git.samba.org / metze / wireshark / wip.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
whitespace fixes; mostly: remove trailing blanks
[metze/wireshark/wip.git] / epan / dissectors / packet-sflow.c
1 /* packet-sflow.c
2  * Routines for sFlow v5 dissection implemented according to the specifications
3  * at http://www.sflow.org/sflow_version_5.txt
4  *
5  * Additional 802.11 structures support implemented according to the
6  * specifications at http://www.sflow.org/sflow_80211.txt
7  *
8  * By Yi Yu <yiyu.inbox@gmail.com>
9  *
10  * $Id$
11  *
12  * TODO:
13  *   802.11 aggregation data dissection                         (sFlow v5)
14  *
15  *
16  * Based on Jeff Rizzo's <riz@boogers.sf.ca.us> dissector for sFlow v2/4
17  * in Wireshark 1.0.8 public release.
18  *
19  * Wireshark - Network traffic analyzer
20  * By Gerald Combs <gerald@wireshark.org>
21  * Copyright 1998 Gerald Combs
22  *
23  * This program is free software; you can redistribute it and/or
24  * modify it under the terms of the GNU General Public License
25  * as published by the Free Software Foundation; either version 2
26  * of the License, or (at your option) any later version.
27  *
28  * This program is distributed in the hope that it will be useful,
29  * but WITHOUT ANY WARRANTY; without even the implied warranty of
30  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
31  * GNU General Public License for more details.
32  *
33  * You should have received a copy of the GNU General Public License
34  * along with this program; if not, write to the Free Software
35  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
36  *
37  *
38  * This file (mostly) implements a dissector for sFlow (RFC3176),
39  * from the version 4 spec at http://www.sflow.org/SFLOW-DATAGRAM.txt .
40  *
41  * TODO:
42  *   Fix the highlighting of the datastream when bits are selected
43  *   split things out into packet-sflow.h ?
44  *   make routines more consistent as to whether they return
45  *     'offset' or bytes consumed ('len')                       (sFlow v2/4)
46  *   implement sampled_ipv4 and sampled_ipv6 packet data types  (sFlow v2/4)
47  *   implement extended_user                                    (sFlow v2/4)
48  *   implement extended_url                                     (sFlow v2/4)
49  *   implement non-generic counters sampling                    (sFlow v2/4)
50  */
51
52 #include "config.h"
53
54 #include <glib.h>
55
56 #include <epan/packet.h>
57 #include <epan/prefs.h>
58 #include <epan/expert.h>
59 #include <epan/ipproto.h>
60
61 #define SFLOW_UDP_PORTS "6343"
62
63 static dissector_handle_t sflow_handle;
64
65 /*
66  *  global_sflow_ports : holds the configured range of ports for sflow
67  */
68 static range_t *global_sflow_ports = NULL;
69
70 /*
71  *  sflow_245_ports : holds the currently used range of ports for sflow
72  */
73 static gboolean global_dissect_samp_headers = TRUE;
74 static gboolean global_analyze_samp_ip_headers = FALSE;
75
76 #define ENTERPRISE_DEFAULT 0
77
78 #define ADDR_TYPE_UNKNOWN 0
79 #define ADDR_TYPE_IPV4    1
80 #define ADDR_TYPE_IPV6    2
81
82 #define FLOWSAMPLE 1
83 #define COUNTERSSAMPLE 2
84 #define EXPANDED_FLOWSAMPLE 3
85 #define EXPANDED_COUNTERSSAMPLE 4
86
87 static const value_string sflow_245_sampletype[] = {
88     { FLOWSAMPLE, "Flow sample"},
89     { COUNTERSSAMPLE, "Counters sample"},
90     { EXPANDED_FLOWSAMPLE, "Expanded flow sample"},
91     { EXPANDED_COUNTERSSAMPLE, "Expanded counters sample"},
92     { 0, NULL}
93 };
94
95 #define SFLOW_5_IEEE80211_VERSION_A 1
96 #define SFLOW_5_IEEE80211_VERSION_B 2
97 #define SFLOW_5_IEEE80211_VERSION_G 3
98 #define SFLOW_5_IEEE80211_VERSION_N 4
99
100 static const value_string sflow_5_ieee80211_versions [] = {
101     { SFLOW_5_IEEE80211_VERSION_A, "802.11a"},
102     { SFLOW_5_IEEE80211_VERSION_B, "802.11b"},
103     { SFLOW_5_IEEE80211_VERSION_G, "802.11g"},
104     { SFLOW_5_IEEE80211_VERSION_N, "802.11n"},
105     { 0, NULL}
106 };
107
108 /* interface counter types */
109 #define SFLOW_245_COUNTERS_GENERIC 1
110 #define SFLOW_245_COUNTERS_ETHERNET 2
111 #define SFLOW_245_COUNTERS_TOKENRING 3
112 #define SFLOW_245_COUNTERS_FDDI 4
113 #define SFLOW_245_COUNTERS_VG 5
114 #define SFLOW_245_COUNTERS_WAN 6
115 #define SFLOW_245_COUNTERS_VLAN 7
116
117 static const value_string sflow_245_counterstype[] = {
118     { SFLOW_245_COUNTERS_GENERIC,  "Generic counters"},
119     { SFLOW_245_COUNTERS_ETHERNET, "Ethernet counters"},
120     { SFLOW_245_COUNTERS_FDDI,     "FDDI counters"},
121     { SFLOW_245_COUNTERS_VG,       "100baseVG counters"},
122     { SFLOW_245_COUNTERS_WAN,      "WAN counters"},
123     { SFLOW_245_COUNTERS_VLAN,     "VLAN counters"},
124     { 0, NULL}
125 };
126
127 #define MAX_HEADER_SIZE 256
128
129 #define SFLOW_245_PACKET_DATA_TYPE_HEADER 1
130 #define SFLOW_245_PACKET_DATA_TYPE_IPV4 2
131 #define SFLOW_245_PACKET_DATA_TYPE_IPV6 3
132
133 static const value_string sflow_245_packet_information_type[] = {
134     { SFLOW_245_PACKET_DATA_TYPE_HEADER, "Packet headers are sampled"},
135     { SFLOW_245_PACKET_DATA_TYPE_IPV4,   "IP Version 4 data"},
136     { SFLOW_245_PACKET_DATA_TYPE_IPV6,   "IP Version 6 data"},
137     { 0, NULL}
138 };
139
140 static const value_string extended_80211_suite_type_vals[] = {
141     { 0, "Use group cipher suite"},
142     { 1, "WEP-40"},
143     { 2, "TKIP"},
144     { 4, "CCMP"},
145     { 5, "WEP-104"},
146     { 0, NULL}
147 };
148
149 static const value_string sflow_ifdirection_vals[] = {
150     { 1, "Full-Duplex"},
151     { 2, "Half-Duplex"},
152     { 3, "In"},
153     { 4, "Out"},
154     { 0, NULL}
155 };
156
157 const true_false_string tfs_low_normal = { "Low", "Normal" };
158 const true_false_string tfs_high_normal = { "High", "Normal" };
159 const true_false_string tfs_minimize_monetary_normal = { "Minimize Monetary", "Normal" };
160 const true_false_string tfs_up_down = { "Up", "Down" };
161
162 #define SFLOW_245_HEADER_ETHERNET 1
163 #define SFLOW_245_HEADER_TOKENBUS 2
164 #define SFLOW_245_HEADER_TOKENRING 3
165 #define SFLOW_245_HEADER_FDDI 4
166 #define SFLOW_245_HEADER_FRAME_RELAY 5
167 #define SFLOW_245_HEADER_X25 6
168 #define SFLOW_245_HEADER_PPP 7
169 #define SFLOW_245_HEADER_SMDS 8
170 #define SFLOW_245_HEADER_AAL5 9
171 #define SFLOW_245_HEADER_AAL5_IP 10
172 #define SFLOW_245_HEADER_IPv4 11
173 #define SFLOW_245_HEADER_IPv6 12
174 #define SFLOW_245_HEADER_MPLS 13
175 #define SFLOW_5_HEADER_POS 14
176 #define SFLOW_5_HEADER_80211_MAC 15
177 #define SFLOW_5_HEADER_80211_AMPDU 16
178 #define SFLOW_5_HEADER_80211_AMSDU_SUBFRAME 17
179
180 static const value_string sflow_245_header_protocol[] = {
181     { SFLOW_245_HEADER_ETHERNET,           "Ethernet"},
182     { SFLOW_245_HEADER_TOKENBUS,           "Token Bus"},
183     { SFLOW_245_HEADER_TOKENRING,          "Token Ring"},
184     { SFLOW_245_HEADER_FDDI,               "FDDI"},
185     { SFLOW_245_HEADER_FRAME_RELAY,        "Frame Relay"},
186     { SFLOW_245_HEADER_X25,                "X.25"},
187     { SFLOW_245_HEADER_PPP,                "PPP"},
188     { SFLOW_245_HEADER_SMDS,               "SMDS"},
189     { SFLOW_245_HEADER_AAL5,               "ATM AAL5"},
190     { SFLOW_245_HEADER_AAL5_IP,            "ATM AAL5-IP (e.g., Cisco AAL5 mux)"},
191     { SFLOW_245_HEADER_IPv4,               "IPv4"},
192     { SFLOW_245_HEADER_IPv6,               "IPv6"},
193     { SFLOW_245_HEADER_MPLS,               "MPLS"},
194     { SFLOW_5_HEADER_POS,                  "PPP over SONET/SDH (RFC 1662, 2615)"},
195     { SFLOW_5_HEADER_80211_MAC,            "802.11 MAC"},
196     { SFLOW_5_HEADER_80211_AMPDU,          "802.11n Aggregated MPDU"},
197     { SFLOW_5_HEADER_80211_AMSDU_SUBFRAME, "A-MSDU Subframe"},
198     { 0, NULL}
199 };
200
201 /* extended packet data types */
202 #define SFLOW_245_EXTENDED_SWITCH 1
203 #define SFLOW_245_EXTENDED_ROUTER 2
204 #define SFLOW_245_EXTENDED_GATEWAY 3
205 #define SFLOW_245_EXTENDED_USER 4
206 #define SFLOW_245_EXTENDED_URL 5
207
208 static const value_string sflow_245_extended_data_types[] = {
209     { SFLOW_245_EXTENDED_SWITCH, "Extended switch information"},
210     { SFLOW_245_EXTENDED_ROUTER, "Extended router information"},
211     { SFLOW_245_EXTENDED_GATEWAY, "Extended gateway information"},
212     { SFLOW_245_EXTENDED_USER, "Extended user information"},
213     { SFLOW_245_EXTENDED_URL, "Extended URL information"},
214     { 0, NULL}
215 };
216
217
218 #define SFLOW_245_AS_SET 1
219 #define SFLOW_245_AS_SEQUENCE 2
220
221 static const value_string sflow_245_as_types[] = {
222     { SFLOW_245_AS_SET, "AS Set"},
223     { SFLOW_245_AS_SEQUENCE, "AS Sequence"},
224     { 0, NULL}
225 };
226
227 #define SFLOW_245_IPV4_PRECEDENCE_ROUTINE 0
228 #define SFLOW_245_IPV4_PRECEDENCE_PRIORITY 1
229 #define SFLOW_245_IPV4_PRECEDENCE_IMMEDIATE 2
