE;
722     }
723
724     col_set_writable(pinfo->cinfo, FALSE);
725     save_dl_src = pinfo->dl_src;
726     save_dl_dst = pinfo->dl_dst;
727     save_net_src = pinfo->net_src;
728     save_net_dst = pinfo->net_dst;
729     save_src = pinfo->src;
730     save_dst = pinfo->dst;
731     pd_save = pinfo->private_data;
732
733     TRY
734     {
735         switch (header_proto) {
736             case SFLOW_245_HEADER_ETHERNET:
737                 call_dissector(eth_withoutfcs_handle, next_tvb, pinfo, sflow_245_header_tree);
738                 break;
739             case SFLOW_245_HEADER_TOKENRING:
740                 call_dissector(tr_handle, next_tvb, pinfo, sflow_245_header_tree);
741                 break;
742             case SFLOW_245_HEADER_FDDI:
743                 call_dissector(fddi_handle, next_tvb, pinfo, sflow_245_header_tree);
744                 break;
745             case SFLOW_245_HEADER_FRAME_RELAY:
746                 call_dissector(fr_handle, next_tvb, pinfo, sflow_245_header_tree);
747                 break;
748             case SFLOW_245_HEADER_X25:
749                 call_dissector(x25_handle, next_tvb, pinfo, sflow_245_header_tree);
750                 break;
751             case SFLOW_245_HEADER_PPP:
752                 call_dissector(ppp_hdlc_handle, next_tvb, pinfo, sflow_245_header_tree);
753                 break;
754             case SFLOW_245_HEADER_SMDS:
755                 call_dissector(smds_handle, next_tvb, pinfo, sflow_245_header_tree);
756                 break;
757             case SFLOW_245_HEADER_AAL5:
758             case SFLOW_245_HEADER_AAL5_IP:
759                 /* I'll be surprised if this works! I have no AAL5 captures
760                  * to test with, and I'm not sure how the encapsulation goes */
761                 call_dissector(aal5_handle, next_tvb, pinfo, sflow_245_header_tree);
762                 break;
763             case SFLOW_245_HEADER_IPv4:
764                 call_dissector(ipv4_handle, next_tvb, pinfo, sflow_245_header_tree);
765                 break;
766             case SFLOW_245_HEADER_IPv6:
767                 call_dissector(ipv6_handle, next_tvb, pinfo, sflow_245_header_tree);
768                 break;
769             case SFLOW_245_HEADER_MPLS:
770                 call_dissector(mpls_handle, next_tvb, pinfo, sflow_245_header_tree);
771                 break;
772             case SFLOW_5_HEADER_POS:
773                 call_dissector(pos_handle, next_tvb, pinfo, sflow_245_header_tree);
774                 break;
775             case SFLOW_5_HEADER_80211_MAC:
776                 call_dissector(ieee80211_mac_handle, next_tvb, pinfo, sflow_245_header_tree);
777                 break;
778             case SFLOW_5_HEADER_80211_AMPDU:
779                 call_dissector(ieee80211_ampdu_handle, next_tvb, pinfo, sflow_245_header_tree);
780                 break;
781             case SFLOW_5_HEADER_80211_AMSDU_SUBFRAME:
782                 call_dissector(ieee80211_amsdu_subframe_handle, next_tvb, pinfo, sflow_245_header_tree);
783                 break;
784             default:
785                 /* some of the protocols, I have no clue where to begin. */
786                 break;
787         }
788     }
789
790     CATCH_BOUNDS_ERRORS {
791         /*  Restore the private_data structure in case one of the
792          *  called dissectors modified it (and, due to the exception,
793          *  was unable to restore it).
794          */
795         pinfo->private_data = pd_save;
796     }
797     ENDTRY;
798
799     /* restore saved state */
800     col_set_writable(pinfo->cinfo, save_writable);
801     pinfo->flags.in_error_pkt = save_in_error_pkt;
802
803     pinfo->dl_src = save_dl_src;
804     pinfo->dl_dst = save_dl_dst;
805     pinfo->net_src = save_net_src;
806     pinfo->net_dst = save_net_dst;
807     pinfo->src = save_src;
808     pinfo->dst = save_dst;
809
810     offset += header_length;
811     return offset;
812 }
813
814 static gint
815 dissect_sflow_245_address_type(tvbuff_t *tvb, packet_info *pinfo,
816                                proto_tree *tree, gint offset,
817                                struct sflow_address_type *hf_type,
818                                struct sflow_address_details *addr_detail) {
819     guint32 addr_type;
820     int len;
821
822     addr_type = tvb_get_ntohl(tvb, offset);
823     offset += 4;
824
825     switch (addr_type) {
826     case ADDR_TYPE_UNKNOWN:
827         len = 0;
828         break;
829     case ADDR_TYPE_IPV4:
830         len = 4;
831         proto_tree_add_item(tree, hf_type->hf_addr_v4, tvb, offset, 4, ENC_BIG_ENDIAN);
832         break;
833     case ADDR_TYPE_IPV6:
834         len = 16;
835         proto_tree_add_item(tree, hf_type->hf_addr_v6, tvb, offset, 16, ENC_NA);
836         break;
837     default:
838         /* Invalid address type, or a type we don't understand; we don't
839            know the length. W e treat it as having no contents; that
840            doesn't trap us in an endless loop, as we at least include
841            the address type and thus at least advance the offset by 4.
842            Note that we have a problem, though. */
843         len = 0;
844         proto_tree_add_expert_format(tree, pinfo, &ei_sflow_invalid_address_type, tvb,
845                                      offset - 4, 4, "Unknown address type (%u)", addr_type);
846     }
847
848     if (addr_detail) {
849         addr_detail->addr_type = addr_type;
850         switch (len) {
851         case 4:
852             tvb_memcpy(tvb, addr_detail->agent_address.v4, offset, len);
853             break;
854         case 16:
855             tvb_memcpy(tvb, addr_detail->agent_address.v6, offset, len);
856             break;
857         }
858     }
859
860     return offset + len;
861 }
862
863 /* extended switch data, after the packet data */
864 static gint
865 dissect_sflow_245_extended_switch(tvbuff_t *tvb, proto_tree *tree, gint offset) {
866     proto_tree_add_item(tree, hf_sflow_245_vlan_in, tvb, offset, 4, ENC_BIG_ENDIAN);
867     offset += 4;
868     proto_tree_add_item(tree, hf_sflow_245_pri_in, tvb, offset, 4, ENC_BIG_ENDIAN);
869     offset += 4;
870     proto_tree_add_item(tree, hf_sflow_245_vlan_out, tvb, offset, 4, ENC_BIG_ENDIAN);
871     offset += 4;
872     proto_tree_add_item(tree, hf_sflow_245_pri_out, tvb, offset, 4, ENC_BIG_ENDIAN);
873     offset += 4;
874
875     return offset;
876 }
877
878 /* extended router data, after the packet data */
879 static gint
880 dissect_sflow_245_extended_router(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
881     struct sflow_address_type addr_type;
882
883     addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
884     addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
885
886     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
887     proto_tree_add_item(tree, hf_sflow_245_nexthop_src_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
888     offset += 4;
889     proto_tree_add_item(tree, hf_sflow_245_nexthop_dst_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
890     offset += 4;
891     return offset;
892 }
893
894 /* extended MPLS data */
895 static gint
896 dissect_sflow_5_extended_mpls_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
897     guint32     in_label_count, out_label_count, label, i, j;
898     proto_tree *in_stack;
899     proto_item *ti_in;
900     proto_tree *out_stack;
901     proto_item *ti_out;
902     struct sflow_address_type addr_type;
903
904     addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
905     addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
906
907     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
908
909     in_label_count = tvb_get_ntohl(tvb, offset);
910     proto_tree_add_item(tree, hf_sflow_245_extended_mpls_in_label_stack_entries, tvb, offset, 4, ENC_BIG_ENDIAN);
911     offset += 4;
912
913     ti_in = proto_tree_add_text(tree, tvb, offset, -1, "In Label Stack");
914     in_stack = proto_item_add_subtree(ti_in, ett_sflow_5_mpls_in_label_stack);
915
916     /* by applying the mask, we avoid possible corrupted data that causes huge number of loops
917      * 255 is a sensible limit of label count */
918     for (i = 0, j = 0; i < (in_label_count & 0x000000ff); i++, j += 4) {
919         label = tvb_get_ntohl(tvb, offset + j);
920         proto_tree_add_uint_format(in_stack, hf_sflow_245_extended_mpls_in_label, tvb, offset, 4,
921             label, "Label %u: %u", i + 1, label);
922     }
923     offset += (in_label_count * 4);
924
925     out_label_count = tvb_get_ntohl(tvb, offset);
926     proto_tree_add_item(tree, hf_sflow_245_extended_mpls_out_label_stack_entries, tvb, offset, 4, ENC_BIG_ENDIAN);
927     offset += 4;
928
929     ti_out = proto_tree_add_text(tree, tvb, offset, -1, "Out Label Stack");
930     out_stack = proto_item_add_subtree(ti_out, ett_sflow_5_mpls_in_label_stack);
931
932     /* by applying the mask, we avoid possible corrupted data that causes huge number of loops
933      * 255 is a sensible limit of label count */
934     for (i = 0, j = 0; i < (out_label_count & 0x000000ff); i++, j += 4) {
935         label = tvb_get_ntohl(tvb, offset + j);
936         proto_tree_add_uint_format(out_stack, hf_sflow_245_extended_mpls_out_label, tvb, offset, 4,
937             label, "Label %u: %u", i + 1, label);
938     }
939     offset = offset + out_label_count * 4;
940
941     return offset;
942 }
943
944 /* extended NAT data */
945 static gint
946 dissect_sflow_5_extended_nat(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
947     struct sflow_address_type addr_type;
948
949     addr_type.hf_addr_v4 = hf_sflow_245_ipv4_src;
950     addr_type.hf_addr_v6 = hf_sflow_245_ipv6_src;
951
952     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
953
954     addr_type.hf_addr_v4 = hf_sflow_245_ipv4_dst;
955     addr_type.hf_addr_v6 = hf_sflow_245_ipv6_dst;
956
957     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
958
959     return offset;
960 }
961
962 /* extended gateway data, after the packet data */
963 static gint
964 dissect_sflow_245_extended_gateway(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
965     gint32  len = 0;
966     gint32  i, j, comm_len, dst_len, dst_seg_len;
967     guint32 path_type;
968     gint32  kludge;
969
970     guint32 version = tvb_get_ntohl(tvb, 0); /* get sFlow version */
971     proto_item *ti;
972     proto_tree *sflow_245_dst_as_tree;
973     proto_tree *sflow_245_comm_tree;
974     proto_tree *sflow_245_dst_as_seg_tree;
975
976     /* sFlow v5 contains next hop router IP address */
977     if (version == 5) {
978         struct sflow_address_type addr_type;
979
980         addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
981         addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
982
983         offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
984     }
985
986     proto_tree_add_item(tree, hf_sflow_245_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
987     len += 4;
988
989     proto_tree_add_item(tree, hf_sflow_245_src_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
990     len += 4;
991
992     proto_tree_add_item(tree, hf_sflow_245_src_peer_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
993     len += 4;
994
995     dst_len = tvb_get_ntohl(tvb, offset + len);
996     ti = proto_tree_add_uint(tree, hf_sflow_245_dst_as_entries, tvb, offset + len, 4, dst_len);
997     sflow_245_dst_as_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_as_dst);
998     len += 4;
999
1000     for (i = 0; i < dst_len; i++) {
1001         if (version < 4) {
1002             /* Version 2 AS paths are different than versions >= 4 as
1003                follows:
1004
1005                There is no type encoded in the packet.
1006
1007                The destination ASs are encoded as an array of integers
1008                rather as an array of arrays of integers.  I just
1009                pretended they were encoded as an array of arrays with
1010                an implicit length of 1 to not have to do two
1011                completely separate blocks for the different versions.
1012
1013                Having a subtree for "arrays" guaranteed to have only a
1014                single element proved cumbersome to navigate so I moved
1015                the creation of the subtree to only happen for versions
1016                >= 4.
1017              */
1018             dst_seg_len = 1;
1019             sflow_245_dst_as_seg_tree = sflow_245_dst_as_tree;
1020         } else {
1021             path_type = tvb_get_ntohl(tvb, offset + len);
1022             len += 4;
1023             dst_seg_len = tvb_get_ntohl(tvb, offset + len);
1024             len += 4;
1025             kludge = 8;
1026             ti = proto_tree_add_uint_format(tree, hf_sflow_245_as_type, tvb, offset + len - kludge, kludge, path_type,
1027                     "%s, (%u entries)", val_to_str_const(path_type, sflow_245_as_types, "Unknown AS type"), dst_seg_len);
1028             sflow_245_dst_as_seg_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_as_dst_seg);
1029         }
1030
1031         for (j = 0; j < dst_seg_len; j++) {
1032             proto_tree_add_item(sflow_245_dst_as_seg_tree, hf_sflow_245_dst_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
1033             len += 4;
1034         }
1035     }
1036
1037
1038     if (version >= 4) {
1039         comm_len = tvb_get_ntohl(tvb, offset + len);
1040
1041         ti = proto_tree_add_uint(tree, hf_sflow_245_community_entries, tvb, offset + len, 4, comm_len);
1042         sflow_245_comm_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_community);
1043         len += 4;
1044         for (i = 0; i < comm_len; i++) {
1045             proto_tree_add_item(sflow_245_comm_tree,
1046                     hf_sflow_245_dst_as, tvb, offset + len,
1047                     4, ENC_BIG_ENDIAN);
1048             len += 4;
1049         }
1050
1051         proto_tree_add_item(tree, hf_sflow_245_localpref, tvb, offset + len, 4, ENC_BIG_ENDIAN);
1052         len += 4;
1053
1054     }
1055
1056     return offset + len;
1057 }
1058
1059 /* sflow v5 ethernet frame data */
1060 static gint
1061 dissect_sflow_5_ethernet_frame(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1062
1063     proto_tree_add_item(tree, hf_sflow_245_ethernet_length_of_mac_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1064     offset += 4;
1065
1066     proto_tree_add_item(tree, hf_sflow_245_ethernet_source_mac_address, tvb, offset, 6, ENC_NA);
1067     /* Padded to 4 byte offset */
1068     offset += 8;
1069
1070     proto_tree_add_item(tree, hf_sflow_245_ethernet_destination_mac_address, tvb, offset, 6, ENC_NA);
1071     /* Padded to 4 byte offset */
1072     offset += 8;
1073
1074     proto_tree_add_item(tree, hf_sflow_245_ethernet_packet_type, tvb, offset, 4, ENC_BIG_ENDIAN);
1075     offset += 4;
1076
1077     return offset;
1078 }
1079
1080 /* sflow v5 IPv4 data */
1081 static gint
1082 dissect_sflow_5_ipv4(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1083
1084     proto_tree_add_item(tree, hf_sflow_245_length_of_ip_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1085     offset += 4;
1086
1087     proto_tree_add_item(tree, hf_sflow_245_ip_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
1088     offset += 4;
1089
1090     proto_tree_add_item(tree, hf_sflow_245_ipv4_src, tvb, offset, 4, ENC_BIG_ENDIAN);
1091     offset += 4;
1092
1093     proto_tree_add_item(tree, hf_sflow_245_ipv4_dst, tvb, offset, 4, ENC_BIG_ENDIAN);
1094     offset += 4;
1095
1096     proto_tree_add_item(tree, hf_sflow_245_ip_source_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1097     offset += 4;
1098
1099     proto_tree_add_item(tree, hf_sflow_245_ip_destination_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1100     offset += 4;
1101
1102     /* dissect tcp flags bit-by-bit */
1103     /* 8 flags are included here, plus 24-bit 0-padding */
1104     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_cwr, tvb, offset, 1, ENC_NA);
1105     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ece, tvb, offset, 1, ENC_NA);
1106     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_urg, tvb, offset, 1, ENC_NA);
1107     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ack, tvb, offset, 1, ENC_NA);
1108     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_psh, tvb, offset, 1, ENC_NA);
1109     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_rst, tvb, offset, 1, ENC_NA);
1110     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_syn, tvb, offset, 1, ENC_NA);
1111     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_fin, tvb, offset, 1, ENC_NA);
1112
1113     offset += 4;
1114
1115     /* 7 bits for type of service, plus 1 reserved bit */
1116     proto_tree_add_item(tree, hf_sflow_245_ipv4_precedence_type, tvb, offset, 1, ENC_NA);
1117     proto_tree_add_item(tree, hf_sflow_245_ipv4_delay, tvb, offset, 1, ENC_NA);
1118     proto_tree_add_item(tree, hf_sflow_245_ipv4_throughput, tvb, offset, 1, ENC_NA);
1119     proto_tree_add_item(tree, hf_sflow_245_ipv4_reliability, tvb, offset, 1, ENC_NA);
1120     proto_tree_add_item(tree, hf_sflow_245_ipv4_cost, tvb, offset, 1, ENC_NA);
1121
1122     offset += 4;
1123
1124     return offset;
1125 }
1126
1127 /* sflow v5 IPv6 data */
1128 static gint
1129 dissect_sflow_5_ipv6(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1130
1131     proto_tree_add_item(tree, hf_sflow_245_length_of_ip_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1132     offset += 4;
1133
1134     proto_tree_add_item(tree, hf_sflow_245_ip_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
1135     offset += 4;
1136
1137     proto_tree_add_item(tree, hf_sflow_245_ipv6_src, tvb, offset, 16, ENC_NA);
1138     offset += 16;
1139
1140     proto_tree_add_item(tree, hf_sflow_245_ipv6_dst, tvb, offset, 16, ENC_NA);
1141     offset += 16;
1142
1143     proto_tree_add_item(tree, hf_sflow_245_ip_source_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1144     offset += 4;
1145
1146     proto_tree_add_item(tree, hf_sflow_245_ip_destination_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1147     offset += 4;
1148
1149     /* dissect tcp flags bit-by-bit */
1150     /* 8 flags are included here, plus 24-bit 0-padding */
1151     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_cwr, tvb, offset, 1, ENC_NA);
1152     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ece, tvb, offset, 1, ENC_NA);
1153     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_urg, tvb, offset, 1, ENC_NA);
1154     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ack, tvb, offset, 1, ENC_NA);
1155     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_psh, tvb, offset, 1, ENC_NA);
1156     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_rst, tvb, offset, 1, ENC_NA);
1157     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_syn, tvb, offset, 1, ENC_NA);
1158     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_fin, tvb, offset, 1, ENC_NA);
1159
1160     offset += 4;
1161
1162     /* Priority -- Traffic class field enables a source to identify the desired
1163        delivery priority of the packets. Priority values are divided into
1164        ranges: traffic where the source provides congestion control and
1165        non-congestion control traffic.
