epan/dissectors/packet-sflow.c

   1 /* packet-sflow.c
   2  * Routines for sFlow v5 dissection implemented according to the specifications
   3  * at http://www.sflow.org/sflow_version_5.txt
   4  *
   5  * Additional 802.11 structures support implemented according to the
   6  * specifications at http://www.sflow.org/sflow_80211.txt
   7  *
   8  * By Yi Yu <yiyu.inbox@gmail.com>
   9  *
  10  * TODO:
  11  *   802.11 aggregation data dissection                         (sFlow v5)
  12  *
  13  *
  14  * Based on Jeff Rizzo's <riz@boogers.sf.ca.us> dissector for sFlow v2/4
  15  * in Wireshark 1.0.8 public release.
  16  *
  17  * Wireshark - Network traffic analyzer
  18  * By Gerald Combs <gerald@wireshark.org>
  19  * Copyright 1998 Gerald Combs
  20  *
  21  * This program is free software; you can redistribute it and/or
  22  * modify it under the terms of the GNU General Public License
  23  * as published by the Free Software Foundation; either version 2
  24  * of the License, or (at your option) any later version.
  25  *
  26  * This program is distributed in the hope that it will be useful,
  27  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  28  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  29  * GNU General Public License for more details.
  30  *
  31  * You should have received a copy of the GNU General Public License
  32  * along with this program; if not, write to the Free Software
  33  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  34  *
  35  *
  36  * This file (mostly) implements a dissector for sFlow (RFC3176),
  37  * from the version 4 spec at http://www.sflow.org/SFLOW-DATAGRAM.txt .
  38  *
  39  * TODO:
  40  *   Fix the highlighting of the datastream when bits are selected
  41  *   split things out into packet-sflow.h ?
  42  *   make routines more consistent as to whether they return
  43  *     'offset' or bytes consumed ('len')                       (sFlow v2/4)
  44  *   implement sampled_ipv4 and sampled_ipv6 packet data types  (sFlow v2/4)
  45  *   implement extended_user                                    (sFlow v2/4)
  46  *   implement extended_url                                     (sFlow v2/4)
  47  *   implement non-generic counters sampling                    (sFlow v2/4)
  48  */
  49
  50 #include "config.h"
  51
  52 #include <epan/packet.h>
  53 #include <epan/exceptions.h>
  54 #include <epan/prefs.h>
  55 #include <epan/expert.h>
  56 #include <epan/to_str.h>
  57 #include <epan/ipproto.h>
  58 #include "packet-sflow.h"
  59
  60 #define SFLOW_UDP_PORTS "6343"
  61
  62 void proto_register_sflow(void);
  63
  64 static dissector_handle_t sflow_handle;
  65
  66 /*
  67  *  sflow_245_ports : holds the currently used range of ports for sflow
  68  */
  69 static gboolean global_dissect_samp_headers = TRUE;
  70 static gboolean global_analyze_samp_ip_headers = FALSE;
  71
  72 #define ENTERPRISE_DEFAULT 0
  73
  74 #define ADDR_TYPE_UNKNOWN 0
  75 #define ADDR_TYPE_IPV4    1
  76 #define ADDR_TYPE_IPV6    2
  77
  78 #define FLOWSAMPLE 1
  79 #define COUNTERSSAMPLE 2
  80 #define EXPANDED_FLOWSAMPLE 3
  81 #define EXPANDED_COUNTERSSAMPLE 4
  82 #define LAG_PORT_STATS 7
  83
  84 static const value_string sflow_agent_address_types[] = {
  85     { ADDR_TYPE_IPV4, "IPv4" },
  86     { ADDR_TYPE_IPV6, "IPv6" },
  87     { 0, NULL }
  88 };
  89
  90 static const value_string sflow_245_sampletype[] = {
  91     { FLOWSAMPLE,              "Flow sample"},
  92     { COUNTERSSAMPLE,          "Counters sample"},
  93     { EXPANDED_FLOWSAMPLE,     "Expanded flow sample"},
  94     { EXPANDED_COUNTERSSAMPLE, "Expanded counters sample"},
  95     { LAG_PORT_STATS,          "Lag Port stats"},
  96     { 0, NULL}
  97 };
  98
  99 #define SFLOW_5_IEEE80211_VERSION_A 1
 100 #define SFLOW_5_IEEE80211_VERSION_B 2
 101 #define SFLOW_5_IEEE80211_VERSION_G 3
 102 #define SFLOW_5_IEEE80211_VERSION_N 4
 103
 104 static const value_string sflow_5_ieee80211_versions [] = {
 105     { SFLOW_5_IEEE80211_VERSION_A, "802.11a"},
 106     { SFLOW_5_IEEE80211_VERSION_B, "802.11b"},
 107     { SFLOW_5_IEEE80211_VERSION_G, "802.11g"},
 108     { SFLOW_5_IEEE80211_VERSION_N, "802.11n"},
 109     { 0, NULL}
 110 };
 111
 112 /* interface counter types */
 113 #define SFLOW_245_COUNTERS_GENERIC 1
 114 #define SFLOW_245_COUNTERS_ETHERNET 2
 115 #define SFLOW_245_COUNTERS_TOKENRING 3
 116 #define SFLOW_245_COUNTERS_FDDI 4
 117 #define SFLOW_245_COUNTERS_VG 5
 118 #define SFLOW_245_COUNTERS_WAN 6
 119 #define SFLOW_245_COUNTERS_VLAN 7
 120
 121 static const value_string sflow_245_counterstype[] = {
 122     { SFLOW_245_COUNTERS_GENERIC,  "Generic counters"},
 123     { SFLOW_245_COUNTERS_ETHERNET, "Ethernet counters"},
 124     { SFLOW_245_COUNTERS_FDDI,     "FDDI counters"},
 125     { SFLOW_245_COUNTERS_VG,       "100baseVG counters"},
 126     { SFLOW_245_COUNTERS_WAN,      "WAN counters"},
 127     { SFLOW_245_COUNTERS_VLAN,     "VLAN counters"},
 128     { 0, NULL}
 129 };
 130
 131 #define MAX_HEADER_SIZE 256
 132
 133 #define SFLOW_245_PACKET_DATA_TYPE_HEADER 1
 134 #define SFLOW_245_PACKET_DATA_TYPE_IPV4 2
 135 #define SFLOW_245_PACKET_DATA_TYPE_IPV6 3
 136
 137 static const value_string sflow_245_packet_information_type[] = {
 138     { SFLOW_245_PACKET_DATA_TYPE_HEADER, "Packet headers are sampled"},
 139     { SFLOW_245_PACKET_DATA_TYPE_IPV4,   "IP Version 4 data"},
 140     { SFLOW_245_PACKET_DATA_TYPE_IPV6,   "IP Version 6 data"},
 141     { 0, NULL}
 142 };
 143
 144 static const value_string extended_80211_suite_type_vals[] = {
 145     { 0, "Use group cipher suite"},
 146     { 1, "WEP-40"},
 147     { 2, "TKIP"},
 148     { 4, "CCMP"},
 149     { 5, "WEP-104"},
 150     { 0, NULL}
 151 };
 152
 153 static const value_string sflow_ifdirection_vals[] = {
 154     { 1, "Full-Duplex"},
 155     { 2, "Half-Duplex"},
 156     { 3, "In"},
 157     { 4, "Out"},
 158     { 0, NULL}
 159 };
 160
 161 const true_false_string tfs_low_normal = { "Low", "Normal" };
 162 const true_false_string tfs_high_normal = { "High", "Normal" };
 163 const true_false_string tfs_minimize_monetary_normal = { "Minimize Monetary", "Normal" };
 164 const true_false_string tfs_up_down = { "Up", "Down" };
 165
 166 static const value_string sflow_245_header_protocol[] = {
 167     { SFLOW_245_HEADER_ETHERNET,           "Ethernet"},
 168     { SFLOW_245_HEADER_TOKENBUS,           "Token Bus"},
 169     { SFLOW_245_HEADER_TOKENRING,          "Token Ring"},
 170     { SFLOW_245_HEADER_FDDI,               "FDDI"},
 171     { SFLOW_245_HEADER_FRAME_RELAY,        "Frame Relay"},
 172     { SFLOW_245_HEADER_X25,                "X.25"},
 173     { SFLOW_245_HEADER_PPP,                "PPP"},
 174     { SFLOW_245_HEADER_SMDS,               "SMDS"},
 175     { SFLOW_245_HEADER_AAL5,               "ATM AAL5"},
 176     { SFLOW_245_HEADER_AAL5_IP,            "ATM AAL5-IP (e.g., Cisco AAL5 mux)"},
 177     { SFLOW_245_HEADER_IPv4,               "IPv4"},
 178     { SFLOW_245_HEADER_IPv6,               "IPv6"},
 179     { SFLOW_245_HEADER_MPLS,               "MPLS"},
 180     { SFLOW_5_HEADER_POS,                  "PPP over SONET/SDH (RFC 1662, 2615)"},
 181     { SFLOW_5_HEADER_80211_MAC,            "802.11 MAC"},
 182     { SFLOW_5_HEADER_80211_AMPDU,          "802.11n Aggregated MPDU"},
 183     { SFLOW_5_HEADER_80211_AMSDU_SUBFRAME, "A-MSDU Subframe"},
 184     { 0, NULL}
 185 };
 186 static value_string_ext sflow_245_header_protocol_ext = VALUE_STRING_EXT_INIT(sflow_245_header_protocol);
 187
 188 /* extended packet data types */
 189 #define SFLOW_245_EXTENDED_SWITCH 1
 190 #define SFLOW_245_EXTENDED_ROUTER 2
 191 #define SFLOW_245_EXTENDED_GATEWAY 3
 192 #define SFLOW_245_EXTENDED_USER 4
 193 #define SFLOW_245_EXTENDED_URL 5
 194
 195 static const value_string sflow_245_extended_data_types[] = {
 196     { SFLOW_245_EXTENDED_SWITCH, "Extended switch information"},
 197     { SFLOW_245_EXTENDED_ROUTER, "Extended router information"},
 198     { SFLOW_245_EXTENDED_GATEWAY, "Extended gateway information"},
 199     { SFLOW_245_EXTENDED_USER, "Extended user information"},
 200     { SFLOW_245_EXTENDED_URL, "Extended URL information"},
 201     { 0, NULL}
 202 };
 203
 204
 205 #define SFLOW_245_AS_SET 1
 206 #define SFLOW_245_AS_SEQUENCE 2
 207
 208 static const value_string sflow_245_as_types[] = {
 209     { SFLOW_245_AS_SET, "AS Set"},
 210     { SFLOW_245_AS_SEQUENCE, "AS Sequence"},
 211     { 0, NULL}
 212 };
 213
 214 #define SFLOW_245_IPV4_PRECEDENCE_ROUTINE 0
 215 #define SFLOW_245_IPV4_PRECEDENCE_PRIORITY 1
 216 #define SFLOW_245_IPV4_PRECEDENCE_IMMEDIATE 2
 217 #define SFLOW_245_IPV4_PRECEDENCE_FLASH 3
 218 #define SFLOW_245_IPV4_PRECEDENCE_FLASH_OVERRIDE 4
 219 #define SFLOW_245_IPV4_PRECEDENCE_CRITIC_ECP 5
 220 #define SFLOW_245_IPV4_PRECEDENCE_INTERNETWORK_CONTROL 6
 221 #define SFLOW_245_IPV4_PRECEDENCE_NETWORK_CONTROL 7
 222
 223 static const value_string sflow_245_ipv4_precedence_types[] = {
 224     { SFLOW_245_IPV4_PRECEDENCE_ROUTINE, "Routine"},
 225     { SFLOW_245_IPV4_PRECEDENCE_PRIORITY, "Priority"},
 226     { SFLOW_245_IPV4_PRECEDENCE_IMMEDIATE, "Immediate"},
 227     { SFLOW_245_IPV4_PRECEDENCE_FLASH, "Flash"},
 228     { SFLOW_245_IPV4_PRECEDENCE_FLASH_OVERRIDE, "Flash Override"},
 229     { SFLOW_245_IPV4_PRECEDENCE_CRITIC_ECP, "CRITIC/ECP"},
 230     { SFLOW_245_IPV4_PRECEDENCE_INTERNETWORK_CONTROL, "Internetwork Control"},
 231     { SFLOW_245_IPV4_PRECEDENCE_NETWORK_CONTROL, "Network Control"},
 232     { 0, NULL}
 233 };
 234
 235 /* sFlow v5 flow record formats */
 236 #define SFLOW_5_RAW_PACKET_HEADER    1
 237 #define SFLOW_5_ETHERNET_FRAME       2
 238 #define SFLOW_5_IPV4                 3
 239 #define SFLOW_5_IPV6                 4
 240 #define SFLOW_5_SWITCH            1001
 241 #define SFLOW_5_ROUTER            1002
 242 #define SFLOW_5_GATEWAY           1003
 243 #define SFLOW_5_USER              1004
 244 #define SFLOW_5_URL               1005
 245 #define SFLOW_5_MPLS_DATA         1006
 246 #define SFLOW_5_NAT               1007
 247 #define SFLOW_5_MPLS_TUNNEL       1008
 248 #define SFLOW_5_MPLS_VC           1009
 249 #define SFLOW_5_MPLS_FEC          1010
 250 #define SFLOW_5_MPLS_LVP_FEC      1011
 251 #define SFLOW_5_VLAN_TUNNEL       1012
 252 #define SFLOW_5_80211_PAYLOAD     1013
 253 #define SFLOW_5_80211_RX          1014
 254 #define SFLOW_5_80211_TX          1015
 255 #define SFLOW_5_80211_AGGREGATION 1016
 256
 257
 258 static const value_string sflow_5_flow_record_type[] = {
 259     { SFLOW_5_RAW_PACKET_HEADER, "Raw packet header"},
 260     { SFLOW_5_ETHERNET_FRAME,    "Ethernet frame data"},
 261     { SFLOW_5_IPV4,              "IPv4 data"},
 262     { SFLOW_5_IPV6,              "IPv6 data"},
 263     { SFLOW_5_SWITCH,            "Extended switch data"},
 264     { SFLOW_5_ROUTER,            "Extended router data"},
 265     { SFLOW_5_GATEWAY,           "Extended gateway data"},
 266     { SFLOW_5_USER,              "Extended user data"},
 267     { SFLOW_5_URL,               "Extended URL data"},
 268     { SFLOW_5_MPLS_DATA,         "Extended MPLS data"},
 269     { SFLOW_5_NAT,               "Extended NAT data"},
 270     { SFLOW_5_MPLS_TUNNEL,       "Extended MPLS tunnel data"},
 271     { SFLOW_5_MPLS_VC,           "Extended MPLS VC data"},
 272     { SFLOW_5_MPLS_FEC,          "Extended MPLS FEC data"},
 273     { SFLOW_5_MPLS_LVP_FEC,      "Extended MPLS LVP FEC data"},
 274     { SFLOW_5_VLAN_TUNNEL,       "Extended VLAN tunnel"},
 275     { SFLOW_5_80211_PAYLOAD,     "Extended 802.11 payload"},
 276     { SFLOW_5_80211_RX,          "Extended 802.11 RX"},
 277     { SFLOW_5_80211_TX,          "Extended 802.11 TX"},
 278     { SFLOW_5_80211_AGGREGATION, "Extended 802.11 aggregation"},
 279     { 0, NULL}
 280 };
 281 static value_string_ext sflow_5_flow_record_type_ext = VALUE_STRING_EXT_INIT(sflow_5_flow_record_type);
 282
 283 /* sFlow v5 counters record formats */
 284 #define SFLOW_5_GENERIC_INTERFACE 1
 285 #define SFLOW_5_ETHERNET_INTERFACE 2
 286 #define SFLOW_5_TOKEN_RING 3
 287 #define SFLOW_5_100BASE_VG_INTERFACE 4
 288 #define SFLOW_5_VLAN 5
 289 #define SFLOW_5_80211_COUNTERS 6
 290 #define SFLOW_5_PROCESSOR 1001
 291 #define SFLOW_5_RADIO_UTILIZATION 1002
 292
 293 static const value_string sflow_5_counters_record_type[] = {
 294     { SFLOW_5_GENERIC_INTERFACE,    "Generic interface counters"},
 295     { SFLOW_5_ETHERNET_INTERFACE,   "Ethernet interface counters"},
 296     { SFLOW_5_TOKEN_RING,           "Token ring counters"},
 297     { SFLOW_5_100BASE_VG_INTERFACE, "100 Base VG interface counters"},
 298     { SFLOW_5_VLAN,                 "VLAN counters"},
 299     { SFLOW_5_80211_COUNTERS,       "IEEE 802.11 counters"},
 300     { SFLOW_5_PROCESSOR,            "Processor information"},
 301     { SFLOW_5_RADIO_UTILIZATION,    "Radio utilization"},
 302     { 0, NULL}
 303 };
 304
 305 /* ethernet counters.  These will be preceded by generic counters. */
 306 struct ethernet_counters {
 307     guint32 dot3StatsAlignmentErrors;
 308     guint32 dot3StatsFCSErrors;
 309     guint32 dot3StatsSingleCollisionFrames;
 310     guint32 dot3StatsMultipleCollisionFrames;
 311     guint32 dot3StatsSQETestErrors;
 312     guint32 dot3StatsDeferredTransmissions;
 313     guint32 dot3StatsLateCollisions;
 314     guint32 dot3StatsExcessiveCollisions;
 315     guint32 dot3StatsInternalMacTransmitErrors;
 316     guint32 dot3StatsCarrierSenseErrors;
 317     guint32 dot3StatsFrameTooLongs;
 318     guint32 dot3StatsInternalMacReceiveErrors;
 319     guint32 dot3StatsSymbolErrors;
 320 };
 321
 322 struct sflow_address_type {
 323     int hf_addr_v4;
 324     int hf_addr_v6;
 325 };
 326
 327
 328 /* Initialize the protocol and registered fields */
 329 static int proto_sflow = -1;
 330 static int hf_sflow_version = -1;
 331 static int hf_sflow_agent_address_type = -1;
 332 static int hf_sflow_agent_address_v4 = -1;
 333 static int hf_sflow_agent_address_v6 = -1;
 334 static int hf_sflow_5_sub_agent_id = -1;
 335 static int hf_sflow_5_sample_length = -1;
 336 static int hf_sflow_5_flow_data_length = -1;
 337 /* static int hf_sflow_5_counters_data_length = -1; */
 338 static int hf_sflow_245_seqnum = -1;
 339 static int hf_sflow_245_sysuptime = -1;
 340 static int hf_sflow_245_numsamples = -1;
 341 static int hf_sflow_245_header_protocol = -1;
 342 static int hf_sflow_245_sampletype = -1;
 343 static int hf_sflow_245_sampletype12 = -1;
 344 static int hf_sflow_245_ipv4_precedence_type = -1;
 345 static int hf_sflow_5_flow_record_format = -1;
 346 static int hf_sflow_5_counters_record_format = -1;
 347 static int hf_sflow_245_header = -1;
 348 static int hf_sflow_245_packet_information_type = -1;
 349 static int hf_sflow_245_extended_information_type = -1;
 350 static int hf_sflow_245_vlan_in = -1; /* incoming 802.1Q VLAN ID */
 351 static int hf_sflow_245_vlan_out = -1; /* outgoing 802.1Q VLAN ID */
 352 static int hf_sflow_245_pri_in = -1; /* incominging 802.1p priority */
 353 static int hf_sflow_245_pri_out = -1; /* outgoing 802.1p priority */
 354 static int hf_sflow_245_nexthop_v4 = -1; /* nexthop address */
 355 static int hf_sflow_245_nexthop_v6 = -1; /* nexthop address */
 356 static int hf_sflow_245_ipv4_src = -1;
 357 static int hf_sflow_245_ipv4_dst = -1;
 358 static int hf_sflow_245_ipv6_src = -1;
 359 static int hf_sflow_245_ipv6_dst = -1;
 360 static int hf_sflow_245_nexthop_src_mask = -1;
 361 static int hf_sflow_245_nexthop_dst_mask = -1;
 362
 363
 364 /* extended gateway (all versions) */
 365 static int hf_sflow_245_as = -1;
 366 static int hf_sflow_245_src_as = -1;
 367 static int hf_sflow_245_src_peer_as = -1;
 368 static int hf_sflow_245_dst_as_entries = -1; /* aka length */
 369 static int hf_sflow_245_dst_as = -1;
 370 /* extended gateway (>= version 4) */
 371 static int hf_sflow_245_community_entries = -1;
 372 /* static int hf_sflow_245_community = -1; */
 373 static int hf_sflow_245_localpref = -1;
 374
 375 /* generic interface counter */
 376 static int hf_sflow_245_ifindex = -1;
 377 static int hf_sflow_245_iftype = -1;
 378 static int hf_sflow_245_ifspeed = -1;
 379 static int hf_sflow_245_ifdirection = -1;
 380 static int hf_sflow_245_ifadmin_status = -1;
 381 static int hf_sflow_245_ifoper_status = -1;
 382 static int hf_sflow_245_ifinoct = -1;
 383 static int hf_sflow_245_ifinpkt = -1;
 384 static int hf_sflow_245_ifinmcast = -1;
 385 static int hf_sflow_245_ifinbcast = -1;
 386 static int hf_sflow_245_ifinerr = -1;
 387 static int hf_sflow_245_ifindisc = -1;
 388 static int hf_sflow_245_ifinunk = -1;
 389 static int hf_sflow_245_ifoutoct = -1;
 390 static int hf_sflow_245_ifoutpkt = -1;
 391 static int hf_sflow_245_ifoutmcast = -1;
 392 static int hf_sflow_245_ifoutbcast = -1;
 393 static int hf_sflow_245_ifoutdisc = -1;
 394 static int hf_sflow_245_ifouterr = -1;
 395 static int hf_sflow_245_ifpromisc = -1;
 396
 397 /* ethernet interface counter */
 398 static int hf_sflow_245_dot3StatsAlignmentErrors = -1;
 399 static int hf_sflow_245_dot3StatsFCSErrors = -1;
 400 static int hf_sflow_245_dot3StatsSingleCollisionFrames = -1;
 401 static int hf_sflow_245_dot3StatsMultipleCollisionFrames = -1;
 402 static int hf_sflow_245_dot3StatsSQETestErrors = -1;
 403 static int hf_sflow_245_dot3StatsDeferredTransmissions = -1;
 404 static int hf_sflow_245_dot3StatsLateCollisions = -1;
 405 static int hf_sflow_245_dot3StatsExcessiveCollisions = -1;
 406 static int hf_sflow_245_dot3StatsInternalMacTransmitErrors = -1;
 407 static int hf_sflow_245_dot3StatsCarrierSenseErrors = -1;
 408 static int hf_sflow_245_dot3StatsFrameTooLongs = -1;
 409 static int hf_sflow_245_dot3StatsInternalMacReceiveErrors = -1;
 410 static int hf_sflow_245_dot3StatsSymbolErrors = -1;