230 #define SFLOW_245_IPV4_PRECEDENCE_FLASH 3
231 #define SFLOW_245_IPV4_PRECEDENCE_FLASH_OVERRIDE 4
232 #define SFLOW_245_IPV4_PRECEDENCE_CRITIC_ECP 5
233 #define SFLOW_245_IPV4_PRECEDENCE_INTERNETWORK_CONTROL 6
234 #define SFLOW_245_IPV4_PRECEDENCE_NETWORK_CONTROL 7
235
236 static const value_string sflow_245_ipv4_precedence_types[] = {
237     { SFLOW_245_IPV4_PRECEDENCE_ROUTINE, "Routine"},
238     { SFLOW_245_IPV4_PRECEDENCE_PRIORITY, "Priority"},
239     { SFLOW_245_IPV4_PRECEDENCE_IMMEDIATE, "Immediate"},
240     { SFLOW_245_IPV4_PRECEDENCE_FLASH, "Flash"},
241     { SFLOW_245_IPV4_PRECEDENCE_FLASH_OVERRIDE, "Flash Override"},
242     { SFLOW_245_IPV4_PRECEDENCE_CRITIC_ECP, "CRITIC/ECP"},
243     { SFLOW_245_IPV4_PRECEDENCE_INTERNETWORK_CONTROL, "Internetwork Control"},
244     { SFLOW_245_IPV4_PRECEDENCE_NETWORK_CONTROL, "Network Control"},
245     { 0, NULL}
246 };
247
248 /* sFlow v5 flow record formats */
249 #define SFLOW_5_RAW_PACKET_HEADER 1
250 #define SFLOW_5_ETHERNET_FRAME 2
251 #define SFLOW_5_IPV4 3
252 #define SFLOW_5_IPV6 4
253 #define SFLOW_5_SWITCH 1001
254 #define SFLOW_5_ROUTER 1002
255 #define SFLOW_5_GATEWAY 1003
256 #define SFLOW_5_USER 1004
257 #define SFLOW_5_URL 1005
258 #define SFLOW_5_MPLS_DATA 1006
259 #define SFLOW_5_NAT 1007
260 #define SFLOW_5_MPLS_TUNNEL 1008
261 #define SFLOW_5_MPLS_VC 1009
262 #define SFLOW_5_MPLS_FEC 1010
263 #define SFLOW_5_MPLS_LVP_FEC 1011
264 #define SFLOW_5_VLAN_TUNNEL 1012
265 #define SFLOW_5_80211_PAYLOAD 1013
266 #define SFLOW_5_80211_RX 1014
267 #define SFLOW_5_80211_TX 1015
268 #define SFLOW_5_80211_AGGREGATION 1016
269
270
271 static const value_string sflow_5_flow_record_type[] = {
272     { SFLOW_5_RAW_PACKET_HEADER, "Raw packet header"},
273     { SFLOW_5_ETHERNET_FRAME, "Ethernet frame data"},
274     { SFLOW_5_IPV4, "IPv4 data"},
275     { SFLOW_5_IPV6, "IPv6 data"},
276     { SFLOW_5_SWITCH, "Extended switch data"},
277     { SFLOW_5_ROUTER, "Extended router data"},
278     { SFLOW_5_GATEWAY, "Extended gateway data"},
279     { SFLOW_5_USER, "Extended user data"},
280     { SFLOW_5_URL, "Extended URL data"},
281     { SFLOW_5_MPLS_DATA, "Extended MPLS data"},
282     { SFLOW_5_NAT, "Extended NAT data"},
283     { SFLOW_5_MPLS_TUNNEL, "Extended MPLS tunnel data"},
284     { SFLOW_5_MPLS_VC, "Extended MPLS VC data"},
285     { SFLOW_5_MPLS_FEC, "Extended MPLS FEC data"},
286     { SFLOW_5_MPLS_LVP_FEC, "Extended MPLS LVP FEC data"},
287     { SFLOW_5_VLAN_TUNNEL, "Extended VLAN tunnel"},
288     { SFLOW_5_80211_PAYLOAD, "Extended 802.11 payload"},
289     { SFLOW_5_80211_RX, "Extended 802.11 RX"},
290     { SFLOW_5_80211_TX, "Extended 802.11 TX"},
291     { SFLOW_5_80211_AGGREGATION, "Extended 802.11 aggregation"},
292     { 0, NULL}
293 };
294
295 /* sFlow v5 counters record formats */
296 #define SFLOW_5_GENERIC_INTERFACE 1
297 #define SFLOW_5_ETHERNET_INTERFACE 2
298 #define SFLOW_5_TOKEN_RING 3
299 #define SFLOW_5_100BASE_VG_INTERFACE 4
300 #define SFLOW_5_VLAN 5
301 #define SFLOW_5_80211_COUNTERS 6
302 #define SFLOW_5_PROCESSOR 1001
303 #define SFLOW_5_RADIO_UTILIZATION 1002
304
305 static const value_string sflow_5_counters_record_type[] = {
306     { SFLOW_5_GENERIC_INTERFACE, "Generic interface counters"},
307     { SFLOW_5_ETHERNET_INTERFACE, "Ethernet interface counters"},
308     { SFLOW_5_TOKEN_RING, "Token ring counters"},
309     { SFLOW_5_100BASE_VG_INTERFACE, "100 Base VG interface counters"},
310     { SFLOW_5_VLAN, "VLAN counters"},
311     { SFLOW_5_80211_COUNTERS, "IEEE 802.11 counters"},
312     { SFLOW_5_PROCESSOR, "Processor information"},
313     { SFLOW_5_RADIO_UTILIZATION, "Radio utilization"},
314     { 0, NULL}
315 };
316
317 /* ethernet counters.  These will be preceded by generic counters. */
318 struct ethernet_counters {
319     guint32 dot3StatsAlignmentErrors;
320     guint32 dot3StatsFCSErrors;
321     guint32 dot3StatsSingleCollisionFrames;
322     guint32 dot3StatsMultipleCollisionFrames;
323     guint32 dot3StatsSQETestErrors;
324     guint32 dot3StatsDeferredTransmissions;
325     guint32 dot3StatsLateCollisions;
326     guint32 dot3StatsExcessiveCollisions;
327     guint32 dot3StatsInternalMacTransmitErrors;
328     guint32 dot3StatsCarrierSenseErrors;
329     guint32 dot3StatsFrameTooLongs;
330     guint32 dot3StatsInternalMacReceiveErrors;
331     guint32 dot3StatsSymbolErrors;
332 };
333
334 struct sflow_address_type {
335     int hf_addr_v4;
336     int hf_addr_v6;
337 };
338
339 struct sflow_address_details {
340     int addr_type;              /* ADDR_TYPE_IPV4 | ADDR_TYPE_IPV6 */
341     union {
342         guint8 v4[4];
343         guint8 v6[16];
344     } agent_address;
345 };
346
347 /* Initialize the protocol and registered fields */
348 static int proto_sflow = -1;
349 static int hf_sflow_version = -1;
350 /*static int hf_sflow_245_agent_address_type = -1; */
351 static int hf_sflow_agent_address_v4 = -1;
352 static int hf_sflow_agent_address_v6 = -1;
353 static int hf_sflow_5_sub_agent_id = -1;
354 static int hf_sflow_5_sample_length = -1;
355 static int hf_sflow_5_flow_data_length = -1;
356 /* static int hf_sflow_5_counters_data_length = -1; */
357 static int hf_sflow_245_seqnum = -1;
358 static int hf_sflow_245_sysuptime = -1;
359 static int hf_sflow_245_numsamples = -1;
360 static int hf_sflow_245_header_protocol = -1;
361 static int hf_sflow_245_sampletype = -1;
362 static int hf_sflow_245_sampletype12 = -1;
363 static int hf_sflow_245_ipv4_precedence_type = -1;
364 static int hf_sflow_5_flow_record_format = -1;
365 static int hf_sflow_5_counters_record_format = -1;
366 static int hf_sflow_245_header = -1;
367 static int hf_sflow_245_packet_information_type = -1;
368 static int hf_sflow_245_extended_information_type = -1;
369 static int hf_sflow_245_vlan_in = -1; /* incoming 802.1Q VLAN ID */
370 static int hf_sflow_245_vlan_out = -1; /* outgoing 802.1Q VLAN ID */
371 static int hf_sflow_245_pri_in = -1; /* incominging 802.1p priority */
372 static int hf_sflow_245_pri_out = -1; /* outgoing 802.1p priority */
373 static int hf_sflow_245_nexthop_v4 = -1; /* nexthop address */
374 static int hf_sflow_245_nexthop_v6 = -1; /* nexthop address */
375 static int hf_sflow_245_ipv4_src = -1;
376 static int hf_sflow_245_ipv4_dst = -1;
377 static int hf_sflow_245_ipv6_src = -1;
378 static int hf_sflow_245_ipv6_dst = -1;
379 static int hf_sflow_245_nexthop_src_mask = -1;
380 static int hf_sflow_245_nexthop_dst_mask = -1;
381
382
383 /* extended gateway (all versions) */
384 static int hf_sflow_245_as = -1;
385 static int hf_sflow_245_src_as = -1;
386 static int hf_sflow_245_src_peer_as = -1;
387 static int hf_sflow_245_dst_as_entries = -1; /* aka length */
388 static int hf_sflow_245_dst_as = -1;
389 /* extended gateway (>= version 4) */
390 static int hf_sflow_245_community_entries = -1;
391 /* static int hf_sflow_245_community = -1; */
392 static int hf_sflow_245_localpref = -1;
393
394 /* generic interface counter */
395 static int hf_sflow_245_ifindex = -1;
396 static int hf_sflow_245_iftype = -1;
397 static int hf_sflow_245_ifspeed = -1;
398 static int hf_sflow_245_ifdirection = -1;
399 static int hf_sflow_245_ifadmin_status = -1;
400 static int hf_sflow_245_ifoper_status = -1;
401 static int hf_sflow_245_ifinoct = -1;
402 static int hf_sflow_245_ifinpkt = -1;
403 static int hf_sflow_245_ifinmcast = -1;
404 static int hf_sflow_245_ifinbcast = -1;
405 static int hf_sflow_245_ifinerr = -1;
406 static int hf_sflow_245_ifindisc = -1;
407 static int hf_sflow_245_ifinunk = -1;
408 static int hf_sflow_245_ifoutoct = -1;
409 static int hf_sflow_245_ifoutpkt = -1;
410 static int hf_sflow_245_ifoutmcast = -1;
411 static int hf_sflow_245_ifoutbcast = -1;
412 static int hf_sflow_245_ifoutdisc = -1;
413 static int hf_sflow_245_ifouterr = -1;
414 static int hf_sflow_245_ifpromisc = -1;
415
416 /* ethernet interface counter */
417 static int hf_sflow_245_dot3StatsAlignmentErrors = -1;
418 static int hf_sflow_245_dot3StatsFCSErrors = -1;
419 static int hf_sflow_245_dot3StatsSingleCollisionFrames = -1;
420 static int hf_sflow_245_dot3StatsMultipleCollisionFrames = -1;
421 static int hf_sflow_245_dot3StatsSQETestErrors = -1;
422 static int hf_sflow_245_dot3StatsDeferredTransmissions = -1;
423 static int hf_sflow_245_dot3StatsLateCollisions = -1;
424 static int hf_sflow_245_dot3StatsExcessiveCollisions = -1;
425 static int hf_sflow_245_dot3StatsInternalMacTransmitErrors = -1;
426 static int hf_sflow_245_dot3StatsCarrierSenseErrors = -1;
427 static int hf_sflow_245_dot3StatsFrameTooLongs = -1;
428 static int hf_sflow_245_dot3StatsInternalMacReceiveErrors = -1;
429 static int hf_sflow_245_dot3StatsSymbolErrors = -1;
430
431 /* token ring counter */
432 static int hf_sflow_245_dot5StatsLineErrors = -1;
433 static int hf_sflow_245_dot5StatsBurstErrors = -1;
434 static int hf_sflow_245_dot5StatsACErrors = -1;