1166
1167        It is displayed as unsigned integer here according to sFlow specification */
1168
1169     proto_tree_add_item(tree, hf_sflow_245_ipv6_priority, tvb, offset, 4, ENC_BIG_ENDIAN);
1170     offset += 4;
1171
1172     return offset;
1173 }
1174
1175 /* sflow v5 user data */
1176 static gint
1177 dissect_sflow_5_extended_user(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1178     guint32 src_length, dest_length;
1179
1180     /* charset is not processed here, all chars are assumed to be ASCII */
1181     proto_tree_add_item(tree, hf_sflow_5_extended_user_source_character_set, tvb, offset, 4, ENC_BIG_ENDIAN);
1182     offset += 4;
1183
1184     src_length = tvb_get_ntohl(tvb, offset);
1185     proto_tree_add_item(tree, hf_sflow_5_extended_user_source_user_string_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1186     offset += 4;
1187
1188     /* extract source user info char by char */
1189     proto_tree_add_item(tree, hf_sflow_5_extended_user_source_user, tvb, offset, src_length, ENC_NA|ENC_ASCII);
1190     offset += src_length;
1191     /* get the correct offset by adding padding byte count */
1192     if (src_length % 4)
1193         offset += (4 - src_length % 4);
1194
1195     /* charset is not processed here, all chars are assumed to be ASCII */
1196     proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_character_set, tvb, offset, 4, ENC_BIG_ENDIAN);
1197     offset += 4;
1198
1199     dest_length = tvb_get_ntohl(tvb, offset);
1200     proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_user_string_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1201     offset += 4;
1202
1203     /* extract destination user info char by char */
1204     proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_user, tvb, offset, dest_length, ENC_NA|ENC_ASCII);
1205     offset += dest_length;
1206     /* get the correct offset by adding padding byte count */
1207     if (dest_length % 4)
1208         offset += (4 - dest_length % 4);
1209
1210     return offset;
1211 }
1212
1213 /* sflow v5 URL data */
1214 static gint
1215 dissect_sflow_5_extended_url(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1216     guint32 direction, url_length, host_length;
1217
1218     direction = tvb_get_ntohl(tvb, offset);
1219     switch (direction) {
1220         case 1:
1221             proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1222                                         "Source Address is Server(%u)", direction);
1223             break;
1224         case 2:
1225             proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1226                                         "Destination Address is Server (%u)", direction);
1227             break;
1228         default:
1229             proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1230                                         "Server Unspecified (%u)", direction);
1231             break;
1232     }
1233     offset += 4;
1234
1235     url_length = tvb_get_ntohl(tvb, offset);
1236     proto_tree_add_item(tree, hf_sflow_5_extended_url_url_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1237     offset += 4;
1238
1239     /* extract URL char by char */
1240     proto_tree_add_item(tree, hf_sflow_5_extended_url_url, tvb, offset, url_length, ENC_NA|ENC_ASCII);
1241     offset += url_length;
1242     /* get the correct offset by adding padding byte count */
1243     if (url_length % 4)
1244         offset += (4 - url_length % 4);
1245
1246     host_length = tvb_get_ntohl(tvb, offset);
1247     proto_tree_add_item(tree, hf_sflow_5_extended_url_host_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1248     offset += 4;
1249
1250     /* extract host info char by char */
1251     proto_tree_add_item(tree, hf_sflow_5_extended_url_host, tvb, offset, host_length, ENC_NA|ENC_ASCII);
1252     offset += host_length;
1253     /* get the correct offset by adding padding byte count */
1254     if (host_length % 4)
1255         offset += (4 - host_length % 4);
1256
1257     return offset;
1258 }
1259
1260 /* sflow v5 MPLS tunnel */
1261 static gint
1262 dissect_sflow_5_extended_mpls_tunnel(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1263     guint32 name_length;
1264
1265     name_length = tvb_get_ntohl(tvb, offset);
1266     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_name_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1267     offset += 4;
1268
1269     /* extract tunnel name char by char */
1270     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_name, tvb, offset, name_length, ENC_NA|ENC_ASCII);
1271     offset += name_length;
1272     /* get the correct offset by adding padding byte count */
1273     if (name_length % 4)
1274         offset += (4 - name_length % 4);
1275
1276     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1277     offset += 4;
1278
1279     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_cos_value, tvb, offset, 4, ENC_BIG_ENDIAN);
1280     offset += 4;
1281
1282     return offset;
1283 }
1284
1285 /* sflow v5 MPLS VC */
1286 static gint
1287 dissect_sflow_5_extended_mpls_vc(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1288     guint32 name_length;
1289
1290     name_length = tvb_get_ntohl(tvb, offset);
1291     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_instance_name_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1292     offset += 4;
1293
1294     /* extract source user info char by char */
1295     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_instance_name, tvb, offset, name_length, ENC_NA|ENC_ASCII);
1296     offset += name_length;
1297     /* get the correct offset by adding padding byte count */
1298     if (name_length % 4)
1299         offset += (4 - name_length % 4);
1300
1301     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1302     offset += 4;
1303
1304     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_label_cos_value, tvb, offset, 4, ENC_BIG_ENDIAN);
1305     offset += 4;
1306
1307     return offset;
1308 }
1309
1310 /* sflow v5 MPLS FEC */
1311 static gint
1312 dissect_sflow_5_extended_mpls_fec(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1313     guint32 length;
1314
1315     length = tvb_get_ntohl(tvb, offset);
1316     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_description_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1317     offset += 4;
1318
1319     /* extract MPLS FTN description char by char */
1320     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_description, tvb, offset, length, ENC_NA|ENC_ASCII);
1321     offset += length;
1322     /* get the correct offset by adding padding byte count */
1323     if (length % 4)
1324         offset += (4 - length % 4);
1325
1326     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
1327     offset += 4;
1328
1329     return offset;
1330 }
1331
1332 /* sflow v5 MPLS LVP FEC */
1333 static gint
1334 dissect_sflow_5_extended_mpls_lvp_fec(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1335
1336     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_fec_address_prefix_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1337     offset += 4;
1338     return offset;
1339 }
1340
1341 /* sflow v5 extended VLAN tunnel */
1342 static gint
1343 dissect_sflow_5_extended_vlan_tunnel(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1344     guint32 num, i;
1345
1346     num = tvb_get_ntohl(tvb, offset);
1347     proto_tree_add_item(tree, hf_sflow_5_extended_vlan_tunnel_number_of_layers, tvb, offset, 4, ENC_BIG_ENDIAN);
1348     offset += 4;
1349
1350     /* loop strip 802.1Q TPID/TCI layers. each TPID/TCI pair is represented as a
1351        single 32 bit integer layers listed from outermost to innermost */
1352     for (i = 0; i < num; i++) {
1353         proto_tree_add_item(tree, hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair, tvb, offset, 4, ENC_BIG_ENDIAN);
1354         offset += 4;
1355     }
1356
1357     return offset;
1358 }
1359
1360 /* sflow v5 extended 802.11 payload */
1361 static gint
1362 dissect_sflow_5_extended_80211_payload(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1363     guint32 cipher_suite, OUI, suite_type, length;
1364
1365     cipher_suite = tvb_get_ntohl(tvb, offset);
1366     OUI = cipher_suite >> 8;
1367     suite_type = cipher_suite & 0x000000ff;
1368
1369     if (OUI == 0x000FAC) {
1370         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_oui, tvb, offset, 3, OUI, "Default (0x%X)", OUI);
1371         offset += 3;
1372         proto_tree_add_item(tree, hf_sflow_5_extended_80211_suite_type, tvb, offset, 1, ENC_NA);
1373     } else {
1374         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_oui, tvb, offset, 3, OUI, "Other vender (0x%X)", OUI);
1375         offset += 3;
1376         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_suite_type, tvb, offset, 1,
1377             suite_type, "Vender specific (%u)", suite_type);
1378     }
1379     offset++;
1380
1381     length = tvb_get_ntohl(tvb, offset);
1382     proto_tree_add_item(tree, hf_sflow_5_extended_80211_payload_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1383     offset += 4;
1384
1385     /* extract data byte by byte */
1386     proto_tree_add_item(tree, hf_sflow_5_extended_80211_payload, tvb, offset, length, ENC_NA);
1387     offset += length;
1388     /* get the correct offset by adding padding byte count */
1389     if (length % 4)
1390         offset += (4 - length % 4);
1391
1392     return offset;
1393 }
1394
1395 /* sflow v5 extended 802.11 rx */
1396 static gint
1397 dissect_sflow_5_extended_80211_rx(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1398     guint32 ssid_length, duration;
1399
1400     /* extract SSID char by char. max char count = 32 */
1401     ssid_length = tvb_get_ntohl(tvb, offset);
1402     offset += 4;
1403     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_ssid, tvb, offset, ssid_length, ENC_NA|ENC_ASCII);
1404     offset += ssid_length;
1405     /* get the correct offset by adding padding byte count */
1406     if (ssid_length % 4)
1407         offset += (4 - ssid_length % 4);
1408
1409     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_bssid, tvb, offset, 6, ENC_NA);
1410     /* Padded to 4 byte offset */
1411     offset += 8;
1412
1413     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_version, tvb, offset, 4, ENC_BIG_ENDIAN);
1414     offset += 4;
1415
1416     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
1417     offset += 4;
1418
1419     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_speed, tvb, offset, 8, ENC_BIG_ENDIAN);
1420     offset += 8;
1421
1422     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_rsni, tvb, offset, 4, ENC_BIG_ENDIAN);
1423     offset += 4;
1424
1425     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_rcpi, tvb, offset, 4, ENC_BIG_ENDIAN);
1426     offset += 4;
1427
1428     duration = tvb_get_ntohl(tvb, offset);
1429     if (duration == 0) {
1430         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_rx_packet_duration, tvb, offset, 4, duration, "Unknown");
1431     } else {
1432         proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_packet_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1433     }
1434     offset += 4;
1435
1436     return offset;
1437 }
1438
1439 /* sflow v5 extended 802.11 tx */
1440 static gint
1441 dissect_sflow_5_extended_80211_tx(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1442     guint32 ssid_length, transmissions, packet_duration, retrans_duration;
1443
1444     /* extract SSID char by char. max char count = 32 */
1445     ssid_length = tvb_get_ntohl(tvb, offset);
1446     if (ssid_length > 32)
1447         ssid_length = 32;
1448     offset += 4;
1449     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_ssid, tvb, offset, ssid_length, ENC_NA|ENC_ASCII);
1450     offset += ssid_length;
1451     /* get the correct offset by adding padding byte count */
1452     if (ssid_length % 4)
1453         offset += (4 - ssid_length % 4);
1454
1455     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_bssid, tvb, offset, 6, ENC_NA);
1456     /* Padded to 4 byte offset */
1457     offset += 8;
1458
1459     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_version, tvb, offset, 4, ENC_BIG_ENDIAN);
1460     offset += 4;
1461
1462     transmissions = tvb_get_ntohl(tvb, offset);
1463     switch (transmissions) {
1464         case 0:
1465             proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4,
1466                     0, "Unknown");
1467             break;
1468         case 1:
1469             proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4,
1470                     1, "Packet transmitted sucessfully on first attempt");
1471             break;
1472         default:
1473             proto_tree_add_uint(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4, transmissions - 1);
1474             break;
1475     }
1476     offset += 4;
1477
1478     packet_duration = tvb_get_ntohl(tvb, offset);
1479     if (packet_duration == 0) {
1480         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_packet_duration, tvb, offset, 4, packet_duration, "Unknown");
1481     } else {
1482         proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_packet_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1483     }
1484     offset += 4;
1485
1486     retrans_duration = tvb_get_ntohl(tvb, offset);
1487     if (retrans_duration == 0) {
1488         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmission_duration, tvb, offset, 4, retrans_duration, "Unknown");
1489     } else {
1490         proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_retransmission_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1491     }
1492     offset += 4;
1493
1494     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
1495     offset += 4;
1496
1497     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_speed, tvb, offset, 8, ENC_BIG_ENDIAN);
1498     offset += 8;
1499
1500     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_power, tvb, offset, 4, ENC_BIG_ENDIAN);
1501     offset += 4;
1502
1503     return offset;
1504 }
1505
1506 /* sflow v5 extended 802.11 aggregation */
1507 static gint
1508 dissect_sflow_5_extended_80211_aggregation(tvbuff_t *tvb _U_, proto_tree *tree _U_, gint offset) {
1509
1510     return offset;
1511 }
1512
1513 /* dissect an sflow v2/4 flow sample */
1514 static gint
1515 dissect_sflow_24_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
1516         proto_tree *tree, gint offset, proto_item *parent) {
1517     guint32     sequence_number, sampling_rate, sample_pool, output;
1518
1519     proto_tree *extended_data_tree;
1520     proto_item *ti;
1521     guint32     packet_type, extended_data, ext_type, i;
1522
1523     sequence_number = tvb_get_ntohl(tvb, offset);
1524     proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
1525     proto_item_append_text(parent, ", seq %u", sequence_number);
1526     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_class, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1527     proto_tree_add_item(tree, hf_sflow_flow_sample_index, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1528     sampling_rate = tvb_get_ntohl(tvb, offset + 8);
1529     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset + 8, 4,
1530             sampling_rate, "1 out of %u packets",
1531             sampling_rate);
1532     sample_pool = tvb_get_ntohl(tvb, offset + 12);
1533     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sample_pool, tvb, offset + 12, 4,
1534             sample_pool, "%u total packets",
1535             sample_pool);
1536     proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset + 16, 4, ENC_BIG_ENDIAN);
1537     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface, tvb, offset + 20, 4, ENC_BIG_ENDIAN);
1538     output = tvb_get_ntohl(tvb, offset + 24);
1539     if (output & 0x80000000) {
1540         output & 0x7fffffff ?
1541             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset + 24, 4,
1542                 output & 0x7fffffff, "%u interfaces", output & 0x7fffffff) :
1543             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset + 24, 4,
1544                 0x80000000, "unknown number");
1545     } else {
1546         proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface, tvb, offset + 24, 4, ENC_BIG_ENDIAN);
1547     }
1548     offset += 28;
1549
1550     /* what kind of flow sample is it? */
1551     packet_type = tvb_get_ntohl(tvb, offset);
1552     proto_tree_add_item(tree, hf_sflow_245_packet_information_type, tvb, offset, 4, ENC_BIG_ENDIAN);
1553     offset += 4;
1554     switch (packet_type) {
1555         case SFLOW_245_PACKET_DATA_TYPE_HEADER:
1556             offset = dissect_sflow_245_sampled_header(tvb, pinfo, tree, offset);
1557             break;
1558         case SFLOW_245_PACKET_DATA_TYPE_IPV4:
1559         case SFLOW_245_PACKET_DATA_TYPE_IPV6:
1560         default:
1561             break;
1562     }
1563     /* still need to dissect extended data */
1564     extended_data = tvb_get_ntohl(tvb, offset);
1565     offset += 4;
1566
1567     for (i = 0; i < extended_data; i++) {
1568         /* figure out what kind of extended data it is */
1569         ext_type = tvb_get_ntohl(tvb, offset);
1570
1571         /* create a subtree.  Might want to move this to
1572          * the end, so more info can be correct.