 411
 412 /* token ring counter */
 413 static int hf_sflow_245_dot5StatsLineErrors = -1;
 414 static int hf_sflow_245_dot5StatsBurstErrors = -1;
 415 static int hf_sflow_245_dot5StatsACErrors = -1;
 416 static int hf_sflow_245_dot5StatsAbortTransErrors = -1;
 417 static int hf_sflow_245_dot5StatsInternalErrors = -1;
 418 static int hf_sflow_245_dot5StatsLostFrameErrors = -1;
 419 static int hf_sflow_245_dot5StatsReceiveCongestions = -1;
 420 static int hf_sflow_245_dot5StatsFrameCopiedErrors = -1;
 421 static int hf_sflow_245_dot5StatsTokenErrors = -1;
 422 static int hf_sflow_245_dot5StatsSoftErrors = -1;
 423 static int hf_sflow_245_dot5StatsHardErrors = -1;
 424 static int hf_sflow_245_dot5StatsSignalLoss = -1;
 425 static int hf_sflow_245_dot5StatsTransmitBeacons = -1;
 426 static int hf_sflow_245_dot5StatsRecoveries = -1;
 427 static int hf_sflow_245_dot5StatsLobeWires = -1;
 428 static int hf_sflow_245_dot5StatsRemoves = -1;
 429 static int hf_sflow_245_dot5StatsSingles = -1;
 430 static int hf_sflow_245_dot5StatsFreqErrors = -1;
 431
 432 /* 100 BaseVG interface counters */
 433 static int hf_sflow_245_dot12InHighPriorityFrames = -1;
 434 static int hf_sflow_245_dot12InHighPriorityOctets = -1;
 435 static int hf_sflow_245_dot12InNormPriorityFrames = -1;
 436 static int hf_sflow_245_dot12InNormPriorityOctets = -1;
 437 static int hf_sflow_245_dot12InIPMErrors = -1;
 438 static int hf_sflow_245_dot12InOversizeFrameErrors = -1;
 439 static int hf_sflow_245_dot12InDataErrors = -1;
 440 static int hf_sflow_245_dot12InNullAddressedFrames = -1;
 441 static int hf_sflow_245_dot12OutHighPriorityFrames = -1;
 442 static int hf_sflow_245_dot12OutHighPriorityOctets = -1;
 443 static int hf_sflow_245_dot12TransitionIntoTrainings = -1;
 444 static int hf_sflow_245_dot12HCInHighPriorityOctets = -1;
 445 static int hf_sflow_245_dot12HCInNormPriorityOctets = -1;
 446 static int hf_sflow_245_dot12HCOutHighPriorityOctets = -1;
 447
 448 /* VLAN counters */
 449 static int hf_sflow_245_vlan_id = -1;
 450 static int hf_sflow_245_octets = -1;
 451 static int hf_sflow_245_ucastPkts = -1;
 452 static int hf_sflow_245_multicastPkts = -1;
 453 static int hf_sflow_245_broadcastPkts = -1;
 454 static int hf_sflow_245_discards = -1;
 455
 456 /* 802.11 interface counters */
 457 static int hf_sflow_5_dot11TransmittedFragmentCount = -1;
 458 static int hf_sflow_5_dot11MulticastTransmittedFrameCount = -1;
 459 static int hf_sflow_5_dot11FailedCount = -1;
 460 static int hf_sflow_5_dot11RetryCount = -1;
 461 static int hf_sflow_5_dot11MultipleRetryCount = -1;
 462 static int hf_sflow_5_dot11FrameDuplicateCount = -1;
 463 static int hf_sflow_5_dot11RTSSuccessCount = -1;
 464 static int hf_sflow_5_dot11RTSFailureCount = -1;
 465 static int hf_sflow_5_dot11ACKFailureCount = -1;
 466 static int hf_sflow_5_dot11ReceivedFragmentCount = -1;
 467 static int hf_sflow_5_dot11MulticastReceivedFrameCount = -1;
 468 static int hf_sflow_5_dot11FCSErrorCount = -1;
 469 static int hf_sflow_5_dot11TransmittedFrameCount = -1;
 470 static int hf_sflow_5_dot11WEPUndecryptableCount = -1;
 471 static int hf_sflow_5_dot11QoSDiscardedFragmentCount = -1;
 472 static int hf_sflow_5_dot11AssociatedStationCount = -1;
 473 static int hf_sflow_5_dot11QoSCFPollsReceivedCount = -1;
 474 static int hf_sflow_5_dot11QoSCFPollsUnusedCount = -1;
 475 static int hf_sflow_5_dot11QoSCFPollsUnusableCount = -1;
 476 static int hf_sflow_5_dot11QoSCFPollsLostCount = -1;
 477 /* static int hf_sflow_5_ieee80211_version = -1; */
 478
 479
 480 /* processor information */
 481 static int hf_sflow_5_cpu_5s = -1;
 482 static int hf_sflow_5_cpu_1m = -1;
 483 static int hf_sflow_5_cpu_5m = -1;
 484 static int hf_sflow_5_total_memory = -1;
 485 static int hf_sflow_5_free_memory = -1;
 486
 487 /* radio utilisation */
 488 static int hf_sflow_5_elapsed_time = -1;
 489 static int hf_sflow_5_on_channel_time = -1;
 490 static int hf_sflow_5_on_channel_busy_time = -1;
 491
 492 /* Generated from convert_proto_tree_add_text.pl */
 493 static int hf_sflow_5_extended_80211_suite_type = -1;
 494 static int hf_sflow_5_extended_80211_rx_channel = -1;
 495 static int hf_sflow_flow_sample_input_interface = -1;
 496 static int hf_sflow_counters_sample_sampling_interval = -1;
 497 static int hf_sflow_5_extended_url_host_length = -1;
 498 static int hf_sflow_245_ip_tcp_flag_syn = -1;
 499 static int hf_sflow_flow_sample_output_interface = -1;
 500 static int hf_sflow_245_length_of_ip_packet = -1;
 501 static int hf_sflow_counters_sample_counters_type = -1;
 502 static int hf_sflow_5_extended_mpls_tunnel_id = -1;
 503 static int hf_sflow_flow_sample_sample_pool = -1;
 504 static int hf_sflow_5_extended_80211_tx_speed = -1;
 505 static int hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair = -1;
 506 static int hf_sflow_245_extended_mpls_out_label_stack_entries = -1;
 507 static int hf_sflow_flow_sample_input_interface_value = -1;
 508 static int hf_sflow_flow_sample_sampling_rate = -1;
 509 static int hf_sflow_5_extended_80211_rx_rcpi = -1;
 510 static int hf_sflow_enterprise = -1;
 511 static int hf_sflow_245_header_frame_length = -1;
 512 static int hf_sflow_5_extended_user_destination_character_set = -1;
 513 static int hf_sflow_5_extended_80211_rx_bssid = -1;
 514 static int hf_sflow_5_extended_80211_tx_retransmission_duration = -1;
 515 static int hf_sflow_245_ethernet_length_of_mac_packet = -1;
 516 static int hf_sflow_245_ip_tcp_flag_psh = -1;
 517 static int hf_sflow_flow_sample_flow_record = -1;
 518 static int hf_sflow_245_extended_mpls_in_label = -1;
 519 static int hf_sflow_5_extended_user_source_character_set = -1;
 520 static int hf_sflow_5_extended_user_destination_user_string_length = -1;
 521 static int hf_sflow_counters_sample_sequence_number = -1;
 522 static int hf_sflow_5_extended_80211_rx_speed = -1;
 523 static int hf_sflow_5_extended_80211_rx_rsni = -1;
 524 static int hf_sflow_flow_sample_source_id_index = -1;
 525 static int hf_sflow_245_ip_tcp_flag_ece = -1;
 526 static int hf_sflow_245_ipv4_throughput = -1;
 527 static int hf_sflow_5_extended_80211_oui = -1;
 528 static int hf_sflow_counters_sample_source_id_type = -1;
 529 static int hf_sflow_flow_sample_input_interface_format = -1;
 530 static int hf_sflow_5_extended_80211_tx_channel = -1;
 531 static int hf_sflow_245_ip_tcp_flag_urg = -1;
 532 static int hf_sflow_5_extended_mpls_tunnel_name_length = -1;
 533 static int hf_sflow_5_extended_80211_tx_version = -1;
 534 static int hf_sflow_245_ipv4_delay = -1;
 535 static int hf_sflow_flow_sample_source_id_class = -1;
 536 static int hf_sflow_245_ethernet_source_mac_address = -1;
 537 static int hf_sflow_5_extended_mpls_ftn_mask = -1;
 538 static int hf_sflow_245_extended_mpls_out_label = -1;
 539 static int hf_sflow_245_ipv6_priority = -1;
 540 static int hf_sflow_245_ip_tcp_flag_fin = -1;
 541 static int hf_sflow_245_ip_destination_port = -1;
 542 static int hf_sflow_5_extended_mpls_vc_label_cos_value = -1;
 543 static int hf_sflow_5_extended_80211_rx_packet_duration = -1;
 544 static int hf_sflow_5_extended_80211_tx_packet_duration = -1;
 545 static int hf_sflow_245_ipv4_reliability = -1;
 546 static int hf_sflow_5_extended_80211_tx_power = -1;
 547 static int hf_sflow_flow_sample_multiple_outputs = -1;
 548 static int hf_sflow_5_extended_user_source_user_string_length = -1;
 549 static int hf_sflow_5_extended_80211_payload_length = -1;
 550 static int hf_sflow_flow_sample_output_interface_format = -1;
 551 static int hf_sflow_245_ethernet_packet_type = -1;
 552 static int hf_sflow_counters_sample_expanded_source_id_type = -1;
 553 static int hf_sflow_245_ip_source_port = -1;
 554 static int hf_sflow_245_extended_mpls_in_label_stack_entries = -1;
 555 static int hf_sflow_5_extended_mpls_vc_instance_name_length = -1;
 556 static int hf_sflow_245_ipv4_cost = -1;
 557 static int hf_sflow_5_extended_mpls_ftn_description_length = -1;
 558 static int hf_sflow_5_extended_vlan_tunnel_number_of_layers = -1;
 559 static int hf_sflow_5_extended_80211_tx_bssid = -1;
 560 static int hf_sflow_245_ip_tcp_flag_rst = -1;
 561 static int hf_sflow_245_ip_tcp_flag_ack = -1;
 562 static int hf_sflow_245_ip_tcp_flag_cwr = -1;
 563 static int hf_sflow_5_extended_80211_tx_retransmissions = -1;
 564 static int hf_sflow_5_extended_80211_rx_version = -1;
 565 static int hf_sflow_flow_sample_dropped_packets = -1;
 566 static int hf_sflow_counters_sample_expanded_source_id_index = -1;
 567 static int hf_sflow_245_header_payload_removed = -1;
 568 static int hf_sflow_245_original_packet_header_length = -1;
 569 static int hf_sflow_245_ethernet_destination_mac_address = -1;
 570 static int hf_sflow_counters_sample_source_id_class = -1;
 571 static int hf_sflow_5_extended_url_url_length = -1;
 572 static int hf_sflow_flow_sample_source_id_type = -1;
 573 static int hf_sflow_5_extended_mpls_fec_address_prefix_length = -1;
 574 static int hf_sflow_flow_sample_sequence_number = -1;
 575 static int hf_sflow_counters_sample_source_id_index = -1;
 576 static int hf_sflow_counters_sample_counters_records = -1;
 577 static int hf_sflow_5_extended_mpls_tunnel_cos_value = -1;
 578 static int hf_sflow_5_extended_mpls_vc_id = -1;
 579 static int hf_sflow_flow_sample_output_interface_value = -1;
 580 static int hf_sflow_5_extended_user_destination_user = -1;
 581 static int hf_sflow_245_as_type = -1;
 582 static int hf_sflow_counters_sample_index = -1;
 583 static int hf_sflow_5_extended_url_url = -1;
 584 static int hf_sflow_flow_sample_index = -1;
 585 static int hf_sflow_5_extended_80211_rx_ssid = -1;
 586 static int hf_sflow_5_extended_mpls_vc_instance_name = -1;
 587 static int hf_sflow_5_extended_mpls_tunnel_name = -1;
 588 static int hf_sflow_5_extended_80211_payload = -1;
 589 static int hf_sflow_5_extended_user_source_user = -1;
 590 static int hf_sflow_5_extended_url_host = -1;
 591 static int hf_sflow_5_extended_80211_tx_ssid = -1;
 592 static int hf_sflow_5_extended_url_direction = -1;
 593 static int hf_sflow_5_extended_mpls_ftn_description = -1;
 594 static int hf_sflow_245_ip_protocol = -1;
 595
 596 static int hf_sflow_lag_port_actorsystemid = -1;
 597 static int hf_sflow_lag_port_partneropersystemid = -1;
 598 static int hf_sflow_lag_port_attachedaggid = -1;
 599 static int hf_sflow_lag_port_state = -1;
 600 static int hf_sflow_lag_port_actoradminstate = -1;
 601 static int hf_sflow_lag_port_actoroperstate = -1;
 602 static int hf_sflow_lag_port_partneradminstate = -1;
 603 static int hf_sflow_lag_port_partneroperstate = -1;
 604 static int hf_sflow_lag_port_reserved = -1;
 605 static int hf_sflow_lag_port_stats_lacpdusrx = -1;
 606 static int hf_sflow_lag_port_stats_markerpdusrx = -1;
 607 static int hf_sflow_lag_port_stats_markerresponsepdusrx = -1;
 608 static int hf_sflow_lag_port_stats_unknownrx = -1;
 609 static int hf_sflow_lag_port_stats_illegalrx = -1;
 610 static int hf_sflow_lag_port_stats_lacpdustx = -1;
 611 static int hf_sflow_lag_port_stats_markerpdustx = -1;
 612 static int hf_sflow_lag_port_stats_markerresponsepdustx = -1;
 613
 614 /* Initialize the subtree pointers */
 615 static gint ett_sflow_245 = -1;
 616 static gint ett_sflow_245_sample = -1;
 617 static gint ett_sflow_5_flow_record = -1;
 618 static gint ett_sflow_5_counters_record = -1;
 619 static gint ett_sflow_5_mpls_in_label_stack = -1;
 620 static gint ett_sflow_5_mpls_out_label_stack = -1;
 621 static gint ett_sflow_245_extended_data = -1;
 622 static gint ett_sflow_245_gw_as_dst = -1;
 623 static gint ett_sflow_245_gw_as_dst_seg = -1;
 624 static gint ett_sflow_245_gw_community = -1;
 625 static gint ett_sflow_245_sampled_header = -1;
 626 static gint ett_sflow_lag_port_state_flags = -1;
 627
 628 static expert_field ei_sflow_invalid_address_type = EI_INIT;
 629
 630 static dissector_table_t   header_subdissector_table;
 631
 632 void proto_reg_handoff_sflow_245(void);
 633
 634 /* dissect a sampled header - layer 2 protocols */
 635 static gint
 636 dissect_sflow_245_sampled_header(tvbuff_t *tvb, packet_info *pinfo,
 637                                  proto_tree *tree, volatile gint offset) {
 638     guint32           version, header_proto, frame_length;
 639     guint32  header_length;
 640     tvbuff_t         *next_tvb;
 641     proto_tree       *sflow_245_header_tree;
 642     proto_item       *ti;
 643     /* stuff for saving column state before calling other dissectors.
 644      * Thanks to Guy Harris for the tip. */
 645     gboolean          save_writable;
 646     gboolean          save_in_error_pkt;
 647     address           save_dl_src, save_dl_dst, save_net_src, save_net_dst, save_src, save_dst;
 648
 649     version = tvb_get_ntohl(tvb, 0);
 650     header_proto = tvb_get_ntohl(tvb, offset);
 651     proto_tree_add_item(tree, hf_sflow_245_header_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
 652     offset += 4;
 653     frame_length = tvb_get_ntohl(tvb, offset);
 654     proto_tree_add_item(tree, hf_sflow_245_header_frame_length, tvb, offset, 4, ENC_BIG_ENDIAN);
 655     offset += 4;
 656
 657     if (version == 5) {
 658         proto_tree_add_item(tree, hf_sflow_245_header_payload_removed, tvb, offset, 4, ENC_BIG_ENDIAN);
 659         offset += 4;
 660     }
 661
 662     proto_tree_add_item_ret_uint(tree, hf_sflow_245_original_packet_header_length, tvb, offset, 4, ENC_BIG_ENDIAN, &header_length);
 663     offset += 4;
 664
 665     if (header_length % 4) /* XDR requires 4-byte alignment */
 666         header_length += (4 - (header_length % 4));
 667
 668
 669     ti = proto_tree_add_item(tree, hf_sflow_245_header, tvb, offset, header_length, ENC_NA);
 670     sflow_245_header_tree = proto_item_add_subtree(ti, ett_sflow_245_sampled_header);
 671
 672     /* hand the header off to the appropriate dissector.  It's probably
 673      * a short frame, so ignore any exceptions. */
 674     next_tvb = tvb_new_subset(tvb, offset, header_length, frame_length);
 675
 676     /* save some state */
 677     save_writable = col_get_writable(pinfo->cinfo, -1);
 678
 679     /*
 680        If sFlow samples a TCP packet it is very likely that the
 681        TCP analysis will flag the packet as having some error with
 682        the sequence numbers.  sFlow only report on a "sample" of
 683        traffic so many packets will not be reported on.  This is
 684        most obvious if the colorizing rules are on, but will also
 685        cause confusion if you attempt to filter on
 686        "tcp.analysis.flags".
 687
 688        The following only works to suppress IP/TCP errors, but
 689        it is a start anyway.  Other protocols carried as payloads
 690        may exhibit similar issues.
 691
 692        I think what is really needed is a more general
 693        "protocol_as_payload" flag.  Of course then someone has to
 694        play whack-a-mole and add code to implement it to any
 695        protocols that could be carried as a payload.  In the case
 696        of sFlow that pretty much means anything on your network.
 697      */
 698     save_in_error_pkt = pinfo->flags.in_error_pkt;
 699     if (!global_analyze_samp_ip_headers) {
 700         pinfo->flags.in_error_pkt = TRUE;
 701     }
 702
 703     col_set_writable(pinfo->cinfo, -1, FALSE);
 704     copy_address_shallow(&save_dl_src, &pinfo->dl_src);
 705     copy_address_shallow(&save_dl_dst, &pinfo->dl_dst);
 706     copy_address_shallow(&save_net_src, &pinfo->net_src);
 707     copy_address_shallow(&save_net_dst, &pinfo->net_dst);
 708     copy_address_shallow(&save_src, &pinfo->src);
 709     copy_address_shallow(&save_dst, &pinfo->dst);
 710
 711     TRY
 712     {
 713         if ((global_dissect_samp_headers == FALSE) ||
 714             !dissector_try_uint(header_subdissector_table, header_proto, next_tvb, pinfo, sflow_245_header_tree))
 715         {
 716             call_data_dissector(next_tvb, pinfo, sflow_245_header_tree);
 717         }
 718     }
 719
 720     CATCH_BOUNDS_ERRORS {
 721     }
 722     ENDTRY;
 723
 724     /* restore saved state */
 725     col_set_writable(pinfo->cinfo, -1, save_writable);
 726     pinfo->flags.in_error_pkt = save_in_error_pkt;
 727     copy_address_shallow(&pinfo->dl_src, &save_dl_src);
 728     copy_address_shallow(&pinfo->dl_dst, &save_dl_dst);
 729     copy_address_shallow(&pinfo->net_src, &save_net_src);
 730     copy_address_shallow(&pinfo->net_dst, &save_net_dst);
 731     copy_address_shallow(&pinfo->src, &save_src);
 732     copy_address_shallow(&pinfo->dst, &save_dst);
 733
 734     offset += header_length;
 735     return offset;
 736 }
 737
 738 static gint
 739 dissect_sflow_245_address_type(tvbuff_t *tvb, packet_info *pinfo,
 740                                proto_tree *tree, gint offset,
 741                                struct sflow_address_type *hf_type,
 742                                address *addr) {
 743     guint32 addr_type;
 744     int len;
 745
 746     addr_type = tvb_get_ntohl(tvb, offset);
 747     offset += 4;
 748
 749     switch (addr_type) {
 750     case ADDR_TYPE_UNKNOWN:
 751         len = 0;
 752         break;
 753     case ADDR_TYPE_IPV4:
 754         len = 4;
 755         proto_tree_add_item(tree, hf_type->hf_addr_v4, tvb, offset, 4, ENC_BIG_ENDIAN);
 756         break;
 757     case ADDR_TYPE_IPV6:
 758         len = 16;
 759         proto_tree_add_item(tree, hf_type->hf_addr_v6, tvb, offset, 16, ENC_NA);
 760         break;
 761     default:
 762         /* Invalid address type, or a type we don't understand; we don't
 763            know the length. We treat it as having no contents; that
 764            doesn't trap us in an endless loop, as we at least include
 765            the address type and thus at least advance the offset by 4.