435 static int hf_sflow_245_dot5StatsAbortTransErrors = -1;
436 static int hf_sflow_245_dot5StatsInternalErrors = -1;
437 static int hf_sflow_245_dot5StatsLostFrameErrors = -1;
438 static int hf_sflow_245_dot5StatsReceiveCongestions = -1;
439 static int hf_sflow_245_dot5StatsFrameCopiedErrors = -1;
440 static int hf_sflow_245_dot5StatsTokenErrors = -1;
441 static int hf_sflow_245_dot5StatsSoftErrors = -1;
442 static int hf_sflow_245_dot5StatsHardErrors = -1;
443 static int hf_sflow_245_dot5StatsSignalLoss = -1;
444 static int hf_sflow_245_dot5StatsTransmitBeacons = -1;
445 static int hf_sflow_245_dot5StatsRecoveries = -1;
446 static int hf_sflow_245_dot5StatsLobeWires = -1;
447 static int hf_sflow_245_dot5StatsRemoves = -1;
448 static int hf_sflow_245_dot5StatsSingles = -1;
449 static int hf_sflow_245_dot5StatsFreqErrors = -1;
450
451 /* 100 BaseVG interface counters */
452 static int hf_sflow_245_dot12InHighPriorityFrames = -1;
453 static int hf_sflow_245_dot12InHighPriorityOctets = -1;
454 static int hf_sflow_245_dot12InNormPriorityFrames = -1;
455 static int hf_sflow_245_dot12InNormPriorityOctets = -1;
456 static int hf_sflow_245_dot12InIPMErrors = -1;
457 static int hf_sflow_245_dot12InOversizeFrameErrors = -1;
458 static int hf_sflow_245_dot12InDataErrors = -1;
459 static int hf_sflow_245_dot12InNullAddressedFrames = -1;
460 static int hf_sflow_245_dot12OutHighPriorityFrames = -1;
461 static int hf_sflow_245_dot12OutHighPriorityOctets = -1;
462 static int hf_sflow_245_dot12TransitionIntoTrainings = -1;
463 static int hf_sflow_245_dot12HCInHighPriorityOctets = -1;
464 static int hf_sflow_245_dot12HCInNormPriorityOctets = -1;
465 static int hf_sflow_245_dot12HCOutHighPriorityOctets = -1;
466
467 /* VLAN counters */
468 static int hf_sflow_245_vlan_id = -1;
469 static int hf_sflow_245_octets = -1;
470 static int hf_sflow_245_ucastPkts = -1;
471 static int hf_sflow_245_multicastPkts = -1;
472 static int hf_sflow_245_broadcastPkts = -1;
473 static int hf_sflow_245_discards = -1;
474
475 /* 802.11 interface counters */
476 static int hf_sflow_5_dot11TransmittedFragmentCount = -1;
477 static int hf_sflow_5_dot11MulticastTransmittedFrameCount = -1;
478 static int hf_sflow_5_dot11FailedCount = -1;
479 static int hf_sflow_5_dot11RetryCount = -1;
480 static int hf_sflow_5_dot11MultipleRetryCount = -1;
481 static int hf_sflow_5_dot11FrameDuplicateCount = -1;
482 static int hf_sflow_5_dot11RTSSuccessCount = -1;
483 static int hf_sflow_5_dot11RTSFailureCount = -1;
484 static int hf_sflow_5_dot11ACKFailureCount = -1;
485 static int hf_sflow_5_dot11ReceivedFragmentCount = -1;
486 static int hf_sflow_5_dot11MulticastReceivedFrameCount = -1;
487 static int hf_sflow_5_dot11FCSErrorCount = -1;
488 static int hf_sflow_5_dot11TransmittedFrameCount = -1;
489 static int hf_sflow_5_dot11WEPUndecryptableCount = -1;
490 static int hf_sflow_5_dot11QoSDiscardedFragmentCount = -1;
491 static int hf_sflow_5_dot11AssociatedStationCount = -1;
492 static int hf_sflow_5_dot11QoSCFPollsReceivedCount = -1;
493 static int hf_sflow_5_dot11QoSCFPollsUnusedCount = -1;
494 static int hf_sflow_5_dot11QoSCFPollsUnusableCount = -1;
495 static int hf_sflow_5_dot11QoSCFPollsLostCount = -1;
496 /* static int hf_sflow_5_ieee80211_version = -1; */
497
498
499 /* processor information */
500 static int hf_sflow_5_cpu_5s = -1;
501 static int hf_sflow_5_cpu_1m = -1;
502 static int hf_sflow_5_cpu_5m = -1;
503 static int hf_sflow_5_total_memory = -1;
504 static int hf_sflow_5_free_memory = -1;
505
506 /* radio utilisation */
507 static int hf_sflow_5_elapsed_time = -1;
508 static int hf_sflow_5_on_channel_time = -1;
509 static int hf_sflow_5_on_channel_busy_time = -1;
510
511 /* Generated from convert_proto_tree_add_text.pl */
512 static int hf_sflow_5_extended_80211_suite_type = -1;
513 static int hf_sflow_5_extended_80211_rx_channel = -1;
514 static int hf_sflow_flow_sample_input_interface = -1;
515 static int hf_sflow_counters_sample_sampling_interval = -1;
516 static int hf_sflow_5_extended_url_host_length = -1;
517 static int hf_sflow_245_ip_tcp_flag_syn = -1;
518 static int hf_sflow_flow_sample_output_interface = -1;
519 static int hf_sflow_245_length_of_ip_packet = -1;
520 static int hf_sflow_counters_sample_counters_type = -1;
521 static int hf_sflow_5_extended_mpls_tunnel_id = -1;
522 static int hf_sflow_flow_sample_sample_pool = -1;
523 static int hf_sflow_5_extended_80211_tx_speed = -1;
524 static int hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair = -1;
525 static int hf_sflow_245_extended_mpls_out_label_stack_entries = -1;
526 static int hf_sflow_flow_sample_input_interface_value = -1;
527 static int hf_sflow_flow_sample_sampling_rate = -1;
528 static int hf_sflow_5_extended_80211_rx_rcpi = -1;
529 static int hf_sflow_enterprise = -1;
530 static int hf_sflow_245_header_frame_length = -1;
531 static int hf_sflow_5_extended_user_destination_character_set = -1;
532 static int hf_sflow_5_extended_80211_rx_bssid = -1;
533 static int hf_sflow_5_extended_80211_tx_retransmission_duration = -1;
534 static int hf_sflow_245_ethernet_length_of_mac_packet = -1;
535 static int hf_sflow_245_ip_tcp_flag_psh = -1;
536 static int hf_sflow_flow_sample_flow_record = -1;
537 static int hf_sflow_245_extended_mpls_in_label = -1;
538 static int hf_sflow_5_extended_user_source_character_set = -1;
539 static int hf_sflow_5_extended_user_destination_user_string_length = -1;
540 static int hf_sflow_counters_sample_sequence_number = -1;
541 static int hf_sflow_5_extended_80211_rx_speed = -1;
542 static int hf_sflow_5_extended_80211_rx_rsni = -1;
543 static int hf_sflow_flow_sample_source_id_index = -1;
544 static int hf_sflow_245_ip_tcp_flag_ece = -1;
545 static int hf_sflow_245_ipv4_throughput = -1;
546 static int hf_sflow_5_extended_80211_oui = -1;
547 static int hf_sflow_counters_sample_source_id_type = -1;
548 static int hf_sflow_flow_sample_input_interface_format = -1;
549 static int hf_sflow_5_extended_80211_tx_channel = -1;
550 static int hf_sflow_245_ip_tcp_flag_urg = -1;
551 static int hf_sflow_5_extended_mpls_tunnel_name_length = -1;
552 static int hf_sflow_5_extended_80211_tx_version = -1;
553 static int hf_sflow_245_ipv4_delay = -1;
554 static int hf_sflow_flow_sample_source_id_class = -1;
555 static int hf_sflow_245_ethernet_source_mac_address = -1;
556 static int hf_sflow_5_extended_mpls_ftn_mask = -1;
557 static int hf_sflow_245_extended_mpls_out_label = -1;
558 static int hf_sflow_245_ipv6_priority = -1;
559 static int hf_sflow_245_ip_tcp_flag_fin = -1;
560 static int hf_sflow_245_ip_destination_port = -1;
561 static int hf_sflow_5_extended_mpls_vc_label_cos_value = -1;
562 static int hf_sflow_5_extended_80211_rx_packet_duration = -1;
563 static int hf_sflow_5_extended_80211_tx_packet_duration = -1;
564 static int hf_sflow_245_ipv4_reliability = -1;
565 static int hf_sflow_5_extended_80211_tx_power = -1;
566 static int hf_sflow_flow_sample_multiple_outputs = -1;
567 static int hf_sflow_5_extended_user_source_user_string_length = -1;
568 static int hf_sflow_5_extended_80211_payload_length = -1;
569 static int hf_sflow_flow_sample_output_interface_format = -1;
570 static int hf_sflow_245_ethernet_packet_type = -1;
571 static int hf_sflow_counters_sample_expanded_source_id_type = -1;
572 static int hf_sflow_245_ip_source_port = -1;
573 static int hf_sflow_245_extended_mpls_in_label_stack_entries = -1;
574 static int hf_sflow_5_extended_mpls_vc_instance_name_length = -1;
575 static int hf_sflow_245_ipv4_cost = -1;
576 static int hf_sflow_5_extended_mpls_ftn_description_length = -1;
577 static int hf_sflow_5_extended_vlan_tunnel_number_of_layers = -1;
578 static int hf_sflow_5_extended_80211_tx_bssid = -1;
579 static int hf_sflow_245_ip_tcp_flag_rst = -1;
580 static int hf_sflow_245_ip_tcp_flag_ack = -1;
581 static int hf_sflow_245_ip_tcp_flag_cwr = -1;
582 static int hf_sflow_5_extended_80211_tx_retransmissions = -1;
583 static int hf_sflow_5_extended_80211_rx_version = -1;
584 static int hf_sflow_flow_sample_dropped_packets = -1;
585 static int hf_sflow_counters_sample_expanded_source_id_index = -1;
586 static int hf_sflow_245_header_payload_removed = -1;
587 static int hf_sflow_245_ethernet_destination_mac_address = -1;
588 static int hf_sflow_counters_sample_source_id_class = -1;
589 static int hf_sflow_5_extended_url_url_length = -1;
590 static int hf_sflow_flow_sample_source_id_type = -1;
591 static int hf_sflow_5_extended_mpls_fec_address_prefix_length = -1;
592 static int hf_sflow_flow_sample_sequence_number = -1;
593 static int hf_sflow_counters_sample_source_id_index = -1;
594 static int hf_sflow_counters_sample_counters_records = -1;
595 static int hf_sflow_5_extended_mpls_tunnel_cos_value = -1;
596 static int hf_sflow_5_extended_mpls_vc_id = -1;
597 static int hf_sflow_flow_sample_output_interface_value = -1;