1573          */
1574         ti = proto_tree_add_uint(tree, hf_sflow_245_extended_information_type, tvb, offset, 4, ext_type);
1575         extended_data_tree = proto_item_add_subtree(ti, ett_sflow_245_extended_data);
1576         offset += 4;
1577
1578         switch (ext_type) {
1579             case SFLOW_245_EXTENDED_SWITCH:
1580                 offset = dissect_sflow_245_extended_switch(tvb, extended_data_tree, offset);
1581                 break;
1582             case SFLOW_245_EXTENDED_ROUTER:
1583                 offset = dissect_sflow_245_extended_router(tvb, pinfo, extended_data_tree, offset);
1584                 break;
1585             case SFLOW_245_EXTENDED_GATEWAY:
1586                 offset = dissect_sflow_245_extended_gateway(tvb, pinfo, extended_data_tree, offset);
1587                 break;
1588             case SFLOW_245_EXTENDED_USER:
1589                 break;
1590             case SFLOW_245_EXTENDED_URL:
1591                 break;
1592             default:
1593                 break;
1594         }
1595         proto_item_set_end(ti, tvb, offset);
1596     }
1597     return offset;
1598
1599 }
1600
1601 /* dissect an sflow v5 flow record */
1602 static gint
1603 dissect_sflow_5_flow_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
1604     proto_tree *flow_data_tree;
1605     proto_item *ti;
1606     guint32     enterprise_format, enterprise, format;
1607
1608     /* what kind of flow sample is it? */
1609     enterprise_format = tvb_get_ntohl(tvb, offset);
1610     enterprise = enterprise_format >> 12;
1611     format = enterprise_format & 0x00000fff;
1612
1613     /* only accept default enterprise 0 (InMon sFlow) */
1614     if (enterprise == ENTERPRISE_DEFAULT) {
1615         ti = proto_tree_add_text(tree, tvb, offset, -1, "%s",
1616                 val_to_str_ext_const(format, &sflow_5_flow_record_type_ext, "Unknown sample format"));
1617         flow_data_tree = proto_item_add_subtree(ti, ett_sflow_5_flow_record);
1618
1619         proto_tree_add_uint_format_value(flow_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1620                             enterprise, "standard sFlow (%u)", enterprise);
1621         proto_tree_add_item(flow_data_tree, hf_sflow_5_flow_record_format, tvb, offset, 4, ENC_BIG_ENDIAN);
1622         offset += 4;
1623
1624         proto_tree_add_item(flow_data_tree, hf_sflow_5_flow_data_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1625         offset += 4;
1626
1627         switch (format) {
1628             case SFLOW_5_RAW_PACKET_HEADER:
1629                 offset = dissect_sflow_245_sampled_header(tvb, pinfo, flow_data_tree, offset);
1630                 break;
1631             case SFLOW_5_ETHERNET_FRAME:
1632                 offset = dissect_sflow_5_ethernet_frame(tvb, flow_data_tree, offset);
1633                 break;
1634             case SFLOW_5_IPV4:
1635                 offset = dissect_sflow_5_ipv4(tvb, flow_data_tree, offset);
1636                 break;
1637             case SFLOW_5_IPV6:
1638                 offset = dissect_sflow_5_ipv6(tvb, flow_data_tree, offset);
1639                 break;
1640             case SFLOW_5_SWITCH:
1641                 offset = dissect_sflow_245_extended_switch(tvb, flow_data_tree, offset);
1642                 break;
1643             case SFLOW_5_ROUTER:
1644                 offset = dissect_sflow_245_extended_router(tvb, pinfo, flow_data_tree, offset);
1645                 break;
1646             case SFLOW_5_GATEWAY:
1647                 offset = dissect_sflow_245_extended_gateway(tvb, pinfo, flow_data_tree, offset);
1648                 break;
1649             case SFLOW_5_USER:
1650                 offset = dissect_sflow_5_extended_user(tvb, flow_data_tree, offset);
1651                 break;
1652             case SFLOW_5_URL:
1653                 offset = dissect_sflow_5_extended_url(tvb, flow_data_tree, offset);
1654                 break;
1655             case SFLOW_5_MPLS_DATA:
1656                 offset = dissect_sflow_5_extended_mpls_data(tvb, pinfo, flow_data_tree, offset);
1657                 break;
1658             case SFLOW_5_NAT:
1659                 offset = dissect_sflow_5_extended_nat(tvb, pinfo, flow_data_tree, offset);
1660                 break;
1661             case SFLOW_5_MPLS_TUNNEL:
1662                 offset = dissect_sflow_5_extended_mpls_tunnel(tvb, flow_data_tree, offset);
1663                 break;
1664             case SFLOW_5_MPLS_VC:
1665                 offset = dissect_sflow_5_extended_mpls_vc(tvb, flow_data_tree, offset);
1666                 break;
1667             case SFLOW_5_MPLS_FEC:
1668                 offset = dissect_sflow_5_extended_mpls_fec(tvb, flow_data_tree, offset);
1669                 break;
1670             case SFLOW_5_MPLS_LVP_FEC:
1671                 offset = dissect_sflow_5_extended_mpls_lvp_fec(tvb, flow_data_tree, offset);
1672                 break;
1673             case SFLOW_5_VLAN_TUNNEL:
1674                 offset = dissect_sflow_5_extended_vlan_tunnel(tvb, flow_data_tree, offset);
1675                 break;
1676             case SFLOW_5_80211_PAYLOAD:
1677                 offset = dissect_sflow_5_extended_80211_payload(tvb, flow_data_tree, offset);
1678                 break;
1679             case SFLOW_5_80211_RX:
1680                 offset = dissect_sflow_5_extended_80211_rx(tvb, flow_data_tree, offset);
1681                 break;
1682             case SFLOW_5_80211_TX:
1683                 offset = dissect_sflow_5_extended_80211_tx(tvb, flow_data_tree, offset);
1684                 break;
1685             case SFLOW_5_80211_AGGREGATION:
1686                 offset = dissect_sflow_5_extended_80211_aggregation(tvb, flow_data_tree, offset);
1687                 break;
1688             default:
1689                 break;
1690         }
1691     } else {
1692         /* unknown enterprise format, what to do?? */
1693         ti = proto_tree_add_text(tree, tvb, offset, -1, "Unknown enterprise format");
1694         flow_data_tree = proto_item_add_subtree(ti, ett_sflow_5_flow_record);
1695         proto_tree_add_uint_format_value(flow_data_tree, hf_sflow_enterprise, tvb, offset, -1,
1696                                     enterprise, "Non-standard sFlow (%u)", enterprise);
1697     }
1698     proto_item_set_end(ti, tvb, offset);
1699
1700     return offset;
1701 }
1702
1703 /* dissect generic interface counters */
1704 static gint
1705 dissect_sflow_5_generic_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1706
1707     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifindex, tvb, offset, 4, ENC_BIG_ENDIAN);
1708     offset += 4;
1709     proto_tree_add_item(counter_data_tree, hf_sflow_245_iftype, tvb, offset, 4, ENC_BIG_ENDIAN);
1710     offset += 4;
1711     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifspeed, tvb, offset, 8, ENC_BIG_ENDIAN);
1712     offset += 8;
1713     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifdirection, tvb, offset, 4, ENC_BIG_ENDIAN);
1714     offset += 4;
1715     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifadmin_status, tvb, offset, 4, ENC_BIG_ENDIAN);
1716     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoper_status, tvb, offset, 4, ENC_BIG_ENDIAN);
1717     offset += 4;
1718     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinoct, tvb, offset, 8, ENC_BIG_ENDIAN);
1719     offset += 8;
1720     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
1721     offset += 4;
1722     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1723     offset += 4;
1724     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1725     offset += 4;
1726     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifindisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1727     offset += 4;
1728     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinerr, tvb, offset, 4, ENC_BIG_ENDIAN);
1729     offset += 4;
1730     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinunk, tvb, offset, 4, ENC_BIG_ENDIAN);
1731     offset += 4;
1732     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutoct, tvb, offset, 8, ENC_BIG_ENDIAN);
1733     offset += 8;
1734     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
1735     offset += 4;
1736     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1737     offset += 4;
1738     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1739     offset += 4;
1740     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutdisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1741     offset += 4;
1742     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifouterr, tvb, offset, 4, ENC_BIG_ENDIAN);
1743     offset += 4;
1744     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifpromisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1745     offset += 4;
1746
1747     return offset;
1748 }
1749
1750 /* dissect ethernet interface counters */
1751 static gint
1752 dissect_sflow_5_ethernet_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1753
1754     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsAlignmentErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1755     offset += 4;
1756     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsFCSErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1757     offset += 4;
1758     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSingleCollisionFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1759     offset += 4;
1760     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsMultipleCollisionFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1761     offset += 4;
1762     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSQETestErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1763     offset += 4;
1764     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsDeferredTransmissions, tvb, offset, 4, ENC_BIG_ENDIAN);
1765     offset += 4;
1766     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsLateCollisions, tvb, offset, 4, ENC_BIG_ENDIAN);
1767     offset += 4;
1768     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsExcessiveCollisions, tvb, offset, 4, ENC_BIG_ENDIAN);
1769     offset += 4;
1770     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsInternalMacTransmitErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1771     offset += 4;
1772     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsCarrierSenseErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1773     offset += 4;
1774     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsFrameTooLongs, tvb, offset, 4, ENC_BIG_ENDIAN);
1775     offset += 4;
1776     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsInternalMacReceiveErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1777     offset += 4;
1778     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSymbolErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1779     offset += 4;
1780
1781     return offset;
1782 }
1783
1784 /* dissect token ring counters */
1785 static gint
1786 dissect_sflow_5_token_ring(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1787
1788     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLineErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1789     offset += 4;
1790     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsBurstErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1791     offset += 4;
1792     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsACErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1793     offset += 4;
1794     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsAbortTransErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1795     offset += 4;
1796     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsInternalErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1797     offset += 4;
1798     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLostFrameErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1799     offset += 4;
1800     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsReceiveCongestions, tvb, offset, 4, ENC_BIG_ENDIAN);
1801     offset += 4;
1802     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsFrameCopiedErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1803     offset += 4;
1804     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsTokenErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1805     offset += 4;
1806     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSoftErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1807     offset += 4;
1808     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsHardErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1809     offset += 4;
1810     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSignalLoss, tvb, offset, 4, ENC_BIG_ENDIAN);
1811     offset += 4;
1812     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsTransmitBeacons, tvb, offset, 4, ENC_BIG_ENDIAN);
1813     offset += 4;
1814     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsRecoveries, tvb, offset, 4, ENC_BIG_ENDIAN);
1815     offset += 4;
1816     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLobeWires, tvb, offset, 4, ENC_BIG_ENDIAN);
1817     offset += 4;
1818     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsRemoves, tvb, offset, 4, ENC_BIG_ENDIAN);
1819     offset += 4;
1820     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSingles, tvb, offset, 4, ENC_BIG_ENDIAN);
1821     offset += 4;
1822     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsFreqErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1823     offset += 4;
1824
1825     return offset;
1826 }
1827
1828 /* dissect 100 BaseVG interface counters */
1829 static gint
1830 dissect_sflow_5_vg_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1831
1832     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InHighPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1833     offset += 4;
1834     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1835     offset += 8;
1836     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNormPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1837     offset += 4;
1838     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNormPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1839     offset += 8;
1840     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InIPMErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1841     offset += 4;
1842     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InOversizeFrameErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1843     offset += 4;
1844     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InDataErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1845     offset += 4;
1846     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNullAddressedFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1847     offset += 4;
1848     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12OutHighPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1849     offset += 4;
1850     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12OutHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1851     offset += 8;
1852     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12TransitionIntoTrainings, tvb, offset, 4, ENC_BIG_ENDIAN);
1853     offset += 4;
1854     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCInHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1855     offset += 8;
1856     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCInNormPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1857     offset += 8;
1858     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCOutHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1859     offset += 8;
1860
1861     return offset;
1862 }
1863
1864 /* dissect VLAN counters */
1865 static gint
1866 dissect_sflow_5_vlan(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1867
1868     proto_tree_add_item(counter_data_tree, hf_sflow_245_vlan_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1869     offset += 4;
1870     proto_tree_add_item(counter_data_tree, hf_sflow_245_octets, tvb, offset, 8, ENC_BIG_ENDIAN);
1871     offset += 8;
1872     proto_tree_add_item(counter_data_tree, hf_sflow_245_ucastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1873     offset += 4;
1874     proto_tree_add_item(counter_data_tree, hf_sflow_245_multicastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1875     offset += 4;
1876     proto_tree_add_item(counter_data_tree, hf_sflow_245_broadcastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1877     offset += 4;
1878     proto_tree_add_item(counter_data_tree, hf_sflow_245_discards, tvb, offset, 4, ENC_BIG_ENDIAN);
1879     offset += 4;
1880
1881     return offset;
1882 }
1883
1884 /* dissect 802.11 counters */
1885 static gint
1886 dissect_sflow_5_80211_counters(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1887
1888     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11TransmittedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1889     offset += 4;
1890     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MulticastTransmittedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1891     offset += 4;
1892     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FailedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1893     offset += 4;
1894     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RetryCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1895     offset += 4;
1896     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MultipleRetryCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1897     offset += 4;
1898     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FrameDuplicateCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1899     offset += 4;
1900     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RTSSuccessCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1901     offset += 4;
1902     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RTSFailureCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1903     offset += 4;
1904     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11ACKFailureCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1905     offset += 4;
1906     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11ReceivedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1907     offset += 4;
1908     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MulticastReceivedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1909     offset += 4;
1910     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FCSErrorCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1911     offset += 4;
1912     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11TransmittedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1913     offset += 4;
1914     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11WEPUndecryptableCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1915     offset += 4;
1916     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSDiscardedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1917     offset += 4;
1918     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11AssociatedStationCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1919     offset += 4;
1920     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsReceivedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1921     offset += 4;
1922     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsUnusedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1923     offset += 4;
1924     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsUnusableCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1925     offset += 4;
1926     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsLostCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1927     offset += 4;
1928
1929     return offset;
1930 }
1931
1932 /* dissect processor information */
1933 static gint
1934 dissect_sflow_5_processor_information(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1935
1936     proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_5s, tvb, offset, 4, ENC_BIG_ENDIAN);
1937     offset += 4;
1938     proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_1m, tvb, offset, 4, ENC_BIG_ENDIAN);
1939     offset += 4;
1940     proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_5m, tvb, offset, 4, ENC_BIG_ENDIAN);
1941     offset += 4;
1942     proto_tree_add_item(counter_data_tree, hf_sflow_5_total_memory, tvb, offset, 8, ENC_BIG_ENDIAN);
1943     offset += 8;
1944     proto_tree_add_item(counter_data_tree, hf_sflow_5_free_memory, tvb, offset, 8, ENC_BIG_ENDIAN);
1945     offset += 8;
1946
1947     return offset;
1948 }
1949
1950 /* dissect radio utilization */
1951 static gint
1952 dissect_sflow_5_radio_utilization(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1953
1954     proto_tree_add_item(counter_data_tree, hf_sflow_5_elapsed_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1955     offset += 4;
1956     proto_tree_add_item(counter_data_tree, hf_sflow_5_on_channel_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1957     offset += 4;
1958     proto_tree_add_item(counter_data_tree, hf_sflow_5_on_channel_busy_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1959     offset += 4;
1960
1961     return offset;
1962 }
1963
1964 /* dissect an sflow v5 counters record */
1965 static gint
1966 dissect_sflow_5_counters_record(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1967     proto_tree *counter_data_tree;
1968     proto_item *ti;
1969     guint32     enterprise_format, enterprise, format;
1970
1971     /* what kind of flow sample is it? */
1972     enterprise_format = tvb_get_ntohl(tvb, offset);
1973     enterprise = enterprise_format >> 12;
1974     format = enterprise_format & 0x00000fff;
1975
1976     if (enterprise == ENTERPRISE_DEFAULT) { /* only accept default enterprise 0 (InMon sFlow) */
1977         ti = proto_tree_add_text(tree, tvb, offset, -1, "%s",
1978                 val_to_str_const(format, sflow_5_counters_record_type, "Unknown sample format"));
1979         counter_data_tree = proto_item_add_subtree(ti, ett_sflow_5_counters_record);
1980
1981         proto_tree_add_uint_format_value(counter_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1982                                 enterprise, "standard sFlow (%u)", enterprise);
1983
1984         proto_tree_add_item(counter_data_tree, hf_sflow_5_counters_record_format, tvb, offset, 4, ENC_BIG_ENDIAN);
1985         offset += 4;
1986
1987         proto_tree_add_item(counter_data_tree, hf_sflow_5_flow_data_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1988         offset += 4;
1989
1990         switch (format) {
1991             case SFLOW_5_GENERIC_INTERFACE:
1992                 offset = dissect_sflow_5_generic_interface(counter_data_tree, tvb, offset);
1993                 break;
1994             case SFLOW_5_ETHERNET_INTERFACE:
1995                 offset = dissect_sflow_5_ethernet_interface(counter_data_tree, tvb, offset);
1996                 break;
1997             case SFLOW_5_TOKEN_RING:
1998                 offset = dissect_sflow_5_token_ring(counter_data_tree, tvb, offset);
1999                 break;
2000             case SFLOW_5_100BASE_VG_INTERFACE:
2001                 offset = dissect_sflow_5_vg_interface(counter_data_tree, tvb, offset);
2002                 break;
2003             case SFLOW_5_VLAN:
2004                 offset = dissect_sflow_5_vlan(counter_data_tree, tvb, offset);
2005                 break;
2006             case SFLOW_5_80211_COUNTERS:
2007                 offset = dissect_sflow_5_80211_counters(counter_data_tree, tvb, offset);
2008                 break;
2009             case SFLOW_5_PROCESSOR:
2010                 offset = dissect_sflow_5_processor_information(counter_data_tree, tvb, offset);
2011                 break;
2012             case SFLOW_5_RADIO_UTILIZATION:
2013                 offset = dissect_sflow_5_radio_utilization(counter_data_tree, tvb, offset);
2014                 break;
2015             default:
2016                 break;
2017         }
2018     } else { /* unknown enterprise format, what to do?? */
2019         ti = proto_tree_add_text(tree, tvb, offset, -1, "Unknown enterprise format");
2020         counter_data_tree = proto_item_add_subtree(ti, ett_sflow_5_counters_record);
2021         proto_tree_add_uint_format_value(counter_data_tree, hf_sflow_enterprise, tvb, offset, -1,
2022                         enterprise, "Non-standard sFlow (%u)", enterprise);
2023     }
2024     proto_item_set_end(ti, tvb, offset);
2025
2026     return offset;
2027 }
2028
2029 /* dissect an sflow v5 flow sample */
2030 static void
2031 dissect_sflow_5_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
2032         proto_tree *tree, gint offset, proto_item *parent) {
2033
2034     guint32 sequence_number, sampling_rate, sample_pool,
2035             output, records, i;
2036
2037     sequence_number = tvb_get_ntohl(tvb, offset);
2038     proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2039     offset += 4;
2040     proto_item_append_text(parent, ", seq %u", sequence_number);
2041
2042     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_class, tvb, offset, 4, ENC_BIG_ENDIAN);
2043     proto_tree_add_item(tree, hf_sflow_flow_sample_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2044     offset += 4;
2045     sampling_rate = tvb_get_ntohl(tvb, offset);
2046     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset, 4,
2047             sampling_rate, "1 out of %u packets", sampling_rate);
2048     offset += 4;
2049     sample_pool = tvb_get_ntohl(tvb, offset);
2050     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sample_pool, tvb, offset, 4,
2051             sample_pool, "%u total packets", sample_pool);
2052     offset += 4;
2053     proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset, 4, ENC_BIG_ENDIAN);
2054     offset += 4;
2055     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface, tvb, offset, 4, ENC_BIG_ENDIAN);
2056     offset += 4;
2057     output = tvb_get_ntohl(tvb, offset);
2058     if (output & 0x80000000) {
2059         output & 0x7fffffff ?