 766            Note that we have a problem, though. */
 767         len = 0;
 768         proto_tree_add_expert_format(tree, pinfo, &ei_sflow_invalid_address_type, tvb,
 769                                      offset - 4, 4, "Unknown address type (%u)", addr_type);
 770     }
 771
 772     if (addr) {
 773         switch (len) {
 774         default:
 775             clear_address(addr);
 776             break;
 777         case 4:
 778             set_address_tvb(addr, AT_IPv4, len, tvb, offset);
 779             break;
 780         case 16:
 781             set_address_tvb(addr, AT_IPv6, len, tvb, offset);
 782             break;
 783         }
 784     }
 785
 786     return offset + len;
 787 }
 788
 789 /* extended switch data, after the packet data */
 790 static gint
 791 dissect_sflow_245_extended_switch(tvbuff_t *tvb, proto_tree *tree, gint offset) {
 792     proto_tree_add_item(tree, hf_sflow_245_vlan_in, tvb, offset, 4, ENC_BIG_ENDIAN);
 793     offset += 4;
 794     proto_tree_add_item(tree, hf_sflow_245_pri_in, tvb, offset, 4, ENC_BIG_ENDIAN);
 795     offset += 4;
 796     proto_tree_add_item(tree, hf_sflow_245_vlan_out, tvb, offset, 4, ENC_BIG_ENDIAN);
 797     offset += 4;
 798     proto_tree_add_item(tree, hf_sflow_245_pri_out, tvb, offset, 4, ENC_BIG_ENDIAN);
 799     offset += 4;
 800
 801     return offset;
 802 }
 803
 804 /* extended router data, after the packet data */
 805 static gint
 806 dissect_sflow_245_extended_router(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
 807     struct sflow_address_type addr_type;
 808
 809     addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
 810     addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
 811
 812     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
 813     proto_tree_add_item(tree, hf_sflow_245_nexthop_src_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
 814     offset += 4;
 815     proto_tree_add_item(tree, hf_sflow_245_nexthop_dst_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
 816     offset += 4;
 817     return offset;
 818 }
 819
 820 /* extended MPLS data */
 821 static gint
 822 dissect_sflow_5_extended_mpls_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
 823     guint32     in_label_count, out_label_count, label, i, j;
 824     proto_tree *in_stack;
 825     proto_tree *out_stack;
 826     struct sflow_address_type addr_type;
 827
 828     addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
 829     addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
 830
 831     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
 832
 833     in_label_count = tvb_get_ntohl(tvb, offset);
 834     proto_tree_add_item(tree, hf_sflow_245_extended_mpls_in_label_stack_entries, tvb, offset, 4, ENC_BIG_ENDIAN);
 835     offset += 4;
 836
 837     in_stack = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_mpls_in_label_stack, NULL, "In Label Stack");
 838
 839     /* by applying the mask, we avoid possible corrupted data that causes huge number of loops
 840      * 255 is a sensible limit of label count */
 841     for (i = 0, j = 0; i < (in_label_count & 0x000000ff); i++, j += 4) {
 842         label = tvb_get_ntohl(tvb, offset + j);
 843         proto_tree_add_uint_format(in_stack, hf_sflow_245_extended_mpls_in_label, tvb, offset, 4,
 844             label, "Label %u: %u", i + 1, label);
 845     }
 846     offset += (in_label_count * 4);
 847
 848     out_label_count = tvb_get_ntohl(tvb, offset);
 849     proto_tree_add_item(tree, hf_sflow_245_extended_mpls_out_label_stack_entries, tvb, offset, 4, ENC_BIG_ENDIAN);
 850     offset += 4;
 851
 852     out_stack = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_mpls_in_label_stack, NULL, "Out Label Stack");
 853
 854     /* by applying the mask, we avoid possible corrupted data that causes huge number of loops
 855      * 255 is a sensible limit of label count */
 856     for (i = 0, j = 0; i < (out_label_count & 0x000000ff); i++, j += 4) {
 857         label = tvb_get_ntohl(tvb, offset + j);
 858         proto_tree_add_uint_format(out_stack, hf_sflow_245_extended_mpls_out_label, tvb, offset, 4,
 859             label, "Label %u: %u", i + 1, label);
 860     }
 861     offset = offset + out_label_count * 4;
 862
 863     return offset;
 864 }
 865
 866 /* extended NAT data */
 867 static gint
 868 dissect_sflow_5_extended_nat(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
 869     struct sflow_address_type addr_type;
 870
 871     addr_type.hf_addr_v4 = hf_sflow_245_ipv4_src;
 872     addr_type.hf_addr_v6 = hf_sflow_245_ipv6_src;
 873
 874     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
 875
 876     addr_type.hf_addr_v4 = hf_sflow_245_ipv4_dst;
 877     addr_type.hf_addr_v6 = hf_sflow_245_ipv6_dst;
 878
 879     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
 880
 881     return offset;
 882 }
 883
 884 /* extended gateway data, after the packet data */
 885 static gint
 886 dissect_sflow_245_extended_gateway(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
 887     gint32  len = 0;
 888     gint32  i, j, comm_len, dst_len, dst_seg_len;
 889     guint32 path_type;
 890     gint32  kludge;
 891
 892     guint32 version = tvb_get_ntohl(tvb, 0); /* get sFlow version */
 893     proto_item *ti;
 894     proto_tree *sflow_245_dst_as_tree;
 895     proto_tree *sflow_245_comm_tree;
 896     proto_tree *sflow_245_dst_as_seg_tree;
 897
 898     /* sFlow v5 contains next hop router IP address */
 899     if (version == 5) {
 900         struct sflow_address_type addr_type;
 901
 902         addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
 903         addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
 904
 905         offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
 906     }
 907
 908     proto_tree_add_item(tree, hf_sflow_245_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
 909     len += 4;
 910
 911     proto_tree_add_item(tree, hf_sflow_245_src_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
 912     len += 4;
 913
 914     proto_tree_add_item(tree, hf_sflow_245_src_peer_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
 915     len += 4;
 916
 917     dst_len = tvb_get_ntohl(tvb, offset + len);
 918     ti = proto_tree_add_uint(tree, hf_sflow_245_dst_as_entries, tvb, offset + len, 4, dst_len);
 919     sflow_245_dst_as_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_as_dst);
 920     len += 4;
 921
 922     for (i = 0; i < dst_len; i++) {
 923         if (version < 4) {
 924             /* Version 2 AS paths are different than versions >= 4 as
 925                follows:
 926
 927                There is no type encoded in the packet.
 928
 929                The destination ASs are encoded as an array of integers
 930                rather as an array of arrays of integers.  I just
 931                pretended they were encoded as an array of arrays with
 932                an implicit length of 1 to not have to do two
 933                completely separate blocks for the different versions.
 934
 935                Having a subtree for "arrays" guaranteed to have only a
 936                single element proved cumbersome to navigate so I moved
 937                the creation of the subtree to only happen for versions
 938                >= 4.
 939              */
 940             dst_seg_len = 1;
 941             sflow_245_dst_as_seg_tree = sflow_245_dst_as_tree;
 942         } else {
 943             path_type = tvb_get_ntohl(tvb, offset + len);
 944             len += 4;
 945             dst_seg_len = tvb_get_ntohl(tvb, offset + len);
 946             len += 4;
 947             kludge = 8;
 948             ti = proto_tree_add_uint_format(tree, hf_sflow_245_as_type, tvb, offset + len - kludge, kludge, path_type,
 949                     "%s, (%u entries)", val_to_str_const(path_type, sflow_245_as_types, "Unknown AS type"), dst_seg_len);
 950             sflow_245_dst_as_seg_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_as_dst_seg);
 951         }
 952
 953         for (j = 0; j < dst_seg_len; j++) {
 954             proto_tree_add_item(sflow_245_dst_as_seg_tree, hf_sflow_245_dst_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
 955             len += 4;
 956         }
 957     }
 958
 959
 960     if (version >= 4) {
 961         comm_len = tvb_get_ntohl(tvb, offset + len);
 962
 963         ti = proto_tree_add_uint(tree, hf_sflow_245_community_entries, tvb, offset + len, 4, comm_len);
 964         sflow_245_comm_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_community);
 965         len += 4;
 966         for (i = 0; i < comm_len; i++) {
 967             proto_tree_add_item(sflow_245_comm_tree,
 968                     hf_sflow_245_dst_as, tvb, offset + len,
 969                     4, ENC_BIG_ENDIAN);
 970             len += 4;
 971         }
 972
 973         proto_tree_add_item(tree, hf_sflow_245_localpref, tvb, offset + len, 4, ENC_BIG_ENDIAN);
 974         len += 4;
 975
 976     }
 977
 978     return offset + len;
 979 }
 980
 981 /* sflow v5 ethernet frame data */
 982 static gint
 983 dissect_sflow_5_ethernet_frame(tvbuff_t *tvb, proto_tree *tree, gint offset) {
 984
 985     proto_tree_add_item(tree, hf_sflow_245_ethernet_length_of_mac_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
 986     offset += 4;
 987
 988     proto_tree_add_item(tree, hf_sflow_245_ethernet_source_mac_address, tvb, offset, 6, ENC_NA);
 989     /* Padded to 4 byte offset */
 990     offset += 8;
 991
 992     proto_tree_add_item(tree, hf_sflow_245_ethernet_destination_mac_address, tvb, offset, 6, ENC_NA);
 993     /* Padded to 4 byte offset */
 994     offset += 8;
 995
 996     proto_tree_add_item(tree, hf_sflow_245_ethernet_packet_type, tvb, offset, 4, ENC_BIG_ENDIAN);
 997     offset += 4;
 998
 999     return offset;
1000 }
1001
1002 /* sflow v5 IPv4 data */
1003 static gint
1004 dissect_sflow_5_ipv4(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1005
1006     proto_tree_add_item(tree, hf_sflow_245_length_of_ip_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1007     offset += 4;
1008
1009     proto_tree_add_item(tree, hf_sflow_245_ip_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
1010     offset += 4;
1011
1012     proto_tree_add_item(tree, hf_sflow_245_ipv4_src, tvb, offset, 4, ENC_BIG_ENDIAN);
1013     offset += 4;
1014
1015     proto_tree_add_item(tree, hf_sflow_245_ipv4_dst, tvb, offset, 4, ENC_BIG_ENDIAN);
1016     offset += 4;
1017
1018     proto_tree_add_item(tree, hf_sflow_245_ip_source_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1019     offset += 4;
1020
1021     proto_tree_add_item(tree, hf_sflow_245_ip_destination_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1022     offset += 4;
1023
1024     /* dissect tcp flags bit-by-bit */
1025     /* 8 flags are included here, plus 24-bit 0-padding */
1026     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_cwr, tvb, offset, 1, ENC_NA);
1027     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ece, tvb, offset, 1, ENC_NA);
1028     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_urg, tvb, offset, 1, ENC_NA);
1029     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ack, tvb, offset, 1, ENC_NA);
1030     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_psh, tvb, offset, 1, ENC_NA);
1031     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_rst, tvb, offset, 1, ENC_NA);
1032     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_syn, tvb, offset, 1, ENC_NA);
1033     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_fin, tvb, offset, 1, ENC_NA);
1034
1035     offset += 4;
1036
1037     /* 7 bits for type of service, plus 1 reserved bit */
1038     proto_tree_add_item(tree, hf_sflow_245_ipv4_precedence_type, tvb, offset, 1, ENC_BIG_ENDIAN);
1039     proto_tree_add_item(tree, hf_sflow_245_ipv4_delay, tvb, offset, 1, ENC_NA);
1040     proto_tree_add_item(tree, hf_sflow_245_ipv4_throughput, tvb, offset, 1, ENC_NA);
1041     proto_tree_add_item(tree, hf_sflow_245_ipv4_reliability, tvb, offset, 1, ENC_NA);
1042     proto_tree_add_item(tree, hf_sflow_245_ipv4_cost, tvb, offset, 1, ENC_NA);
1043
1044     offset += 4;
1045
1046     return offset;
1047 }
1048
1049 /* sflow v5 IPv6 data */
1050 static gint
1051 dissect_sflow_5_ipv6(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1052
1053     proto_tree_add_item(tree, hf_sflow_245_length_of_ip_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1054     offset += 4;
1055
1056     proto_tree_add_item(tree, hf_sflow_245_ip_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
1057     offset += 4;
1058
1059     proto_tree_add_item(tree, hf_sflow_245_ipv6_src, tvb, offset, 16, ENC_NA);
1060     offset += 16;
1061
1062     proto_tree_add_item(tree, hf_sflow_245_ipv6_dst, tvb, offset, 16, ENC_NA);
1063     offset += 16;
1064
1065     proto_tree_add_item(tree, hf_sflow_245_ip_source_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1066     offset += 4;
1067
1068     proto_tree_add_item(tree, hf_sflow_245_ip_destination_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1069     offset += 4;
1070
1071     /* dissect tcp flags bit-by-bit */
1072     /* 8 flags are included here, plus 24-bit 0-padding */
1073     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_cwr, tvb, offset, 1, ENC_NA);
1074     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ece, tvb, offset, 1, ENC_NA);
1075     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_urg, tvb, offset, 1, ENC_NA);
1076     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ack, tvb, offset, 1, ENC_NA);
1077     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_psh, tvb, offset, 1, ENC_NA);
1078     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_rst, tvb, offset, 1, ENC_NA);
1079     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_syn, tvb, offset, 1, ENC_NA);
1080     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_fin, tvb, offset, 1, ENC_NA);
1081
1082     offset += 4;
1083
1084     /* Priority -- Traffic class field enables a source to identify the desired
1085        delivery priority of the packets. Priority values are divided into
1086        ranges: traffic where the source provides congestion control and
1087        non-congestion control traffic.
1088
1089        It is displayed as unsigned integer here according to sFlow specification */
1090
1091     proto_tree_add_item(tree, hf_sflow_245_ipv6_priority, tvb, offset, 4, ENC_BIG_ENDIAN);
1092     offset += 4;
1093
1094     return offset;
1095 }
1096
1097 /* sflow v5 user data */
1098 static gint
1099 dissect_sflow_5_extended_user(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1100     guint32 src_length, dest_length;
1101
1102     /* charset is not processed here, all chars are assumed to be ASCII */
1103     proto_tree_add_item(tree, hf_sflow_5_extended_user_source_character_set, tvb, offset, 4, ENC_BIG_ENDIAN);
1104     offset += 4;
1105
1106     src_length = tvb_get_ntohl(tvb, offset);
1107     proto_tree_add_item(tree, hf_sflow_5_extended_user_source_user_string_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1108     offset += 4;
1109
1110     /* extract source user info char by char */
1111     proto_tree_add_item(tree, hf_sflow_5_extended_user_source_user, tvb, offset, src_length, ENC_NA|ENC_ASCII);
1112     offset += src_length;
1113     /* get the correct offset by adding padding byte count */
1114     if (src_length % 4)
1115         offset += (4 - src_length % 4);
1116
1117     /* charset is not processed here, all chars are assumed to be ASCII */
1118     proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_character_set, tvb, offset, 4, ENC_BIG_ENDIAN);
1119     offset += 4;
1120
1121     dest_length = tvb_get_ntohl(tvb, offset);
1122     proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_user_string_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1123     offset += 4;
1124
1125     /* extract destination user info char by char */
1126     proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_user, tvb, offset, dest_length, ENC_NA|ENC_ASCII);
1127     offset += dest_length;
1128     /* get the correct offset by adding padding byte count */
1129     if (dest_length % 4)
1130         offset += (4 - dest_length % 4);
1131
1132     return offset;
1133 }
1134
1135 /* sflow v5 URL data */
1136 static gint
1137 dissect_sflow_5_extended_url(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1138     guint32 direction, url_length, host_length;
1139
1140     direction = tvb_get_ntohl(tvb, offset);
1141     switch (direction) {
1142         case 1:
1143             proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1144                                         "Source Address is Server(%u)", direction);
1145             break;
1146         case 2:
1147             proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1148                                         "Destination Address is Server (%u)", direction);
1149             break;
1150         default:
1151             proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1152                                         "Server Unspecified (%u)", direction);
1153             break;
1154     }
1155     offset += 4;
1156
1157     url_length = tvb_get_ntohl(tvb, offset);
1158     proto_tree_add_item(tree, hf_sflow_5_extended_url_url_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1159     offset += 4;
1160
1161     /* extract URL char by char */
1162     proto_tree_add_item(tree, hf_sflow_5_extended_url_url, tvb, offset, url_length, ENC_NA|ENC_ASCII);
1163     offset += url_length;
1164     /* get the correct offset by adding padding byte count */
1165     if (url_length % 4)
1166         offset += (4 - url_length % 4);
1167
1168     host_length = tvb_get_ntohl(tvb, offset);
1169     proto_tree_add_item(tree, hf_sflow_5_extended_url_host_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1170     offset += 4;
1171
1172     /* extract host info char by char */
1173     proto_tree_add_item(tree, hf_sflow_5_extended_url_host, tvb, offset, host_length, ENC_NA|ENC_ASCII);
1174     offset += host_length;
1175     /* get the correct offset by adding padding byte count */
1176     if (host_length % 4)
1177         offset += (4 - host_length % 4);
1178
1179     return offset;
1180 }
1181
1182 /* sflow v5 MPLS tunnel */
1183 static gint
1184 dissect_sflow_5_extended_mpls_tunnel(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1185     guint32 name_length;
1186
1187     name_length = tvb_get_ntohl(tvb, offset);
1188     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_name_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1189     offset += 4;
1190
1191     /* extract tunnel name char by char */
1192     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_name, tvb, offset, name_length, ENC_NA|ENC_ASCII);
1193     offset += name_length;
1194     /* get the correct offset by adding padding byte count */
1195     if (name_length % 4)
1196         offset += (4 - name_length % 4);
1197
1198     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1199     offset += 4;
1200
1201     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_cos_value, tvb, offset, 4, ENC_BIG_ENDIAN);
1202     offset += 4;
1203
1204     return offset;
1205 }
1206
1207 /* sflow v5 MPLS VC */
1208 static gint
1209 dissect_sflow_5_extended_mpls_vc(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1210     guint32 name_length;
1211
1212     name_length = tvb_get_ntohl(tvb, offset);
1213     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_instance_name_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1214     offset += 4;
1215
1216     /* extract source user info char by char */
1217     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_instance_name, tvb, offset, name_length, ENC_NA|ENC_ASCII);
1218     offset += name_length;
1219     /* get the correct offset by adding padding byte count */
1220     if (name_length % 4)
1221         offset += (4 - name_length % 4);
1222
1223     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1224     offset += 4;
1225
1226     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_label_cos_value, tvb, offset, 4, ENC_BIG_ENDIAN);
1227     offset += 4;
1228
1229     return offset;
1230 }
1231
1232 /* sflow v5 MPLS FEC */
1233 static gint
1234 dissect_sflow_5_extended_mpls_fec(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1235     guint32 length;
1236
1237     length = tvb_get_ntohl(tvb, offset);
1238     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_description_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1239     offset += 4;
1240
1241     /* extract MPLS FTN description char by char */
1242     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_description, tvb, offset, length, ENC_NA|ENC_ASCII);
1243     offset += length;
1244     /* get the correct offset by adding padding byte count */
1245     if (length % 4)
1246         offset += (4 - length % 4);
1247
1248     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
1249     offset += 4;
1250
1251     return offset;
1252 }
1253
1254 /* sflow v5 MPLS LVP FEC */
1255 static gint
1256 dissect_sflow_5_extended_mpls_lvp_fec(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1257
1258     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_fec_address_prefix_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1259     offset += 4;
1260     return offset;
1261 }
1262
1263 /* sflow v5 extended VLAN tunnel */
1264 static gint
1265 dissect_sflow_5_extended_vlan_tunnel(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1266     guint32 num, i;
1267
1268     num = tvb_get_ntohl(tvb, offset);
1269     proto_tree_add_item(tree, hf_sflow_5_extended_vlan_tunnel_number_of_layers, tvb, offset, 4, ENC_BIG_ENDIAN);
1270     offset += 4;
1271
1272     /* loop strip 802.1Q TPID/TCI layers. each TPID/TCI pair is represented as a
1273        single 32 bit integer layers listed from outermost to innermost */
1274     for (i = 0; i < num; i++) {
1275         proto_tree_add_item(tree, hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair, tvb, offset, 4, ENC_BIG_ENDIAN);
1276         offset += 4;
1277     }
1278
1279     return offset;
1280 }
1281
1282 /* sflow v5 extended 802.11 payload */
1283 static gint
1284 dissect_sflow_5_extended_80211_payload(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1285     guint32 cipher_suite, OUI, suite_type, length;
1286
1287     cipher_suite = tvb_get_ntohl(tvb, offset);
1288     OUI = cipher_suite >> 8;
1289     suite_type = cipher_suite & 0x000000ff;
1290
1291     if (OUI == 0x000FAC) {
1292         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_oui, tvb, offset, 3, OUI, "Default (0x%X)", OUI);
1293         offset += 3;
1294         proto_tree_add_item(tree, hf_sflow_5_extended_80211_suite_type, tvb, offset, 1, ENC_BIG_ENDIAN);
1295     } else {
1296         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_oui, tvb, offset, 3, OUI, "Other vender (0x%X)", OUI);
1297         offset += 3;
1298         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_suite_type, tvb, offset, 1,
1299             suite_type, "Vender specific (%u)", suite_type);
1300     }
1301     offset++;
1302
1303     length = tvb_get_ntohl(tvb, offset);
1304     proto_tree_add_item(tree, hf_sflow_5_extended_80211_payload_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1305     offset += 4;
1306
1307     /* extract data byte by byte */
1308     proto_tree_add_item(tree, hf_sflow_5_extended_80211_payload, tvb, offset, length, ENC_NA);
1309     offset += length;
1310     /* get the correct offset by adding padding byte count */
1311     if (length % 4)
1312         offset += (4 - length % 4);
1313
1314     return offset;
1315 }
1316
1317 /* sflow v5 extended 802.11 rx */
1318 static gint
1319 dissect_sflow_5_extended_80211_rx(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1320     guint32 ssid_length, duration;
1321
1322     /* extract SSID char by char. max char count = 32 */
1323     ssid_length = tvb_get_ntohl(tvb, offset);
1324     offset += 4;
1325     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_ssid, tvb, offset, ssid_length, ENC_NA|ENC_ASCII);
1326     offset += ssid_length;
1327     /* get the correct offset by adding padding byte count */
1328     if (ssid_length % 4)
1329         offset += (4 - ssid_length % 4);
1330
1331     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_bssid, tvb, offset, 6, ENC_NA);
1332     /* Padded to 4 byte offset */
1333     offset += 8;
1334
1335     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_version, tvb, offset, 4, ENC_BIG_ENDIAN);
1336     offset += 4;
1337
1338     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
1339     offset += 4;
1340
1341     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_speed, tvb, offset, 8, ENC_BIG_ENDIAN);
1342     offset += 8;
1343
1344     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_rsni, tvb, offset, 4, ENC_BIG_ENDIAN);
1345     offset += 4;
1346
1347     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_rcpi, tvb, offset, 4, ENC_BIG_ENDIAN);
1348     offset += 4;
1349
1350     duration = tvb_get_ntohl(tvb, offset);
1351     if (duration == 0) {
1352         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_rx_packet_duration, tvb, offset, 4, duration, "Unknown");
1353     } else {
1354         proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_packet_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1355     }
1356     offset += 4;
1357
1358     return offset;
1359 }
1360
1361 /* sflow v5 extended 802.11 tx */
1362 static gint
1363 dissect_sflow_5_extended_80211_tx(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1364     guint32 ssid_length, transmissions, packet_duration, retrans_duration;
1365
1366     /* extract SSID char by char. max char count = 32 */
1367     ssid_length = tvb_get_ntohl(tvb, offset);
1368     if (ssid_length > 32)
1369         ssid_length = 32;
1370     offset += 4;
1371     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_ssid, tvb, offset, ssid_length, ENC_NA|ENC_ASCII);
1372     offset += ssid_length;
1373     /* get the correct offset by adding padding byte count */
1374     if (ssid_length % 4)
1375         offset += (4 - ssid_length % 4);
1376
1377     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_bssid, tvb, offset, 6, ENC_NA);
1378     /* Padded to 4 byte offset */
1379     offset += 8;
1380
1381     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_version, tvb, offset, 4, ENC_BIG_ENDIAN);
1382     offset += 4;
1383
1384     transmissions = tvb_get_ntohl(tvb, offset);
1385     switch (transmissions) {
1386         case 0:
1387             proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4,
1388                     0, "Unknown");
1389             break;
1390         case 1:
1391             proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4,
1392                     1, "Packet transmitted successfully on first attempt");
1393             break;
1394         default:
1395             proto_tree_add_uint(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4, transmissions - 1);
1396             break;
1397     }
1398     offset += 4;
1399
1400     packet_duration = tvb_get_ntohl(tvb, offset);
1401     if (packet_duration == 0) {
1402         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_packet_duration, tvb, offset, 4, packet_duration, "Unknown");
1403     } else {
1404         proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_packet_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1405     }
1406     offset += 4;
1407
1408     retrans_duration = tvb_get_ntohl(tvb, offset);
1409     if (retrans_duration == 0) {
1410         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmission_duration, tvb, offset, 4, retrans_duration, "Unknown");
1411     } else {
1412         proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_retransmission_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1413     }
1414     offset += 4;
1415
1416     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
1417     offset += 4;
1418
1419     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_speed, tvb, offset, 8, ENC_BIG_ENDIAN);
1420     offset += 8;
1421
1422     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_power, tvb, offset, 4, ENC_BIG_ENDIAN);
1423     offset += 4;
1424
1425     return offset;
1426 }
1427
1428 /* sflow v5 extended 802.11 aggregation */
1429 static gint
1430 dissect_sflow_5_extended_80211_aggregation(tvbuff_t *tvb _U_, proto_tree *tree _U_, gint offset) {
1431
1432     return offset;
1433 }
1434
1435 /* dissect an sflow v2/4 flow sample */
1436 static gint
1437 dissect_sflow_24_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
1438         proto_tree *tree, gint offset, proto_item *parent) {
1439     guint32     sequence_number, sampling_rate, sample_pool, output;
1440
1441     proto_tree *extended_data_tree;
1442     proto_item *ti;
1443     guint32     packet_type, extended_data, ext_type, i;
1444
1445     sequence_number = tvb_get_ntohl(tvb, offset);
1446     proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
1447     proto_item_append_text(parent, ", seq %u", sequence_number);
1448     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_class, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1449     proto_tree_add_item(tree, hf_sflow_flow_sample_index, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1450     sampling_rate = tvb_get_ntohl(tvb, offset + 8);
1451     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset + 8, 4,
1452             sampling_rate, "1 out of %u packets",
1453             sampling_rate);
1454     sample_pool = tvb_get_ntohl(tvb, offset + 12);
1455     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sample_pool, tvb, offset + 12, 4,
1456             sample_pool, "%u total packets",
1457             sample_pool);
1458     proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset + 16, 4, ENC_BIG_ENDIAN);
1459     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface, tvb, offset + 20, 4, ENC_BIG_ENDIAN);
1460     output = tvb_get_ntohl(tvb, offset + 24);
1461     if (output & 0x80000000) {
1462         output & 0x7fffffff ?