598 static int hf_sflow_5_extended_user_destination_user = -1;
599 static int hf_sflow_245_as_type = -1;
600 static int hf_sflow_counters_sample_index = -1;
601 static int hf_sflow_5_extended_url_url = -1;
602 static int hf_sflow_flow_sample_index = -1;
603 static int hf_sflow_5_extended_80211_rx_ssid = -1;
604 static int hf_sflow_5_extended_mpls_vc_instance_name = -1;
605 static int hf_sflow_5_extended_mpls_tunnel_name = -1;
606 static int hf_sflow_5_extended_80211_payload = -1;
607 static int hf_sflow_5_extended_user_source_user = -1;
608 static int hf_sflow_5_extended_url_host = -1;
609 static int hf_sflow_5_extended_80211_tx_ssid = -1;
610 static int hf_sflow_5_extended_url_direction = -1;
611 static int hf_sflow_5_extended_mpls_ftn_description = -1;
612 static int hf_sflow_245_ip_protocol = -1;
613
614 /* Initialize the subtree pointers */
615 static gint ett_sflow_245 = -1;
616 static gint ett_sflow_245_sample = -1;
617 static gint ett_sflow_5_flow_record = -1;
618 static gint ett_sflow_5_counters_record = -1;
619 static gint ett_sflow_5_mpls_in_label_stack = -1;
620 static gint ett_sflow_5_mpls_out_label_stack = -1;
621 static gint ett_sflow_245_extended_data = -1;
622 static gint ett_sflow_245_gw_as_dst = -1;
623 static gint ett_sflow_245_gw_as_dst_seg = -1;
624 static gint ett_sflow_245_gw_community = -1;
625 static gint ett_sflow_245_sampled_header = -1;
626
627 static expert_field ei_sflow_invalid_address_type = EI_INIT;
628
629 /* dissectors for other protocols */
630 static dissector_handle_t eth_withoutfcs_handle;
631 static dissector_handle_t tr_handle;
632 static dissector_handle_t fddi_handle;
633 static dissector_handle_t fr_handle;
634 static dissector_handle_t x25_handle;
635 static dissector_handle_t ppp_hdlc_handle;
636 static dissector_handle_t smds_handle;
637 static dissector_handle_t aal5_handle;
638 static dissector_handle_t ipv4_handle;
639 static dissector_handle_t ipv6_handle;
640 static dissector_handle_t mpls_handle;
641 static dissector_handle_t pos_handle;
642 static dissector_handle_t ieee80211_mac_handle;
643 static dissector_handle_t ieee80211_ampdu_handle;
644 static dissector_handle_t ieee80211_amsdu_subframe_handle;
645 /* don't dissect */
646 static dissector_handle_t data_handle;
647
648 void proto_reg_handoff_sflow_245(void);
649
650 /* dissect a sampled header - layer 2 protocols */
651 static gint
652 dissect_sflow_245_sampled_header(tvbuff_t *tvb, packet_info *pinfo,
653                                  proto_tree *tree, volatile gint offset) {
654     guint32 version, header_proto, frame_length;
655     volatile guint32 header_length;
656     tvbuff_t *next_tvb;
657     proto_tree *sflow_245_header_tree;
658     proto_item *ti;
659     /* stuff for saving column state before calling other dissectors.
660      * Thanks to Guy Harris for the tip. */
661     gboolean save_writable;
662     gboolean save_in_error_pkt;
663     address save_dl_src, save_dl_dst, save_net_src, save_net_dst, save_src, save_dst;
664     void *pd_save;
665
666     version = tvb_get_ntohl(tvb, 0);
667     header_proto = tvb_get_ntohl(tvb, offset);
668     proto_tree_add_item(tree, hf_sflow_245_header_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
669     offset += 4;
670     frame_length = tvb_get_ntohl(tvb, offset);
671     proto_tree_add_item(tree, hf_sflow_245_header_frame_length, tvb, offset, 4, ENC_BIG_ENDIAN);
672     offset += 4;
673
674     if (version == 5) {
675         proto_tree_add_item(tree, hf_sflow_245_header_payload_removed, tvb, offset, 4, ENC_BIG_ENDIAN);
676         offset += 4;
677     }
678
679     header_length = tvb_get_ntohl(tvb, offset);
680     offset += 4;
681
682     if (header_length % 4) /* XDR requires 4-byte alignment */
683         header_length += (4 - (header_length % 4));
684
685
686     ti = proto_tree_add_item(tree, hf_sflow_245_header, tvb, offset, header_length, ENC_NA);
687     sflow_245_header_tree = proto_item_add_subtree(ti, ett_sflow_245_sampled_header);
688
689     /* hand the header off to the appropriate dissector.  It's probably
690      * a short frame, so ignore any exceptions. */
691     next_tvb = tvb_new_subset(tvb, offset, header_length, frame_length);
692
693     /* save some state */
694     save_writable = col_get_writable(pinfo->cinfo);
695
696     /*
697        If sFlow samples a TCP packet it is very likely that the
698        TCP analysis will flag the packet as having some error with
699        the sequence numbers.  sFlow only report on a "sample" of
700        traffic so many packets will not be reported on.  This is
701        most obvious if the colorizing rules are on, but will also
702        cause confusion if you attempt to filter on
703        "tcp.analysis.flags".
704
705        The following only works to suppress IP/TCP errors, but
706        it is a start anyway.  Other protocols carried as payloads
707        may exhibit similar issues.
708
709        I think what is really needed is a more general
710        "protocol_as_payload" flag.  Of course then someone has to
711        play whack-a-mole and add code to implement it to any
712        protocols that could be carried as a payload.  In the case
713        of sFlow that pretty much means anything on your network.
714      */
715     save_in_error_pkt = pinfo->flags.in_error_pkt;
716     if (!global_analyze_samp_ip_headers) {
717         pinfo->flags.in_error_pkt = TRUE;
718     }
719
720     col_set_writable(pinfo->cinfo, FALSE);
721     save_dl_src = pinfo->dl_src;
722     save_dl_dst = pinfo->dl_dst;
723     save_net_src = pinfo->net_src;
724     save_net_dst = pinfo->net_dst;
725     save_src = pinfo->src;
726     save_dst = pinfo->dst;
727     pd_save = pinfo->private_data;
728
729     TRY
730     {
731         switch (header_proto) {
732             case SFLOW_245_HEADER_ETHERNET:
733                 call_dissector(eth_withoutfcs_handle, next_tvb, pinfo, sflow_245_header_tree);
734                 break;
735             case SFLOW_245_HEADER_TOKENRING:
736                 call_dissector(tr_handle, next_tvb, pinfo, sflow_245_header_tree);
737                 break;
738             case SFLOW_245_HEADER_FDDI:
739                 call_dissector(fddi_handle, next_tvb, pinfo, sflow_245_header_tree);
740                 break;
741             case SFLOW_245_HEADER_FRAME_RELAY:
742                 call_dissector(fr_handle, next_tvb, pinfo, sflow_245_header_tree);
743                 break;
744             case SFLOW_245_HEADER_X25:
745                 call_dissector(x25_handle, next_tvb, pinfo, sflow_245_header_tree);
746                 break;
747             case SFLOW_245_HEADER_PPP:
748                 call_dissector(ppp_hdlc_handle, next_tvb, pinfo, sflow_245_header_tree);
749                 break;
750             case SFLOW_245_HEADER_SMDS:
751                 call_dissector(smds_handle, next_tvb, pinfo, sflow_245_header_tree);
752                 break;
753             case SFLOW_245_HEADER_AAL5:
754             case SFLOW_245_HEADER_AAL5_IP:
755                 /* I'll be surprised if this works! I have no AAL5 captures
756                  * to test with, and I'm not sure how the encapsulation goes */
757                 call_dissector(aal5_handle, next_tvb, pinfo, sflow_245_header_tree);
758                 break;
759             case SFLOW_245_HEADER_IPv4:
760                 call_dissector(ipv4_handle, next_tvb, pinfo, sflow_245_header_tree);
761                 break;
762             case SFLOW_245_HEADER_IPv6:
763                 call_dissector(ipv6_handle, next_tvb, pinfo, sflow_245_header_tree);
764                 break;
765             case SFLOW_245_HEADER_MPLS:
766                 call_dissector(mpls_handle, next_tvb, pinfo, sflow_245_header_tree);
767                 break;
768             case SFLOW_5_HEADER_POS:
769                 call_dissector(pos_handle, next_tvb, pinfo, sflow_245_header_tree);
770                 break;
771             case SFLOW_5_HEADER_80211_MAC:
772                 call_dissector(ieee80211_mac_handle, next_tvb, pinfo, sflow_245_header_tree);
773                 break;
774             case SFLOW_5_HEADER_80211_AMPDU:
775                 call_dissector(ieee80211_ampdu_handle, next_tvb, pinfo, sflow_245_header_tree);
776                 break;
777             case SFLOW_5_HEADER_80211_AMSDU_SUBFRAME:
778                 call_dissector(ieee80211_amsdu_subframe_handle, next_tvb, pinfo, sflow_245_header_tree);
779                 break;
780             default:
781                 /* some of the protocols, I have no clue where to begin. */
782                 break;
783         }
784     }
785
786     CATCH_BOUNDS_ERRORS {
787         /*  Restore the private_data structure in case one of the
788          *  called dissectors modified it (and, due to the exception,
789          *  was unable to restore it).