2060             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset, 4,
2061                 output & 0x7fffffff, "%u interfaces", output & 0x7fffffff) :
2062             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset, 4,
2063                 0x80000000, "unknown number");
2064     } else {
2065         proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface, tvb, offset, 4, ENC_BIG_ENDIAN);
2066     }
2067     offset += 4;
2068     records = tvb_get_ntohl(tvb, offset);
2069     proto_tree_add_item(tree, hf_sflow_flow_sample_flow_record, tvb, offset, 4, ENC_BIG_ENDIAN);
2070     offset += 4;
2071
2072     /* start loop processing flow records */
2073     /* we set an upper records limit to 255 in case corrupted data causes
2074      * huge number of loops! */
2075     for (i = 0; i < (records&0x000000ff); i++) {
2076         offset = dissect_sflow_5_flow_record(tvb, pinfo, tree, offset);
2077     }
2078
2079 }
2080
2081 /* dissect an expanded flow sample */
2082 static void
2083 dissect_sflow_5_expanded_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
2084         proto_tree *tree, gint offset, proto_item *parent) {
2085
2086     guint32 sequence_number, sampling_rate, sample_pool, records, i;
2087
2088     sequence_number = tvb_get_ntohl(tvb, offset);
2089     proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2090     offset += 4;
2091     proto_item_append_text(parent, ", seq %u", sequence_number);
2092     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2093     offset += 4;
2094     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2095     offset += 4;
2096     sampling_rate = tvb_get_ntohl(tvb, offset);
2097     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset, 4,
2098             sampling_rate, "1 out of %u packets", sampling_rate);
2099     offset += 4;
2100     sample_pool = tvb_get_ntohl(tvb, offset);
2101     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sample_pool, tvb, offset, 4,
2102             sample_pool, "%u total packets", sample_pool);
2103     offset += 4;
2104     proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset, 4, ENC_BIG_ENDIAN);
2105     offset += 4;
2106     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface_format, tvb, offset, 4, ENC_BIG_ENDIAN);
2107     offset += 4;
2108     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface_value, tvb, offset, 4, ENC_BIG_ENDIAN);
2109     offset += 4;
2110     proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface_format, tvb, offset, 4, ENC_BIG_ENDIAN);
2111     offset += 4;
2112     proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface_value, tvb, offset, 4, ENC_BIG_ENDIAN);
2113     offset += 4;
2114     records = tvb_get_ntohl(tvb, offset);
2115     proto_tree_add_item(tree, hf_sflow_flow_sample_flow_record, tvb, offset, 4, ENC_BIG_ENDIAN);
2116     offset += 4;
2117
2118     /* start loop processing flow records
2119      * we limit record count to 255 in case corrupted data may cause huge number of loops */
2120     for (i = 0; i < (records&0x000000ff); i++) {
2121         offset = dissect_sflow_5_flow_record(tvb, pinfo, tree, offset);
2122     }
2123 }
2124
2125 /* dissect an sflow v2/4 counters sample */
2126 static gint
2127 dissect_sflow_24_counters_sample(tvbuff_t *tvb, proto_tree *tree, gint offset, proto_item *parent) {
2128
2129     guint32 sequence_number, counters_type;
2130
2131     sequence_number = tvb_get_ntohl(tvb, offset);
2132     proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2133     proto_item_append_text(parent, ", seq %u", sequence_number);
2134
2135     proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_class, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
2136     proto_tree_add_item(tree, hf_sflow_counters_sample_index, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
2137     proto_tree_add_item(tree, hf_sflow_counters_sample_sampling_interval, tvb, offset + 8, 4, ENC_BIG_ENDIAN);
2138     counters_type = tvb_get_ntohl(tvb, offset + 12);
2139     proto_tree_add_item(tree, hf_sflow_counters_sample_counters_type, tvb, offset + 12, 4, ENC_BIG_ENDIAN);
2140
2141     offset += 16;
2142
2143     /* most counters types have the "generic" counters first */
2144     switch (counters_type) {
2145         case SFLOW_245_COUNTERS_GENERIC:
2146         case SFLOW_245_COUNTERS_ETHERNET:
2147         case SFLOW_245_COUNTERS_TOKENRING:
2148         case SFLOW_245_COUNTERS_FDDI:
2149         case SFLOW_245_COUNTERS_VG:
2150         case SFLOW_245_COUNTERS_WAN:
2151             proto_tree_add_item(tree, hf_sflow_245_ifindex, tvb, offset, 4, ENC_BIG_ENDIAN);
2152             proto_item_append_text(parent, ", ifIndex %u", tvb_get_ntohl(tvb, offset));
2153             offset += 4;
2154             proto_tree_add_item(tree, hf_sflow_245_iftype, tvb, offset, 4, ENC_BIG_ENDIAN);
2155             offset += 4;
2156             proto_tree_add_item(tree, hf_sflow_245_ifspeed, tvb, offset, 8, ENC_BIG_ENDIAN);
2157             offset += 8;
2158             proto_tree_add_item(tree, hf_sflow_245_ifdirection, tvb, offset, 4, ENC_BIG_ENDIAN);
2159             offset += 4;
2160             proto_tree_add_item(tree, hf_sflow_245_ifadmin_status, tvb, offset, 4, ENC_BIG_ENDIAN);
2161             proto_tree_add_item(tree, hf_sflow_245_ifoper_status, tvb, offset, 4, ENC_BIG_ENDIAN);
2162             offset += 4;
2163             proto_tree_add_item(tree, hf_sflow_245_ifinoct, tvb, offset, 8, ENC_BIG_ENDIAN);
2164             offset += 8;
2165             proto_tree_add_item(tree, hf_sflow_245_ifinpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
2166             offset += 4;
2167             proto_tree_add_item(tree, hf_sflow_245_ifinmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2168             offset += 4;
2169             proto_tree_add_item(tree, hf_sflow_245_ifinbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2170             offset += 4;
2171             proto_tree_add_item(tree, hf_sflow_245_ifindisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2172             offset += 4;
2173             proto_tree_add_item(tree, hf_sflow_245_ifinerr, tvb, offset, 4, ENC_BIG_ENDIAN);
2174             offset += 4;
2175             proto_tree_add_item(tree, hf_sflow_245_ifinunk, tvb, offset, 4, ENC_BIG_ENDIAN);
2176             offset += 4;
2177             proto_tree_add_item(tree, hf_sflow_245_ifoutoct, tvb, offset, 8, ENC_BIG_ENDIAN);
2178             offset += 8;
2179             proto_tree_add_item(tree, hf_sflow_245_ifoutpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
2180             offset += 4;
2181             proto_tree_add_item(tree, hf_sflow_245_ifoutmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2182             offset += 4;
2183             proto_tree_add_item(tree, hf_sflow_245_ifoutbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2184             offset += 4;
2185             proto_tree_add_item(tree, hf_sflow_245_ifoutdisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2186             offset += 4;
2187             proto_tree_add_item(tree, hf_sflow_245_ifouterr, tvb, offset, 4, ENC_BIG_ENDIAN);
2188             offset += 4;
2189             proto_tree_add_item(tree, hf_sflow_245_ifpromisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2190             offset += 4;
2191             break;
2192     }
2193
2194     /* Some counter types have other info to gather */
2195     switch (counters_type) {
2196         case SFLOW_245_COUNTERS_ETHERNET:
2197             offset += (int)sizeof (struct ethernet_counters);
2198             break;
2199         case SFLOW_245_COUNTERS_TOKENRING:
2200             offset = dissect_sflow_5_token_ring(tree, tvb, offset);
2201             break;
2202         case SFLOW_245_COUNTERS_VG:
2203             offset = dissect_sflow_5_vg_interface(tree, tvb, offset);
2204             break;
2205         case SFLOW_245_COUNTERS_VLAN:
2206             offset = dissect_sflow_5_vlan(tree, tvb, offset);
2207             break;
2208         default:
2209             break;
2210     }
2211     return offset;
2212 }
2213
2214 /* dissect an sflow v5 counters sample */
2215 static void
2216 dissect_sflow_5_counters_sample(tvbuff_t *tvb, proto_tree *tree, gint offset, proto_item *parent) {
2217     guint32 sequence_number, records, i;
2218
2219     /* grab the flow header.  This will remain in network byte
2220        order, so must convert each item before use */
2221     sequence_number = tvb_get_ntohl(tvb, offset);
2222     proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2223     proto_item_append_text(parent, ", seq %u", sequence_number);
2224     offset += 4;
2225     proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2226     proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2227     offset += 4;
2228     records = tvb_get_ntohl(tvb, offset);
2229     proto_tree_add_item(tree, hf_sflow_counters_sample_counters_records, tvb, offset, 4, ENC_BIG_ENDIAN);
2230     offset += 4;
2231
2232     /* start loop processing counters records
2233      * limit record count to 255 in case corrupted data may cause huge number of loops */
2234     for (i = 0; i < (records&0x000000ff); i++) {
2235         offset = dissect_sflow_5_counters_record(tvb, tree, offset);
2236     }
2237 }
2238
2239 /* dissect an expanded counters sample */
2240 static void
2241 dissect_sflow_5_expanded_counters_sample(tvbuff_t *tvb, proto_tree *tree, gint offset, proto_item *parent) {
2242     guint32 sequence_number, records, i;
2243
2244     sequence_number = tvb_get_ntohl(tvb, offset);
2245     proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2246     proto_item_append_text(parent, ", seq %u", sequence_number);
2247     offset += 4;
2248     proto_tree_add_item(tree, hf_sflow_counters_sample_expanded_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2249     offset += 4;
2250     proto_tree_add_item(tree, hf_sflow_counters_sample_expanded_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2251     offset += 4;
2252     records = tvb_get_ntohl(tvb, offset);
2253     proto_tree_add_item(tree, hf_sflow_counters_sample_counters_records, tvb, offset, 4, ENC_BIG_ENDIAN);
2254     offset += 4;
2255
2256     /* start loop processing counters records
2257      * limit record count to 255 in case corrupted data may cause huge number of loops */
2258     for (i = 0; i < (records&0x000000ff); i++) {
2259         offset = dissect_sflow_5_counters_record(tvb, tree, offset);
2260     }
2261 }
2262
2263 /* Code to dissect the sflow v2/4/5 samples */
2264 static gint
2265 dissect_sflow_245_samples(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset, guint32 version) {
2266     proto_tree *sflow_245_sample_tree;
2267     proto_item *ti;             /* tree item */
2268     guint32     sample_type, enterprise, format, length;
2269
2270     /* decide what kind of sample it is. */
2271     sample_type = tvb_get_ntohl(tvb, offset);
2272     if (version == 5) {
2273         enterprise = sample_type >> 12;
2274         format = sample_type & 0x00000fff;
2275
2276         if (enterprise == ENTERPRISE_DEFAULT) { /* only accept default enterprise 0 (InMon sFlow) */
2277             ti = proto_tree_add_text(tree, tvb, offset, -1, "%s",
2278                     val_to_str_const(format, sflow_245_sampletype, "Unknown sample format"));
2279             sflow_245_sample_tree = proto_item_add_subtree(ti, ett_sflow_245_sample);
2280
2281             proto_tree_add_uint_format_value(sflow_245_sample_tree, hf_sflow_enterprise, tvb, offset, 4, enterprise, "standard sFlow (%u)", enterprise);
2282             proto_tree_add_item(sflow_245_sample_tree, hf_sflow_245_sampletype12, tvb, offset, 4, ENC_BIG_ENDIAN);
2283             offset += 4;
2284
2285             length = tvb_get_ntohl(tvb, offset);
2286             proto_tree_add_item(sflow_245_sample_tree, hf_sflow_5_sample_length, tvb, offset, 4, ENC_BIG_ENDIAN);
2287             offset += 4;
2288
2289             switch (format) {
2290                 case FLOWSAMPLE:
2291                     dissect_sflow_5_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2292                     break;
2293                 case COUNTERSSAMPLE:
2294                     dissect_sflow_5_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2295                     break;
2296                 case EXPANDED_FLOWSAMPLE:
2297                     dissect_sflow_5_expanded_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2298                     break;
2299                 case EXPANDED_COUNTERSSAMPLE:
2300                     dissect_sflow_5_expanded_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2301                     break;
2302                 default:
2303                     break;
2304             }
2305             /* Make sure the length doesn't run past the end of the packet */
2306             tvb_ensure_bytes_exist(tvb, offset, length);
2307             /* current offset points to sample length field, which is 4 bytes from the beginning of the packet*/
2308             offset += length;
2309         } else { /* unknown enterprise format, what to do?? */
2310             ti = proto_tree_add_text(tree, tvb, offset, -1, "Unknown enterprise format");
2311             sflow_245_sample_tree = proto_item_add_subtree(ti, ett_sflow_245_sample);
2312             proto_tree_add_uint_format_value(sflow_245_sample_tree, hf_sflow_enterprise, tvb, offset, -1,
2313                             enterprise, "Non-standard sFlow (%u)", enterprise);
2314         }
2315
2316     } else { /* version 2 or 4 */
2317         ti = proto_tree_add_text(tree, tvb, offset, -1, "%s",
2318                 val_to_str_const(sample_type, sflow_245_sampletype, "Unknown sample type"));
2319         sflow_245_sample_tree = proto_item_add_subtree(ti, ett_sflow_245_sample);
2320
2321         proto_tree_add_item(sflow_245_sample_tree, hf_sflow_245_sampletype, tvb, offset, 4, ENC_BIG_ENDIAN);
2322         offset += 4;
2323
2324         switch (sample_type) {
2325             case FLOWSAMPLE:
2326                 offset = dissect_sflow_24_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2327                 break;
2328             case COUNTERSSAMPLE:
2329                 offset = dissect_sflow_24_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2330                 break;
2331             default:
2332                 break;
2333         }
2334     }
2335     proto_item_set_end(ti, tvb, offset);
2336
2337     return offset;
2338 }
2339
2340 /* Code to actually dissect the packets */
2341 static int
2342 dissect_sflow_245(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2343 {
2344     /* Set up structures needed to add the protocol subtree and manage it */
2345     proto_item                   *ti;
2346     proto_tree                   *sflow_245_tree;
2347     guint32                       version, sub_agent_id, seqnum;
2348     struct sflow_address_details  addr_details;
2349     struct sflow_address_type     addr_type;
2350
2351     guint32        numsamples;
2352     volatile guint offset = 0;
2353     guint          i      = 0;
2354
2355     addr_type.hf_addr_v4 = hf_sflow_agent_address_v4;
2356     addr_type.hf_addr_v6 = hf_sflow_agent_address_v6;
2357
2358     /*
2359      * We fetch the version and address type so that we can determine,
2360      * ahead of time, whether this is an sFlow packet or not, before
2361      * we do *anything* to the columns or the protocol tree.
2362      *
2363      * XXX - we might want to deem this "not sFlow" if we don't have at
2364      * least 8 bytes worth of data.
2365      */
2366     version = tvb_get_ntohl(tvb, offset);
2367     if (version != 2 && version != 4 && version != 5) {
2368        /* Unknown version; assume it's not an sFlow packet. */
2369        return 0;
2370     }
2371     addr_details.addr_type = tvb_get_ntohl(tvb, offset + 4);
2372     switch (addr_details.addr_type) {
2373         case ADDR_TYPE_UNKNOWN:
2374         case ADDR_TYPE_IPV4:
2375         case ADDR_TYPE_IPV6:
2376             break;
2377
2378         default:
2379             /*
2380              * Address type we don't know about; assume it's not an sFlow
2381              * packet.
2382              */
2383             return 0;
2384     }
2385
2386     /* Make entries in Protocol column and Info column on summary display */
2387     col_set_str(pinfo->cinfo, COL_PROTOCOL, "sFlow");
2388
2389     /* create display subtree for the protocol */
2390     ti = proto_tree_add_item(tree, proto_sflow, tvb, 0, -1, ENC_NA);
2391
2392     sflow_245_tree = proto_item_add_subtree(ti, ett_sflow_245);
2393
2394     col_add_fstr(pinfo->cinfo, COL_INFO, "V%u", version);
2395     proto_tree_add_item(sflow_245_tree, hf_sflow_version, tvb, offset, 4, ENC_BIG_ENDIAN);
2396     offset += 4;
2397
2398     offset = dissect_sflow_245_address_type(tvb, pinfo, sflow_245_tree, offset,
2399                                             &addr_type, &addr_details);
2400     switch (addr_details.addr_type) {
2401         case ADDR_TYPE_UNKNOWN:
2402             break;
2403         case ADDR_TYPE_IPV4:
2404             col_append_fstr(pinfo->cinfo, COL_INFO, ", agent %s", ip_to_str(addr_details.agent_address.v4));
2405             break;
2406         case ADDR_TYPE_IPV6:
2407             col_append_fstr(pinfo->cinfo, COL_INFO, ", agent %s",
2408                     ip6_to_str((struct e_in6_addr *) addr_details.agent_address.v6));
2409             break;
2410     }
2411
2412     if (version == 5) {
2413         sub_agent_id = tvb_get_ntohl(tvb, offset);
2414         col_append_fstr(pinfo->cinfo, COL_INFO, ", sub-agent ID %u", sub_agent_id);
2415         proto_tree_add_uint(sflow_245_tree, hf_sflow_5_sub_agent_id, tvb, offset, 4, sub_agent_id);
2416         offset += 4;
2417     }
2418     seqnum = tvb_get_ntohl(tvb, offset);
2419     col_append_fstr(pinfo->cinfo, COL_INFO, ", seq %u", seqnum);
2420     proto_tree_add_uint(sflow_245_tree, hf_sflow_245_seqnum, tvb, offset, 4, seqnum);
2421     offset += 4;
2422     proto_tree_add_item(sflow_245_tree, hf_sflow_245_sysuptime, tvb, offset, 4, ENC_BIG_ENDIAN);
2423     offset += 4;
2424     numsamples = tvb_get_ntohl(tvb, offset);
2425     col_append_fstr(pinfo->cinfo, COL_INFO, ", %u samples", numsamples);
2426     proto_tree_add_uint(sflow_245_tree, hf_sflow_245_numsamples, tvb, offset, 4, numsamples);
2427     offset += 4;
2428
2429     /* Ok, we're now at the end of the sflow_245 datagram header;
2430      * everything from here out should be samples. Loop over
2431      * the expected number of samples, and pass them to the appropriate
2432      * dissectors.