1463             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset + 24, 4,
1464                 output & 0x7fffffff, "%u interfaces", output & 0x7fffffff) :
1465             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset + 24, 4,
1466                 0x80000000, "unknown number");
1467     } else {
1468         proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface, tvb, offset + 24, 4, ENC_BIG_ENDIAN);
1469     }
1470     offset += 28;
1471
1472     /* what kind of flow sample is it? */
1473     packet_type = tvb_get_ntohl(tvb, offset);
1474     proto_tree_add_item(tree, hf_sflow_245_packet_information_type, tvb, offset, 4, ENC_BIG_ENDIAN);
1475     offset += 4;
1476     switch (packet_type) {
1477         case SFLOW_245_PACKET_DATA_TYPE_HEADER:
1478             offset = dissect_sflow_245_sampled_header(tvb, pinfo, tree, offset);
1479             break;
1480         case SFLOW_245_PACKET_DATA_TYPE_IPV4:
1481         case SFLOW_245_PACKET_DATA_TYPE_IPV6:
1482         default:
1483             break;
1484     }
1485     /* still need to dissect extended data */
1486     extended_data = tvb_get_ntohl(tvb, offset);
1487     offset += 4;
1488
1489     for (i = 0; i < extended_data; i++) {
1490         /* figure out what kind of extended data it is */
1491         ext_type = tvb_get_ntohl(tvb, offset);
1492
1493         /* create a subtree.  Might want to move this to
1494          * the end, so more info can be correct.
1495          */
1496         ti = proto_tree_add_uint(tree, hf_sflow_245_extended_information_type, tvb, offset, 4, ext_type);
1497         extended_data_tree = proto_item_add_subtree(ti, ett_sflow_245_extended_data);
1498         offset += 4;
1499
1500         switch (ext_type) {
1501             case SFLOW_245_EXTENDED_SWITCH:
1502                 offset = dissect_sflow_245_extended_switch(tvb, extended_data_tree, offset);
1503                 break;
1504             case SFLOW_245_EXTENDED_ROUTER:
1505                 offset = dissect_sflow_245_extended_router(tvb, pinfo, extended_data_tree, offset);
1506                 break;
1507             case SFLOW_245_EXTENDED_GATEWAY:
1508                 offset = dissect_sflow_245_extended_gateway(tvb, pinfo, extended_data_tree, offset);
1509                 break;
1510             case SFLOW_245_EXTENDED_USER:
1511                 break;
1512             case SFLOW_245_EXTENDED_URL:
1513                 break;
1514             default:
1515                 break;
1516         }
1517         proto_item_set_end(ti, tvb, offset);
1518     }
1519     return offset;
1520
1521 }
1522
1523 /* dissect an sflow v5 flow record */
1524 static gint
1525 dissect_sflow_5_flow_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
1526     proto_tree *flow_data_tree;
1527     proto_item *ti;
1528     guint32     enterprise_format, enterprise, format;
1529
1530     /* what kind of flow sample is it? */
1531     enterprise_format = tvb_get_ntohl(tvb, offset);
1532     enterprise = enterprise_format >> 12;
1533     format = enterprise_format & 0x00000fff;
1534
1535     /* only accept default enterprise 0 (InMon sFlow) */
1536     if (enterprise == ENTERPRISE_DEFAULT) {
1537         flow_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_flow_record, &ti,
1538                 val_to_str_ext_const(format, &sflow_5_flow_record_type_ext, "Unknown sample format"));
1539
1540         proto_tree_add_uint_format_value(flow_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1541                             enterprise, "standard sFlow (%u)", enterprise);
1542         proto_tree_add_item(flow_data_tree, hf_sflow_5_flow_record_format, tvb, offset, 4, ENC_BIG_ENDIAN);
1543         offset += 4;
1544
1545         proto_tree_add_item(flow_data_tree, hf_sflow_5_flow_data_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1546         offset += 4;
1547
1548         switch (format) {
1549             case SFLOW_5_RAW_PACKET_HEADER:
1550                 offset = dissect_sflow_245_sampled_header(tvb, pinfo, flow_data_tree, offset);
1551                 break;
1552             case SFLOW_5_ETHERNET_FRAME:
1553                 offset = dissect_sflow_5_ethernet_frame(tvb, flow_data_tree, offset);
1554                 break;
1555             case SFLOW_5_IPV4:
1556                 offset = dissect_sflow_5_ipv4(tvb, flow_data_tree, offset);
1557                 break;
1558             case SFLOW_5_IPV6:
1559                 offset = dissect_sflow_5_ipv6(tvb, flow_data_tree, offset);
1560                 break;
1561             case SFLOW_5_SWITCH:
1562                 offset = dissect_sflow_245_extended_switch(tvb, flow_data_tree, offset);
1563                 break;
1564             case SFLOW_5_ROUTER:
1565                 offset = dissect_sflow_245_extended_router(tvb, pinfo, flow_data_tree, offset);
1566                 break;
1567             case SFLOW_5_GATEWAY:
1568                 offset = dissect_sflow_245_extended_gateway(tvb, pinfo, flow_data_tree, offset);
1569                 break;
1570             case SFLOW_5_USER:
1571                 offset = dissect_sflow_5_extended_user(tvb, flow_data_tree, offset);
1572                 break;
1573             case SFLOW_5_URL:
1574                 offset = dissect_sflow_5_extended_url(tvb, flow_data_tree, offset);
1575                 break;
1576             case SFLOW_5_MPLS_DATA:
1577                 offset = dissect_sflow_5_extended_mpls_data(tvb, pinfo, flow_data_tree, offset);
1578                 break;
1579             case SFLOW_5_NAT:
1580                 offset = dissect_sflow_5_extended_nat(tvb, pinfo, flow_data_tree, offset);
1581                 break;
1582             case SFLOW_5_MPLS_TUNNEL:
1583                 offset = dissect_sflow_5_extended_mpls_tunnel(tvb, flow_data_tree, offset);
1584                 break;
1585             case SFLOW_5_MPLS_VC:
1586                 offset = dissect_sflow_5_extended_mpls_vc(tvb, flow_data_tree, offset);
1587                 break;
1588             case SFLOW_5_MPLS_FEC:
1589                 offset = dissect_sflow_5_extended_mpls_fec(tvb, flow_data_tree, offset);
1590                 break;
1591             case SFLOW_5_MPLS_LVP_FEC:
1592                 offset = dissect_sflow_5_extended_mpls_lvp_fec(tvb, flow_data_tree, offset);
1593                 break;
1594             case SFLOW_5_VLAN_TUNNEL:
1595                 offset = dissect_sflow_5_extended_vlan_tunnel(tvb, flow_data_tree, offset);
1596                 break;
1597             case SFLOW_5_80211_PAYLOAD:
1598                 offset = dissect_sflow_5_extended_80211_payload(tvb, flow_data_tree, offset);
1599                 break;
1600             case SFLOW_5_80211_RX:
1601                 offset = dissect_sflow_5_extended_80211_rx(tvb, flow_data_tree, offset);
1602                 break;
1603             case SFLOW_5_80211_TX:
1604                 offset = dissect_sflow_5_extended_80211_tx(tvb, flow_data_tree, offset);
1605                 break;
1606             case SFLOW_5_80211_AGGREGATION:
1607                 offset = dissect_sflow_5_extended_80211_aggregation(tvb, flow_data_tree, offset);
1608                 break;
1609             default:
1610                 break;
1611         }
1612     } else {
1613         /* unknown enterprise format, what to do?? */
1614         flow_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1,
1615             ett_sflow_5_flow_record, &ti, "Unknown enterprise format");
1616         proto_tree_add_uint_format_value(flow_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1617                                     enterprise, "Non-standard sFlow (%u)", enterprise);
1618         offset = tvb_captured_length(tvb);
1619     }
1620     proto_item_set_end(ti, tvb, offset);
1621
1622     return offset;
1623 }
1624
1625 /* dissect generic interface counters */
1626 static gint
1627 dissect_sflow_5_generic_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1628
1629     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifindex, tvb, offset, 4, ENC_BIG_ENDIAN);
1630     offset += 4;
1631     proto_tree_add_item(counter_data_tree, hf_sflow_245_iftype, tvb, offset, 4, ENC_BIG_ENDIAN);
1632     offset += 4;
1633     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifspeed, tvb, offset, 8, ENC_BIG_ENDIAN);
1634     offset += 8;
1635     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifdirection, tvb, offset, 4, ENC_BIG_ENDIAN);
1636     offset += 4;
1637     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifadmin_status, tvb, offset, 4, ENC_BIG_ENDIAN);
1638     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoper_status, tvb, offset, 4, ENC_BIG_ENDIAN);
1639     offset += 4;
1640     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinoct, tvb, offset, 8, ENC_BIG_ENDIAN);
1641     offset += 8;
1642     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
1643     offset += 4;
1644     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1645     offset += 4;
1646     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1647     offset += 4;
1648     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifindisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1649     offset += 4;
1650     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinerr, tvb, offset, 4, ENC_BIG_ENDIAN);
1651     offset += 4;
1652     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinunk, tvb, offset, 4, ENC_BIG_ENDIAN);
1653     offset += 4;
1654     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutoct, tvb, offset, 8, ENC_BIG_ENDIAN);
1655     offset += 8;
1656     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
1657     offset += 4;
1658     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1659     offset += 4;
1660     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1661     offset += 4;
1662     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutdisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1663     offset += 4;
1664     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifouterr, tvb, offset, 4, ENC_BIG_ENDIAN);
1665     offset += 4;
1666     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifpromisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1667     offset += 4;
1668
1669     return offset;
1670 }
1671
1672 /* dissect ethernet interface counters */
1673 static gint
1674 dissect_sflow_5_ethernet_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1675
1676     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsAlignmentErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1677     offset += 4;
1678     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsFCSErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1679     offset += 4;
1680     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSingleCollisionFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1681     offset += 4;
1682     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsMultipleCollisionFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1683     offset += 4;
1684     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSQETestErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1685     offset += 4;
1686     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsDeferredTransmissions, tvb, offset, 4, ENC_BIG_ENDIAN);
1687     offset += 4;
1688     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsLateCollisions, tvb, offset, 4, ENC_BIG_ENDIAN);
1689     offset += 4;
1690     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsExcessiveCollisions, tvb, offset, 4, ENC_BIG_ENDIAN);
1691     offset += 4;
1692     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsInternalMacTransmitErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1693     offset += 4;
1694     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsCarrierSenseErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1695     offset += 4;
1696     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsFrameTooLongs, tvb, offset, 4, ENC_BIG_ENDIAN);
1697     offset += 4;
1698     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsInternalMacReceiveErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1699     offset += 4;
1700     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSymbolErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1701     offset += 4;
1702
1703     return offset;
1704 }
1705
1706 /* dissect token ring counters */
1707 static gint
1708 dissect_sflow_5_token_ring(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1709
1710     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLineErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1711     offset += 4;
1712     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsBurstErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1713     offset += 4;
1714     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsACErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1715     offset += 4;
1716     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsAbortTransErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1717     offset += 4;
1718     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsInternalErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1719     offset += 4;
1720     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLostFrameErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1721     offset += 4;
1722     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsReceiveCongestions, tvb, offset, 4, ENC_BIG_ENDIAN);
1723     offset += 4;
1724     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsFrameCopiedErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1725     offset += 4;
1726     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsTokenErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1727     offset += 4;
1728     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSoftErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1729     offset += 4;
1730     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsHardErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1731     offset += 4;
1732     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSignalLoss, tvb, offset, 4, ENC_BIG_ENDIAN);
1733     offset += 4;
1734     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsTransmitBeacons, tvb, offset, 4, ENC_BIG_ENDIAN);
1735     offset += 4;
1736     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsRecoveries, tvb, offset, 4, ENC_BIG_ENDIAN);
1737     offset += 4;
1738     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLobeWires, tvb, offset, 4, ENC_BIG_ENDIAN);
1739     offset += 4;
1740     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsRemoves, tvb, offset, 4, ENC_BIG_ENDIAN);
1741     offset += 4;
1742     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSingles, tvb, offset, 4, ENC_BIG_ENDIAN);
1743     offset += 4;
1744     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsFreqErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1745     offset += 4;
1746
1747     return offset;
1748 }
1749
1750 /* dissect 100 BaseVG interface counters */
1751 static gint
1752 dissect_sflow_5_vg_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1753
1754     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InHighPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1755     offset += 4;
1756     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1757     offset += 8;
1758     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNormPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1759     offset += 4;
1760     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNormPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1761     offset += 8;
1762     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InIPMErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1763     offset += 4;
1764     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InOversizeFrameErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1765     offset += 4;
1766     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InDataErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1767     offset += 4;
1768     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNullAddressedFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1769     offset += 4;
1770     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12OutHighPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1771     offset += 4;
1772     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12OutHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1773     offset += 8;
1774     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12TransitionIntoTrainings, tvb, offset, 4, ENC_BIG_ENDIAN);
1775     offset += 4;
1776     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCInHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1777     offset += 8;
1778     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCInNormPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1779     offset += 8;
1780     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCOutHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1781     offset += 8;
1782
1783     return offset;
1784 }
1785
1786 /* dissect VLAN counters */
1787 static gint
1788 dissect_sflow_5_vlan(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1789
1790     proto_tree_add_item(counter_data_tree, hf_sflow_245_vlan_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1791     offset += 4;
1792     proto_tree_add_item(counter_data_tree, hf_sflow_245_octets, tvb, offset, 8, ENC_BIG_ENDIAN);
1793     offset += 8;
1794     proto_tree_add_item(counter_data_tree, hf_sflow_245_ucastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1795     offset += 4;
1796     proto_tree_add_item(counter_data_tree, hf_sflow_245_multicastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1797     offset += 4;
1798     proto_tree_add_item(counter_data_tree, hf_sflow_245_broadcastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1799     offset += 4;
1800     proto_tree_add_item(counter_data_tree, hf_sflow_245_discards, tvb, offset, 4, ENC_BIG_ENDIAN);
1801     offset += 4;
1802
1803     return offset;
1804 }
1805
1806 /* dissect 802.11 counters */
1807 static gint
1808 dissect_sflow_5_80211_counters(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1809
1810     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11TransmittedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1811     offset += 4;
1812     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MulticastTransmittedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1813     offset += 4;
1814     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FailedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1815     offset += 4;
1816     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RetryCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1817     offset += 4;
1818     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MultipleRetryCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1819     offset += 4;
1820     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FrameDuplicateCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1821     offset += 4;
1822     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RTSSuccessCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1823     offset += 4;
1824     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RTSFailureCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1825     offset += 4;
1826     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11ACKFailureCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1827     offset += 4;
1828     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11ReceivedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1829     offset += 4;
1830     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MulticastReceivedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1831     offset += 4;
1832     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FCSErrorCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1833     offset += 4;
1834     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11TransmittedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1835     offset += 4;
1836     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11WEPUndecryptableCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1837     offset += 4;
1838     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSDiscardedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1839     offset += 4;
1840     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11AssociatedStationCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1841     offset += 4;
1842     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsReceivedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1843     offset += 4;
1844     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsUnusedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1845     offset += 4;
1846     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsUnusableCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1847     offset += 4;
1848     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsLostCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1849     offset += 4;
1850
1851     return offset;
1852 }
1853
1854 /* dissect processor information */
1855 static gint
1856 dissect_sflow_5_processor_information(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1857
1858     proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_5s, tvb, offset, 4, ENC_BIG_ENDIAN);
1859     offset += 4;
1860     proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_1m, tvb, offset, 4, ENC_BIG_ENDIAN);
1861     offset += 4;
1862     proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_5m, tvb, offset, 4, ENC_BIG_ENDIAN);
1863     offset += 4;
1864     proto_tree_add_item(counter_data_tree, hf_sflow_5_total_memory, tvb, offset, 8, ENC_BIG_ENDIAN);
1865     offset += 8;
1866     proto_tree_add_item(counter_data_tree, hf_sflow_5_free_memory, tvb, offset, 8, ENC_BIG_ENDIAN);
1867     offset += 8;
1868
1869     return offset;
1870 }
1871
1872 /* dissect radio utilization */
1873 static gint
1874 dissect_sflow_5_radio_utilization(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1875
1876     proto_tree_add_item(counter_data_tree, hf_sflow_5_elapsed_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1877     offset += 4;
1878     proto_tree_add_item(counter_data_tree, hf_sflow_5_on_channel_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1879     offset += 4;
1880     proto_tree_add_item(counter_data_tree, hf_sflow_5_on_channel_busy_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1881     offset += 4;
1882
1883     return offset;
1884 }
1885
1886 /* dissect an sflow v5 counters record */
1887 static gint
1888 dissect_sflow_5_counters_record(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1889     proto_tree *counter_data_tree;
1890     proto_item *ti;
1891     guint32     enterprise_format, enterprise, format;
1892
1893     /* what kind of flow sample is it? */
1894     enterprise_format = tvb_get_ntohl(tvb, offset);
1895     enterprise = enterprise_format >> 12;
1896     format = enterprise_format & 0x00000fff;
1897
1898     if (enterprise == ENTERPRISE_DEFAULT) { /* only accept default enterprise 0 (InMon sFlow) */
1899         counter_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_counters_record, &ti,
1900                 val_to_str_const(format, sflow_5_counters_record_type, "Unknown sample format"));
1901
1902         proto_tree_add_uint_format_value(counter_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1903                                 enterprise, "standard sFlow (%u)", enterprise);
1904
1905         proto_tree_add_item(counter_data_tree, hf_sflow_5_counters_record_format, tvb, offset, 4, ENC_BIG_ENDIAN);
1906         offset += 4;
1907
1908         proto_tree_add_item(counter_data_tree, hf_sflow_5_flow_data_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1909         offset += 4;
1910
1911         switch (format) {
1912             case SFLOW_5_GENERIC_INTERFACE:
1913                 offset = dissect_sflow_5_generic_interface(counter_data_tree, tvb, offset);
1914                 break;
1915             case SFLOW_5_ETHERNET_INTERFACE:
1916                 offset = dissect_sflow_5_ethernet_interface(counter_data_tree, tvb, offset);
1917                 break;
1918             case SFLOW_5_TOKEN_RING:
1919                 offset = dissect_sflow_5_token_ring(counter_data_tree, tvb, offset);
1920                 break;
1921             case SFLOW_5_100BASE_VG_INTERFACE:
1922                 offset = dissect_sflow_5_vg_interface(counter_data_tree, tvb, offset);
1923                 break;
1924             case SFLOW_5_VLAN:
1925                 offset = dissect_sflow_5_vlan(counter_data_tree, tvb, offset);
1926                 break;
1927             case SFLOW_5_80211_COUNTERS:
1928                 offset = dissect_sflow_5_80211_counters(counter_data_tree, tvb, offset);
1929                 break;
1930             case SFLOW_5_PROCESSOR:
1931                 offset = dissect_sflow_5_processor_information(counter_data_tree, tvb, offset);
1932                 break;
1933             case SFLOW_5_RADIO_UTILIZATION:
1934                 offset = dissect_sflow_5_radio_utilization(counter_data_tree, tvb, offset);
1935                 break;
1936             default:
1937                 break;
1938         }
1939     } else { /* unknown enterprise format, what to do?? */
1940         counter_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1,
1941             ett_sflow_5_counters_record, &ti, "Unknown enterprise format");
1942         proto_tree_add_uint_format_value(counter_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1943                         enterprise, "Non-standard sFlow (%u)", enterprise);
1944         offset = tvb_captured_length(tvb);
1945     }
1946     proto_item_set_end(ti, tvb, offset);
1947
1948     return offset;
1949 }
1950
1951 /* dissect an sflow v5 flow sample */
1952 static void
1953 dissect_sflow_5_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
1954         proto_tree *tree, gint offset, proto_item *parent) {
1955
1956     guint32 sequence_number, sampling_rate, sample_pool,
1957             output, records, i;
1958
1959     sequence_number = tvb_get_ntohl(tvb, offset);
1960     proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
1961     offset += 4;
1962     proto_item_append_text(parent, ", seq %u", sequence_number);
1963
1964     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_class, tvb, offset, 4, ENC_BIG_ENDIAN);
1965     proto_tree_add_item(tree, hf_sflow_flow_sample_index, tvb, offset, 4, ENC_BIG_ENDIAN);
1966     offset += 4;
1967     sampling_rate = tvb_get_ntohl(tvb, offset);
1968     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset, 4,
1969             sampling_rate, "1 out of %u packets", sampling_rate);
1970     offset += 4;
1971     sample_pool = tvb_get_ntohl(tvb, offset);
1972     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sample_pool, tvb, offset, 4,
1973             sample_pool, "%u total packets", sample_pool);
1974     offset += 4;
1975     proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset, 4, ENC_BIG_ENDIAN);
1976     offset += 4;
1977     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface, tvb, offset, 4, ENC_BIG_ENDIAN);
1978     offset += 4;
1979     output = tvb_get_ntohl(tvb, offset);
1980     if (output & 0x80000000) {
1981         output & 0x7fffffff ?