790          */
791         pinfo->private_data = pd_save;
792     }
793     ENDTRY;
794
795     /* restore saved state */
796     col_set_writable(pinfo->cinfo, save_writable);
797     pinfo->flags.in_error_pkt = save_in_error_pkt;
798
799     pinfo->dl_src = save_dl_src;
800     pinfo->dl_dst = save_dl_dst;
801     pinfo->net_src = save_net_src;
802     pinfo->net_dst = save_net_dst;
803     pinfo->src = save_src;
804     pinfo->dst = save_dst;
805
806     offset += header_length;
807     return offset;
808 }
809
810 static gint
811 dissect_sflow_245_address_type(tvbuff_t *tvb, packet_info *pinfo,
812                                proto_tree *tree, gint offset,
813                                struct sflow_address_type *hf_type,
814                                struct sflow_address_details *addr_detail) {
815     guint32 addr_type;
816     int len;
817
818     addr_type = tvb_get_ntohl(tvb, offset);
819     offset += 4;
820
821     switch (addr_type) {
822     case ADDR_TYPE_UNKNOWN:
823         len = 0;
824         break;
825     case ADDR_TYPE_IPV4:
826         len = 4;
827         proto_tree_add_item(tree, hf_type->hf_addr_v4, tvb, offset, 4, ENC_BIG_ENDIAN);
828         break;
829     case ADDR_TYPE_IPV6:
830         len = 16;
831         proto_tree_add_item(tree, hf_type->hf_addr_v6, tvb, offset, 16, ENC_NA);
832         break;
833     default:
834         /* Invalid address type, or a type we don't understand; we don't
835            know the length. W e treat it as having no contents; that
836            doesn't trap us in an endless loop, as we at least include
837            the address type and thus at least advance the offset by 4.
838            Note that we have a problem, though. */
839         len = 0;
840         proto_tree_add_expert_format(tree, pinfo, &ei_sflow_invalid_address_type, tvb,
841                                      offset - 4, 4, "Unknown address type (%u)", addr_type);
842     }
843
844     if (addr_detail) {
845         addr_detail->addr_type = addr_type;
846         switch (len) {
847         case 4:
848             tvb_memcpy(tvb, addr_detail->agent_address.v4, offset, len);
849             break;
850         case 16:
851             tvb_memcpy(tvb, addr_detail->agent_address.v6, offset, len);
852             break;
853         }
854     }
855
856     return offset + len;
857 }
858
859 /* extended switch data, after the packet data */
860 static gint
861 dissect_sflow_245_extended_switch(tvbuff_t *tvb, proto_tree *tree, gint offset) {
862     proto_tree_add_item(tree, hf_sflow_245_vlan_in, tvb, offset, 4, ENC_BIG_ENDIAN);
863     offset += 4;
864     proto_tree_add_item(tree, hf_sflow_245_pri_in, tvb, offset, 4, ENC_BIG_ENDIAN);
865     offset += 4;
866     proto_tree_add_item(tree, hf_sflow_245_vlan_out, tvb, offset, 4, ENC_BIG_ENDIAN);
867     offset += 4;
868     proto_tree_add_item(tree, hf_sflow_245_pri_out, tvb, offset, 4, ENC_BIG_ENDIAN);
869     offset += 4;
870
871     return offset;
872 }
873
874 /* extended router data, after the packet data */
875 static gint
876 dissect_sflow_245_extended_router(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
877     struct sflow_address_type addr_type = {hf_sflow_245_nexthop_v4, hf_sflow_245_nexthop_v6};
878
879     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
880     proto_tree_add_item(tree, hf_sflow_245_nexthop_src_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
881     offset += 4;
882     proto_tree_add_item(tree, hf_sflow_245_nexthop_dst_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
883     offset += 4;
884     return offset;
885 }
886
887 /* extended MPLS data */
888 static gint
889 dissect_sflow_5_extended_mpls_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
890     guint32 in_label_count, out_label_count, label, i, j;
891     proto_tree *in_stack;
892     proto_item *ti_in;
893     proto_tree *out_stack;
894     proto_item *ti_out;
895
896     struct sflow_address_type addr_type = {hf_sflow_245_nexthop_v4, hf_sflow_245_nexthop_v6};
897     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
898
899     in_label_count = tvb_get_ntohl(tvb, offset);
900     proto_tree_add_item(tree, hf_sflow_245_extended_mpls_in_label_stack_entries, tvb, offset, 4, ENC_BIG_ENDIAN);
901     offset += 4;
902
903     ti_in = proto_tree_add_text(tree, tvb, offset, -1, "In Label Stack");
904     in_stack = proto_item_add_subtree(ti_in, ett_sflow_5_mpls_in_label_stack);
905
906     /* by applying the mask, we avoid possible corrupted data that causes huge number of loops
907      * 255 is a sensible limit of label count */
908     for (i = 0, j = 0; i < (in_label_count & 0x000000ff); i++, j += 4) {
909         label = tvb_get_ntohl(tvb, offset + j);
910         proto_tree_add_uint_format(in_stack, hf_sflow_245_extended_mpls_in_label, tvb, offset, 4,
911             label, "Label %u: %u", i + 1, label);
912     }
913     offset += (in_label_count * 4);
914
915     out_label_count = tvb_get_ntohl(tvb, offset);
916     proto_tree_add_item(tree, hf_sflow_245_extended_mpls_out_label_stack_entries, tvb, offset, 4, ENC_BIG_ENDIAN);
917     offset += 4;
918
919     ti_out = proto_tree_add_text(tree, tvb, offset, -1, "Out Label Stack");
920     out_stack = proto_item_add_subtree(ti_out, ett_sflow_5_mpls_in_label_stack);
921
922     /* by applying the mask, we avoid possible corrupted data that causes huge number of loops
923      * 255 is a sensible limit of label count */
924     for (i = 0, j = 0; i < (out_label_count & 0x000000ff); i++, j += 4) {
925         label = tvb_get_ntohl(tvb, offset + j);
926         proto_tree_add_uint_format(out_stack, hf_sflow_245_extended_mpls_out_label, tvb, offset, 4,
927             label, "Label %u: %u", i + 1, label);
928     }
929     offset = offset + out_label_count * 4;
930
931     return offset;
932 }
933
934 /* extended NAT data */
935 static gint
936 dissect_sflow_5_extended_nat(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
937     struct sflow_address_type addr_type = {hf_sflow_245_ipv4_src,
938                                            hf_sflow_245_ipv6_src};
939     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
940
941     addr_type.hf_addr_v4 = hf_sflow_245_ipv4_dst;
942     addr_type.hf_addr_v6 = hf_sflow_245_ipv6_dst;
943
944     offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
945
946     return offset;
947 }
948
949 /* extended gateway data, after the packet data */
950 static gint
951 dissect_sflow_245_extended_gateway(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
952     gint32 len = 0;
953     gint32 i, j, comm_len, dst_len, dst_seg_len;
954     guint32 path_type;
955     gint32 kludge;
956
957     guint32 version = tvb_get_ntohl(tvb, 0); /* get sFlow version */
958     proto_item *ti;
959     proto_tree *sflow_245_dst_as_tree;
960     proto_tree *sflow_245_comm_tree;
961     proto_tree *sflow_245_dst_as_seg_tree;
962
963     /* sFlow v5 contains next hop router IP address */
964     if (version == 5) {
965         struct sflow_address_type addr_type = {hf_sflow_245_nexthop_v4, hf_sflow_245_nexthop_v6};
966
967         offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
968     }
969
970     proto_tree_add_item(tree, hf_sflow_245_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
971     len += 4;
972
973     proto_tree_add_item(tree, hf_sflow_245_src_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
974     len += 4;
975
976     proto_tree_add_item(tree, hf_sflow_245_src_peer_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
977     len += 4;
978
979     dst_len = tvb_get_ntohl(tvb, offset + len);
980     ti = proto_tree_add_uint(tree, hf_sflow_245_dst_as_entries, tvb, offset + len, 4, dst_len);
981     sflow_245_dst_as_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_as_dst);
982     len += 4;
983
984     for (i = 0; i < dst_len; i++) {
985         if (version < 4) {
986             /* Version 2 AS paths are different than versions >= 4 as
987                follows:
988
989                There is no type encoded in the packet.
990
991                The destination ASs are encoded as an array of integers
992                rather as an array of arrays of integers.  I just
993                pretended they were encoded as an array of arrays with
994                an implicit length of 1 to not have to do two
995                completely separate blocks for the different versions.
996
997                Having a subtree for "arrays" guaranteed to have only a
998                single element proved cumbersome to navigate so I moved
999                the creation of the subtree to only happen for versions
1000                >= 4.