2433      */
2434
2435     /* limit number of samples to 255 to avoid huge number of loops
2436      * caused by corrupted data */
2437     for (i = 0; i < (numsamples & 0x000000ff); i++) {
2438         offset = dissect_sflow_245_samples(tvb, pinfo, sflow_245_tree, offset, version);
2439     }
2440
2441     return tvb_length(tvb);
2442 }
2443
2444 /* Register the protocol with Wireshark */
2445
2446 void
2447 proto_register_sflow(void) {
2448
2449     module_t *sflow_245_module;
2450
2451     /* Setup list of header fields  See Section 1.6.1 for details*/
2452     static hf_register_info hf[] = {
2453         { &hf_sflow_version,
2454             { "Datagram version", "sflow_245.version",
2455                 FT_UINT32, BASE_DEC, NULL, 0x0,
2456                 "sFlow datagram version", HFILL}},
2457         { &hf_sflow_agent_address_v4,
2458             { "Agent address", "sflow_245.agent",
2459                 FT_IPv4, BASE_NONE, NULL, 0x0,
2460                 "sFlow Agent IP address", HFILL}},
2461         { &hf_sflow_agent_address_v6,
2462             { "Agent address", "sflow_245.agent.v6",
2463                 FT_IPv6, BASE_NONE, NULL, 0x0,
2464                 "sFlow Agent IPv6 address", HFILL}},
2465         { &hf_sflow_5_sub_agent_id,
2466             { "Sub-agent ID", "sflow_245.sub_agent_id",
2467                 FT_UINT32, BASE_DEC, NULL, 0x0,
2468                 "sFlow sub-agent ID", HFILL}},
2469         { &hf_sflow_5_sample_length,
2470             { "Sample length (byte)", "sflow_5.sample_length",
2471                 FT_UINT32, BASE_DEC, NULL, 0x0,
2472                 "sFlow sample length", HFILL}},
2473         { &hf_sflow_5_flow_data_length,
2474             { "Flow data length (byte)", "sflow_5.flow_data_length",
2475                 FT_UINT32, BASE_DEC, NULL, 0x0,
2476                 "sFlow flow data length", HFILL}},
2477 #if 0
2478         { &hf_sflow_5_counters_data_length,
2479             { "Counters data length (byte)", "sflow_5.counter_data_length",
2480                 FT_UINT32, BASE_DEC, NULL, 0x0,
2481                 "sFlow counters data length", HFILL}},
2482 #endif
2483         { &hf_sflow_245_seqnum,
2484             { "Sequence number", "sflow_245.sequence_number",
2485                 FT_UINT32, BASE_DEC, NULL, 0x0,
2486                 "sFlow datagram sequence number", HFILL}},
2487         { &hf_sflow_245_sysuptime,
2488             { "SysUptime", "sflow_245.sysuptime",
2489                 FT_UINT32, BASE_DEC, NULL, 0x0,
2490                 "System Uptime", HFILL}},
2491         { &hf_sflow_245_numsamples,
2492             { "NumSamples", "sflow_245.numsamples",
2493                 FT_UINT32, BASE_DEC, NULL, 0x0,
2494                 "Number of samples in sFlow datagram", HFILL}},
2495         { &hf_sflow_245_sampletype,
2496             { "sFlow sample type", "sflow_245.sampletype",
2497                 FT_UINT32, BASE_DEC, VALS(sflow_245_sampletype), 0x0,
2498                 "Type of sFlow sample", HFILL}},
2499         { &hf_sflow_245_sampletype12,
2500             { "sFlow sample type", "sflow_245.sampletype",
2501                 FT_UINT32, BASE_DEC, VALS(sflow_245_sampletype), 0x00000FFF,
2502                 "Type of sFlow sample", HFILL}},
2503 #if 0
2504         { &hf_sflow_5_ieee80211_version,
2505             { "Version", "sflow_245.ieee80211_version",
2506                 FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
2507                 "IEEE 802.11 Version", HFILL}},
2508 #endif
2509         { &hf_sflow_245_ipv4_precedence_type,
2510             { "Precedence", "sflow_245.ipv4_precedence_type",
2511                 FT_UINT8, BASE_DEC, VALS(sflow_245_ipv4_precedence_types), 0xE0,
2512                 "IPv4 Precedence Type", HFILL}},
2513         { &hf_sflow_5_flow_record_format,
2514             { "Format", "sflow_245.flow_record_format",
2515                 FT_UINT32, BASE_DEC | BASE_EXT_STRING, &sflow_5_flow_record_type_ext, 0x0,
2516                 "Format of sFlow flow record", HFILL}},
2517         { &hf_sflow_5_counters_record_format,
2518             { "Format", "sflow_245.counters_record_format",
2519                 FT_UINT32, BASE_DEC, VALS(sflow_5_counters_record_type), 0x00000FFF,
2520                 "Format of sFlow counters record", HFILL}},
2521         { &hf_sflow_245_header_protocol,
2522             { "Header protocol", "sflow_245.header_protocol",
2523                 FT_UINT32, BASE_DEC | BASE_EXT_STRING, &sflow_245_header_protocol_ext, 0x0,
2524                 "Protocol of sampled header", HFILL}},
2525         { &hf_sflow_245_header,
2526             { "Header of sampled packet", "sflow_245.header",
2527                 FT_BYTES, BASE_NONE, NULL, 0x0,
2528                 "Data from sampled header", HFILL}},
2529         { &hf_sflow_245_packet_information_type,
2530             { "Sample type", "sflow_245.packet_information_type",
2531                 FT_UINT32, BASE_DEC, VALS(sflow_245_packet_information_type), 0x0,
2532                 "Type of sampled information", HFILL}},
2533         { &hf_sflow_245_extended_information_type,
2534             { "Extended information type", "sflow_245.extended_information_type",
2535                 FT_UINT32, BASE_DEC, VALS(sflow_245_extended_data_types), 0x0,
2536                 "Type of extended information", HFILL}},
2537         { &hf_sflow_245_vlan_in,
2538             { "Incoming 802.1Q VLAN", "sflow_245.vlan.in",
2539                 FT_UINT32, BASE_DEC, NULL, 0x0,
2540                 "Incoming VLAN ID", HFILL}},
2541         { &hf_sflow_245_vlan_out,
2542             { "Outgoing 802.1Q VLAN", "sflow_245.vlan.out",
2543                 FT_UINT32, BASE_DEC, NULL, 0x0,
2544                 "Outgoing VLAN ID", HFILL}},
2545         { &hf_sflow_245_pri_in,
2546             { "Incoming 802.1p priority", "sflow_245.pri.in",
2547                 FT_UINT32, BASE_DEC, NULL, 0x0,
2548                 NULL, HFILL}},
2549         { &hf_sflow_245_pri_out,
2550             { "Outgoing 802.1p priority", "sflow_245.pri.out",
2551                 FT_UINT32, BASE_DEC, NULL, 0x0,
2552                 NULL, HFILL}},
2553         { &hf_sflow_245_nexthop_v4,
2554             { "Next hop", "sflow_245.nexthop",
2555                 FT_IPv4, BASE_NONE, NULL, 0x0,
2556                 "Next hop address", HFILL}},
2557         { &hf_sflow_245_ipv4_src,
2558             { "Source IP address", "sflow_245.ipv4_src",
2559                 FT_IPv4, BASE_NONE, NULL, 0x0,
2560                 "Source IPv4 address", HFILL}},
2561         { &hf_sflow_245_ipv4_dst,
2562             { "Destination IP address", "sflow_245.ipv4_dst",
2563                 FT_IPv4, BASE_NONE, NULL, 0x0,
2564                 "Destination IPv4 address", HFILL}},
2565         { &hf_sflow_245_nexthop_v6,
2566             { "Next hop", "sflow_245.nexthop",
2567                 FT_IPv6, BASE_NONE, NULL, 0x0,
2568                 "Next hop address", HFILL}},
2569         { &hf_sflow_245_ipv6_src,
2570             { "Source IP address", "sflow_245.ipv6_src",
2571                 FT_IPv6, BASE_NONE, NULL, 0x0,
2572                 "Source IPv6 address", HFILL}},
2573         { &hf_sflow_245_ipv6_dst,
2574             { "Destination IP address", "sflow_245.ipv6_dst",
2575                 FT_IPv6, BASE_NONE, NULL, 0x0,
2576                 "Destination IPv6 address", HFILL}},
2577         { &hf_sflow_245_nexthop_src_mask,
2578             { "Next hop source mask", "sflow_245.nexthop.src_mask",
2579                 FT_UINT32, BASE_DEC, NULL, 0x0,
2580                 "Next hop source mask bits", HFILL}},
2581         { &hf_sflow_245_nexthop_dst_mask,
2582             { "Next hop destination mask", "sflow_245.nexthop.dst_mask",
2583                 FT_UINT32, BASE_DEC, NULL, 0x0,
2584                 "Next hop destination mask bits", HFILL}},
2585         { &hf_sflow_245_ifindex,
2586             { "Interface index", "sflow_245.ifindex",
2587                 FT_UINT32, BASE_DEC, NULL, 0x0,
2588                 NULL, HFILL}},
2589         { &hf_sflow_245_as,
2590             { "AS Router", "sflow_245.as",
2591                 FT_UINT32, BASE_DEC, NULL, 0x0,
2592                 "Autonomous System of Router", HFILL}},
2593         { &hf_sflow_245_src_as,
2594             { "AS Source", "sflow_245.srcAS",
2595                 FT_UINT32, BASE_DEC, NULL, 0x0,
2596                 "Autonomous System of Source", HFILL}},
2597         { &hf_sflow_245_src_peer_as,
2598             { "AS Peer", "sflow_245.peerAS",
2599                 FT_UINT32, BASE_DEC, NULL, 0x0,
2600                 "Autonomous System of Peer", HFILL}},
2601         { &hf_sflow_245_dst_as_entries,
2602             { "AS Destinations", "sflow_245.dstASentries",
2603                 FT_UINT32, BASE_DEC, NULL, 0x0,
2604                 "Autonomous System destinations", HFILL}},
2605         { &hf_sflow_245_dst_as,
2606             { "AS Destination", "sflow_245.dstAS",
2607                 FT_UINT32, BASE_DEC, NULL, 0x0,
2608                 "Autonomous System destination", HFILL}},
2609         /* Needed for sFlow >= 4.  If I had a capture to test... */
2610         { &hf_sflow_245_community_entries,
2611             { "Gateway Communities", "sflow_245.communityEntries",
2612                 FT_UINT32, BASE_DEC, NULL, 0x0,
2613                 NULL, HFILL}},
2614 #if 0
2615         { &hf_sflow_245_community,
2616             { "Gateway Community", "sflow_245.community",
2617                 FT_UINT32, BASE_DEC, NULL, 0x0,
2618                 "Gateway Communities", HFILL}},
2619 #endif
2620         { &hf_sflow_245_localpref,
2621             { "localpref", "sflow_245.localpref",
2622                 FT_UINT32, BASE_DEC, NULL, 0x0,
2623                 "Local preferences of AS route", HFILL}},
2624         /**/
2625         { &hf_sflow_245_iftype,
2626             { "Interface Type", "sflow_245.iftype",
2627                 FT_UINT32, BASE_DEC, NULL, 0x0,
2628                 NULL, HFILL}},
2629         { &hf_sflow_245_ifspeed,
2630             { "Interface Speed", "sflow_245.ifspeed",
2631                 FT_UINT64, BASE_DEC, NULL, 0x0,
2632                 NULL, HFILL}},
2633         { &hf_sflow_245_ifdirection,
2634             { "Interface Direction", "sflow_245.ifdirection",
2635                 FT_UINT32, BASE_DEC, VALS(sflow_ifdirection_vals), 0x0,
2636                 NULL, HFILL}},
2637         { &hf_sflow_245_ifadmin_status,
2638             { "IfAdminStatus", "sflow_245.ifadmin_status",
2639                 FT_BOOLEAN, 32, TFS(&tfs_up_down), 0x00000001,
2640                 NULL, HFILL}},
2641         { &hf_sflow_245_ifoper_status,
2642             { "IfOperStatus", "sflow_245.ifoper_status",
2643                 FT_BOOLEAN, 32, TFS(&tfs_up_down), 0x00000002,
2644                 NULL, HFILL}},
2645         { &hf_sflow_245_ifinoct,
2646             { "Input Octets", "sflow_245.ifinoct",
2647                 FT_UINT64, BASE_DEC, NULL, 0x0,
2648                 NULL, HFILL}},
2649         { &hf_sflow_245_ifinpkt,
2650             { "Input Packets", "sflow_245.ifinpkt",
2651                 FT_UINT32, BASE_DEC, NULL, 0x0,
2652                 NULL, HFILL}},
2653         { &hf_sflow_245_ifinmcast,
2654             { "Input Multicast Packets", "sflow_245.ifinmcast",
2655                 FT_UINT32, BASE_DEC, NULL, 0x0,
2656                 NULL, HFILL}},
2657         { &hf_sflow_245_ifinbcast,
2658             { "Input Broadcast Packets", "sflow_245.ifinbcast",
2659                 FT_UINT32, BASE_DEC, NULL, 0x0,
2660                 NULL, HFILL}},
2661         { &hf_sflow_245_ifindisc,
2662             { "Input Discarded Packets", "sflow_245.ifindisc",
2663                 FT_UINT32, BASE_DEC, NULL, 0x0,
2664                 NULL, HFILL}},
2665         { &hf_sflow_245_ifinerr,
2666             { "Input Errors", "sflow_245.ifinerr",
2667                 FT_UINT32, BASE_DEC, NULL, 0x0,
2668                 NULL, HFILL}},
2669         { &hf_sflow_245_ifinunk,
2670             { "Input Unknown Protocol Packets", "sflow_245.ifinunk",
2671                 FT_UINT32, BASE_DEC, NULL, 0x0,
2672                 NULL, HFILL}},
2673         { &hf_sflow_245_ifoutoct,
2674             { "Output Octets", "sflow_245.ifoutoct",
2675                 FT_UINT64, BASE_DEC, NULL, 0x0,
2676                 NULL, HFILL}},
2677         { &hf_sflow_245_ifoutpkt,
2678             { "Output Packets", "sflow_245.ifoutpkt",
2679                 FT_UINT32, BASE_DEC, NULL, 0x0,
2680                 NULL, HFILL}},
2681         { &hf_sflow_245_ifoutmcast,
2682             { "Output Multicast Packets", "sflow_245.ifoutmcast",
2683                 FT_UINT32, BASE_DEC, NULL, 0x0,
2684                 NULL, HFILL}},
2685         { &hf_sflow_245_ifoutbcast,
2686             { "Output Broadcast Packets", "sflow_245.ifoutbcast",
2687                 FT_UINT32, BASE_DEC, NULL, 0x0,
2688                 NULL, HFILL}},
2689         { &hf_sflow_245_ifoutdisc,
2690             { "Output Discarded Packets", "sflow_245.ifoutdisc",
2691                 FT_UINT32, BASE_DEC, NULL, 0x0,
2692                 NULL, HFILL}},
2693         { &hf_sflow_245_ifouterr,
2694             { "Output Errors", "sflow_245.ifouterr",
2695                 FT_UINT32, BASE_DEC, NULL, 0x0,
2696                 NULL, HFILL}},
2697         { &hf_sflow_245_ifpromisc,
2698             { "Promiscuous Mode", "sflow_245.ifpromisc",
2699                 FT_UINT32, BASE_DEC, NULL, 0x0,
2700                 NULL, HFILL}},
2701         { &hf_sflow_245_dot3StatsAlignmentErrors,
2702             { "Alignment Errors", "sflow_245.dot3StatsAlignmentErrors",
2703                 FT_UINT32, BASE_DEC, NULL, 0x0,
2704                 "dot3 Stats Alignment Errors", HFILL}},
2705         { &hf_sflow_245_dot3StatsFCSErrors,
2706             { "FCS Errors", "sflow_245.dot3StatsFCSErrors",
2707                 FT_UINT32, BASE_DEC, NULL, 0x0,
2708                 "dot3 Stats FCS Errors", HFILL}},
2709         { &hf_sflow_245_dot3StatsSingleCollisionFrames,
2710             { "Single Collision Frames", "sflow_245.dot3StatsSingleCollisionFrames",
2711                 FT_UINT32, BASE_DEC, NULL, 0x0,
2712                 "dot3 Stats Single Collision Frames", HFILL}},
2713         { &hf_sflow_245_dot3StatsMultipleCollisionFrames,
2714             { "Multiple Collision Frames", "sflow_245.dot3StatsMultipleCollisionFrames",
2715                 FT_UINT32, BASE_DEC, NULL, 0x0,
2716                 "dot3 Stats Multiple Collision Frames", HFILL}},
2717         { &hf_sflow_245_dot3StatsSQETestErrors,
2718             { "SQE Test Errors", "sflow_245.dot3StatsSQETestErrors",
2719                 FT_UINT32, BASE_DEC, NULL, 0x0,
2720                 "dot3 Stats SQE Test Errors", HFILL}},
2721         { &hf_sflow_245_dot3StatsDeferredTransmissions,
2722             { "Deferred Transmissions", "sflow_245.dot3StatsDeferredTransmissions",
2723                 FT_UINT32, BASE_DEC, NULL, 0x0,
2724                 "dot3 Stats Deferred Transmissions", HFILL}},
2725         { &hf_sflow_245_dot3StatsLateCollisions,
2726             { "Late Collisions", "sflow_245.dot3StatsLateCollisions",
2727                 FT_UINT32, BASE_DEC, NULL, 0x0,
2728                 "dot3 Stats Late Collisions", HFILL}},
2729         { &hf_sflow_245_dot3StatsExcessiveCollisions,
2730             { "Excessive Collisions", "sflow_245.dot3StatsExcessiveCollisions",