1982             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset, 4,
1983                 output & 0x7fffffff, "%u interfaces", output & 0x7fffffff) :
1984             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset, 4,
1985                 0x80000000, "unknown number");
1986     } else {
1987         proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface, tvb, offset, 4, ENC_BIG_ENDIAN);
1988     }
1989     offset += 4;
1990     records = tvb_get_ntohl(tvb, offset);
1991     proto_tree_add_item(tree, hf_sflow_flow_sample_flow_record, tvb, offset, 4, ENC_BIG_ENDIAN);
1992     offset += 4;
1993
1994     /* start loop processing flow records */
1995     /* we set an upper records limit to 255 in case corrupted data causes
1996      * huge number of loops! */
1997     for (i = 0; i < (records&0x000000ff); i++) {
1998         offset = dissect_sflow_5_flow_record(tvb, pinfo, tree, offset);
1999     }
2000
2001 }
2002
2003 /* dissect an expanded flow sample */
2004 static void
2005 dissect_sflow_5_expanded_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
2006         proto_tree *tree, gint offset, proto_item *parent) {
2007
2008     guint32 sequence_number, sampling_rate, sample_pool, records, i;
2009
2010     sequence_number = tvb_get_ntohl(tvb, offset);
2011     proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2012     offset += 4;
2013     proto_item_append_text(parent, ", seq %u", sequence_number);
2014     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2015     offset += 4;
2016     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2017     offset += 4;
2018     sampling_rate = tvb_get_ntohl(tvb, offset);
2019     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset, 4,
2020             sampling_rate, "1 out of %u packets", sampling_rate);
2021     offset += 4;
2022     sample_pool = tvb_get_ntohl(tvb, offset);
2023     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sample_pool, tvb, offset, 4,
2024             sample_pool, "%u total packets", sample_pool);
2025     offset += 4;
2026     proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset, 4, ENC_BIG_ENDIAN);
2027     offset += 4;
2028     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface_format, tvb, offset, 4, ENC_BIG_ENDIAN);
2029     offset += 4;
2030     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface_value, tvb, offset, 4, ENC_BIG_ENDIAN);
2031     offset += 4;
2032     proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface_format, tvb, offset, 4, ENC_BIG_ENDIAN);
2033     offset += 4;
2034     proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface_value, tvb, offset, 4, ENC_BIG_ENDIAN);
2035     offset += 4;
2036     records = tvb_get_ntohl(tvb, offset);
2037     proto_tree_add_item(tree, hf_sflow_flow_sample_flow_record, tvb, offset, 4, ENC_BIG_ENDIAN);
2038     offset += 4;
2039
2040     /* start loop processing flow records
2041      * we limit record count to 255 in case corrupted data may cause huge number of loops */
2042     for (i = 0; i < (records&0x000000ff); i++) {
2043         offset = dissect_sflow_5_flow_record(tvb, pinfo, tree, offset);
2044     }
2045 }
2046
2047 /* dissect an sflow v2/4 counters sample */
2048 static gint
2049 dissect_sflow_24_counters_sample(tvbuff_t *tvb, proto_tree *tree, gint offset, proto_item *parent) {
2050
2051     guint32 sequence_number, counters_type;
2052
2053     sequence_number = tvb_get_ntohl(tvb, offset);
2054     proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2055     proto_item_append_text(parent, ", seq %u", sequence_number);
2056
2057     proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_class, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
2058     proto_tree_add_item(tree, hf_sflow_counters_sample_index, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
2059     proto_tree_add_item(tree, hf_sflow_counters_sample_sampling_interval, tvb, offset + 8, 4, ENC_BIG_ENDIAN);
2060     counters_type = tvb_get_ntohl(tvb, offset + 12);
2061     proto_tree_add_item(tree, hf_sflow_counters_sample_counters_type, tvb, offset + 12, 4, ENC_BIG_ENDIAN);
2062
2063     offset += 16;
2064
2065     /* most counters types have the "generic" counters first */
2066     switch (counters_type) {
2067         case SFLOW_245_COUNTERS_GENERIC:
2068         case SFLOW_245_COUNTERS_ETHERNET:
2069         case SFLOW_245_COUNTERS_TOKENRING:
2070         case SFLOW_245_COUNTERS_FDDI:
2071         case SFLOW_245_COUNTERS_VG:
2072         case SFLOW_245_COUNTERS_WAN:
2073             proto_tree_add_item(tree, hf_sflow_245_ifindex, tvb, offset, 4, ENC_BIG_ENDIAN);
2074             proto_item_append_text(parent, ", ifIndex %u", tvb_get_ntohl(tvb, offset));
2075             offset += 4;
2076             proto_tree_add_item(tree, hf_sflow_245_iftype, tvb, offset, 4, ENC_BIG_ENDIAN);
2077             offset += 4;
2078             proto_tree_add_item(tree, hf_sflow_245_ifspeed, tvb, offset, 8, ENC_BIG_ENDIAN);
2079             offset += 8;
2080             proto_tree_add_item(tree, hf_sflow_245_ifdirection, tvb, offset, 4, ENC_BIG_ENDIAN);
2081             offset += 4;
2082             proto_tree_add_item(tree, hf_sflow_245_ifadmin_status, tvb, offset, 4, ENC_BIG_ENDIAN);
2083             proto_tree_add_item(tree, hf_sflow_245_ifoper_status, tvb, offset, 4, ENC_BIG_ENDIAN);
2084             offset += 4;
2085             proto_tree_add_item(tree, hf_sflow_245_ifinoct, tvb, offset, 8, ENC_BIG_ENDIAN);
2086             offset += 8;
2087             proto_tree_add_item(tree, hf_sflow_245_ifinpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
2088             offset += 4;
2089             proto_tree_add_item(tree, hf_sflow_245_ifinmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2090             offset += 4;
2091             proto_tree_add_item(tree, hf_sflow_245_ifinbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2092             offset += 4;
2093             proto_tree_add_item(tree, hf_sflow_245_ifindisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2094             offset += 4;
2095             proto_tree_add_item(tree, hf_sflow_245_ifinerr, tvb, offset, 4, ENC_BIG_ENDIAN);
2096             offset += 4;
2097             proto_tree_add_item(tree, hf_sflow_245_ifinunk, tvb, offset, 4, ENC_BIG_ENDIAN);
2098             offset += 4;
2099             proto_tree_add_item(tree, hf_sflow_245_ifoutoct, tvb, offset, 8, ENC_BIG_ENDIAN);
2100             offset += 8;
2101             proto_tree_add_item(tree, hf_sflow_245_ifoutpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
2102             offset += 4;
2103             proto_tree_add_item(tree, hf_sflow_245_ifoutmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2104             offset += 4;
2105             proto_tree_add_item(tree, hf_sflow_245_ifoutbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2106             offset += 4;
2107             proto_tree_add_item(tree, hf_sflow_245_ifoutdisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2108             offset += 4;
2109             proto_tree_add_item(tree, hf_sflow_245_ifouterr, tvb, offset, 4, ENC_BIG_ENDIAN);
2110             offset += 4;
2111             proto_tree_add_item(tree, hf_sflow_245_ifpromisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2112             offset += 4;
2113             break;
2114     }
2115
2116     /* Some counter types have other info to gather */
2117     switch (counters_type) {
2118         case SFLOW_245_COUNTERS_ETHERNET:
2119             offset += (int)sizeof (struct ethernet_counters);
2120             break;
2121         case SFLOW_245_COUNTERS_TOKENRING:
2122             offset = dissect_sflow_5_token_ring(tree, tvb, offset);
2123             break;
2124         case SFLOW_245_COUNTERS_VG:
2125             offset = dissect_sflow_5_vg_interface(tree, tvb, offset);
2126             break;
2127         case SFLOW_245_COUNTERS_VLAN:
2128             offset = dissect_sflow_5_vlan(tree, tvb, offset);
2129             break;
2130         default:
2131             break;
2132     }
2133     return offset;
2134 }
2135
2136 /* dissect an sflow v5 counters sample */
2137 static void
2138 dissect_sflow_5_counters_sample(tvbuff_t *tvb, proto_tree *tree, gint offset, proto_item *parent) {
2139     guint32 sequence_number, records, i;
2140
2141     /* grab the flow header.  This will remain in network byte
2142        order, so must convert each item before use */
2143     sequence_number = tvb_get_ntohl(tvb, offset);
2144     proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2145     proto_item_append_text(parent, ", seq %u", sequence_number);
2146     offset += 4;
2147     proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2148     proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2149     offset += 4;
2150     records = tvb_get_ntohl(tvb, offset);
2151     proto_tree_add_item(tree, hf_sflow_counters_sample_counters_records, tvb, offset, 4, ENC_BIG_ENDIAN);
2152     offset += 4;
2153
2154     /* start loop processing counters records
2155      * limit record count to 255 in case corrupted data may cause huge number of loops */
2156     for (i = 0; i < (records&0x000000ff); i++) {
2157         offset = dissect_sflow_5_counters_record(tvb, tree, offset);
2158     }
2159 }
2160
2161 /* dissect an expanded counters sample */
2162 static void
2163 dissect_sflow_5_expanded_counters_sample(tvbuff_t *tvb, proto_tree *tree, gint offset, proto_item *parent) {
2164     guint32 sequence_number, records, i;
2165
2166     sequence_number = tvb_get_ntohl(tvb, offset);
2167     proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2168     proto_item_append_text(parent, ", seq %u", sequence_number);
2169     offset += 4;
2170     proto_tree_add_item(tree, hf_sflow_counters_sample_expanded_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2171     offset += 4;
2172     proto_tree_add_item(tree, hf_sflow_counters_sample_expanded_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2173     offset += 4;
2174     records = tvb_get_ntohl(tvb, offset);
2175     proto_tree_add_item(tree, hf_sflow_counters_sample_counters_records, tvb, offset, 4, ENC_BIG_ENDIAN);
2176     offset += 4;
2177
2178     /* start loop processing counters records
2179      * limit record count to 255 in case corrupted data may cause huge number of loops */
2180     for (i = 0; i < (records&0x000000ff); i++) {
2181         offset = dissect_sflow_5_counters_record(tvb, tree, offset);
2182     }
2183 }
2184
2185 static const int *sflow_lag_port_state_flags[] = {
2186     &hf_sflow_lag_port_actoradminstate,
2187     &hf_sflow_lag_port_actoroperstate,
2188     &hf_sflow_lag_port_partneradminstate,
2189     &hf_sflow_lag_port_partneroperstate,
2190     &hf_sflow_lag_port_reserved,
2191     NULL
2192 };
2193
2194
2195 /* dissect an LAG Port Stats ( http://www.sflow.org/sflow_lag.txt ) */
2196 static void
2197 dissect_sflow_5_lag_port_stats(tvbuff_t *tvb, proto_tree *tree, gint offset, proto_item *parent _U_) {
2198
2199     proto_tree_add_item(tree, hf_sflow_lag_port_actorsystemid, tvb, offset, 6, ENC_NA);
2200     offset += 6;
2201
2202     proto_tree_add_item(tree, hf_sflow_lag_port_partneropersystemid, tvb, offset, 6, ENC_NA);
2203     offset += 6;
2204
2205     proto_tree_add_item(tree, hf_sflow_lag_port_attachedaggid, tvb, offset, 4, ENC_BIG_ENDIAN);
2206     offset += 4;
2207
2208     proto_tree_add_bitmask(tree, tvb, offset, hf_sflow_lag_port_state, ett_sflow_lag_port_state_flags, sflow_lag_port_state_flags, ENC_BIG_ENDIAN);
2209     offset += 4;
2210
2211     proto_tree_add_item(tree, hf_sflow_lag_port_stats_lacpdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2212     offset += 4;
2213
2214     proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerpdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2215     offset += 4;
2216
2217     proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerresponsepdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2218     offset += 4;
2219
2220     proto_tree_add_item(tree, hf_sflow_lag_port_stats_unknownrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2221     offset += 4;
2222
2223     proto_tree_add_item(tree, hf_sflow_lag_port_stats_illegalrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2224     offset += 4;
2225
2226     proto_tree_add_item(tree, hf_sflow_lag_port_stats_lacpdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2227     offset += 4;
2228
2229     proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerpdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2230     offset += 4;
2231
2232     proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerresponsepdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2233     /*offset += 4;*/
2234 }
2235
2236 /* Code to dissect the sflow v2/4/5 samples */
2237 static gint
2238 dissect_sflow_245_samples(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset, guint32 version) {
2239     proto_tree *sflow_245_sample_tree;
2240     proto_item *ti;             /* tree item */
2241     guint32     sample_type, enterprise, format, length;
2242
2243     /* decide what kind of sample it is. */
2244     sample_type = tvb_get_ntohl(tvb, offset);
2245     if (version == 5) {
2246         enterprise = sample_type >> 12;
2247         format = sample_type & 0x00000fff;
2248
2249         if (enterprise == ENTERPRISE_DEFAULT) { /* only accept default enterprise 0 (InMon sFlow) */
2250             sflow_245_sample_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_245_sample, &ti,
2251                     val_to_str_const(format, sflow_245_sampletype, "Unknown sample format"));
2252
2253             proto_tree_add_uint_format_value(sflow_245_sample_tree, hf_sflow_enterprise, tvb, offset, 4, enterprise, "standard sFlow (%u)", enterprise);
2254             proto_tree_add_item(sflow_245_sample_tree, hf_sflow_245_sampletype12, tvb, offset, 4, ENC_BIG_ENDIAN);
2255             offset += 4;
2256
2257             length = tvb_get_ntohl(tvb, offset);
2258             proto_tree_add_item(sflow_245_sample_tree, hf_sflow_5_sample_length, tvb, offset, 4, ENC_BIG_ENDIAN);
2259             offset += 4;
2260
2261             switch (format) {
2262                 case FLOWSAMPLE:
2263                     dissect_sflow_5_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2264                     break;
2265                 case COUNTERSSAMPLE:
2266                     dissect_sflow_5_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2267                     break;
2268                 case EXPANDED_FLOWSAMPLE:
2269                     dissect_sflow_5_expanded_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2270                     break;
2271                 case EXPANDED_COUNTERSSAMPLE:
2272                     dissect_sflow_5_expanded_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2273                     break;
2274                 case LAG_PORT_STATS:
2275                     dissect_sflow_5_lag_port_stats(tvb, sflow_245_sample_tree, offset, ti);
2276                     break;
2277                 default:
2278                     break;
2279             }
2280             /* Make sure the length doesn't run past the end of the packet */
2281             tvb_ensure_bytes_exist(tvb, offset, length);
2282             /* current offset points to sample length field, which is 4 bytes from the beginning of the packet*/
2283             offset += length;
2284         } else { /* unknown enterprise format, what to do?? */
2285             sflow_245_sample_tree = proto_tree_add_subtree(tree, tvb, offset, -1,
2286                         ett_sflow_245_sample, &ti, "Unknown enterprise format");
2287             proto_tree_add_uint_format_value(sflow_245_sample_tree, hf_sflow_enterprise, tvb, offset, 4,
2288                             enterprise, "Non-standard sFlow (%u)", enterprise);
2289             offset = tvb_captured_length(tvb);
2290         }
2291
2292     } else { /* version 2 or 4 */
2293         sflow_245_sample_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_245_sample, &ti,
2294                 val_to_str_const(sample_type, sflow_245_sampletype, "Unknown sample type"));
2295
2296         proto_tree_add_item(sflow_245_sample_tree, hf_sflow_245_sampletype, tvb, offset, 4, ENC_BIG_ENDIAN);
2297         offset += 4;
2298
2299         switch (sample_type) {
2300             case FLOWSAMPLE:
2301                 offset = dissect_sflow_24_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2302                 break;
2303             case COUNTERSSAMPLE:
2304                 offset = dissect_sflow_24_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2305                 break;
2306             default:
2307                 break;
2308         }
2309     }
2310     proto_item_set_end(ti, tvb, offset);
2311
2312     return offset;
2313 }
2314
2315 /* Code to actually dissect the packets */
2316 static int
2317 dissect_sflow_245(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2318 {
2319     /* Set up structures needed to add the protocol subtree and manage it */
2320     proto_item                   *ti;
2321     proto_tree                   *sflow_245_tree;
2322     guint32                       version, sub_agent_id, seqnum;
2323     address                       addr_details;
2324     int                           sflow_addr_type;
2325     struct sflow_address_type     addr_type;
2326
2327     guint32        numsamples;
2328     guint          offset = 0;
2329     guint          i      = 0;
2330
2331     addr_type.hf_addr_v4 = hf_sflow_agent_address_v4;
2332     addr_type.hf_addr_v6 = hf_sflow_agent_address_v6;
2333
2334     /*
2335      * We fetch the version and address type so that we can determine,
2336      * ahead of time, whether this is an sFlow packet or not, before
2337      * we do *anything* to the columns or the protocol tree.
2338      *
2339      * XXX - we might want to deem this "not sFlow" if we don't have at
2340      * least 8 bytes worth of data.
2341      */
2342     version = tvb_get_ntohl(tvb, offset);
2343     if (version != 2 && version != 4 && version != 5) {
2344        /* Unknown version; assume it's not an sFlow packet. */
2345        return 0;
2346     }
2347
2348     sflow_addr_type = tvb_get_ntohl(tvb, offset + 4);
2349     switch (sflow_addr_type) {
2350         case ADDR_TYPE_UNKNOWN:
2351         case ADDR_TYPE_IPV4:
2352         case ADDR_TYPE_IPV6:
2353             break;
2354
2355         default:
2356             /*
2357              * Address type we don't know about; assume it's not an sFlow
2358              * packet.
2359              */
2360             return 0;
2361     }
2362     /* Make entries in Protocol column and Info column on summary display */
2363     col_set_str(pinfo->cinfo, COL_PROTOCOL, "sFlow");
2364
2365     /* create display subtree for the protocol */
2366     ti = proto_tree_add_item(tree, proto_sflow, tvb, 0, -1, ENC_NA);
2367
2368     sflow_245_tree = proto_item_add_subtree(ti, ett_sflow_245);
2369
2370     col_add_fstr(pinfo->cinfo, COL_INFO, "V%u", version);
2371     proto_tree_add_item(sflow_245_tree, hf_sflow_version, tvb, offset, 4, ENC_BIG_ENDIAN);
2372     offset += 4;
2373
2374     proto_tree_add_item(sflow_245_tree, hf_sflow_agent_address_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2375     offset = dissect_sflow_245_address_type(tvb, pinfo, sflow_245_tree, offset,
2376                                             &addr_type, &addr_details);
2377     switch (sflow_addr_type) {
2378         case ADDR_TYPE_UNKNOWN:
2379             break;
2380         case ADDR_TYPE_IPV4:
2381         case ADDR_TYPE_IPV6:
2382             col_append_fstr(pinfo->cinfo, COL_INFO, ", agent %s", address_to_str(wmem_packet_scope(), &addr_details));
2383             break;
2384     }
2385
2386     if (version == 5) {
2387         sub_agent_id = tvb_get_ntohl(tvb, offset);
2388         col_append_fstr(pinfo->cinfo, COL_INFO, ", sub-agent ID %u", sub_agent_id);
2389         proto_tree_add_uint(sflow_245_tree, hf_sflow_5_sub_agent_id, tvb, offset, 4, sub_agent_id);
2390         offset += 4;
2391     }
2392     seqnum = tvb_get_ntohl(tvb, offset);
2393     col_append_fstr(pinfo->cinfo, COL_INFO, ", seq %u", seqnum);
2394     proto_tree_add_uint(sflow_245_tree, hf_sflow_245_seqnum, tvb, offset, 4, seqnum);
2395     offset += 4;
2396     proto_tree_add_item(sflow_245_tree, hf_sflow_245_sysuptime, tvb, offset, 4, ENC_BIG_ENDIAN);
2397     offset += 4;
2398     numsamples = tvb_get_ntohl(tvb, offset);
2399     col_append_fstr(pinfo->cinfo, COL_INFO, ", %u samples", numsamples);
2400     proto_tree_add_uint(sflow_245_tree, hf_sflow_245_numsamples, tvb, offset, 4, numsamples);
2401     offset += 4;
2402
2403     /* Ok, we're now at the end of the sflow_245 datagram header;
2404      * everything from here out should be samples. Loop over
2405      * the expected number of samples, and pass them to the appropriate
2406      * dissectors.