1001              */
1002             dst_seg_len = 1;
1003             sflow_245_dst_as_seg_tree = sflow_245_dst_as_tree;
1004         } else {
1005             path_type = tvb_get_ntohl(tvb, offset + len);
1006             len += 4;
1007             dst_seg_len = tvb_get_ntohl(tvb, offset + len);
1008             len += 4;
1009             kludge = 8;
1010             ti = proto_tree_add_uint_format(tree, hf_sflow_245_as_type, tvb, offset + len - kludge, kludge, path_type,
1011                     "%s, (%u entries)", val_to_str_const(path_type, sflow_245_as_types, "Unknown AS type"), dst_seg_len);
1012             sflow_245_dst_as_seg_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_as_dst_seg);
1013         }
1014
1015         for (j = 0; j < dst_seg_len; j++) {
1016             proto_tree_add_item(sflow_245_dst_as_seg_tree, hf_sflow_245_dst_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
1017             len += 4;
1018         }
1019     }
1020
1021
1022     if (version >= 4) {
1023         comm_len = tvb_get_ntohl(tvb, offset + len);
1024
1025         ti = proto_tree_add_uint(tree, hf_sflow_245_community_entries, tvb, offset + len, 4, comm_len);
1026         sflow_245_comm_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_community);
1027         len += 4;
1028         for (i = 0; i < comm_len; i++) {
1029             proto_tree_add_item(sflow_245_comm_tree,
1030                     hf_sflow_245_dst_as, tvb, offset + len,
1031                     4, ENC_BIG_ENDIAN);
1032             len += 4;
1033         }
1034
1035         proto_tree_add_item(tree, hf_sflow_245_localpref, tvb, offset + len, 4, ENC_BIG_ENDIAN);
1036         len += 4;
1037
1038     }
1039
1040     return offset + len;
1041 }
1042
1043 /* sflow v5 ethernet frame data */
1044 static gint
1045 dissect_sflow_5_ethernet_frame(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1046
1047     proto_tree_add_item(tree, hf_sflow_245_ethernet_length_of_mac_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1048     offset += 4;
1049
1050     proto_tree_add_item(tree, hf_sflow_245_ethernet_source_mac_address, tvb, offset, 6, ENC_NA);
1051     /* Padded to 4 byte offset */
1052     offset += 8;
1053
1054     proto_tree_add_item(tree, hf_sflow_245_ethernet_destination_mac_address, tvb, offset, 6, ENC_NA);
1055     /* Padded to 4 byte offset */
1056     offset += 8;
1057
1058     proto_tree_add_item(tree, hf_sflow_245_ethernet_packet_type, tvb, offset, 4, ENC_BIG_ENDIAN);
1059     offset += 4;
1060
1061     return offset;
1062 }
1063
1064 /* sflow v5 IPv4 data */
1065 static gint
1066 dissect_sflow_5_ipv4(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1067
1068     proto_tree_add_item(tree, hf_sflow_245_length_of_ip_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1069     offset += 4;
1070
1071     proto_tree_add_item(tree, hf_sflow_245_ip_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
1072     offset += 4;
1073
1074     proto_tree_add_item(tree, hf_sflow_245_ipv4_src, tvb, offset, 4, ENC_BIG_ENDIAN);
1075     offset += 4;
1076
1077     proto_tree_add_item(tree, hf_sflow_245_ipv4_dst, tvb, offset, 4, ENC_BIG_ENDIAN);
1078     offset += 4;
1079
1080     proto_tree_add_item(tree, hf_sflow_245_ip_source_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1081     offset += 4;
1082
1083     proto_tree_add_item(tree, hf_sflow_245_ip_destination_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1084     offset += 4;
1085
1086     /* dissect tcp flags bit-by-bit */
1087     /* 8 flags are included here, plus 24-bit 0-padding */
1088     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_cwr, tvb, offset, 1, ENC_NA);
1089     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ece, tvb, offset, 1, ENC_NA);
1090     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_urg, tvb, offset, 1, ENC_NA);
1091     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ack, tvb, offset, 1, ENC_NA);
1092     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_psh, tvb, offset, 1, ENC_NA);
1093     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_rst, tvb, offset, 1, ENC_NA);
1094     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_syn, tvb, offset, 1, ENC_NA);
1095     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_fin, tvb, offset, 1, ENC_NA);
1096
1097     offset += 4;
1098
1099     /* 7 bits for type of service, plus 1 reserved bit */
1100     proto_tree_add_item(tree, hf_sflow_245_ipv4_precedence_type, tvb, offset, 1, ENC_NA);
1101     proto_tree_add_item(tree, hf_sflow_245_ipv4_delay, tvb, offset, 1, ENC_NA);
1102     proto_tree_add_item(tree, hf_sflow_245_ipv4_throughput, tvb, offset, 1, ENC_NA);
1103     proto_tree_add_item(tree, hf_sflow_245_ipv4_reliability, tvb, offset, 1, ENC_NA);
1104     proto_tree_add_item(tree, hf_sflow_245_ipv4_cost, tvb, offset, 1, ENC_NA);
1105
1106     offset += 4;
1107
1108     return offset;
1109 }
1110
1111 /* sflow v5 IPv6 data */
1112 static gint
1113 dissect_sflow_5_ipv6(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1114
1115     proto_tree_add_item(tree, hf_sflow_245_length_of_ip_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1116     offset += 4;
1117
1118     proto_tree_add_item(tree, hf_sflow_245_ip_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
1119     offset += 4;
1120
1121     proto_tree_add_item(tree, hf_sflow_245_ipv6_src, tvb, offset, 16, ENC_NA);
1122     offset += 16;
1123
1124     proto_tree_add_item(tree, hf_sflow_245_ipv6_dst, tvb, offset, 16, ENC_NA);
1125     offset += 16;
1126
1127     proto_tree_add_item(tree, hf_sflow_245_ip_source_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1128     offset += 4;
1129
1130     proto_tree_add_item(tree, hf_sflow_245_ip_destination_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1131     offset += 4;
1132
1133     /* dissect tcp flags bit-by-bit */
1134     /* 8 flags are included here, plus 24-bit 0-padding */
1135     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_cwr, tvb, offset, 1, ENC_NA);
1136     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ece, tvb, offset, 1, ENC_NA);
1137     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_urg, tvb, offset, 1, ENC_NA);
1138     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ack, tvb, offset, 1, ENC_NA);
1139     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_psh, tvb, offset, 1, ENC_NA);
1140     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_rst, tvb, offset, 1, ENC_NA);
1141     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_syn, tvb, offset, 1, ENC_NA);
1142     proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_fin, tvb, offset, 1, ENC_NA);
1143
1144     offset += 4;
1145
1146     /* Priority -- Traffic class field enables a source to identify the desired
1147        delivery priority of the packets. Priority values are divided into
1148        ranges: traffic where the source provides congestion control and
1149        non-congestion control traffic.
1150
1151        It is displayed as unsigned integer here according to sFlow specification */
1152
1153     proto_tree_add_item(tree, hf_sflow_245_ipv6_priority, tvb, offset, 4, ENC_BIG_ENDIAN);
1154     offset += 4;
1155
1156     return offset;
1157 }
1158
1159 /* sflow v5 user data */
1160 static gint
1161 dissect_sflow_5_extended_user(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1162     guint32 src_length, dest_length;
1163
1164     /* charset is not processed here, all chars are assumed to be ASCII */
1165     proto_tree_add_item(tree, hf_sflow_5_extended_user_source_character_set, tvb, offset, 4, ENC_BIG_ENDIAN);
1166     offset += 4;
1167
1168     src_length = tvb_get_ntohl(tvb, offset);
1169     proto_tree_add_item(tree, hf_sflow_5_extended_user_source_user_string_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1170     offset += 4;
1171
1172     /* extract source user info char by char */
1173     proto_tree_add_item(tree, hf_sflow_5_extended_user_source_user, tvb, offset, src_length, ENC_NA|ENC_ASCII);
1174     offset += src_length;
1175     /* get the correct offset by adding padding byte count */
1176     if (src_length % 4)
1177         offset += (4 - src_length % 4);
1178
1179     /* charset is not processed here, all chars are assumed to be ASCII */
1180     proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_character_set, tvb, offset, 4, ENC_BIG_ENDIAN);
1181     offset += 4;
1182
1183     dest_length = tvb_get_ntohl(tvb, offset);
1184     proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_user_string_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1185     offset += 4;
1186
1187     /* extract destination user info char by char */
1188     proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_user, tvb, offset, dest_length, ENC_NA|ENC_ASCII);
1189     offset += dest_length;
1190     /* get the correct offset by adding padding byte count */
1191     if (dest_length % 4)
1192         offset += (4 - dest_length % 4);
1193
1194     return offset;
1195 }
1196
1197 /* sflow v5 URL data */
1198 static gint
1199 dissect_sflow_5_extended_url(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1200     guint32 direction, url_length, host_length;
1201
1202     direction = tvb_get_ntohl(tvb, offset);
1203     switch (direction) {
1204         case 1:
1205             proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1206                                         "Source Address is Server(%u)", direction);
1207             break;
1208         case 2:
1209             proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1210                                         "Destination Address is Server (%u)", direction);
1211             break;
1212         default:
1213             proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1214                                         "Server Unspecified (%u)", direction);
1215             break;
1216     }
1217     offset += 4;
1218
1219     url_length = tvb_get_ntohl(tvb, offset);
1220     proto_tree_add_item(tree, hf_sflow_5_extended_url_url_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1221     offset += 4;
1222
1223     /* extract URL char by char */
1224     proto_tree_add_item(tree, hf_sflow_5_extended_url_url, tvb, offset, url_length, ENC_NA|ENC_ASCII);
1225     offset += url_length;
1226     /* get the correct offset by adding padding byte count */
1227     if (url_length % 4)
1228         offset += (4 - url_length % 4);
1229
1230     host_length = tvb_get_ntohl(tvb, offset);
1231     proto_tree_add_item(tree, hf_sflow_5_extended_url_host_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1232     offset += 4;
1233
1234     /* extract host info char by char */
1235     proto_tree_add_item(tree, hf_sflow_5_extended_url_host, tvb, offset, host_length, ENC_NA|ENC_ASCII);
1236     offset += host_length;
1237     /* get the correct offset by adding padding byte count */
1238     if (host_length % 4)
1239         offset += (4 - host_length % 4);
1240
1241     return offset;
1242 }
1243
1244 /* sflow v5 MPLS tunnel */
1245 static gint
1246 dissect_sflow_5_extended_mpls_tunnel(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1247     guint32 name_length;
1248
1249     name_length = tvb_get_ntohl(tvb, offset);
1250     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_name_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1251     offset += 4;
1252
1253     /* extract tunnel name char by char */
1254     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_name, tvb, offset, name_length, ENC_NA|ENC_ASCII);
1255     offset += name_length;
1256     /* get the correct offset by adding padding byte count */
1257     if (name_length % 4)
1258         offset += (4 - name_length % 4);
1259
1260     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1261     offset += 4;
1262
1263     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_cos_value, tvb, offset, 4, ENC_BIG_ENDIAN);
1264     offset += 4;
1265
1266     return offset;
1267 }
1268
1269 /* sflow v5 MPLS VC */
1270 static gint
1271 dissect_sflow_5_extended_mpls_vc(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1272     guint32 name_length;
1273
1274     name_length = tvb_get_ntohl(tvb, offset);