2731                 FT_UINT32, BASE_DEC, NULL, 0x0,
2732                 "dot3 Stats Excessive Collisions", HFILL}},
2733         { &hf_sflow_245_dot3StatsInternalMacTransmitErrors,
2734             { "Internal Mac Transmit Errors", "sflow_245.dot3StatsInternalMacTransmitErrors",
2735                 FT_UINT32, BASE_DEC, NULL, 0x0,
2736                 "dot3 Stats Internal Mac Transmit Errors", HFILL}},
2737         { &hf_sflow_245_dot3StatsCarrierSenseErrors,
2738             { "Carrier Sense Errors", "sflow_245.dot3StatsCarrierSenseErrors",
2739                 FT_UINT32, BASE_DEC, NULL, 0x0,
2740                 "dot3 Stats Carrier Sense Errors", HFILL}},
2741         { &hf_sflow_245_dot3StatsFrameTooLongs,
2742             { "Frame Too Longs", "sflow_245.dot3StatsFrameTooLongs",
2743                 FT_UINT32, BASE_DEC, NULL, 0x0,
2744                 "dot3 Stats Frame Too Longs", HFILL}},
2745         { &hf_sflow_245_dot3StatsInternalMacReceiveErrors,
2746             { "Internal Mac Receive Errors", "sflow_245.dot3StatsInternalMacReceiveErrors",
2747                 FT_UINT32, BASE_DEC, NULL, 0x0,
2748                 "dot3 Stats Internal Mac Receive Errors", HFILL}},
2749         { &hf_sflow_245_dot3StatsSymbolErrors,
2750             { "Symbol Errors", "sflow_245.dot3StatsSymbolErrors",
2751                 FT_UINT32, BASE_DEC, NULL, 0x0,
2752                 "dot3 Stats Symbol Errors", HFILL}},
2753         { &hf_sflow_245_dot5StatsLineErrors,
2754             { "Line Errors", "sflow_245.dot5StatsLineErrors",
2755                 FT_UINT32, BASE_DEC, NULL, 0x0,
2756                 "dot5 Stats Line Errors", HFILL}},
2757         { &hf_sflow_245_dot5StatsBurstErrors,
2758             { "Burst Errors", "sflow_245.dot5StatsBurstErrors",
2759                 FT_UINT32, BASE_DEC, NULL, 0x0,
2760                 "dot5 Stats Burst Errors", HFILL}},
2761         { &hf_sflow_245_dot5StatsACErrors,
2762             { "AC Errors", "sflow_245.dot5StatsACErrors",
2763                 FT_UINT32, BASE_DEC, NULL, 0x0,
2764                 "dot5 Stats AC Errors", HFILL}},
2765         { &hf_sflow_245_dot5StatsAbortTransErrors,
2766             { "Abort Trans Errors", "sflow_245.dot5StatsAbortTransErrors",
2767                 FT_UINT32, BASE_DEC, NULL, 0x0,
2768                 "dot5 Stats Abort Trans Errors", HFILL}},
2769         { &hf_sflow_245_dot5StatsInternalErrors,
2770             { "Internal Errors", "sflow_245.dot5StatsInternalErrors",
2771                 FT_UINT32, BASE_DEC, NULL, 0x0,
2772                 "dot5 Stats Internal Errors", HFILL}},
2773         { &hf_sflow_245_dot5StatsLostFrameErrors,
2774             { "Lost Frame Errors", "sflow_245.dot5StatsLostFrameErrors",
2775                 FT_UINT32, BASE_DEC, NULL, 0x0,
2776                 "dot5 Stats Lost Frame Errors", HFILL}},
2777         { &hf_sflow_245_dot5StatsReceiveCongestions,
2778             { "Receive Congestions", "sflow_245.dot5StatsReceiveCongestions",
2779                 FT_UINT32, BASE_DEC, NULL, 0x0,
2780                 "dot5 Stats Receive Congestions", HFILL}},
2781         { &hf_sflow_245_dot5StatsFrameCopiedErrors,
2782             { "Frame Copied Errors", "sflow_245.dot5StatsFrameCopiedErrors",
2783                 FT_UINT32, BASE_DEC, NULL, 0x0,
2784                 "dot5 Stats Frame Copied Errors", HFILL}},
2785         { &hf_sflow_245_dot5StatsTokenErrors,
2786             { "Token Errors", "sflow_245.dot5StatsTokenErrors",
2787                 FT_UINT32, BASE_DEC, NULL, 0x0,
2788                 "dot5 Stats Token Errors", HFILL}},
2789         { &hf_sflow_245_dot5StatsSoftErrors,
2790             { "Soft Errors", "sflow_245.dot5StatsSoftErrors",
2791                 FT_UINT32, BASE_DEC, NULL, 0x0,
2792                 "dot5 Stats Soft Errors", HFILL}},
2793         { &hf_sflow_245_dot5StatsHardErrors,
2794             { "Hard Errors", "sflow_245.dot5StatsHardErrors",
2795                 FT_UINT32, BASE_DEC, NULL, 0x0,
2796                 "dot5 Stats Hard Errors", HFILL}},
2797         { &hf_sflow_245_dot5StatsSignalLoss,
2798             { "Signal Loss", "sflow_245.dot5StatsSignalLoss",
2799                 FT_UINT32, BASE_DEC, NULL, 0x0,
2800                 "dot5 Stats Signal Loss", HFILL}},
2801         { &hf_sflow_245_dot5StatsTransmitBeacons,
2802             { "Transmit Beacons", "sflow_245.dot5StatsTransmitBeacons",
2803                 FT_UINT32, BASE_DEC, NULL, 0x0,
2804                 "dot5 Stats Transmit Beacons", HFILL}},
2805         { &hf_sflow_245_dot5StatsRecoveries,
2806             { "Recoveries", "sflow_245.dot5StatsRecoveries",
2807                 FT_UINT32, BASE_DEC, NULL, 0x0,
2808                 "dot5 Stats Recoveries", HFILL}},
2809         { &hf_sflow_245_dot5StatsLobeWires,
2810             { "Lobe Wires", "sflow_245.dot5StatsLobeWires",
2811                 FT_UINT32, BASE_DEC, NULL, 0x0,
2812                 "dot5 Stats Lobe Wires", HFILL}},
2813         { &hf_sflow_245_dot5StatsRemoves,
2814             { "Removes", "sflow_245.dot5StatsRemoves",
2815                 FT_UINT32, BASE_DEC, NULL, 0x0,
2816                 "dot5 Stats Removes", HFILL}},
2817         { &hf_sflow_245_dot5StatsSingles,
2818             { "Singles", "sflow_245.dot5StatsSingles",
2819                 FT_UINT32, BASE_DEC, NULL, 0x0,
2820                 "dot5 Stats Singles", HFILL}},
2821         { &hf_sflow_245_dot5StatsFreqErrors,
2822             { "Freq Errors", "sflow_245.dot5StatsFreqErrors",
2823                 FT_UINT32, BASE_DEC, NULL, 0x0,
2824                 "dot5 Stats Freq Errors", HFILL}},
2825         { &hf_sflow_245_dot12InHighPriorityFrames,
2826             { "In High Priority Frames", "sflow_245.dot12InHighPriorityFrames",
2827                 FT_UINT32, BASE_DEC, NULL, 0x0,
2828                 "dot12 Input High Priority Frames", HFILL}},
2829         { &hf_sflow_245_dot12InHighPriorityOctets,
2830             { "In High Priority Octets", "sflow_245.dot12InHighPriorityOctets",
2831                 FT_UINT64, BASE_DEC, NULL, 0x0,
2832                 "dot12 Input High Priority Octets", HFILL}},
2833         { &hf_sflow_245_dot12InNormPriorityFrames,
2834             { "In Normal Priority Frames", "sflow_245.dot12InNormPriorityFrames",
2835                 FT_UINT32, BASE_DEC, NULL, 0x0,
2836                 "dot12 Input Normal Priority Frames", HFILL}},
2837         { &hf_sflow_245_dot12InNormPriorityOctets,
2838             { "In Normal Priority Octets", "sflow_245.dot12InNormPriorityOctets",
2839                 FT_UINT64, BASE_DEC, NULL, 0x0,
2840                 "dot12 Input Normal Priority Octets", HFILL}},
2841         { &hf_sflow_245_dot12InIPMErrors,
2842             { "In IPM Errors", "sflow_245.dot12InIPMErrors",
2843                 FT_UINT32, BASE_DEC, NULL, 0x0,
2844                 "dot12 Input IPM Errors", HFILL}},
2845         { &hf_sflow_245_dot12InOversizeFrameErrors,
2846             { "In Oversize Frame Errors", "sflow_245.dot12InOversizeFrameErrors",
2847                 FT_UINT32, BASE_DEC, NULL, 0x0,
2848                 "dot12 Input Oversize Frame Errors", HFILL}},
2849         { &hf_sflow_245_dot12InDataErrors,
2850             { "In Data Errors", "sflow_245.dot12InDataErrors",
2851                 FT_UINT32, BASE_DEC, NULL, 0x0,
2852                 "dot12 Input Data Errors", HFILL}},
2853         { &hf_sflow_245_dot12InNullAddressedFrames,
2854             { "In Null Addressed Frames", "sflow_245.dot12InNullAddressedFrames",
2855                 FT_UINT32, BASE_DEC, NULL, 0x0,
2856                 "dot12 Input Null Addressed Frames", HFILL}},
2857         { &hf_sflow_245_dot12OutHighPriorityFrames,
2858             { "Out High Priority Frames", "sflow_245.dot12OutHighPriorityFrames",
2859                 FT_UINT32, BASE_DEC, NULL, 0x0,
2860                 "dot12 Output High Priority Frames", HFILL}},
2861         { &hf_sflow_245_dot12OutHighPriorityOctets,
2862             { "Out High Priority Octets", "sflow_245.dot12OutHighPriorityOctets",
2863                 FT_UINT64, BASE_DEC, NULL, 0x0,
2864                 "dot12 Out High Priority Octets", HFILL}},
2865         { &hf_sflow_245_dot12TransitionIntoTrainings,
2866             { "Transition Into Trainings", "sflow_245.dot12TransitionIntoTrainings",
2867                 FT_UINT32, BASE_DEC, NULL, 0x0,
2868                 "dot12 Transition Into Trainings", HFILL}},
2869         { &hf_sflow_245_dot12HCInHighPriorityOctets,
2870             { "HC In High Priority Octets", "sflow_245.dot12HCInHighPriorityOctets",
2871                 FT_UINT64, BASE_DEC, NULL, 0x0,
2872                 "dot12 HC Input High Priority Octets", HFILL}},
2873         { &hf_sflow_245_dot12HCInNormPriorityOctets,
2874             { "HC In Normal Priority Octets", "sflow_245.dot12HCInNormPriorityOctets",
2875                 FT_UINT64, BASE_DEC, NULL, 0x0,
2876                 "dot12 HC Input Normal Priority Octets", HFILL}},
2877         { &hf_sflow_245_dot12HCOutHighPriorityOctets,
2878             { "HC Out High Priority Octets", "sflow_245.dot12HCOutHighPriorityOctets",
2879                 FT_UINT64, BASE_DEC, NULL, 0x0,
2880                 "dot12 HC Output High Priority Octets", HFILL}},
2881         { &hf_sflow_245_vlan_id,
2882             { "VLAN ID", "sflow_245.vlan_id",
2883                 FT_UINT32, BASE_DEC, NULL, 0x0,
2884                 NULL, HFILL}},
2885         { &hf_sflow_245_octets,
2886             { "Octets", "sflow_245.octets",
2887                 FT_UINT64, BASE_DEC, NULL, 0x0,
2888                 NULL, HFILL}},
2889         { &hf_sflow_245_ucastPkts,
2890             { "Unicast Packets", "sflow_245.ucastPkts",
2891                 FT_UINT32, BASE_DEC, NULL, 0x0,
2892                 NULL, HFILL}},
2893         { &hf_sflow_245_multicastPkts,
2894             { "Multicast Packets", "sflow_245.multicastPkts",
2895                 FT_UINT32, BASE_DEC, NULL, 0x0,
2896                 NULL, HFILL}},
2897         { &hf_sflow_245_broadcastPkts,
2898             { "Broadcast Packets", "sflow_245.broadcastPkts",
2899                 FT_UINT32, BASE_DEC, NULL, 0x0,
2900                 NULL, HFILL}},
2901         { &hf_sflow_245_discards,
2902             { "Discards", "sflow_245.discards",
2903                 FT_UINT32, BASE_DEC, NULL, 0x0,
2904                 NULL, HFILL}},
2905         { &hf_sflow_5_dot11TransmittedFragmentCount,
2906             { "Transmitted Fragment Count", "sflow_5.dot11TransmittedFragmentCount",
2907                 FT_UINT32, BASE_DEC, NULL, 0x0,
2908                 NULL, HFILL}},
2909         { &hf_sflow_5_dot11MulticastTransmittedFrameCount,
2910             { "Multicast Transmitted Frame Count", "sflow_5.dot11MulticastTransmittedFrameCount",
2911                 FT_UINT32, BASE_DEC, NULL, 0x0,
2912                 NULL, HFILL}},
2913         { &hf_sflow_5_dot11FailedCount,
2914             { "Failed Count", "sflow_5.dot11FailedCount",
2915                 FT_UINT32, BASE_DEC, NULL, 0x0,
2916                 NULL, HFILL}},
2917         { &hf_sflow_5_dot11RetryCount,
2918             { "Retry Count", "sflow_5.dot11RetryCount",
2919                 FT_UINT32, BASE_DEC, NULL, 0x0,
2920                 NULL, HFILL}},
2921         { &hf_sflow_5_dot11MultipleRetryCount,
2922             { "Multiple Retry Count", "sflow_5.dot11MultipleRetryCount",
2923                 FT_UINT32, BASE_DEC, NULL, 0x0,
2924                 NULL, HFILL}},
2925         { &hf_sflow_5_dot11FrameDuplicateCount,
2926             { "Frame Duplicate Count", "sflow_5.dot11FrameDuplicateCount",
2927                 FT_UINT32, BASE_DEC, NULL, 0x0,
2928                 NULL, HFILL}},
2929         { &hf_sflow_5_dot11RTSSuccessCount,
2930             { "RTS Success Count", "sflow_5.dot11RTSSuccessCount",
2931                 FT_UINT32, BASE_DEC, NULL, 0x0,
2932                 NULL, HFILL}},
2933         { &hf_sflow_5_dot11RTSFailureCount,
2934             { "Failure Count", "sflow_5.dot11RTSFailureCount",
2935                 FT_UINT32, BASE_DEC, NULL, 0x0,
2936                 NULL, HFILL}},
2937         { &hf_sflow_5_dot11ACKFailureCount,
2938             { "ACK Failure Count", "sflow_5.dot11ACKFailureCount",
2939                 FT_UINT32, BASE_DEC, NULL, 0x0,
2940                 NULL, HFILL}},
2941         { &hf_sflow_5_dot11ReceivedFragmentCount,
2942             { "Received Fragment Count", "sflow_5.dot11ReceivedFragmentCount",
2943                 FT_UINT32, BASE_DEC, NULL, 0x0,
2944                 NULL, HFILL}},
2945         { &hf_sflow_5_dot11MulticastReceivedFrameCount,
2946             { "Multicast Received Frame Count", "sflow_5.dot11MulticastReceivedFrameCount",
2947                 FT_UINT32, BASE_DEC, NULL, 0x0,
2948                 NULL, HFILL}},
2949         { &hf_sflow_5_dot11FCSErrorCount,
2950             { "FCS Error Count", "sflow_5.dot11FCSErrorCount",
2951                 FT_UINT32, BASE_DEC, NULL, 0x0,
2952                 NULL, HFILL}},
2953         { &hf_sflow_5_dot11TransmittedFrameCount,
2954             { "Transmitted Frame Count", "sflow_5.dot11TransmittedFrameCount",
2955                 FT_UINT32, BASE_DEC, NULL, 0x0,
2956                 NULL, HFILL}},
2957         { &hf_sflow_5_dot11WEPUndecryptableCount,
2958             { "WEP Undecryptable Count", "sflow_5.dot11WEPUndecryptableCount",
2959                 FT_UINT32, BASE_DEC, NULL, 0x0,
2960                 NULL, HFILL}},
2961         { &hf_sflow_5_dot11QoSDiscardedFragmentCount,
2962             { "QoS Discarded Fragment Count", "sflow_5.dot11QoSDiscardedFragmentCount",
2963                 FT_UINT32, BASE_DEC, NULL, 0x0,
2964                 NULL, HFILL}},
2965         { &hf_sflow_5_dot11AssociatedStationCount,
2966             { "Associated Station Count", "sflow_5.dot11AssociatedStationCount",
2967                 FT_UINT32, BASE_DEC, NULL, 0x0,
2968                 NULL, HFILL}},
2969         { &hf_sflow_5_dot11QoSCFPollsReceivedCount,
2970             { "QoS CF Polls Received Count", "sflow_5.dot11QoSCFPollsReceivedCount",
2971                 FT_UINT32, BASE_DEC, NULL, 0x0,
2972                 NULL, HFILL}},
2973         { &hf_sflow_5_dot11QoSCFPollsUnusedCount,
2974             { "QoS CF Polls Unused Count", "sflow_5.dot11QoSCFPollsUnusedCount",
2975                 FT_UINT32, BASE_DEC, NULL, 0x0,
2976                 NULL, HFILL}},
2977         { &hf_sflow_5_dot11QoSCFPollsUnusableCount,
2978             { "QoS CF Polls Unusable Count", "sflow_5.dot11QoSCFPollsUnusableCount",
2979                 FT_UINT32, BASE_DEC, NULL, 0x0,
2980                 NULL, HFILL}},
2981         { &hf_sflow_5_dot11QoSCFPollsLostCount,
2982             { "QoS CF Polls Lost Count", "sflow_5.dot11QoSCFPollsLostCount",
2983                 FT_UINT32, BASE_DEC, NULL, 0x0,
2984                 NULL, HFILL}},
2985         { &hf_sflow_5_cpu_5s,
2986             { "5s CPU Load (100 = 1%)", "sflow_5.cpu_5s",
2987                 FT_UINT32, BASE_DEC, NULL, 0x0,
2988                 "Average CPU Load Over 5 Seconds (100 = 1%)", HFILL}},
2989         { &hf_sflow_5_cpu_1m,
2990             { "1m CPU Load (100 = 1%)", "sflow_5.cpu_1m",
2991                 FT_UINT32, BASE_DEC, NULL, 0x0,
2992                 "Average CPU Load Over 1 Minute (100 = 1%)", HFILL}},
2993         { &hf_sflow_5_cpu_5m,
2994             { "5m CPU Load (100 = 1%)", "sflow_5.cpu_5m",