2407      */
2408
2409     /* limit number of samples to 255 to avoid huge number of loops
2410      * caused by corrupted data */
2411     for (i = 0; i < (numsamples & 0x000000ff); i++) {
2412         offset = dissect_sflow_245_samples(tvb, pinfo, sflow_245_tree, offset, version);
2413     }
2414
2415     return tvb_captured_length(tvb);
2416 }
2417
2418 /* Register the protocol with Wireshark */
2419
2420 void
2421 proto_register_sflow(void) {
2422
2423     module_t *sflow_245_module;
2424
2425     /* Setup list of header fields  See Section 1.6.1 for details*/
2426     static hf_register_info hf[] = {
2427         { &hf_sflow_version,
2428             { "Datagram version", "sflow_245.version",
2429                 FT_UINT32, BASE_DEC, NULL, 0x0,
2430                 "sFlow datagram version", HFILL}},
2431         { &hf_sflow_agent_address_type,
2432             { "Agent address type", "sflow_245.agenttype",
2433                 FT_UINT32, BASE_DEC, VALS(sflow_agent_address_types), 0x0,
2434                 "sFlow agent address type", HFILL}},
2435         { &hf_sflow_agent_address_v4,
2436             { "Agent address", "sflow_245.agent",
2437                 FT_IPv4, BASE_NONE, NULL, 0x0,
2438                 "sFlow Agent IP address", HFILL}},
2439         { &hf_sflow_agent_address_v6,
2440             { "Agent address", "sflow_245.agent.v6",
2441                 FT_IPv6, BASE_NONE, NULL, 0x0,
2442                 "sFlow Agent IPv6 address", HFILL}},
2443         { &hf_sflow_5_sub_agent_id,
2444             { "Sub-agent ID", "sflow_245.sub_agent_id",
2445                 FT_UINT32, BASE_DEC, NULL, 0x0,
2446                 "sFlow sub-agent ID", HFILL}},
2447         { &hf_sflow_5_sample_length,
2448             { "Sample length (byte)", "sflow_5.sample_length",
2449                 FT_UINT32, BASE_DEC, NULL, 0x0,
2450                 "sFlow sample length", HFILL}},
2451         { &hf_sflow_5_flow_data_length,
2452             { "Flow data length (byte)", "sflow_5.flow_data_length",
2453                 FT_UINT32, BASE_DEC, NULL, 0x0,
2454                 "sFlow flow data length", HFILL}},
2455 #if 0
2456         { &hf_sflow_5_counters_data_length,
2457             { "Counters data length (byte)", "sflow_5.counter_data_length",
2458                 FT_UINT32, BASE_DEC, NULL, 0x0,
2459                 "sFlow counters data length", HFILL}},
2460 #endif
2461         { &hf_sflow_245_seqnum,
2462             { "Sequence number", "sflow_245.sequence_number",
2463                 FT_UINT32, BASE_DEC, NULL, 0x0,
2464                 "sFlow datagram sequence number", HFILL}},
2465         { &hf_sflow_245_sysuptime,
2466             { "SysUptime", "sflow_245.sysuptime",
2467                 FT_UINT32, BASE_DEC, NULL, 0x0,
2468                 "System Uptime", HFILL}},
2469         { &hf_sflow_245_numsamples,
2470             { "NumSamples", "sflow_245.numsamples",
2471                 FT_UINT32, BASE_DEC, NULL, 0x0,
2472                 "Number of samples in sFlow datagram", HFILL}},
2473         { &hf_sflow_245_sampletype,
2474             { "sFlow sample type", "sflow_245.sampletype",
2475                 FT_UINT32, BASE_DEC, VALS(sflow_245_sampletype), 0x0,
2476                 "Type of sFlow sample", HFILL}},
2477         { &hf_sflow_245_sampletype12,
2478             { "sFlow sample type", "sflow_245.sampletype",
2479                 FT_UINT32, BASE_DEC, VALS(sflow_245_sampletype), 0x00000FFF,
2480                 "Type of sFlow sample", HFILL}},
2481 #if 0
2482         { &hf_sflow_5_ieee80211_version,
2483             { "Version", "sflow_245.ieee80211_version",
2484                 FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
2485                 "IEEE 802.11 Version", HFILL}},
2486 #endif
2487         { &hf_sflow_245_ipv4_precedence_type,
2488             { "Precedence", "sflow_245.ipv4_precedence_type",
2489                 FT_UINT8, BASE_DEC, VALS(sflow_245_ipv4_precedence_types), 0xE0,
2490                 "IPv4 Precedence Type", HFILL}},
2491         { &hf_sflow_5_flow_record_format,
2492             { "Format", "sflow_245.flow_record_format",
2493                 FT_UINT32, BASE_DEC | BASE_EXT_STRING, &sflow_5_flow_record_type_ext, 0x0,
2494                 "Format of sFlow flow record", HFILL}},
2495         { &hf_sflow_5_counters_record_format,
2496             { "Format", "sflow_245.counters_record_format",
2497                 FT_UINT32, BASE_DEC, VALS(sflow_5_counters_record_type), 0x00000FFF,
2498                 "Format of sFlow counters record", HFILL}},
2499         { &hf_sflow_245_header_protocol,
2500             { "Header protocol", "sflow_245.header_protocol",
2501                 FT_UINT32, BASE_DEC | BASE_EXT_STRING, &sflow_245_header_protocol_ext, 0x0,
2502                 "Protocol of sampled header", HFILL}},
2503         { &hf_sflow_245_header,
2504             { "Header of sampled packet", "sflow_245.header",
2505                 FT_BYTES, BASE_NONE, NULL, 0x0,
2506                 "Data from sampled header", HFILL}},
2507         { &hf_sflow_245_packet_information_type,
2508             { "Sample type", "sflow_245.packet_information_type",
2509                 FT_UINT32, BASE_DEC, VALS(sflow_245_packet_information_type), 0x0,
2510                 "Type of sampled information", HFILL}},
2511         { &hf_sflow_245_extended_information_type,
2512             { "Extended information type", "sflow_245.extended_information_type",
2513                 FT_UINT32, BASE_DEC, VALS(sflow_245_extended_data_types), 0x0,
2514                 "Type of extended information", HFILL}},
2515         { &hf_sflow_245_vlan_in,
2516             { "Incoming 802.1Q VLAN", "sflow_245.vlan.in",
2517                 FT_UINT32, BASE_DEC, NULL, 0x0,
2518                 "Incoming VLAN ID", HFILL}},
2519         { &hf_sflow_245_vlan_out,
2520             { "Outgoing 802.1Q VLAN", "sflow_245.vlan.out",
2521                 FT_UINT32, BASE_DEC, NULL, 0x0,
2522                 "Outgoing VLAN ID", HFILL}},
2523         { &hf_sflow_245_pri_in,
2524             { "Incoming 802.1p priority", "sflow_245.pri.in",
2525                 FT_UINT32, BASE_DEC, NULL, 0x0,
2526                 NULL, HFILL}},
2527         { &hf_sflow_245_pri_out,
2528             { "Outgoing 802.1p priority", "sflow_245.pri.out",
2529                 FT_UINT32, BASE_DEC, NULL, 0x0,
2530                 NULL, HFILL}},
2531         { &hf_sflow_245_nexthop_v4,
2532             { "Next hop", "sflow_245.nexthop",
2533                 FT_IPv4, BASE_NONE, NULL, 0x0,
2534                 "Next hop address", HFILL}},
2535         { &hf_sflow_245_ipv4_src,
2536             { "Source IP address", "sflow_245.ipv4_src",
2537                 FT_IPv4, BASE_NONE, NULL, 0x0,
2538                 "Source IPv4 address", HFILL}},
2539         { &hf_sflow_245_ipv4_dst,
2540             { "Destination IP address", "sflow_245.ipv4_dst",
2541                 FT_IPv4, BASE_NONE, NULL, 0x0,
2542                 "Destination IPv4 address", HFILL}},
2543         { &hf_sflow_245_nexthop_v6,
2544             { "Next hop", "sflow_245.nexthop.v6",
2545                 FT_IPv6, BASE_NONE, NULL, 0x0,
2546                 "Next hop address", HFILL}},
2547         { &hf_sflow_245_ipv6_src,
2548             { "Source IP address", "sflow_245.ipv6_src",
2549                 FT_IPv6, BASE_NONE, NULL, 0x0,
2550                 "Source IPv6 address", HFILL}},
2551         { &hf_sflow_245_ipv6_dst,
2552             { "Destination IP address", "sflow_245.ipv6_dst",
2553                 FT_IPv6, BASE_NONE, NULL, 0x0,
2554                 "Destination IPv6 address", HFILL}},
2555         { &hf_sflow_245_nexthop_src_mask,
2556             { "Next hop source mask", "sflow_245.nexthop.src_mask",
2557                 FT_UINT32, BASE_DEC, NULL, 0x0,
2558                 "Next hop source mask bits", HFILL}},
2559         { &hf_sflow_245_nexthop_dst_mask,
2560             { "Next hop destination mask", "sflow_245.nexthop.dst_mask",
2561                 FT_UINT32, BASE_DEC, NULL, 0x0,
2562                 "Next hop destination mask bits", HFILL}},
2563         { &hf_sflow_245_ifindex,
2564             { "Interface index", "sflow_245.ifindex",
2565                 FT_UINT32, BASE_DEC, NULL, 0x0,
2566                 NULL, HFILL}},
2567         { &hf_sflow_245_as,
2568             { "AS Router", "sflow_245.as",
2569                 FT_UINT32, BASE_DEC, NULL, 0x0,
2570                 "Autonomous System of Router", HFILL}},
2571         { &hf_sflow_245_src_as,
2572             { "AS Source", "sflow_245.srcAS",
2573                 FT_UINT32, BASE_DEC, NULL, 0x0,
2574                 "Autonomous System of Source", HFILL}},
2575         { &hf_sflow_245_src_peer_as,
2576             { "AS Peer", "sflow_245.peerAS",
2577                 FT_UINT32, BASE_DEC, NULL, 0x0,
2578                 "Autonomous System of Peer", HFILL}},
2579         { &hf_sflow_245_dst_as_entries,
2580             { "AS Destinations", "sflow_245.dstASentries",
2581                 FT_UINT32, BASE_DEC, NULL, 0x0,
2582                 "Autonomous System destinations", HFILL}},
2583         { &hf_sflow_245_dst_as,
2584             { "AS Destination", "sflow_245.dstAS",
2585                 FT_UINT32, BASE_DEC, NULL, 0x0,
2586                 "Autonomous System destination", HFILL}},
2587         /* Needed for sFlow >= 4.  If I had a capture to test... */
2588         { &hf_sflow_245_community_entries,
2589             { "Gateway Communities", "sflow_245.communityEntries",
2590                 FT_UINT32, BASE_DEC, NULL, 0x0,
2591                 NULL, HFILL}},
2592 #if 0
2593         { &hf_sflow_245_community,
2594             { "Gateway Community", "sflow_245.community",
2595                 FT_UINT32, BASE_DEC, NULL, 0x0,
2596                 "Gateway Communities", HFILL}},
2597 #endif
2598         { &hf_sflow_245_localpref,
2599             { "localpref", "sflow_245.localpref",
2600                 FT_UINT32, BASE_DEC, NULL, 0x0,
2601                 "Local preferences of AS route", HFILL}},
2602         /**/
2603         { &hf_sflow_245_iftype,
2604             { "Interface Type", "sflow_245.iftype",
2605                 FT_UINT32, BASE_DEC, NULL, 0x0,
2606                 NULL, HFILL}},
2607         { &hf_sflow_245_ifspeed,
2608             { "Interface Speed", "sflow_245.ifspeed",
2609                 FT_UINT64, BASE_DEC, NULL, 0x0,
2610                 NULL, HFILL}},
2611         { &hf_sflow_245_ifdirection,
2612             { "Interface Direction", "sflow_245.ifdirection",
2613                 FT_UINT32, BASE_DEC, VALS(sflow_ifdirection_vals), 0x0,
2614                 NULL, HFILL}},
2615         { &hf_sflow_245_ifadmin_status,
2616             { "IfAdminStatus", "sflow_245.ifadmin_status",
2617                 FT_BOOLEAN, 32, TFS(&tfs_up_down), 0x00000001,
2618                 NULL, HFILL}},
2619         { &hf_sflow_245_ifoper_status,
2620             { "IfOperStatus", "sflow_245.ifoper_status",
2621                 FT_BOOLEAN, 32, TFS(&tfs_up_down), 0x00000002,
2622                 NULL, HFILL}},
2623         { &hf_sflow_245_ifinoct,
2624             { "Input Octets", "sflow_245.ifinoct",
2625                 FT_UINT64, BASE_DEC, NULL, 0x0,
2626                 NULL, HFILL}},
2627         { &hf_sflow_245_ifinpkt,
2628             { "Input Packets", "sflow_245.ifinpkt",
2629                 FT_UINT32, BASE_DEC, NULL, 0x0,
2630                 NULL, HFILL}},
2631         { &hf_sflow_245_ifinmcast,
2632             { "Input Multicast Packets", "sflow_245.ifinmcast",
2633                 FT_UINT32, BASE_DEC, NULL, 0x0,
2634                 NULL, HFILL}},
2635         { &hf_sflow_245_ifinbcast,
2636             { "Input Broadcast Packets", "sflow_245.ifinbcast",
2637                 FT_UINT32, BASE_DEC, NULL, 0x0,
2638                 NULL, HFILL}},
2639         { &hf_sflow_245_ifindisc,
2640             { "Input Discarded Packets", "sflow_245.ifindisc",
2641                 FT_UINT32, BASE_DEC, NULL, 0x0,
2642                 NULL, HFILL}},
2643         { &hf_sflow_245_ifinerr,
2644             { "Input Errors", "sflow_245.ifinerr",
2645                 FT_UINT32, BASE_DEC, NULL, 0x0,
2646                 NULL, HFILL}},
2647         { &hf_sflow_245_ifinunk,
2648             { "Input Unknown Protocol Packets", "sflow_245.ifinunk",
2649                 FT_UINT32, BASE_DEC, NULL, 0x0,
2650                 NULL, HFILL}},
2651         { &hf_sflow_245_ifoutoct,
2652             { "Output Octets", "sflow_245.ifoutoct",
2653                 FT_UINT64, BASE_DEC, NULL, 0x0,
2654                 NULL, HFILL}},
2655         { &hf_sflow_245_ifoutpkt,
2656             { "Output Packets", "sflow_245.ifoutpkt",
2657                 FT_UINT32, BASE_DEC, NULL, 0x0,
2658                 NULL, HFILL}},
2659         { &hf_sflow_245_ifoutmcast,
2660             { "Output Multicast Packets", "sflow_245.ifoutmcast",
2661                 FT_UINT32, BASE_DEC, NULL, 0x0,
2662                 NULL, HFILL}},
2663         { &hf_sflow_245_ifoutbcast,
2664             { "Output Broadcast Packets", "sflow_245.ifoutbcast",
2665                 FT_UINT32, BASE_DEC, NULL, 0x0,
2666                 NULL, HFILL}},
2667         { &hf_sflow_245_ifoutdisc,
2668             { "Output Discarded Packets", "sflow_245.ifoutdisc",
2669                 FT_UINT32, BASE_DEC, NULL, 0x0,
2670                 NULL, HFILL}},
2671         { &hf_sflow_245_ifouterr,
2672             { "Output Errors", "sflow_245.ifouterr",
2673                 FT_UINT32, BASE_DEC, NULL, 0x0,
2674                 NULL, HFILL}},
2675         { &hf_sflow_245_ifpromisc,
2676             { "Promiscuous Mode", "sflow_245.ifpromisc",
2677                 FT_UINT32, BASE_DEC, NULL, 0x0,
2678                 NULL, HFILL}},
2679         { &hf_sflow_245_dot3StatsAlignmentErrors,
2680             { "Alignment Errors", "sflow_245.dot3StatsAlignmentErrors",
2681                 FT_UINT32, BASE_DEC, NULL, 0x0,
2682                 "dot3 Stats Alignment Errors", HFILL}},
2683         { &hf_sflow_245_dot3StatsFCSErrors,
2684             { "FCS Errors", "sflow_245.dot3StatsFCSErrors",
2685                 FT_UINT32, BASE_DEC, NULL, 0x0,
2686                 "dot3 Stats FCS Errors", HFILL}},
2687         { &hf_sflow_245_dot3StatsSingleCollisionFrames,
2688             { "Single Collision Frames", "sflow_245.dot3StatsSingleCollisionFrames",
2689                 FT_UINT32, BASE_DEC, NULL, 0x0,
2690                 "dot3 Stats Single Collision Frames", HFILL}},
2691         { &hf_sflow_245_dot3StatsMultipleCollisionFrames,
2692             { "Multiple Collision Frames", "sflow_245.dot3StatsMultipleCollisionFrames",
2693                 FT_UINT32, BASE_DEC, NULL, 0x0,
2694                 "dot3 Stats Multiple Collision Frames", HFILL}},
2695         { &hf_sflow_245_dot3StatsSQETestErrors,
2696             { "SQE Test Errors", "sflow_245.dot3StatsSQETestErrors",
2697                 FT_UINT32, BASE_DEC, NULL, 0x0,
2698                 "dot3 Stats SQE Test Errors", HFILL}},
2699         { &hf_sflow_245_dot3StatsDeferredTransmissions,
2700             { "Deferred Transmissions", "sflow_245.dot3StatsDeferredTransmissions",
2701                 FT_UINT32, BASE_DEC, NULL, 0x0,
2702                 "dot3 Stats Deferred Transmissions", HFILL}},
2703         { &hf_sflow_245_dot3StatsLateCollisions,
2704             { "Late Collisions", "sflow_245.dot3StatsLateCollisions",
2705                 FT_UINT32, BASE_DEC, NULL, 0x0,
2706                 "dot3 Stats Late Collisions", HFILL}},
2707         { &hf_sflow_245_dot3StatsExcessiveCollisions,
2708             { "Excessive Collisions", "sflow_245.dot3StatsExcessiveCollisions",
2709                 FT_UINT32, BASE_DEC, NULL, 0x0,
2710                 "dot3 Stats Excessive Collisions", HFILL}},
2711         { &hf_sflow_245_dot3StatsInternalMacTransmitErrors,
2712             { "Internal Mac Transmit Errors", "sflow_245.dot3StatsInternalMacTransmitErrors",
2713                 FT_UINT32, BASE_DEC, NULL, 0x0,
2714                 "dot3 Stats Internal Mac Transmit Errors", HFILL}},
2715         { &hf_sflow_245_dot3StatsCarrierSenseErrors,
2716             { "Carrier Sense Errors", "sflow_245.dot3StatsCarrierSenseErrors",
2717                 FT_UINT32, BASE_DEC, NULL, 0x0,
2718                 "dot3 Stats Carrier Sense Errors", HFILL}},
2719         { &hf_sflow_245_dot3StatsFrameTooLongs,
2720             { "Frame Too Longs", "sflow_245.dot3StatsFrameTooLongs",
2721                 FT_UINT32, BASE_DEC, NULL, 0x0,
2722                 "dot3 Stats Frame Too Longs", HFILL}},
2723         { &hf_sflow_245_dot3StatsInternalMacReceiveErrors,
2724             { "Internal Mac Receive Errors", "sflow_245.dot3StatsInternalMacReceiveErrors",
2725                 FT_UINT32, BASE_DEC, NULL, 0x0,
2726                 "dot3 Stats Internal Mac Receive Errors", HFILL}},
2727         { &hf_sflow_245_dot3StatsSymbolErrors,
2728             { "Symbol Errors", "sflow_245.dot3StatsSymbolErrors",
2729                 FT_UINT32, BASE_DEC, NULL, 0x0,
2730                 "dot3 Stats Symbol Errors", HFILL}},
2731         { &hf_sflow_245_dot5StatsLineErrors,
2732             { "Line Errors", "sflow_245.dot5StatsLineErrors",
2733                 FT_UINT32, BASE_DEC, NULL, 0x0,
2734                 "dot5 Stats Line Errors", HFILL}},
2735         { &hf_sflow_245_dot5StatsBurstErrors,
2736             { "Burst Errors", "sflow_245.dot5StatsBurstErrors",
2737                 FT_UINT32, BASE_DEC, NULL, 0x0,
2738                 "dot5 Stats Burst Errors", HFILL}},
2739         { &hf_sflow_245_dot5StatsACErrors,
2740             { "AC Errors", "sflow_245.dot5StatsACErrors",
2741                 FT_UINT32, BASE_DEC, NULL, 0x0,
2742                 "dot5 Stats AC Errors", HFILL}},
2743         { &hf_sflow_245_dot5StatsAbortTransErrors,
2744             { "Abort Trans Errors", "sflow_245.dot5StatsAbortTransErrors",
2745                 FT_UINT32, BASE_DEC, NULL, 0x0,
2746                 "dot5 Stats Abort Trans Errors", HFILL}},
2747         { &hf_sflow_245_dot5StatsInternalErrors,
2748             { "Internal Errors", "sflow_245.dot5StatsInternalErrors",
2749                 FT_UINT32, BASE_DEC, NULL, 0x0,
2750                 "dot5 Stats Internal Errors", HFILL}},
2751         { &hf_sflow_245_dot5StatsLostFrameErrors,
2752             { "Lost Frame Errors", "sflow_245.dot5StatsLostFrameErrors",
2753                 FT_UINT32, BASE_DEC, NULL, 0x0,
2754                 "dot5 Stats Lost Frame Errors", HFILL}},
2755         { &hf_sflow_245_dot5StatsReceiveCongestions,
2756             { "Receive Congestions", "sflow_245.dot5StatsReceiveCongestions",
2757                 FT_UINT32, BASE_DEC, NULL, 0x0,
2758                 "dot5 Stats Receive Congestions", HFILL}},
2759         { &hf_sflow_245_dot5StatsFrameCopiedErrors,
2760             { "Frame Copied Errors", "sflow_245.dot5StatsFrameCopiedErrors",
2761                 FT_UINT32, BASE_DEC, NULL, 0x0,
2762                 "dot5 Stats Frame Copied Errors", HFILL}},
2763         { &hf_sflow_245_dot5StatsTokenErrors,
2764             { "Token Errors", "sflow_245.dot5StatsTokenErrors",
2765                 FT_UINT32, BASE_DEC, NULL, 0x0,
2766                 "dot5 Stats Token Errors", HFILL}},
2767         { &hf_sflow_245_dot5StatsSoftErrors,
2768             { "Soft Errors", "sflow_245.dot5StatsSoftErrors",
2769                 FT_UINT32, BASE_DEC, NULL, 0x0,
2770                 "dot5 Stats Soft Errors", HFILL}},
2771         { &hf_sflow_245_dot5StatsHardErrors,
2772             { "Hard Errors", "sflow_245.dot5StatsHardErrors",
2773                 FT_UINT32, BASE_DEC, NULL, 0x0,
2774                 "dot5 Stats Hard Errors", HFILL}},
2775         { &hf_sflow_245_dot5StatsSignalLoss,
2776             { "Signal Loss", "sflow_245.dot5StatsSignalLoss",
2777                 FT_UINT32, BASE_DEC, NULL, 0x0,
2778                 "dot5 Stats Signal Loss", HFILL}},
2779         { &hf_sflow_245_dot5StatsTransmitBeacons,
2780             { "Transmit Beacons", "sflow_245.dot5StatsTransmitBeacons",
2781                 FT_UINT32, BASE_DEC, NULL, 0x0,
2782                 "dot5 Stats Transmit Beacons", HFILL}},
2783         { &hf_sflow_245_dot5StatsRecoveries,
2784             { "Recoveries", "sflow_245.dot5StatsRecoveries",
2785                 FT_UINT32, BASE_DEC, NULL, 0x0,
2786                 "dot5 Stats Recoveries", HFILL}},
2787         { &hf_sflow_245_dot5StatsLobeWires,
2788             { "Lobe Wires", "sflow_245.dot5StatsLobeWires",
2789                 FT_UINT32, BASE_DEC, NULL, 0x0,
2790                 "dot5 Stats Lobe Wires", HFILL}},