1275     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_instance_name_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1276     offset += 4;
1277
1278     /* extract source user info char by char */
1279     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_instance_name, tvb, offset, name_length, ENC_NA|ENC_ASCII);
1280     offset += name_length;
1281     /* get the correct offset by adding padding byte count */
1282     if (name_length % 4)
1283         offset += (4 - name_length % 4);
1284
1285     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1286     offset += 4;
1287
1288     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_label_cos_value, tvb, offset, 4, ENC_BIG_ENDIAN);
1289     offset += 4;
1290
1291     return offset;
1292 }
1293
1294 /* sflow v5 MPLS FEC */
1295 static gint
1296 dissect_sflow_5_extended_mpls_fec(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1297     guint32 length;
1298
1299     length = tvb_get_ntohl(tvb, offset);
1300     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_description_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1301     offset += 4;
1302
1303     /* extract MPLS FTN description char by char */
1304     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_description, tvb, offset, length, ENC_NA|ENC_ASCII);
1305     offset += length;
1306     /* get the correct offset by adding padding byte count */
1307     if (length % 4)
1308         offset += (4 - length % 4);
1309
1310     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
1311     offset += 4;
1312
1313     return offset;
1314 }
1315
1316 /* sflow v5 MPLS LVP FEC */
1317 static gint
1318 dissect_sflow_5_extended_mpls_lvp_fec(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1319
1320     proto_tree_add_item(tree, hf_sflow_5_extended_mpls_fec_address_prefix_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1321     offset += 4;
1322     return offset;
1323 }
1324
1325 /* sflow v5 extended VLAN tunnel */
1326 static gint
1327 dissect_sflow_5_extended_vlan_tunnel(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1328     guint32 num, i;
1329
1330     num = tvb_get_ntohl(tvb, offset);
1331     proto_tree_add_item(tree, hf_sflow_5_extended_vlan_tunnel_number_of_layers, tvb, offset, 4, ENC_BIG_ENDIAN);
1332     offset += 4;
1333
1334     /* loop strip 802.1Q TPID/TCI layers. each TPID/TCI pair is represented as a
1335        single 32 bit integer layers listed from outermost to innermost */
1336     for (i = 0; i < num; i++) {
1337         proto_tree_add_item(tree, hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair, tvb, offset, 4, ENC_BIG_ENDIAN);
1338         offset += 4;
1339     }
1340
1341     return offset;
1342 }
1343
1344 /* sflow v5 extended 802.11 payload */
1345 static gint
1346 dissect_sflow_5_extended_80211_payload(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1347     guint32 cipher_suite, OUI, suite_type, length;
1348
1349     cipher_suite = tvb_get_ntohl(tvb, offset);
1350     OUI = cipher_suite >> 8;
1351     suite_type = cipher_suite & 0x000000ff;
1352
1353     if (OUI == 0x000FAC) {
1354         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_oui, tvb, offset, 3, OUI, "Default (0x%X)", OUI);
1355         offset += 3;
1356         proto_tree_add_item(tree, hf_sflow_5_extended_80211_suite_type, tvb, offset, 1, ENC_NA);
1357     } else {
1358         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_oui, tvb, offset, 3, OUI, "Other vender (0x%X)", OUI);
1359         offset += 3;
1360         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_suite_type, tvb, offset, 1,
1361             suite_type, "Vender specific (%u)", suite_type);
1362     }
1363     offset++;
1364
1365     length = tvb_get_ntohl(tvb, offset);
1366     proto_tree_add_item(tree, hf_sflow_5_extended_80211_payload_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1367     offset += 4;
1368
1369     /* extract data byte by byte */
1370     proto_tree_add_item(tree, hf_sflow_5_extended_80211_payload, tvb, offset, length, ENC_NA);
1371     offset += length;
1372     /* get the correct offset by adding padding byte count */
1373     if (length % 4)
1374         offset += (4 - length % 4);
1375
1376     return offset;
1377 }
1378
1379 /* sflow v5 extended 802.11 rx */
1380 static gint
1381 dissect_sflow_5_extended_80211_rx(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1382     guint32 ssid_length, duration;
1383
1384     /* extract SSID char by char. max char count = 32 */
1385     ssid_length = tvb_get_ntohl(tvb, offset);
1386     offset += 4;
1387     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_ssid, tvb, offset, ssid_length, ENC_NA|ENC_ASCII);
1388     offset += ssid_length;
1389     /* get the correct offset by adding padding byte count */
1390     if (ssid_length % 4)
1391         offset += (4 - ssid_length % 4);
1392
1393     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_bssid, tvb, offset, 6, ENC_NA);
1394     /* Padded to 4 byte offset */
1395     offset += 8;
1396
1397     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_version, tvb, offset, 4, ENC_BIG_ENDIAN);
1398     offset += 4;
1399
1400     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
1401     offset += 4;
1402
1403     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_speed, tvb, offset, 8, ENC_BIG_ENDIAN);
1404     offset += 8;
1405
1406     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_rsni, tvb, offset, 4, ENC_BIG_ENDIAN);
1407     offset += 4;
1408
1409     proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_rcpi, tvb, offset, 4, ENC_BIG_ENDIAN);
1410     offset += 4;
1411
1412     duration = tvb_get_ntohl(tvb, offset);
1413     if (duration == 0) {
1414         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_rx_packet_duration, tvb, offset, 4, duration, "Unknown");
1415     } else {
1416         proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_packet_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1417     }
1418     offset += 4;
1419
1420     return offset;
1421 }
1422
1423 /* sflow v5 extended 802.11 tx */
1424 static gint
1425 dissect_sflow_5_extended_80211_tx(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1426     guint32 ssid_length, transmissions, packet_duration, retrans_duration;
1427
1428     /* extract SSID char by char. max char count = 32 */
1429     ssid_length = tvb_get_ntohl(tvb, offset);
1430     if (ssid_length > 32)
1431         ssid_length = 32;
1432     offset += 4;
1433     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_ssid, tvb, offset, ssid_length, ENC_NA|ENC_ASCII);
1434     offset += ssid_length;
1435     /* get the correct offset by adding padding byte count */
1436     if (ssid_length % 4)
1437         offset += (4 - ssid_length % 4);
1438
1439     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_bssid, tvb, offset, 6, ENC_NA);
1440     /* Padded to 4 byte offset */
1441     offset += 8;
1442
1443     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_version, tvb, offset, 4, ENC_BIG_ENDIAN);
1444     offset += 4;
1445
1446     transmissions = tvb_get_ntohl(tvb, offset);
1447     switch (transmissions) {
1448         case 0:
1449             proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4,
1450                     0, "Unknown");
1451             break;
1452         case 1:
1453             proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4,
1454                     1, "Packet transmitted sucessfully on first attempt");
1455             break;
1456         default:
1457             proto_tree_add_uint(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4, transmissions - 1);
1458             break;
1459     }
1460     offset += 4;
1461
1462     packet_duration = tvb_get_ntohl(tvb, offset);
1463     if (packet_duration == 0) {
1464         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_packet_duration, tvb, offset, 4, packet_duration, "Unknown");
1465     } else {
1466         proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_packet_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1467     }
1468     offset += 4;
1469
1470     retrans_duration = tvb_get_ntohl(tvb, offset);
1471     if (retrans_duration == 0) {
1472         proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmission_duration, tvb, offset, 4, retrans_duration, "Unknown");
1473     } else {
1474         proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_retransmission_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1475     }
1476     offset += 4;
1477
1478     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
1479     offset += 4;
1480
1481     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_speed, tvb, offset, 8, ENC_BIG_ENDIAN);
1482     offset += 8;
1483
1484     proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_power, tvb, offset, 4, ENC_BIG_ENDIAN);
1485     offset += 4;
1486
1487     return offset;
1488 }
1489
1490 /* sflow v5 extended 802.11 aggregation */
1491 static gint
1492 dissect_sflow_5_extended_80211_aggregation(tvbuff_t *tvb _U_, proto_tree *tree _U_, gint offset) {
1493
1494     return offset;
1495 }
1496
1497 /* dissect an sflow v2/4 flow sample */
1498 static gint
1499 dissect_sflow_24_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
1500         proto_tree *tree, gint offset, proto_item *parent) {
1501     guint32 sequence_number, sampling_rate, sample_pool, output;
1502
1503     proto_tree *extended_data_tree;
1504     proto_item *ti;
1505     guint32 packet_type, extended_data, ext_type, i;
1506
1507     sequence_number = tvb_get_ntohl(tvb, offset);
1508     proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
1509     proto_item_append_text(parent, ", seq %u", sequence_number);
1510     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_class, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1511     proto_tree_add_item(tree, hf_sflow_flow_sample_index, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1512     sampling_rate = tvb_get_ntohl(tvb, offset + 8);
1513     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset + 8, 4,
1514             sampling_rate, "1 out of %u packets",
1515             sampling_rate);
1516     sample_pool = tvb_get_ntohl(tvb, offset + 12);
1517     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sample_pool, tvb, offset + 12, 4,
1518             sample_pool, "%u total packets",
1519             sample_pool);
1520     proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset + 16, 4, ENC_BIG_ENDIAN);
1521     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface, tvb, offset + 20, 4, ENC_BIG_ENDIAN);
1522     output = tvb_get_ntohl(tvb, offset + 24);
1523     if (output & 0x80000000) {
1524         output & 0x7fffffff ?
1525             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset + 24, 4,
1526                 output & 0x7fffffff, "%u interfaces", output & 0x7fffffff) :
1527             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset + 24, 4,
1528                 0x80000000, "unknown number");
1529     } else {
1530         proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface, tvb, offset + 24, 4, ENC_BIG_ENDIAN);
1531     }
1532     offset += 28;
1533
1534     /* what kind of flow sample is it? */
1535     packet_type = tvb_get_ntohl(tvb, offset);
1536     proto_tree_add_item(tree, hf_sflow_245_packet_information_type, tvb, offset, 4, ENC_BIG_ENDIAN);
1537     offset += 4;
1538     switch (packet_type) {
1539         case SFLOW_245_PACKET_DATA_TYPE_HEADER:
1540             offset = dissect_sflow_245_sampled_header(tvb, pinfo, tree, offset);
1541             break;
1542         case SFLOW_245_PACKET_DATA_TYPE_IPV4:
1543         case SFLOW_245_PACKET_DATA_TYPE_IPV6:
1544         default:
1545             break;
1546     }
1547     /* still need to dissect extended data */
1548     extended_data = tvb_get_ntohl(tvb, offset);
1549     offset += 4;
1550
1551     for (i = 0; i < extended_data; i++) {
1552         /* figure out what kind of extended data it is */
1553         ext_type = tvb_get_ntohl(tvb, offset);
1554
1555         /* create a subtree.  Might want to move this to
1556          * the end, so more info can be correct.