2995                 FT_UINT32, BASE_DEC, NULL, 0x0,
2996                 "Average CPU Load Over 5 Minutes (100 = 1%)", HFILL}},
2997         { &hf_sflow_5_total_memory,
2998             { "Total Memory", "sflow_5.total_memory",
2999                 FT_UINT64, BASE_DEC, NULL, 0x0,
3000                 NULL, HFILL}},
3001         { &hf_sflow_5_free_memory,
3002             { "Free Memory", "sflow_5.free_memory",
3003                 FT_UINT64, BASE_DEC, NULL, 0x0,
3004                 NULL, HFILL}},
3005         { &hf_sflow_5_elapsed_time,
3006             { "Elapsed Time (ms)", "sflow_5.elapsed_time",
3007                 FT_UINT32, BASE_DEC, NULL, 0x0,
3008                 "Elapsed Time in ms", HFILL}},
3009         { &hf_sflow_5_on_channel_time,
3010             { "On Channel (ms)", "sflow_5.on_channel_time",
3011                 FT_UINT32, BASE_DEC, NULL, 0x0,
3012                 "Time in ms Spent on Channel", HFILL}},
3013         { &hf_sflow_5_on_channel_busy_time,
3014             { "On Channel Busy (ms)", "sflow_5.channel_busy_time",
3015                 FT_UINT32, BASE_DEC, NULL, 0x0,
3016                 "Time in ms Spent on Channel and Busy", HFILL}},
3017
3018       /* Generated from convert_proto_tree_add_text.pl */
3019       { &hf_sflow_245_header_frame_length,
3020         { "Frame Length", "sflow_245.header.frame_length",
3021           FT_UINT32, BASE_DEC, NULL, 0x0,
3022           NULL, HFILL }
3023       },
3024       { &hf_sflow_245_header_payload_removed,
3025         { "Payload removed", "sflow_245.header.payload_removed",
3026           FT_UINT32, BASE_DEC, NULL, 0x0,
3027           NULL, HFILL }
3028       },
3029       { &hf_sflow_245_extended_mpls_in_label_stack_entries,
3030         { "In Label Stack Entries", "sflow_245.extended_mpls.in_label_stack_entries",
3031           FT_UINT32, BASE_DEC, NULL, 0x0,
3032           NULL, HFILL }
3033       },
3034       { &hf_sflow_245_extended_mpls_in_label,
3035         { "Label", "sflow_245.extended_mpls.in_label",
3036           FT_UINT32, BASE_DEC, NULL, 0x0,
3037           NULL, HFILL }
3038       },
3039       { &hf_sflow_245_extended_mpls_out_label_stack_entries,
3040         { "Out Label Stack Entries", "sflow_245.extended_mpls.out_label_stack_entries",
3041           FT_UINT32, BASE_DEC, NULL, 0x0,
3042           NULL, HFILL }
3043       },
3044       { &hf_sflow_245_extended_mpls_out_label,
3045         { "Label", "sflow_245.extended_mpls.out_label",
3046           FT_UINT32, BASE_DEC, NULL, 0x0,
3047           NULL, HFILL }
3048       },
3049       { &hf_sflow_245_ethernet_length_of_mac_packet,
3050         { "Length of MAC Packet", "sflow_245.ethernet.length",
3051           FT_UINT32, BASE_DEC, NULL, 0x0,
3052           NULL, HFILL }
3053       },
3054       { &hf_sflow_245_ethernet_source_mac_address,
3055         { "Source MAC Address", "sflow_245.ethernet.source_mac_address",
3056           FT_ETHER, BASE_NONE, NULL, 0x0,
3057           NULL, HFILL }
3058       },
3059       { &hf_sflow_245_ethernet_destination_mac_address,
3060         { "Destination MAC Address", "sflow_245.ethernet.destination_mac_address",
3061           FT_ETHER, BASE_NONE, NULL, 0x0,
3062           NULL, HFILL }
3063       },
3064       { &hf_sflow_245_ethernet_packet_type,
3065         { "Ethernet Packet Type", "sflow_245.ethernet.packet_type",
3066           FT_UINT32, BASE_DEC, NULL, 0x0,
3067           NULL, HFILL }
3068       },
3069       { &hf_sflow_245_length_of_ip_packet,
3070         { "Length of IP Packet", "sflow_245.ip.length",
3071           FT_UINT32, BASE_DEC, NULL, 0x0,
3072           NULL, HFILL }
3073       },
3074       { &hf_sflow_245_ip_source_port,
3075         { "Source Port", "sflow_245.ip.source_port",
3076           FT_UINT32, BASE_DEC, NULL, 0x0,
3077           NULL, HFILL }
3078       },
3079       { &hf_sflow_245_ip_destination_port,
3080         { "Destination Port", "sflow.ip.destination_port",
3081           FT_UINT32, BASE_DEC, NULL, 0x0,
3082           NULL, HFILL }
3083       },
3084       { &hf_sflow_245_ip_tcp_flag_cwr,
3085         { "TCP Flag (CWR)", "sflow_245.ip.tcp_flag.cwr",
3086           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x80,
3087           NULL, HFILL }
3088       },
3089       { &hf_sflow_245_ip_tcp_flag_ece,
3090         { "TCP Flag (ECE)", "sflow_245.ip.tcp_flag.ece",
3091           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x40,
3092           NULL, HFILL }
3093       },
3094       { &hf_sflow_245_ip_tcp_flag_urg,
3095         { "TCP Flag (URG)", "sflow_245.ip.tcp_flag.urg",
3096           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x20,
3097           NULL, HFILL }
3098       },
3099       { &hf_sflow_245_ip_tcp_flag_ack,
3100         { "TCP Flag (ACK)", "sflow_245.ip.tcp_flag.ack",
3101           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x10,
3102           NULL, HFILL }
3103       },
3104       { &hf_sflow_245_ip_tcp_flag_psh,
3105         { "TCP Flag (PSH)", "sflow_245.ip.tcp_flag.psh",
3106           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x08,
3107           NULL, HFILL }
3108       },
3109       { &hf_sflow_245_ip_tcp_flag_rst,
3110         { "TCP Flag (RST)", "sflow_245.ip.tcp_flag.rst",
3111           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x04,
3112           NULL, HFILL }
3113       },
3114       { &hf_sflow_245_ip_tcp_flag_syn,
3115         { "TCP Flag (SYN)", "sflow_245.ip.tcp_flag.syn",
3116           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x02,
3117           NULL, HFILL }
3118       },
3119       { &hf_sflow_245_ip_tcp_flag_fin,
3120         { "TCP Flag (FIN)", "sflow_245.ip.tcp_flag.fin",
3121           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x01,
3122           NULL, HFILL }
3123       },
3124       { &hf_sflow_245_ipv4_delay,
3125         { "Delay", "sflow_245.ipv4_delay",
3126           FT_BOOLEAN, 8, TFS(&tfs_low_normal), 0x10,
3127           NULL, HFILL }
3128       },
3129       { &hf_sflow_245_ipv4_throughput,
3130         { "Throughput", "sflow_245.ipv4_throughput",
3131           FT_BOOLEAN, 8, TFS(&tfs_high_normal), 0x08,
3132           NULL, HFILL }
3133       },
3134       { &hf_sflow_245_ipv4_reliability,
3135         { "Reliability", "sflow_245.ipv4_reliability",
3136           FT_BOOLEAN, 8, TFS(&tfs_high_normal), 0x04,
3137           NULL, HFILL }
3138       },
3139       { &hf_sflow_245_ipv4_cost,
3140         { "Cost (RFC1349)", "sflow_245.ipv4_cost",
3141           FT_BOOLEAN, 8, TFS(&tfs_minimize_monetary_normal), 0x02,
3142           NULL, HFILL }
3143       },
3144       { &hf_sflow_245_ipv6_priority,
3145         { "Priority", "sflow_245.ipv6_priority",
3146           FT_UINT32, BASE_DEC, NULL, 0x0,
3147           NULL, HFILL }
3148       },
3149       { &hf_sflow_5_extended_user_source_character_set,
3150         { "Source Character Set", "sflow_5.extended_user.source_character_set",
3151           FT_UINT32, BASE_DEC, NULL, 0x0,
3152           NULL, HFILL }
3153       },
3154       { &hf_sflow_5_extended_user_source_user_string_length,
3155         { "Source User String Length (bytes)", "sflow_5.extended_user.source_user_string_length",
3156           FT_UINT32, BASE_DEC, NULL, 0x0,
3157           NULL, HFILL }
3158       },
3159       { &hf_sflow_5_extended_user_destination_character_set,
3160         { "Destination Character Set", "sflow_5.extended_user.destination_character_set",
3161           FT_UINT32, BASE_DEC, NULL, 0x0,
3162           NULL, HFILL }
3163       },
3164       { &hf_sflow_5_extended_user_destination_user_string_length,
3165         { "Destination User String Length (bytes)", "sflow_5.extended_user.destination_user_string_length",
3166           FT_UINT32, BASE_DEC, NULL, 0x0,
3167           NULL, HFILL }
3168       },
3169       { &hf_sflow_5_extended_url_url_length,
3170         { "URL Length (bytes)", "sflow_5.extended_url.url_length",
3171           FT_UINT32, BASE_DEC, NULL, 0x0,
3172           NULL, HFILL }
3173       },
3174       { &hf_sflow_5_extended_url_host_length,
3175         { "Host Length (bytes)", "sflow_5.extended_url.host_length",
3176           FT_UINT32, BASE_DEC, NULL, 0x0,
3177           NULL, HFILL }
3178       },
3179       { &hf_sflow_5_extended_mpls_tunnel_name_length,
3180         { "Tunnel Name Length (bytes)", "sflow_5.extended_mpls_tunnel.name_length",
3181           FT_UINT32, BASE_DEC, NULL, 0x0,
3182           NULL, HFILL }
3183       },
3184       { &hf_sflow_5_extended_mpls_tunnel_id,
3185         { "Tunnel ID", "sflow_5.extended_mpls_tunnel.id",
3186           FT_UINT32, BASE_DEC, NULL, 0x0,
3187           NULL, HFILL }
3188       },
3189       { &hf_sflow_5_extended_mpls_tunnel_cos_value,
3190         { "Tunnel COS Value", "sflow_5.extended_mpls_tunnel.cos_value",
3191           FT_UINT32, BASE_DEC, NULL, 0x0,
3192           NULL, HFILL }
3193       },
3194       { &hf_sflow_5_extended_mpls_vc_instance_name_length,
3195         { "VC Instance Name Length (bytes)", "sflow_5.extended_mpls_vc.instance_name_length",
3196           FT_UINT32, BASE_DEC, NULL, 0x0,
3197           NULL, HFILL }
3198       },
3199       { &hf_sflow_5_extended_mpls_vc_id,
3200         { "VLL/VC ID", "sflow_5.extended_mpls_vc.id",
3201           FT_UINT32, BASE_DEC, NULL, 0x0,
3202           NULL, HFILL }
3203       },
3204       { &hf_sflow_5_extended_mpls_vc_label_cos_value,
3205         { "VC Label COS Value", "sflow_5.extended_mpls_vc.label_cos_value",
3206           FT_UINT32, BASE_DEC, NULL, 0x0,
3207           NULL, HFILL }
3208       },
3209       { &hf_sflow_5_extended_mpls_ftn_description_length,
3210         { "MPLS FTN Description Length (bytes)", "sflow_5.extended_mpls.ftn_description_length",
3211           FT_UINT32, BASE_DEC, NULL, 0x0,
3212           NULL, HFILL }
3213       },
3214       { &hf_sflow_5_extended_mpls_ftn_mask,
3215         { "MPLS FTN Mask", "sflow_5.extended_mpls.ftn_mask",
3216           FT_UINT32, BASE_DEC, NULL, 0x0,
3217           NULL, HFILL }
3218       },
3219       { &hf_sflow_5_extended_mpls_fec_address_prefix_length,
3220         { "MPLS FEC Address Prefix Length (bytes)", "sflow_5.extended_mpls.fec_address_prefix_length",
3221           FT_UINT32, BASE_DEC, NULL, 0x0,
3222           NULL, HFILL }
3223       },
3224       { &hf_sflow_5_extended_vlan_tunnel_number_of_layers,
3225         { "Number of Layers", "sflow_5.extended_vlan_tunnel.number_of_layers",
3226           FT_UINT32, BASE_DEC, NULL, 0x0,
3227           NULL, HFILL }
3228       },
3229       { &hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair,
3230         { "TPID/TCI Pair as Integer", "sflow_5.extended_vlan_tunnel.tpid_tci_pair",
3231           FT_UINT32, BASE_DEC, NULL, 0x0,
3232           NULL, HFILL }
3233       },
3234       { &hf_sflow_5_extended_80211_oui,
3235         { "OUI", "sflow_5.extended_80211.oui",
3236           FT_UINT24, BASE_HEX, NULL, 0x0,
3237           NULL, HFILL }
3238       },
3239       { &hf_sflow_5_extended_80211_suite_type,
3240         { "Suite Type", "sflow_5.extended_80211.suite_type",
3241           FT_UINT8, BASE_DEC, VALS(extended_80211_suite_type_vals), 0x0,
3242           NULL, HFILL }
3243       },
3244       { &hf_sflow_5_extended_80211_payload_length,
3245         { "Payload Length", "sflow_5.extended_80211.payload_length",
3246           FT_UINT32, BASE_DEC, NULL, 0x0,
3247           NULL, HFILL }
3248       },
3249       { &hf_sflow_5_extended_80211_rx_bssid,
3250         { "BSSID", "sflow_5.extended_80211.rx.bssid",
3251           FT_ETHER, BASE_NONE, NULL, 0x0,
3252           NULL, HFILL }
3253       },
3254       { &hf_sflow_5_extended_80211_rx_version,
3255         { "Version", "sflow_5.extended_80211.rx.version",
3256           FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
3257           NULL, HFILL }
3258       },
3259       { &hf_sflow_5_extended_80211_rx_channel,
3260         { "Channel", "sflow_5.extended_80211.rx.channel",
3261           FT_UINT32, BASE_DEC, NULL, 0x0,
3262           NULL, HFILL }
3263       },
3264       { &hf_sflow_5_extended_80211_rx_speed,
3265         { "Speed", "sflow_5.extended_80211.rx.speed",
3266           FT_UINT64, BASE_DEC, NULL, 0x0,
3267           NULL, HFILL }
3268       },
3269       { &hf_sflow_5_extended_80211_rx_rsni,
3270         { "RSNI", "sflow_5.extended_80211.rx.rsni",
3271           FT_UINT32, BASE_DEC, NULL, 0x0,
3272           NULL, HFILL }
3273       },
3274       { &hf_sflow_5_extended_80211_rx_rcpi,
3275         { "RCPI", "sflow_5.extended_80211.rx.rcpi",
3276           FT_UINT32, BASE_DEC, NULL, 0x0,
3277           NULL, HFILL }
3278       },
3279       { &hf_sflow_5_extended_80211_rx_packet_duration,
3280         { "Packet Duration (ms)", "sflow_5.rx.extended_80211.packet_duration",
3281           FT_UINT32, BASE_DEC, NULL, 0x0,
3282           NULL, HFILL }
3283       },
3284       { &hf_sflow_5_extended_80211_tx_bssid,
3285         { "BSSID", "sflow_5.extended_80211.tx.bssid",
3286           FT_ETHER, BASE_NONE, NULL, 0x0,
3287           NULL, HFILL }
3288       },
3289       { &hf_sflow_5_extended_80211_tx_version,
3290         { "Version", "sflow_5.extended_80211.tx.version",
3291           FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
3292           NULL, HFILL }
3293       },
3294       { &hf_sflow_5_extended_80211_tx_retransmissions,
3295         { "Retransmissions", "sflow_5.extended_80211.tx.retransmissions",
3296           FT_UINT32, BASE_DEC, NULL, 0x0,
3297           NULL, HFILL }
3298       },
3299       { &hf_sflow_5_extended_80211_tx_packet_duration,
3300         { "Packet Duration (ms)", "sflow_5.extended_80211.tx.packet_duration",
3301           FT_UINT32, BASE_DEC, NULL, 0x0,
3302           NULL, HFILL }
3303       },
3304       { &hf_sflow_5_extended_80211_tx_retransmission_duration,
3305         { "Retransmission Duration (ms)", "sflow_5.extended_80211.tx.retransmission_duration",
3306           FT_UINT32, BASE_DEC, NULL, 0x0,
3307           NULL, HFILL }
3308       },
3309       { &hf_sflow_5_extended_80211_tx_channel,
3310         { "Channel", "sflow_5.extended_80211.tx.channel",
3311           FT_UINT32, BASE_DEC, NULL, 0x0,
3312           NULL, HFILL }
3313       },
3314       { &hf_sflow_5_extended_80211_tx_speed,
3315         { "Speed", "sflow_5.extended_80211.tx.speed",
3316           FT_UINT64, BASE_DEC, NULL, 0x0,
3317           NULL, HFILL }
3318       },
3319       { &hf_sflow_5_extended_80211_tx_power,
3320         { "Power", "sflow_5.extended_80211.tx.power",
3321           FT_UINT32, BASE_DEC, NULL, 0x0,
3322           NULL, HFILL }
3323       },
3324       { &hf_sflow_flow_sample_sequence_number,
3325         { "Sequence number", "sflow.flow_sample.sequence_number",
3326           FT_UINT32, BASE_DEC, NULL, 0x0,
3327           NULL, HFILL }
3328       },
3329       { &hf_sflow_flow_sample_source_id_class,
3330         { "Source ID class", "sflow.flow_sample.source_id_class",
3331           FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3332           NULL, HFILL }
3333       },
3334       { &hf_sflow_flow_sample_sampling_rate,
3335         { "Sampling rate", "sflow.flow_sample.sampling_rate",
3336           FT_UINT32, BASE_DEC, NULL, 0x0,
3337           NULL, HFILL }
3338       },
3339       { &hf_sflow_flow_sample_sample_pool,
3340         { "Sample pool", "sflow.flow_sample.sample_pool",