2791         { &hf_sflow_245_dot5StatsRemoves,
2792             { "Removes", "sflow_245.dot5StatsRemoves",
2793                 FT_UINT32, BASE_DEC, NULL, 0x0,
2794                 "dot5 Stats Removes", HFILL}},
2795         { &hf_sflow_245_dot5StatsSingles,
2796             { "Singles", "sflow_245.dot5StatsSingles",
2797                 FT_UINT32, BASE_DEC, NULL, 0x0,
2798                 "dot5 Stats Singles", HFILL}},
2799         { &hf_sflow_245_dot5StatsFreqErrors,
2800             { "Freq Errors", "sflow_245.dot5StatsFreqErrors",
2801                 FT_UINT32, BASE_DEC, NULL, 0x0,
2802                 "dot5 Stats Freq Errors", HFILL}},
2803         { &hf_sflow_245_dot12InHighPriorityFrames,
2804             { "In High Priority Frames", "sflow_245.dot12InHighPriorityFrames",
2805                 FT_UINT32, BASE_DEC, NULL, 0x0,
2806                 "dot12 Input High Priority Frames", HFILL}},
2807         { &hf_sflow_245_dot12InHighPriorityOctets,
2808             { "In High Priority Octets", "sflow_245.dot12InHighPriorityOctets",
2809                 FT_UINT64, BASE_DEC, NULL, 0x0,
2810                 "dot12 Input High Priority Octets", HFILL}},
2811         { &hf_sflow_245_dot12InNormPriorityFrames,
2812             { "In Normal Priority Frames", "sflow_245.dot12InNormPriorityFrames",
2813                 FT_UINT32, BASE_DEC, NULL, 0x0,
2814                 "dot12 Input Normal Priority Frames", HFILL}},
2815         { &hf_sflow_245_dot12InNormPriorityOctets,
2816             { "In Normal Priority Octets", "sflow_245.dot12InNormPriorityOctets",
2817                 FT_UINT64, BASE_DEC, NULL, 0x0,
2818                 "dot12 Input Normal Priority Octets", HFILL}},
2819         { &hf_sflow_245_dot12InIPMErrors,
2820             { "In IPM Errors", "sflow_245.dot12InIPMErrors",
2821                 FT_UINT32, BASE_DEC, NULL, 0x0,
2822                 "dot12 Input IPM Errors", HFILL}},
2823         { &hf_sflow_245_dot12InOversizeFrameErrors,
2824             { "In Oversize Frame Errors", "sflow_245.dot12InOversizeFrameErrors",
2825                 FT_UINT32, BASE_DEC, NULL, 0x0,
2826                 "dot12 Input Oversize Frame Errors", HFILL}},
2827         { &hf_sflow_245_dot12InDataErrors,
2828             { "In Data Errors", "sflow_245.dot12InDataErrors",
2829                 FT_UINT32, BASE_DEC, NULL, 0x0,
2830                 "dot12 Input Data Errors", HFILL}},
2831         { &hf_sflow_245_dot12InNullAddressedFrames,
2832             { "In Null Addressed Frames", "sflow_245.dot12InNullAddressedFrames",
2833                 FT_UINT32, BASE_DEC, NULL, 0x0,
2834                 "dot12 Input Null Addressed Frames", HFILL}},
2835         { &hf_sflow_245_dot12OutHighPriorityFrames,
2836             { "Out High Priority Frames", "sflow_245.dot12OutHighPriorityFrames",
2837                 FT_UINT32, BASE_DEC, NULL, 0x0,
2838                 "dot12 Output High Priority Frames", HFILL}},
2839         { &hf_sflow_245_dot12OutHighPriorityOctets,
2840             { "Out High Priority Octets", "sflow_245.dot12OutHighPriorityOctets",
2841                 FT_UINT64, BASE_DEC, NULL, 0x0,
2842                 "dot12 Out High Priority Octets", HFILL}},
2843         { &hf_sflow_245_dot12TransitionIntoTrainings,
2844             { "Transition Into Trainings", "sflow_245.dot12TransitionIntoTrainings",
2845                 FT_UINT32, BASE_DEC, NULL, 0x0,
2846                 "dot12 Transition Into Trainings", HFILL}},
2847         { &hf_sflow_245_dot12HCInHighPriorityOctets,
2848             { "HC In High Priority Octets", "sflow_245.dot12HCInHighPriorityOctets",
2849                 FT_UINT64, BASE_DEC, NULL, 0x0,
2850                 "dot12 HC Input High Priority Octets", HFILL}},
2851         { &hf_sflow_245_dot12HCInNormPriorityOctets,
2852             { "HC In Normal Priority Octets", "sflow_245.dot12HCInNormPriorityOctets",
2853                 FT_UINT64, BASE_DEC, NULL, 0x0,
2854                 "dot12 HC Input Normal Priority Octets", HFILL}},
2855         { &hf_sflow_245_dot12HCOutHighPriorityOctets,
2856             { "HC Out High Priority Octets", "sflow_245.dot12HCOutHighPriorityOctets",
2857                 FT_UINT64, BASE_DEC, NULL, 0x0,
2858                 "dot12 HC Output High Priority Octets", HFILL}},
2859         { &hf_sflow_245_vlan_id,
2860             { "VLAN ID", "sflow_245.vlan_id",
2861                 FT_UINT32, BASE_DEC, NULL, 0x0,
2862                 NULL, HFILL}},
2863         { &hf_sflow_245_octets,
2864             { "Octets", "sflow_245.octets",
2865                 FT_UINT64, BASE_DEC, NULL, 0x0,
2866                 NULL, HFILL}},
2867         { &hf_sflow_245_ucastPkts,
2868             { "Unicast Packets", "sflow_245.ucastPkts",
2869                 FT_UINT32, BASE_DEC, NULL, 0x0,
2870                 NULL, HFILL}},
2871         { &hf_sflow_245_multicastPkts,
2872             { "Multicast Packets", "sflow_245.multicastPkts",
2873                 FT_UINT32, BASE_DEC, NULL, 0x0,
2874                 NULL, HFILL}},
2875         { &hf_sflow_245_broadcastPkts,
2876             { "Broadcast Packets", "sflow_245.broadcastPkts",
2877                 FT_UINT32, BASE_DEC, NULL, 0x0,
2878                 NULL, HFILL}},
2879         { &hf_sflow_245_discards,
2880             { "Discards", "sflow_245.discards",
2881                 FT_UINT32, BASE_DEC, NULL, 0x0,
2882                 NULL, HFILL}},
2883         { &hf_sflow_5_dot11TransmittedFragmentCount,
2884             { "Transmitted Fragment Count", "sflow_5.dot11TransmittedFragmentCount",
2885                 FT_UINT32, BASE_DEC, NULL, 0x0,
2886                 NULL, HFILL}},
2887         { &hf_sflow_5_dot11MulticastTransmittedFrameCount,
2888             { "Multicast Transmitted Frame Count", "sflow_5.dot11MulticastTransmittedFrameCount",
2889                 FT_UINT32, BASE_DEC, NULL, 0x0,
2890                 NULL, HFILL}},
2891         { &hf_sflow_5_dot11FailedCount,
2892             { "Failed Count", "sflow_5.dot11FailedCount",
2893                 FT_UINT32, BASE_DEC, NULL, 0x0,
2894                 NULL, HFILL}},
2895         { &hf_sflow_5_dot11RetryCount,
2896             { "Retry Count", "sflow_5.dot11RetryCount",
2897                 FT_UINT32, BASE_DEC, NULL, 0x0,
2898                 NULL, HFILL}},
2899         { &hf_sflow_5_dot11MultipleRetryCount,
2900             { "Multiple Retry Count", "sflow_5.dot11MultipleRetryCount",
2901                 FT_UINT32, BASE_DEC, NULL, 0x0,
2902                 NULL, HFILL}},
2903         { &hf_sflow_5_dot11FrameDuplicateCount,
2904             { "Frame Duplicate Count", "sflow_5.dot11FrameDuplicateCount",
2905                 FT_UINT32, BASE_DEC, NULL, 0x0,
2906                 NULL, HFILL}},
2907         { &hf_sflow_5_dot11RTSSuccessCount,
2908             { "RTS Success Count", "sflow_5.dot11RTSSuccessCount",
2909                 FT_UINT32, BASE_DEC, NULL, 0x0,
2910                 NULL, HFILL}},
2911         { &hf_sflow_5_dot11RTSFailureCount,
2912             { "Failure Count", "sflow_5.dot11RTSFailureCount",
2913                 FT_UINT32, BASE_DEC, NULL, 0x0,
2914                 NULL, HFILL}},
2915         { &hf_sflow_5_dot11ACKFailureCount,
2916             { "ACK Failure Count", "sflow_5.dot11ACKFailureCount",
2917                 FT_UINT32, BASE_DEC, NULL, 0x0,
2918                 NULL, HFILL}},
2919         { &hf_sflow_5_dot11ReceivedFragmentCount,
2920             { "Received Fragment Count", "sflow_5.dot11ReceivedFragmentCount",
2921                 FT_UINT32, BASE_DEC, NULL, 0x0,
2922                 NULL, HFILL}},
2923         { &hf_sflow_5_dot11MulticastReceivedFrameCount,
2924             { "Multicast Received Frame Count", "sflow_5.dot11MulticastReceivedFrameCount",
2925                 FT_UINT32, BASE_DEC, NULL, 0x0,
2926                 NULL, HFILL}},
2927         { &hf_sflow_5_dot11FCSErrorCount,
2928             { "FCS Error Count", "sflow_5.dot11FCSErrorCount",
2929                 FT_UINT32, BASE_DEC, NULL, 0x0,
2930                 NULL, HFILL}},
2931         { &hf_sflow_5_dot11TransmittedFrameCount,
2932             { "Transmitted Frame Count", "sflow_5.dot11TransmittedFrameCount",
2933                 FT_UINT32, BASE_DEC, NULL, 0x0,
2934                 NULL, HFILL}},
2935         { &hf_sflow_5_dot11WEPUndecryptableCount,
2936             { "WEP Undecryptable Count", "sflow_5.dot11WEPUndecryptableCount",
2937                 FT_UINT32, BASE_DEC, NULL, 0x0,
2938                 NULL, HFILL}},
2939         { &hf_sflow_5_dot11QoSDiscardedFragmentCount,
2940             { "QoS Discarded Fragment Count", "sflow_5.dot11QoSDiscardedFragmentCount",
2941                 FT_UINT32, BASE_DEC, NULL, 0x0,
2942                 NULL, HFILL}},
2943         { &hf_sflow_5_dot11AssociatedStationCount,
2944             { "Associated Station Count", "sflow_5.dot11AssociatedStationCount",
2945                 FT_UINT32, BASE_DEC, NULL, 0x0,
2946                 NULL, HFILL}},
2947         { &hf_sflow_5_dot11QoSCFPollsReceivedCount,
2948             { "QoS CF Polls Received Count", "sflow_5.dot11QoSCFPollsReceivedCount",
2949                 FT_UINT32, BASE_DEC, NULL, 0x0,
2950                 NULL, HFILL}},
2951         { &hf_sflow_5_dot11QoSCFPollsUnusedCount,
2952             { "QoS CF Polls Unused Count", "sflow_5.dot11QoSCFPollsUnusedCount",
2953                 FT_UINT32, BASE_DEC, NULL, 0x0,
2954                 NULL, HFILL}},
2955         { &hf_sflow_5_dot11QoSCFPollsUnusableCount,
2956             { "QoS CF Polls Unusable Count", "sflow_5.dot11QoSCFPollsUnusableCount",
2957                 FT_UINT32, BASE_DEC, NULL, 0x0,
2958                 NULL, HFILL}},
2959         { &hf_sflow_5_dot11QoSCFPollsLostCount,
2960             { "QoS CF Polls Lost Count", "sflow_5.dot11QoSCFPollsLostCount",
2961                 FT_UINT32, BASE_DEC, NULL, 0x0,
2962                 NULL, HFILL}},
2963         { &hf_sflow_5_cpu_5s,
2964             { "5s CPU Load (100 = 1%)", "sflow_5.cpu_5s",
2965                 FT_UINT32, BASE_DEC, NULL, 0x0,
2966                 "Average CPU Load Over 5 Seconds (100 = 1%)", HFILL}},
2967         { &hf_sflow_5_cpu_1m,
2968             { "1m CPU Load (100 = 1%)", "sflow_5.cpu_1m",
2969                 FT_UINT32, BASE_DEC, NULL, 0x0,
2970                 "Average CPU Load Over 1 Minute (100 = 1%)", HFILL}},
2971         { &hf_sflow_5_cpu_5m,
2972             { "5m CPU Load (100 = 1%)", "sflow_5.cpu_5m",
2973                 FT_UINT32, BASE_DEC, NULL, 0x0,
2974                 "Average CPU Load Over 5 Minutes (100 = 1%)", HFILL}},
2975         { &hf_sflow_5_total_memory,
2976             { "Total Memory", "sflow_5.total_memory",
2977                 FT_UINT64, BASE_DEC, NULL, 0x0,
2978                 NULL, HFILL}},
2979         { &hf_sflow_5_free_memory,
2980             { "Free Memory", "sflow_5.free_memory",
2981                 FT_UINT64, BASE_DEC, NULL, 0x0,
2982                 NULL, HFILL}},
2983         { &hf_sflow_5_elapsed_time,
2984             { "Elapsed Time (ms)", "sflow_5.elapsed_time",
2985                 FT_UINT32, BASE_DEC, NULL, 0x0,
2986                 "Elapsed Time in ms", HFILL}},
2987         { &hf_sflow_5_on_channel_time,
2988             { "On Channel (ms)", "sflow_5.on_channel_time",
2989                 FT_UINT32, BASE_DEC, NULL, 0x0,
2990                 "Time in ms Spent on Channel", HFILL}},
2991         { &hf_sflow_5_on_channel_busy_time,
2992             { "On Channel Busy (ms)", "sflow_5.channel_busy_time",
2993                 FT_UINT32, BASE_DEC, NULL, 0x0,
2994                 "Time in ms Spent on Channel and Busy", HFILL}},
2995
2996       /* Generated from convert_proto_tree_add_text.pl */
2997       { &hf_sflow_245_header_frame_length,
2998         { "Frame Length", "sflow_245.header.frame_length",
2999           FT_UINT32, BASE_DEC, NULL, 0x0,
3000           NULL, HFILL }
3001       },
3002       { &hf_sflow_245_header_payload_removed,
3003         { "Payload removed", "sflow_245.header.payload_removed",
3004           FT_UINT32, BASE_DEC, NULL, 0x0,
3005           NULL, HFILL }
3006       },
3007       { &hf_sflow_245_original_packet_header_length,
3008         { "Original packet length", "sflow_245.header.original_packet_header_length",
3009           FT_UINT32, BASE_DEC, NULL, 0x0,
3010           NULL, HFILL }
3011       },
3012       { &hf_sflow_245_extended_mpls_in_label_stack_entries,
3013         { "In Label Stack Entries", "sflow_245.extended_mpls.in_label_stack_entries",
3014           FT_UINT32, BASE_DEC, NULL, 0x0,
3015           NULL, HFILL }
3016       },
3017       { &hf_sflow_245_extended_mpls_in_label,
3018         { "Label", "sflow_245.extended_mpls.in_label",
3019           FT_UINT32, BASE_DEC, NULL, 0x0,
3020           NULL, HFILL }
3021       },
3022       { &hf_sflow_245_extended_mpls_out_label_stack_entries,
3023         { "Out Label Stack Entries", "sflow_245.extended_mpls.out_label_stack_entries",
3024           FT_UINT32, BASE_DEC, NULL, 0x0,
3025           NULL, HFILL }
3026       },
3027       { &hf_sflow_245_extended_mpls_out_label,
3028         { "Label", "sflow_245.extended_mpls.out_label",
3029           FT_UINT32, BASE_DEC, NULL, 0x0,
3030           NULL, HFILL }
3031       },
3032       { &hf_sflow_245_ethernet_length_of_mac_packet,
3033         { "Length of MAC Packet", "sflow_245.ethernet.length",
3034           FT_UINT32, BASE_DEC, NULL, 0x0,
3035           NULL, HFILL }
3036       },
3037       { &hf_sflow_245_ethernet_source_mac_address,
3038         { "Source MAC Address", "sflow_245.ethernet.source_mac_address",
3039           FT_ETHER, BASE_NONE, NULL, 0x0,
3040           NULL, HFILL }
3041       },
3042       { &hf_sflow_245_ethernet_destination_mac_address,
3043         { "Destination MAC Address", "sflow_245.ethernet.destination_mac_address",
3044           FT_ETHER, BASE_NONE, NULL, 0x0,
3045           NULL, HFILL }
3046       },
3047       { &hf_sflow_245_ethernet_packet_type,
3048         { "Ethernet Packet Type", "sflow_245.ethernet.packet_type",
3049           FT_UINT32, BASE_DEC, NULL, 0x0,
3050           NULL, HFILL }
3051       },
3052       { &hf_sflow_245_length_of_ip_packet,
3053         { "Length of IP Packet", "sflow_245.ip.length",
3054           FT_UINT32, BASE_DEC, NULL, 0x0,
3055           NULL, HFILL }
3056       },
3057       { &hf_sflow_245_ip_source_port,
3058         { "Source Port", "sflow_245.ip.source_port",
3059           FT_UINT32, BASE_DEC, NULL, 0x0,
3060           NULL, HFILL }
3061       },
3062       { &hf_sflow_245_ip_destination_port,
3063         { "Destination Port", "sflow.ip.destination_port",
3064           FT_UINT32, BASE_DEC, NULL, 0x0,
3065           NULL, HFILL }
3066       },
3067       { &hf_sflow_245_ip_tcp_flag_cwr,
3068         { "TCP Flag (CWR)", "sflow_245.ip.tcp_flag.cwr",
3069           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x80,
3070           NULL, HFILL }
3071       },
3072       { &hf_sflow_245_ip_tcp_flag_ece,
3073         { "TCP Flag (ECE)", "sflow_245.ip.tcp_flag.ece",
3074           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x40,
3075           NULL, HFILL }
3076       },
3077       { &hf_sflow_245_ip_tcp_flag_urg,
3078         { "TCP Flag (URG)", "sflow_245.ip.tcp_flag.urg",
3079           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x20,
3080           NULL, HFILL }
3081       },
3082       { &hf_sflow_245_ip_tcp_flag_ack,
3083         { "TCP Flag (ACK)", "sflow_245.ip.tcp_flag.ack",
3084           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x10,
3085           NULL, HFILL }
3086       },
3087       { &hf_sflow_245_ip_tcp_flag_psh,
3088         { "TCP Flag (PSH)", "sflow_245.ip.tcp_flag.psh",
3089           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x08,
3090           NULL, HFILL }
3091       },
3092       { &hf_sflow_245_ip_tcp_flag_rst,
3093         { "TCP Flag (RST)", "sflow_245.ip.tcp_flag.rst",
3094           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x04,
3095           NULL, HFILL }
3096       },
3097       { &hf_sflow_245_ip_tcp_flag_syn,
3098         { "TCP Flag (SYN)", "sflow_245.ip.tcp_flag.syn",
3099           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x02,
3100           NULL, HFILL }
3101       },
3102       { &hf_sflow_245_ip_tcp_flag_fin,
3103         { "TCP Flag (FIN)", "sflow_245.ip.tcp_flag.fin",
3104           FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x01,
3105           NULL, HFILL }
3106       },
3107       { &hf_sflow_245_ipv4_delay,
3108         { "Delay", "sflow_245.ipv4_delay",
3109           FT_BOOLEAN, 8, TFS(&tfs_low_normal), 0x10,
3110           NULL, HFILL }
3111       },
3112       { &hf_sflow_245_ipv4_throughput,
3113         { "Throughput", "sflow_245.ipv4_throughput",
3114           FT_BOOLEAN, 8, TFS(&tfs_high_normal), 0x08,
3115           NULL, HFILL }
3116       },
3117       { &hf_sflow_245_ipv4_reliability,
3118         { "Reliability", "sflow_245.ipv4_reliability",
3119           FT_BOOLEAN, 8, TFS(&tfs_high_normal), 0x04,
3120           NULL, HFILL }
3121       },
3122       { &hf_sflow_245_ipv4_cost,
3123         { "Cost (RFC1349)", "sflow_245.ipv4_cost",
3124           FT_BOOLEAN, 8, TFS(&tfs_minimize_monetary_normal), 0x02,
3125           NULL, HFILL }
3126       },
3127       { &hf_sflow_245_ipv6_priority,
3128         { "Priority", "sflow_245.ipv6_priority",
3129           FT_UINT32, BASE_DEC, NULL, 0x0,
3130           NULL, HFILL }
3131       },
3132       { &hf_sflow_5_extended_user_source_character_set,
3133         { "Source Character Set", "sflow_5.extended_user.source_character_set",
3134           FT_UINT32, BASE_DEC, NULL, 0x0,
3135           NULL, HFILL }
3136       },
3137       { &hf_sflow_5_extended_user_source_user_string_length,
3138         { "Source User String Length (bytes)", "sflow_5.extended_user.source_user_string_length",
3139           FT_UINT32, BASE_DEC, NULL, 0x0,
3140           NULL, HFILL }
3141       },
3142       { &hf_sflow_5_extended_user_destination_character_set,
3143         { "Destination Character Set", "sflow_5.extended_user.destination_character_set",
3144           FT_UINT32, BASE_DEC, NULL, 0x0,
3145           NULL, HFILL }
3146       },
3147       { &hf_sflow_5_extended_user_destination_user_string_length,
3148         { "Destination User String Length (bytes)", "sflow_5.extended_user.destination_user_string_length",
3149           FT_UINT32, BASE_DEC, NULL, 0x0,
3150           NULL, HFILL }
3151       },
3152       { &hf_sflow_5_extended_url_url_length,
3153         { "URL Length (bytes)", "sflow_5.extended_url.url_length",
3154           FT_UINT32, BASE_DEC, NULL, 0x0,
3155           NULL, HFILL }
3156       },
3157       { &hf_sflow_5_extended_url_host_length,
3158         { "Host Length (bytes)", "sflow_5.extended_url.host_length",
3159           FT_UINT32, BASE_DEC, NULL, 0x0,
3160           NULL, HFILL }
3161       },
3162       { &hf_sflow_5_extended_mpls_tunnel_name_length,
3163         { "Tunnel Name Length (bytes)", "sflow_5.extended_mpls_tunnel.name_length",
3164           FT_UINT32, BASE_DEC, NULL, 0x0,
3165           NULL, HFILL }
3166       },
3167       { &hf_sflow_5_extended_mpls_tunnel_id,
3168         { "Tunnel ID", "sflow_5.extended_mpls_tunnel.id",
3169           FT_UINT32, BASE_DEC, NULL, 0x0,
3170           NULL, HFILL }
3171       },
3172       { &hf_sflow_5_extended_mpls_tunnel_cos_value,
3173         { "Tunnel COS Value", "sflow_5.extended_mpls_tunnel.cos_value",
3174           FT_UINT32, BASE_DEC, NULL, 0x0,
3175           NULL, HFILL }
3176       },
3177       { &hf_sflow_5_extended_mpls_vc_instance_name_length,
3178         { "VC Instance Name Length (bytes)", "sflow_5.extended_mpls_vc.instance_name_length",
3179           FT_UINT32, BASE_DEC, NULL, 0x0,
3180           NULL, HFILL }
3181       },
3182       { &hf_sflow_5_extended_mpls_vc_id,
3183         { "VLL/VC ID", "sflow_5.extended_mpls_vc.id",
3184           FT_UINT32, BASE_DEC, NULL, 0x0,
3185           NULL, HFILL }
3186       },
3187       { &hf_sflow_5_extended_mpls_vc_label_cos_value,
3188         { "VC Label COS Value", "sflow_5.extended_mpls_vc.label_cos_value",
3189           FT_UINT32, BASE_DEC, NULL, 0x0,
3190           NULL, HFILL }
3191       },
3192       { &hf_sflow_5_extended_mpls_ftn_description_length,
3193         { "MPLS FTN Description Length (bytes)", "sflow_5.extended_mpls.ftn_description_length",
3194           FT_UINT32, BASE_DEC, NULL, 0x0,
3195           NULL, HFILL }
3196       },
3197       { &hf_sflow_5_extended_mpls_ftn_mask,
3198         { "MPLS FTN Mask", "sflow_5.extended_mpls.ftn_mask",