3341           FT_UINT32, BASE_DEC, NULL, 0x0,
3342           NULL, HFILL }
3343       },
3344       { &hf_sflow_flow_sample_dropped_packets,
3345         { "Dropped packets", "sflow.flow_sample.dropped_packets",
3346           FT_UINT32, BASE_DEC, NULL, 0x0,
3347           NULL, HFILL }
3348       },
3349       { &hf_sflow_flow_sample_input_interface,
3350         { "Input interface (ifIndex)", "sflow.flow_sample.input_interface",
3351           FT_UINT32, BASE_DEC, NULL, 0x0,
3352           NULL, HFILL }
3353       },
3354       { &hf_sflow_flow_sample_multiple_outputs,
3355         { "Multiple outputs", "sflow.flow_sample.multiple_outputs",
3356           FT_UINT32, BASE_DEC, NULL, 0x0,
3357           NULL, HFILL }
3358       },
3359       { &hf_sflow_flow_sample_output_interface,
3360         { "Output interface (ifIndex)", "sflow.flow_sample.output_interface",
3361           FT_UINT32, BASE_DEC, NULL, 0x7fffffff,
3362           NULL, HFILL }
3363       },
3364       { &hf_sflow_enterprise,
3365         { "Enterprise", "sflow.enterprise",
3366           FT_UINT32, BASE_DEC, NULL, 0xFFFFF000,
3367           NULL, HFILL }
3368       },
3369       { &hf_sflow_flow_sample_flow_record,
3370         { "Flow record", "sflow.flow_sample.flow_record",
3371           FT_UINT32, BASE_DEC, NULL, 0x0,
3372           NULL, HFILL }
3373       },
3374       { &hf_sflow_flow_sample_source_id_type,
3375         { "Source ID type", "sflow.flow_sample.source_id_type",
3376           FT_UINT32, BASE_DEC, NULL, 0x0,
3377           NULL, HFILL }
3378       },
3379       { &hf_sflow_flow_sample_source_id_index,
3380         { "Source ID index", "sflow.flow_sample.source_id_index",
3381           FT_UINT32, BASE_DEC, NULL, 0x0,
3382           NULL, HFILL }
3383       },
3384       { &hf_sflow_flow_sample_input_interface_format,
3385         { "Input interface format", "sflow.flow_sample.input_interface_format",
3386           FT_UINT32, BASE_DEC, NULL, 0x0,
3387           NULL, HFILL }
3388       },
3389       { &hf_sflow_flow_sample_input_interface_value,
3390         { "Input interface value", "sflow.flow_sample.input_interface_value",
3391           FT_UINT32, BASE_DEC, NULL, 0x0,
3392           NULL, HFILL }
3393       },
3394       { &hf_sflow_flow_sample_output_interface_format,
3395         { "Output interface format", "sflow.flow_sample.output_interface_format",
3396           FT_UINT32, BASE_DEC, NULL, 0x0,
3397           NULL, HFILL }
3398       },
3399       { &hf_sflow_flow_sample_output_interface_value,
3400         { "Output interface value", "sflow.flow_sample.output_interface_value",
3401           FT_UINT32, BASE_DEC, NULL, 0x0,
3402           NULL, HFILL }
3403       },
3404       { &hf_sflow_counters_sample_sequence_number,
3405         { "Sequence number", "sflow.counters_sample.sequence_number",
3406           FT_UINT32, BASE_DEC, NULL, 0x0,
3407           NULL, HFILL }
3408       },
3409       { &hf_sflow_counters_sample_source_id_class,
3410         { "Source ID class", "sflow.counters_sample.source_id_class",
3411           FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3412           NULL, HFILL }
3413       },
3414       { &hf_sflow_counters_sample_sampling_interval,
3415         { "Sampling Interval", "sflow.counters_sample.sampling_interval",
3416           FT_UINT32, BASE_DEC, NULL, 0x0,
3417           NULL, HFILL }
3418       },
3419       { &hf_sflow_counters_sample_counters_type,
3420         { "Counters type", "sflow.counters_sample.counters_type",
3421           FT_UINT32, BASE_DEC, VALS(sflow_245_counterstype), 0x0,
3422           NULL, HFILL }
3423       },
3424       { &hf_sflow_counters_sample_source_id_type,
3425         { "Source ID type", "sflow.counters_sample.source_id_type",
3426           FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3427           NULL, HFILL }
3428       },
3429       { &hf_sflow_counters_sample_source_id_index,
3430         { "Source ID index", "sflow.counters_sample.source_id_index",
3431           FT_UINT32, BASE_DEC, NULL, 0x00FFFFFF,
3432           NULL, HFILL }
3433       },
3434       { &hf_sflow_counters_sample_counters_records,
3435         { "Counters records", "sflow.counters_sample.counters_records",
3436           FT_UINT32, BASE_DEC, NULL, 0x0,
3437           NULL, HFILL }
3438       },
3439       { &hf_sflow_counters_sample_expanded_source_id_type,
3440         { "Source ID type", "sflow.counters_sample.source_id_type",
3441           FT_UINT32, BASE_DEC, NULL, 0x0,
3442           NULL, HFILL }
3443       },
3444       { &hf_sflow_counters_sample_expanded_source_id_index,
3445         { "Source ID index", "sflow.counters_sample.source_id_index",
3446           FT_UINT32, BASE_DEC, NULL, 0x0,
3447           NULL, HFILL }
3448       },
3449       { &hf_sflow_245_as_type,
3450         { "AS Type", "sflow.as_type",
3451           FT_UINT32, BASE_DEC, VALS(sflow_245_as_types), 0x0,
3452           NULL, HFILL }
3453       },
3454       { &hf_sflow_245_ip_protocol,
3455         { "IP Protocol", "sflow.ip_protocol",
3456           FT_UINT32, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
3457           NULL, HFILL }
3458       },
3459       { &hf_sflow_5_extended_user_source_user,
3460         { "Source User", "sflow_5.extended_user.source_user",
3461           FT_STRING, BASE_NONE, NULL, 0x0,
3462           NULL, HFILL }
3463       },
3464       { &hf_sflow_5_extended_user_destination_user,
3465         { "Destination User", "sflow_5.extended_user.destination_user",
3466           FT_STRING, BASE_NONE, NULL, 0x0,
3467           NULL, HFILL }
3468       },
3469       { &hf_sflow_5_extended_url_direction,
3470         { "Direction", "sflow_5.extended_url.direction",
3471           FT_UINT32, BASE_DEC, NULL, 0x0,
3472           NULL, HFILL }
3473       },
3474       { &hf_sflow_5_extended_url_url,
3475         { "URL", "sflow_5.extended_url.url",
3476           FT_STRING, BASE_NONE, NULL, 0x0,
3477           NULL, HFILL }
3478       },
3479       { &hf_sflow_5_extended_url_host,
3480         { "Host", "sflow_5.extended_url.host",
3481           FT_STRING, BASE_NONE, NULL, 0x0,
3482           NULL, HFILL }
3483       },
3484       { &hf_sflow_5_extended_mpls_tunnel_name,
3485         { "Tunnel Name", "sflow_5.extended_mpls_tunnel.tunnel_name",
3486           FT_STRING, BASE_NONE, NULL, 0x0,
3487           NULL, HFILL }
3488       },
3489       { &hf_sflow_5_extended_mpls_vc_instance_name,
3490         { "VC Instance Name", "sflow_5.extended_mpls_vc.vc_instance_name",
3491           FT_STRING, BASE_NONE, NULL, 0x0,
3492           NULL, HFILL }
3493       },
3494       { &hf_sflow_5_extended_mpls_ftn_description,
3495         { "MPLS FTN Description", "sflow_5.extended_mpls.ftn_description",
3496           FT_STRING, BASE_NONE, NULL, 0x0,
3497           NULL, HFILL }
3498       },
3499       { &hf_sflow_5_extended_80211_payload,
3500         { "Payload", "sflow_5.extended_80211.payload",
3501           FT_BYTES, BASE_NONE, NULL, 0x0,
3502           NULL, HFILL }
3503       },
3504       { &hf_sflow_5_extended_80211_rx_ssid,
3505         { "SSID", "sflow_5.extended_80211.rx.ssid",
3506           FT_STRING, BASE_NONE, NULL, 0x0,
3507           NULL, HFILL }
3508       },
3509       { &hf_sflow_5_extended_80211_tx_ssid,
3510         { "SSID", "sflow_5.extended_80211.tx.ssid",
3511           FT_STRING, BASE_NONE, NULL, 0x0,
3512           NULL, HFILL }
3513       },
3514       { &hf_sflow_flow_sample_index,
3515         { "Index", "sflow.flow_sample.index",
3516           FT_UINT32, BASE_DEC, NULL, 0x00FFFFFF,
3517           NULL, HFILL }
3518       },
3519       { &hf_sflow_counters_sample_index,
3520         { "Index", "sflow.counters_sample.index",
3521           FT_UINT32, BASE_DEC, NULL, 0x0,
3522           NULL, HFILL }
3523       },
3524     };
3525
3526     /* Setup protocol subtree array */
3527     static gint * ett[] = {
3528         &ett_sflow_245,
3529         &ett_sflow_245_sample,
3530         &ett_sflow_5_flow_record,
3531         &ett_sflow_5_counters_record,
3532         &ett_sflow_5_mpls_in_label_stack,
3533         &ett_sflow_5_mpls_out_label_stack,
3534         &ett_sflow_245_extended_data,
3535         &ett_sflow_245_gw_as_dst,
3536         &ett_sflow_245_gw_as_dst_seg,
3537         &ett_sflow_245_gw_community,
3538         &ett_sflow_245_sampled_header,
3539     };
3540
3541     static ei_register_info ei[] = {
3542         { &ei_sflow_invalid_address_type, { "sflow.invalid_address_type", PI_MALFORMED, PI_ERROR, "Unknown/invalid address type", EXPFILL }},
3543     };
3544
3545     expert_module_t* expert_sflow;
3546
3547     /* Register the protocol name and description */
3548     proto_sflow = proto_register_protocol(
3549             "InMon sFlow", /* name       */
3550             "sFlow", /* short name */
3551             "sflow" /* abbrev     */
3552             );
3553
3554     /* Required function calls to register the header fields and subtrees used */
3555     proto_register_field_array(proto_sflow, hf, array_length(hf));
3556     proto_register_subtree_array(ett, array_length(ett));
3557     expert_sflow = expert_register_protocol(proto_sflow);
3558     expert_register_field_array(expert_sflow, ei, array_length(ei));
3559
3560     /* Register our configuration options for sFlow */
3561     sflow_245_module = prefs_register_protocol(proto_sflow, proto_reg_handoff_sflow_245);
3562
3563     /* Set default Neflow port(s) */
3564     range_convert_str(&global_sflow_ports, SFLOW_UDP_PORTS, MAX_UDP_PORT);
3565
3566     prefs_register_obsolete_preference(sflow_245_module, "udp.port");
3567
3568     prefs_register_range_preference(sflow_245_module, "ports",
3569             "sFlow UDP Port(s)",
3570             "Set the port(s) for sFlow messages"
3571             " (default: " SFLOW_UDP_PORTS ")",
3572             &global_sflow_ports, MAX_UDP_PORT);
3573
3574     /*
3575        If I use a filter like "ip.src == 10.1.1.1" this will, in
3576        addition to the usual suspects, find every sFlow packet
3577        where *any* of the payload headers contain 10.1.1.1 as a
3578        src addr.  I think this may not be the desired behavior.
3579        It can certainly be confusing since the ip.src being found
3580        is buried about 3 subtrees deep and the subtrees might be
3581        under any one of the sampled (payload) header trees. It is
3582        certainly not quickly obvious why the filter matched.
3583      */
3584     prefs_register_bool_preference(sflow_245_module, "enable_dissection",
3585             "Dissect data in sampled headers",
3586             "Enabling dissection makes it easy to view protocol details in each of the sampled headers."
3587             "  Disabling dissection may reduce noise caused when display filters match the contents of"
3588             " any sampled header(s).",
3589             &global_dissect_samp_headers);
3590     /*
3591        It is not clear to me that it *ever* makes sense to enable
3592        this option.  However, it was previously the default
3593        behavior so I'll leave it as an option if someone thinks
3594        they have a use for it.
3595      */
3596     prefs_register_bool_preference(sflow_245_module, "enable_analysis",
3597             "Analyze data in sampled IP headers",
3598             "This option only makes sense if dissection of sampled headers is enabled and probably not even then.",
3599             &global_analyze_samp_ip_headers);
3600 }
3601
3602 void
3603 proto_reg_handoff_sflow_245(void) {
3604     static range_t  *sflow_ports;
3605     static gboolean  sflow_245_prefs_initialized = FALSE;
3606
3607     if (!sflow_245_prefs_initialized) {
3608         sflow_handle = new_create_dissector_handle(dissect_sflow_245, proto_sflow);
3609         data_handle = find_dissector("data");
3610         sflow_245_prefs_initialized = TRUE;
3611     } else {
3612         dissector_delete_uint_range("udp.port", sflow_ports, sflow_handle);
3613         g_free(sflow_ports);
3614     }
3615
3616     sflow_ports = range_copy(global_sflow_ports);
3617     dissector_add_uint_range("udp.port", sflow_ports, sflow_handle);
3618
3619
3620     /*dissector_handle_t sflow_245_handle;*/
3621
3622     /*
3623      * XXX - should this be done with a dissector table?
3624      */
3625
3626     if (global_dissect_samp_headers) {
3627         eth_withoutfcs_handle = find_dissector("eth_withoutfcs");
3628         tr_handle = find_dissector("tr");
3629         fddi_handle = find_dissector("fddi");
3630         fr_handle = find_dissector("fr");
3631         x25_handle = find_dissector("x.25");
3632         ppp_hdlc_handle = find_dissector("ppp_hdlc");
3633 #if 0
3634         smds_handle = find_dissector("smds");
3635 #else
3636         /* We don't have an SMDS dissector yet
3637          *
3638          *Switched multimegabit data service (SMDS) was a connectionless service
3639          *used to connect LANs, MANs and WANs to exchange data. SMDS was based on
3640          *the IEEE 802.6 DQDB standard. SMDS fragmented its datagrams into smaller
3641          *"cells" for transport, and can be viewed as a technological precursor of ATM.
3642          */
3643         smds_handle = data_handle;
3644 #endif
3645 #if 0
3646         aal5_handle = find_dissector("aal5");
3647 #else
3648         /*
3649          * No AAL5 (ATM Adaptation Layer 5) dissector available.
3650          * What does the packet look like?  An AAL5 PDU?  Where
3651          * do the VPI/VCI pair appear, if anywhere?
3652          */
3653         aal5_handle = data_handle;
3654 #endif
3655         ipv4_handle = find_dissector("ip");
3656         ipv6_handle = find_dissector("ipv6");
3657         mpls_handle = find_dissector("mpls");
3658 #if 0
3659         pos_handle = find_dissector("pos");
3660 #else
3661         /* wireshark does not have POS dissector yet */
3662         pos_handle = data_handle;
3663 #endif
3664         ieee80211_mac_handle = find_dissector("wlan_withoutfcs");
3665 #if 0
3666         ieee80211_ampdu_handle = find_dissector("ampdu");
3667         ieee80211_amsdu_subframe_handle = find_dissector("wlan_aggregate");
3668 #else
3669         /* No handles for these */
3670         ieee80211_ampdu_handle = data_handle;
3671         ieee80211_amsdu_subframe_handle = data_handle;
3672 #endif
3673     } else {
3674         eth_withoutfcs_handle = data_handle;
3675         tr_handle = data_handle;
3676         fddi_handle = data_handle;
3677         fr_handle = data_handle;
3678         x25_handle = data_handle;
3679         ppp_hdlc_handle = data_handle;
3680         smds_handle = data_handle;
3681         aal5_handle = data_handle;
3682         ipv4_handle = data_handle;
3683         ipv6_handle = data_handle;
3684         mpls_handle = data_handle;
3685         pos_handle = data_handle;
3686         ieee80211_mac_handle = data_handle;
3687         ieee80211_ampdu_handle = data_handle;
3688         ieee80211_amsdu_subframe_handle = data_handle;
3689     }
3690
3691 }
3692
3693
3694 /*
3695  * Editor modelines
3696  *
3697  * Local Variables:
3698  * c-basic-offset: 4
3699  * tab-width: 8
3700  * indent-tabs-mode: nil
3701  * End:
3702  *
3703  * ex: set shiftwidth=4 tabstop=8 noexpandtab
3704  * :indentSize=4:tabSize=8:noTabs=true:
3705  */
Unnamed repository; edit this file to name it for gitweb.