3199           FT_UINT32, BASE_DEC, NULL, 0x0,
3200           NULL, HFILL }
3201       },
3202       { &hf_sflow_5_extended_mpls_fec_address_prefix_length,
3203         { "MPLS FEC Address Prefix Length (bytes)", "sflow_5.extended_mpls.fec_address_prefix_length",
3204           FT_UINT32, BASE_DEC, NULL, 0x0,
3205           NULL, HFILL }
3206       },
3207       { &hf_sflow_5_extended_vlan_tunnel_number_of_layers,
3208         { "Number of Layers", "sflow_5.extended_vlan_tunnel.number_of_layers",
3209           FT_UINT32, BASE_DEC, NULL, 0x0,
3210           NULL, HFILL }
3211       },
3212       { &hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair,
3213         { "TPID/TCI Pair as Integer", "sflow_5.extended_vlan_tunnel.tpid_tci_pair",
3214           FT_UINT32, BASE_DEC, NULL, 0x0,
3215           NULL, HFILL }
3216       },
3217       { &hf_sflow_5_extended_80211_oui,
3218         { "OUI", "sflow_5.extended_80211.oui",
3219           FT_UINT24, BASE_HEX, NULL, 0x0,
3220           NULL, HFILL }
3221       },
3222       { &hf_sflow_5_extended_80211_suite_type,
3223         { "Suite Type", "sflow_5.extended_80211.suite_type",
3224           FT_UINT8, BASE_DEC, VALS(extended_80211_suite_type_vals), 0x0,
3225           NULL, HFILL }
3226       },
3227       { &hf_sflow_5_extended_80211_payload_length,
3228         { "Payload Length", "sflow_5.extended_80211.payload_length",
3229           FT_UINT32, BASE_DEC, NULL, 0x0,
3230           NULL, HFILL }
3231       },
3232       { &hf_sflow_5_extended_80211_rx_bssid,
3233         { "BSSID", "sflow_5.extended_80211.rx.bssid",
3234           FT_ETHER, BASE_NONE, NULL, 0x0,
3235           NULL, HFILL }
3236       },
3237       { &hf_sflow_5_extended_80211_rx_version,
3238         { "Version", "sflow_5.extended_80211.rx.version",
3239           FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
3240           NULL, HFILL }
3241       },
3242       { &hf_sflow_5_extended_80211_rx_channel,
3243         { "Channel", "sflow_5.extended_80211.rx.channel",
3244           FT_UINT32, BASE_DEC, NULL, 0x0,
3245           NULL, HFILL }
3246       },
3247       { &hf_sflow_5_extended_80211_rx_speed,
3248         { "Speed", "sflow_5.extended_80211.rx.speed",
3249           FT_UINT64, BASE_DEC, NULL, 0x0,
3250           NULL, HFILL }
3251       },
3252       { &hf_sflow_5_extended_80211_rx_rsni,
3253         { "RSNI", "sflow_5.extended_80211.rx.rsni",
3254           FT_UINT32, BASE_DEC, NULL, 0x0,
3255           NULL, HFILL }
3256       },
3257       { &hf_sflow_5_extended_80211_rx_rcpi,
3258         { "RCPI", "sflow_5.extended_80211.rx.rcpi",
3259           FT_UINT32, BASE_DEC, NULL, 0x0,
3260           NULL, HFILL }
3261       },
3262       { &hf_sflow_5_extended_80211_rx_packet_duration,
3263         { "Packet Duration (ms)", "sflow_5.extended_80211.rx.packet_duration",
3264           FT_UINT32, BASE_DEC, NULL, 0x0,
3265           NULL, HFILL }
3266       },
3267       { &hf_sflow_5_extended_80211_tx_bssid,
3268         { "BSSID", "sflow_5.extended_80211.tx.bssid",
3269           FT_ETHER, BASE_NONE, NULL, 0x0,
3270           NULL, HFILL }
3271       },
3272       { &hf_sflow_5_extended_80211_tx_version,
3273         { "Version", "sflow_5.extended_80211.tx.version",
3274           FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
3275           NULL, HFILL }
3276       },
3277       { &hf_sflow_5_extended_80211_tx_retransmissions,
3278         { "Retransmissions", "sflow_5.extended_80211.tx.retransmissions",
3279           FT_UINT32, BASE_DEC, NULL, 0x0,
3280           NULL, HFILL }
3281       },
3282       { &hf_sflow_5_extended_80211_tx_packet_duration,
3283         { "Packet Duration (ms)", "sflow_5.extended_80211.tx.packet_duration",
3284           FT_UINT32, BASE_DEC, NULL, 0x0,
3285           NULL, HFILL }
3286       },
3287       { &hf_sflow_5_extended_80211_tx_retransmission_duration,
3288         { "Retransmission Duration (ms)", "sflow_5.extended_80211.tx.retransmission_duration",
3289           FT_UINT32, BASE_DEC, NULL, 0x0,
3290           NULL, HFILL }
3291       },
3292       { &hf_sflow_5_extended_80211_tx_channel,
3293         { "Channel", "sflow_5.extended_80211.tx.channel",
3294           FT_UINT32, BASE_DEC, NULL, 0x0,
3295           NULL, HFILL }
3296       },
3297       { &hf_sflow_5_extended_80211_tx_speed,
3298         { "Speed", "sflow_5.extended_80211.tx.speed",
3299           FT_UINT64, BASE_DEC, NULL, 0x0,
3300           NULL, HFILL }
3301       },
3302       { &hf_sflow_5_extended_80211_tx_power,
3303         { "Power", "sflow_5.extended_80211.tx.power",
3304           FT_UINT32, BASE_DEC, NULL, 0x0,
3305           NULL, HFILL }
3306       },
3307       { &hf_sflow_flow_sample_sequence_number,
3308         { "Sequence number", "sflow.flow_sample.sequence_number",
3309           FT_UINT32, BASE_DEC, NULL, 0x0,
3310           NULL, HFILL }
3311       },
3312       { &hf_sflow_flow_sample_source_id_class,
3313         { "Source ID class", "sflow.flow_sample.source_id_class",
3314           FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3315           NULL, HFILL }
3316       },
3317       { &hf_sflow_flow_sample_sampling_rate,
3318         { "Sampling rate", "sflow.flow_sample.sampling_rate",
3319           FT_UINT32, BASE_DEC, NULL, 0x0,
3320           NULL, HFILL }
3321       },
3322       { &hf_sflow_flow_sample_sample_pool,
3323         { "Sample pool", "sflow.flow_sample.sample_pool",
3324           FT_UINT32, BASE_DEC, NULL, 0x0,
3325           NULL, HFILL }
3326       },
3327       { &hf_sflow_flow_sample_dropped_packets,
3328         { "Dropped packets", "sflow.flow_sample.dropped_packets",
3329           FT_UINT32, BASE_DEC, NULL, 0x0,
3330           NULL, HFILL }
3331       },
3332       { &hf_sflow_flow_sample_input_interface,
3333         { "Input interface (ifIndex)", "sflow.flow_sample.input_interface",
3334           FT_UINT32, BASE_DEC, NULL, 0x0,
3335           NULL, HFILL }
3336       },
3337       { &hf_sflow_flow_sample_multiple_outputs,
3338         { "Multiple outputs", "sflow.flow_sample.multiple_outputs",
3339           FT_UINT32, BASE_DEC, NULL, 0x0,
3340           NULL, HFILL }
3341       },
3342       { &hf_sflow_flow_sample_output_interface,
3343         { "Output interface (ifIndex)", "sflow.flow_sample.output_interface",
3344           FT_UINT32, BASE_DEC, NULL, 0x7fffffff,
3345           NULL, HFILL }
3346       },
3347       { &hf_sflow_enterprise,
3348         { "Enterprise", "sflow.enterprise",
3349           FT_UINT32, BASE_DEC, NULL, 0xFFFFF000,
3350           NULL, HFILL }
3351       },
3352       { &hf_sflow_flow_sample_flow_record,
3353         { "Flow record", "sflow.flow_sample.flow_record",
3354           FT_UINT32, BASE_DEC, NULL, 0x0,
3355           NULL, HFILL }
3356       },
3357       { &hf_sflow_flow_sample_source_id_type,
3358         { "Source ID type", "sflow.flow_sample.source_id_type",
3359           FT_UINT32, BASE_DEC, NULL, 0x0,
3360           NULL, HFILL }
3361       },
3362       { &hf_sflow_flow_sample_source_id_index,
3363         { "Source ID index", "sflow.flow_sample.source_id_index",
3364           FT_UINT32, BASE_DEC, NULL, 0x0,
3365           NULL, HFILL }
3366       },
3367       { &hf_sflow_flow_sample_input_interface_format,
3368         { "Input interface format", "sflow.flow_sample.input_interface_format",
3369           FT_UINT32, BASE_DEC, NULL, 0x0,
3370           NULL, HFILL }
3371       },
3372       { &hf_sflow_flow_sample_input_interface_value,
3373         { "Input interface value", "sflow.flow_sample.input_interface_value",
3374           FT_UINT32, BASE_DEC, NULL, 0x0,
3375           NULL, HFILL }
3376       },
3377       { &hf_sflow_flow_sample_output_interface_format,
3378         { "Output interface format", "sflow.flow_sample.output_interface_format",
3379           FT_UINT32, BASE_DEC, NULL, 0x0,
3380           NULL, HFILL }
3381       },
3382       { &hf_sflow_flow_sample_output_interface_value,
3383         { "Output interface value", "sflow.flow_sample.output_interface_value",
3384           FT_UINT32, BASE_DEC, NULL, 0x0,
3385           NULL, HFILL }
3386       },
3387       { &hf_sflow_counters_sample_sequence_number,
3388         { "Sequence number", "sflow.counters_sample.sequence_number",
3389           FT_UINT32, BASE_DEC, NULL, 0x0,
3390           NULL, HFILL }
3391       },
3392       { &hf_sflow_counters_sample_source_id_class,
3393         { "Source ID class", "sflow.counters_sample.source_id_class",
3394           FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3395           NULL, HFILL }
3396       },
3397       { &hf_sflow_counters_sample_sampling_interval,
3398         { "Sampling Interval", "sflow.counters_sample.sampling_interval",
3399           FT_UINT32, BASE_DEC, NULL, 0x0,
3400           NULL, HFILL }
3401       },
3402       { &hf_sflow_counters_sample_counters_type,
3403         { "Counters type", "sflow.counters_sample.counters_type",
3404           FT_UINT32, BASE_DEC, VALS(sflow_245_counterstype), 0x0,
3405           NULL, HFILL }
3406       },
3407       { &hf_sflow_counters_sample_source_id_type,
3408         { "Source ID type", "sflow.counters_sample.source_id_type",
3409           FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3410           NULL, HFILL }
3411       },
3412       { &hf_sflow_counters_sample_source_id_index,
3413         { "Source ID index", "sflow.counters_sample.source_id_index",
3414           FT_UINT32, BASE_DEC, NULL, 0x00FFFFFF,
3415           NULL, HFILL }
3416       },
3417       { &hf_sflow_counters_sample_counters_records,
3418         { "Counters records", "sflow.counters_sample.counters_records",
3419           FT_UINT32, BASE_DEC, NULL, 0x0,
3420           NULL, HFILL }
3421       },
3422       { &hf_sflow_counters_sample_expanded_source_id_type,
3423         { "Source ID type", "sflow.counters_sample.source_id_type",
3424           FT_UINT32, BASE_DEC, NULL, 0x0,
3425           NULL, HFILL }
3426       },
3427       { &hf_sflow_counters_sample_expanded_source_id_index,
3428         { "Source ID index", "sflow.counters_sample.source_id_index",
3429           FT_UINT32, BASE_DEC, NULL, 0x0,
3430           NULL, HFILL }
3431       },
3432
3433       { &hf_sflow_lag_port_actorsystemid,
3434         { "Actor System ID", "sflow.lag_port.actor_system_id",
3435           FT_ETHER, BASE_NONE, NULL, 0x0,
3436           NULL, HFILL }
3437       },
3438       { &hf_sflow_lag_port_partneropersystemid,
3439         { "Partner Oper System ID", "sflow.lag_port.partner_oper_system_id",
3440           FT_ETHER, BASE_NONE, NULL, 0x0,
3441           NULL, HFILL }
3442       },
3443       { &hf_sflow_lag_port_attachedaggid,
3444         { "Port Attached Agg ID", "sflow.lag_port.attached_agg_id",
3445           FT_UINT32, BASE_DEC, NULL, 0x0,
3446           NULL, HFILL }
3447       },
3448       { &hf_sflow_lag_port_state,
3449         { "State", "sflow.lag_port.state",
3450           FT_UINT32, BASE_HEX, NULL, 0x0,
3451           NULL, HFILL }
3452       },
3453       { &hf_sflow_lag_port_actoradminstate,
3454         { "Actor Admin State", "sflow.lag_port.actor_admin_state",
3455           FT_BOOLEAN, 32, NULL, 0x00000001,
3456           NULL, HFILL }
3457       },
3458       { &hf_sflow_lag_port_actoroperstate,
3459         { "Actor Oper State", "sflow.lag_port.actor_oper_state",
3460           FT_BOOLEAN, 32, NULL, 0x00000002,
3461           NULL, HFILL }
3462       },
3463       { &hf_sflow_lag_port_partneradminstate,
3464         { "Partner Admin State", "sflow.lag_port.partner_admin_state",
3465           FT_BOOLEAN, 32, NULL, 0x00000004,
3466           NULL, HFILL }
3467       },
3468       { &hf_sflow_lag_port_partneroperstate,
3469         { "Partner Oper State", "sflow.lag_port.partner_oper_state",
3470           FT_BOOLEAN, 32, NULL, 0x00000008,
3471           NULL, HFILL }
3472       },
3473       { &hf_sflow_lag_port_reserved,
3474         { "Reserved", "sflow.lag_port.reserved",
3475           FT_UINT32, BASE_HEX, NULL, 0xFFFFFFF0,
3476           NULL, HFILL }
3477       },
3478       { &hf_sflow_lag_port_stats_lacpdusrx,
3479         { "LACPDUs Rx", "sflow.lag_port.lacpdus.rx",
3480           FT_UINT32, BASE_DEC, NULL, 0x0,
3481           NULL, HFILL }
3482       },
3483       { &hf_sflow_lag_port_stats_markerpdusrx,
3484         { "Marker PDUs Rx", "sflow.lag_port.marker_pdus.rx",
3485           FT_UINT32, BASE_DEC, NULL, 0x0,
3486           NULL, HFILL }
3487       },
3488       { &hf_sflow_lag_port_stats_markerresponsepdusrx,
3489         { "Marker Response PDUs Rx", "sflow.lag_port.marker_response_pdus.rx",
3490           FT_UINT32, BASE_DEC, NULL, 0x0,
3491           NULL, HFILL }
3492       },
3493       { &hf_sflow_lag_port_stats_unknownrx,
3494         { "Unknown Rx", "sflow.lag_port.unknown.rx",
3495           FT_UINT32, BASE_DEC, NULL, 0x0,
3496           NULL, HFILL }
3497       },
3498       { &hf_sflow_lag_port_stats_illegalrx,
3499         { "Illegal Rx", "sflow.lag_port.illegal.rx",
3500           FT_UINT32, BASE_DEC, NULL, 0x0,
3501           NULL, HFILL }
3502       },
3503       { &hf_sflow_lag_port_stats_lacpdustx,
3504         { "LACPDUs Tx", "sflow.lag_port.lacpdus.tx",
3505           FT_UINT32, BASE_DEC, NULL, 0x0,
3506           NULL, HFILL }
3507       },
3508       { &hf_sflow_lag_port_stats_markerpdustx,
3509         { "Marker PDUs Tx", "sflow.lag_port.marker_pdus.tx",
3510           FT_UINT32, BASE_DEC, NULL, 0x0,
3511           NULL, HFILL }
3512       },
3513       { &hf_sflow_lag_port_stats_markerresponsepdustx,
3514         { "Marker Response PDUs Tx", "sflow.lag_port.marker_response_pdus.tx",
3515           FT_UINT32, BASE_DEC, NULL, 0x0,
3516           NULL, HFILL }
3517       },
3518
3519       { &hf_sflow_245_as_type,
3520         { "AS Type", "sflow.as_type",
3521           FT_UINT32, BASE_DEC, VALS(sflow_245_as_types), 0x0,
3522           NULL, HFILL }
3523       },
3524       { &hf_sflow_245_ip_protocol,
3525         { "IP Protocol", "sflow.ip_protocol",
3526           FT_UINT32, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
3527           NULL, HFILL }
3528       },
3529       { &hf_sflow_5_extended_user_source_user,
3530         { "Source User", "sflow_5.extended_user.source_user",
3531           FT_STRING, BASE_NONE, NULL, 0x0,
3532           NULL, HFILL }
3533       },
3534       { &hf_sflow_5_extended_user_destination_user,
3535         { "Destination User", "sflow_5.extended_user.destination_user",
3536           FT_STRING, BASE_NONE, NULL, 0x0,
3537           NULL, HFILL }
3538       },
3539       { &hf_sflow_5_extended_url_direction,
3540         { "Direction", "sflow_5.extended_url.direction",
3541           FT_UINT32, BASE_DEC, NULL, 0x0,
3542           NULL, HFILL }
3543       },
3544       { &hf_sflow_5_extended_url_url,
3545         { "URL", "sflow_5.extended_url.url",
3546           FT_STRING, BASE_NONE, NULL, 0x0,
3547           NULL, HFILL }
3548       },
3549       { &hf_sflow_5_extended_url_host,
3550         { "Host", "sflow_5.extended_url.host",
3551           FT_STRING, BASE_NONE, NULL, 0x0,
3552           NULL, HFILL }
3553       },
3554       { &hf_sflow_5_extended_mpls_tunnel_name,
3555         { "Tunnel Name", "sflow_5.extended_mpls_tunnel.tunnel_name",
3556           FT_STRING, BASE_NONE, NULL, 0x0,
3557           NULL, HFILL }
3558       },
3559       { &hf_sflow_5_extended_mpls_vc_instance_name,
3560         { "VC Instance Name", "sflow_5.extended_mpls_vc.vc_instance_name",
3561           FT_STRING, BASE_NONE, NULL, 0x0,
3562           NULL, HFILL }
3563       },
3564       { &hf_sflow_5_extended_mpls_ftn_description,
3565         { "MPLS FTN Description", "sflow_5.extended_mpls.ftn_description",
3566           FT_STRING, BASE_NONE, NULL, 0x0,
3567           NULL, HFILL }
3568       },
3569       { &hf_sflow_5_extended_80211_payload,
3570         { "Payload", "sflow_5.extended_80211.payload",
3571           FT_BYTES, BASE_NONE, NULL, 0x0,
3572           NULL, HFILL }
3573       },
3574       { &hf_sflow_5_extended_80211_rx_ssid,
3575         { "SSID", "sflow_5.extended_80211.rx.ssid",
3576           FT_STRING, BASE_NONE, NULL, 0x0,
3577           NULL, HFILL }
3578       },
3579       { &hf_sflow_5_extended_80211_tx_ssid,
3580         { "SSID", "sflow_5.extended_80211.tx.ssid",
3581           FT_STRING, BASE_NONE, NULL, 0x0,
3582           NULL, HFILL }
3583       },
3584       { &hf_sflow_flow_sample_index,
3585         { "Index", "sflow.flow_sample.index",
3586           FT_UINT32, BASE_DEC, NULL, 0x00FFFFFF,
3587           NULL, HFILL }
3588       },
3589       { &hf_sflow_counters_sample_index,
3590         { "Index", "sflow.counters_sample.index",
3591           FT_UINT32, BASE_DEC, NULL, 0x0,
3592           NULL, HFILL }
3593       },
3594     };
3595
3596     /* Setup protocol subtree array */
3597     static gint * ett[] = {
3598         &ett_sflow_245,
3599         &ett_sflow_245_sample,
3600         &ett_sflow_5_flow_record,
3601         &ett_sflow_5_counters_record,
3602         &ett_sflow_5_mpls_in_label_stack,
3603         &ett_sflow_5_mpls_out_label_stack,
3604         &ett_sflow_245_extended_data,
3605         &ett_sflow_245_gw_as_dst,
3606         &ett_sflow_245_gw_as_dst_seg,
3607         &ett_sflow_245_gw_community,
3608         &ett_sflow_245_sampled_header,
3609         &ett_sflow_lag_port_state_flags,
3610     };
3611
3612     static ei_register_info ei[] = {
3613         { &ei_sflow_invalid_address_type, { "sflow.invalid_address_type", PI_MALFORMED, PI_ERROR, "Unknown/invalid address type", EXPFILL }},
3614     };
3615
3616     expert_module_t* expert_sflow;
3617
3618     /* Register the protocol name and description */
3619     proto_sflow = proto_register_protocol("InMon sFlow", "sFlow", "sflow");
3620
3621     /* Required function calls to register the header fields and subtrees used */
3622     proto_register_field_array(proto_sflow, hf, array_length(hf));
3623     proto_register_subtree_array(ett, array_length(ett));
3624     expert_sflow = expert_register_protocol(proto_sflow);
3625     expert_register_field_array(expert_sflow, ei, array_length(ei));
3626
3627     header_subdissector_table  = register_dissector_table("sflow_245.header_protocol", "SFLOW header protocol", proto_sflow, FT_UINT32, BASE_DEC);
3628
3629     /* Register our configuration options for sFlow */
3630     sflow_245_module = prefs_register_protocol(proto_sflow, NULL);
3631
3632     /*
3633        If I use a filter like "ip.src == 10.1.1.1" this will, in
3634        addition to the usual suspects, find every sFlow packet
3635        where *any* of the payload headers contain 10.1.1.1 as a
3636        src addr.  I think this may not be the desired behavior.
3637        It can certainly be confusing since the ip.src being found
3638        is buried about 3 subtrees deep and the subtrees might be
3639        under any one of the sampled (payload) header trees. It is
3640        certainly not quickly obvious why the filter matched.
3641      */
3642     prefs_register_bool_preference(sflow_245_module, "enable_dissection",
3643             "Dissect data in sampled headers",
3644             "Enabling dissection makes it easy to view protocol details in each of the sampled headers."
3645             "  Disabling dissection may reduce noise caused when display filters match the contents of"
3646             " any sampled header(s).",
3647             &global_dissect_samp_headers);
3648     /*
3649        It is not clear to me that it *ever* makes sense to enable
3650        this option.  However, it was previously the default
3651        behavior so I'll leave it as an option if someone thinks
3652        they have a use for it.
3653      */
3654     prefs_register_bool_preference(sflow_245_module, "enable_analysis",
3655             "Analyze data in sampled IP headers",
3656             "This option only makes sense if dissection of sampled headers is enabled and probably not even then.",
3657             &global_analyze_samp_ip_headers);
3658 }
3659
3660 void
3661 proto_reg_handoff_sflow_245(void) {
3662
3663     sflow_handle = create_dissector_handle(dissect_sflow_245, proto_sflow);
3664     dissector_add_uint_range_with_preference("udp.port", SFLOW_UDP_PORTS, sflow_handle);
3665 }
3666
3667 /*
3668  * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
3669  *
3670  * Local variables:
3671  * c-basic-offset: 4
3672  * tab-width: 8
3673  * indent-tabs-mode: nil
3674  * End:
3675  *
3676  * vi: set shiftwidth=4 tabstop=8 expandtab:
3677  * :indentSize=4:tabSize=8:noTabs=true:
3678  */