1557          */
1558         ti = proto_tree_add_uint(tree, hf_sflow_245_extended_information_type, tvb, offset, 4, ext_type);
1559         extended_data_tree = proto_item_add_subtree(ti, ett_sflow_245_extended_data);
1560         offset += 4;
1561
1562         switch (ext_type) {
1563             case SFLOW_245_EXTENDED_SWITCH:
1564                 offset = dissect_sflow_245_extended_switch(tvb, extended_data_tree, offset);
1565                 break;
1566             case SFLOW_245_EXTENDED_ROUTER:
1567                 offset = dissect_sflow_245_extended_router(tvb, pinfo, extended_data_tree, offset);
1568                 break;
1569             case SFLOW_245_EXTENDED_GATEWAY:
1570                 offset = dissect_sflow_245_extended_gateway(tvb, pinfo, extended_data_tree, offset);
1571                 break;
1572             case SFLOW_245_EXTENDED_USER:
1573                 break;
1574             case SFLOW_245_EXTENDED_URL:
1575                 break;
1576             default:
1577                 break;
1578         }
1579         proto_item_set_end(ti, tvb, offset);
1580     }
1581     return offset;
1582
1583 }
1584
1585 /* dissect an sflow v5 flow record */
1586 static gint
1587 dissect_sflow_5_flow_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
1588     proto_tree *flow_data_tree;
1589     proto_item *ti;
1590     guint32 enterprise_format, enterprise, format;
1591
1592     /* what kind of flow sample is it? */
1593     enterprise_format = tvb_get_ntohl(tvb, offset);
1594     enterprise = enterprise_format >> 12;
1595     format = enterprise_format & 0x00000fff;
1596
1597     /* only accept default enterprise 0 (InMon sFlow) */
1598     if (enterprise == ENTERPRISE_DEFAULT) {
1599         ti = proto_tree_add_text(tree, tvb, offset, -1, "%s",
1600                 val_to_str_const(format, sflow_5_flow_record_type, "Unknown sample format"));
1601         flow_data_tree = proto_item_add_subtree(ti, ett_sflow_5_flow_record);
1602
1603         proto_tree_add_uint_format_value(flow_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1604                             enterprise, "standard sFlow (%u)", enterprise);
1605         proto_tree_add_item(flow_data_tree, hf_sflow_5_flow_record_format, tvb, offset, 4, ENC_BIG_ENDIAN);
1606         offset += 4;
1607
1608         proto_tree_add_item(flow_data_tree, hf_sflow_5_flow_data_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1609         offset += 4;
1610
1611         switch (format) {
1612             case SFLOW_5_RAW_PACKET_HEADER:
1613                 offset = dissect_sflow_245_sampled_header(tvb, pinfo, flow_data_tree, offset);
1614                 break;
1615             case SFLOW_5_ETHERNET_FRAME:
1616                 offset = dissect_sflow_5_ethernet_frame(tvb, flow_data_tree, offset);
1617                 break;
1618             case SFLOW_5_IPV4:
1619                 offset = dissect_sflow_5_ipv4(tvb, flow_data_tree, offset);
1620                 break;
1621             case SFLOW_5_IPV6:
1622                 offset = dissect_sflow_5_ipv6(tvb, flow_data_tree, offset);
1623                 break;
1624             case SFLOW_5_SWITCH:
1625                 offset = dissect_sflow_245_extended_switch(tvb, flow_data_tree, offset);
1626                 break;
1627             case SFLOW_5_ROUTER:
1628                 offset = dissect_sflow_245_extended_router(tvb, pinfo, flow_data_tree, offset);
1629                 break;
1630             case SFLOW_5_GATEWAY:
1631                 offset = dissect_sflow_245_extended_gateway(tvb, pinfo, flow_data_tree, offset);
1632                 break;
1633             case SFLOW_5_USER:
1634                 offset = dissect_sflow_5_extended_user(tvb, flow_data_tree, offset);
1635                 break;
1636             case SFLOW_5_URL:
1637                 offset = dissect_sflow_5_extended_url(tvb, flow_data_tree, offset);
1638                 break;
1639             case SFLOW_5_MPLS_DATA:
1640                 offset = dissect_sflow_5_extended_mpls_data(tvb, pinfo, flow_data_tree, offset);
1641                 break;
1642             case SFLOW_5_NAT:
1643                 offset = dissect_sflow_5_extended_nat(tvb, pinfo, flow_data_tree, offset);
1644                 break;
1645             case SFLOW_5_MPLS_TUNNEL:
1646                 offset = dissect_sflow_5_extended_mpls_tunnel(tvb, flow_data_tree, offset);
1647                 break;
1648             case SFLOW_5_MPLS_VC:
1649                 offset = dissect_sflow_5_extended_mpls_vc(tvb, flow_data_tree, offset);
1650                 break;
1651             case SFLOW_5_MPLS_FEC:
1652                 offset = dissect_sflow_5_extended_mpls_fec(tvb, flow_data_tree, offset);
1653                 break;
1654             case SFLOW_5_MPLS_LVP_FEC:
1655                 offset = dissect_sflow_5_extended_mpls_lvp_fec(tvb, flow_data_tree, offset);
1656                 break;
1657             case SFLOW_5_VLAN_TUNNEL:
1658                 offset = dissect_sflow_5_extended_vlan_tunnel(tvb, flow_data_tree, offset);
1659                 break;
1660             case SFLOW_5_80211_PAYLOAD:
1661                 offset = dissect_sflow_5_extended_80211_payload(tvb, flow_data_tree, offset);
1662                 break;
1663             case SFLOW_5_80211_RX:
1664                 offset = dissect_sflow_5_extended_80211_rx(tvb, flow_data_tree, offset);
1665                 break;
1666             case SFLOW_5_80211_TX:
1667                 offset = dissect_sflow_5_extended_80211_tx(tvb, flow_data_tree, offset);
1668                 break;
1669             case SFLOW_5_80211_AGGREGATION:
1670                 offset = dissect_sflow_5_extended_80211_aggregation(tvb, flow_data_tree, offset);
1671                 break;
1672             default:
1673                 break;
1674         }
1675     } else {
1676         /* unknown enterprise format, what to do?? */
1677         ti = proto_tree_add_text(tree, tvb, offset, -1, "Unknown enterprise format");
1678         flow_data_tree = proto_item_add_subtree(ti, ett_sflow_5_flow_record);
1679         proto_tree_add_uint_format_value(flow_data_tree, hf_sflow_enterprise, tvb, offset, -1,
1680                                     enterprise, "Non-standard sFlow (%u)", enterprise);
1681     }
1682     proto_item_set_end(ti, tvb, offset);
1683
1684     return offset;
1685 }
1686
1687 /* dissect generic interface counters */
1688 static gint
1689 dissect_sflow_5_generic_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1690
1691     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifindex, tvb, offset, 4, ENC_BIG_ENDIAN);
1692     offset += 4;
1693     proto_tree_add_item(counter_data_tree, hf_sflow_245_iftype, tvb, offset, 4, ENC_BIG_ENDIAN);
1694     offset += 4;
1695     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifspeed, tvb, offset, 8, ENC_BIG_ENDIAN);
1696     offset += 8;
1697     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifdirection, tvb, offset, 4, ENC_BIG_ENDIAN);
1698     offset += 4;
1699     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifadmin_status, tvb, offset, 4, ENC_BIG_ENDIAN);
1700     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoper_status, tvb, offset, 4, ENC_BIG_ENDIAN);
1701     offset += 4;
1702     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinoct, tvb, offset, 8, ENC_BIG_ENDIAN);
1703     offset += 8;
1704     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
1705     offset += 4;
1706     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1707     offset += 4;
1708     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1709     offset += 4;
1710     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifindisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1711     offset += 4;
1712     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinerr, tvb, offset, 4, ENC_BIG_ENDIAN);
1713     offset += 4;
1714     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinunk, tvb, offset, 4, ENC_BIG_ENDIAN);
1715     offset += 4;
1716     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutoct, tvb, offset, 8, ENC_BIG_ENDIAN);
1717     offset += 8;
1718     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
1719     offset += 4;
1720     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1721     offset += 4;
1722     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1723     offset += 4;
1724     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutdisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1725     offset += 4;
1726     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifouterr, tvb, offset, 4, ENC_BIG_ENDIAN);
1727     offset += 4;
1728     proto_tree_add_item(counter_data_tree, hf_sflow_245_ifpromisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1729     offset += 4;
1730
1731     return offset;
1732 }
1733
1734 /* dissect ethernet interface counters */
1735 static gint
1736 dissect_sflow_5_ethernet_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1737
1738     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsAlignmentErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1739     offset += 4;
1740     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsFCSErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1741     offset += 4;
1742     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSingleCollisionFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1743     offset += 4;
1744     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsMultipleCollisionFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1745     offset += 4;
1746     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSQETestErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1747     offset += 4;
1748     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsDeferredTransmissions, tvb, offset, 4, ENC_BIG_ENDIAN);
1749     offset += 4;
1750     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsLateCollisions, tvb, offset, 4, ENC_BIG_ENDIAN);
1751     offset += 4;
1752     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsExcessiveCollisions, tvb, offset, 4, ENC_BIG_ENDIAN);
1753     offset += 4;
1754     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsInternalMacTransmitErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1755     offset += 4;
1756     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsCarrierSenseErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1757     offset += 4;
1758     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsFrameTooLongs, tvb, offset, 4, ENC_BIG_ENDIAN);
1759     offset += 4;
1760     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsInternalMacReceiveErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1761     offset += 4;
1762     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSymbolErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1763     offset += 4;
1764
1765     return offset;
1766 }
1767
1768 /* dissect token ring counters */
1769 static gint
1770 dissect_sflow_5_token_ring(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1771
1772     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLineErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1773     offset += 4;
1774     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsBurstErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1775     offset += 4;
1776     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsACErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1777     offset += 4;
1778     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsAbortTransErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1779     offset += 4;
1780     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsInternalErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1781     offset += 4;
1782     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLostFrameErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1783     offset += 4;
1784     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsReceiveCongestions, tvb, offset, 4, ENC_BIG_ENDIAN);
1785     offset += 4;
1786     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsFrameCopiedErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1787     offset += 4;
1788     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsTokenErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1789     offset += 4;
1790     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSoftErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1791     offset += 4;
1792     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsHardErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1793     offset += 4;
1794     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSignalLoss, tvb, offset, 4, ENC_BIG_ENDIAN);
1795     offset += 4;
1796     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsTransmitBeacons, tvb, offset, 4, ENC_BIG_ENDIAN);
1797     offset += 4;
1798     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsRecoveries, tvb, offset, 4, ENC_BIG_ENDIAN);
1799     offset += 4;
1800     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLobeWires, tvb, offset, 4, ENC_BIG_ENDIAN);
1801     offset += 4;
1802     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsRemoves, tvb, offset, 4, ENC_BIG_ENDIAN);
1803     offset += 4;
1804     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSingles, tvb, offset, 4, ENC_BIG_ENDIAN);
1805     offset += 4;
1806     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsFreqErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1807     offset += 4;
1808
1809     return offset;
1810 }
1811
1812 /* dissect 100 BaseVG interface counters */
1813 static gint
1814 dissect_sflow_5_vg_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1815
1816     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InHighPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1817     offset += 4;
1818     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1819     offset += 8;
1820     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNormPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1821     offset += 4;
1822     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNormPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1823     offset += 8;
1824     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InIPMErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1825     offset += 4;
1826     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InOversizeFrameErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1827     offset += 4;
1828     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InDataErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1829     offset += 4;
1830     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNullAddressedFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1831     offset += 4;
1832     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12OutHighPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1833     offset += 4;
1834     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12OutHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1835     offset += 8;
1836     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12TransitionIntoTrainings, tvb, offset, 4, ENC_BIG_ENDIAN);
1837     offset += 4;
1838     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCInHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1839     offset += 8;
1840     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCInNormPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1841     offset += 8;
1842     proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCOutHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1843     offset += 8;
1844
1845     return offset;
1846 }
1847
1848 /* dissect VLAN counters */
1849 static gint
1850 dissect_sflow_5_vlan(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1851
1852     proto_tree_add_item(counter_data_tree, hf_sflow_245_vlan_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1853     offset += 4;
1854     proto_tree_add_item(counter_data_tree, hf_sflow_245_octets, tvb, offset, 8, ENC_BIG_ENDIAN);
1855     offset += 8;
1856     proto_tree_add_item(counter_data_tree, hf_sflow_245_ucastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1857     offset += 4;
1858     proto_tree_add_item(counter_data_tree, hf_sflow_245_multicastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1859     offset += 4;
1860     proto_tree_add_item(counter_data_tree, hf_sflow_245_broadcastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1861     offset += 4;
1862     proto_tree_add_item(counter_data_tree, hf_sflow_245_discards, tvb, offset, 4, ENC_BIG_ENDIAN);
1863     offset += 4;
1864
1865     return offset;
1866 }
1867
1868 /* dissect 802.11 counters */
1869 static gint
1870 dissect_sflow_5_80211_counters(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1871
1872     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11TransmittedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1873     offset += 4;
1874     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MulticastTransmittedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1875     offset += 4;
1876     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FailedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1877     offset += 4;
1878     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RetryCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1879     offset += 4;
1880     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MultipleRetryCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1881     offset += 4;
1882     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FrameDuplicateCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1883     offset += 4;
1884     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RTSSuccessCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1885     offset += 4;
1886     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RTSFailureCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1887     offset += 4;
1888     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11ACKFailureCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1889     offset += 4;
1890     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11ReceivedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1891     offset += 4;
1892     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MulticastReceivedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1893     offset += 4;
1894     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FCSErrorCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1895     offset += 4;
1896     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11TransmittedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1897     offset += 4;
1898     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11WEPUndecryptableCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1899     offset += 4;
1900     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSDiscardedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1901     offset += 4;
1902     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11AssociatedStationCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1903     offset += 4;
1904     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsReceivedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1905     offset += 4;
1906     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsUnusedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1907     offset += 4;
1908     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsUnusableCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1909     offset += 4;
1910     proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsLostCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1911     offset += 4;
1912
1913     return offset;
1914 }
1915
1916 /* dissect processor information */
1917 static gint
1918 dissect_sflow_5_processor_information(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1919
1920     proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_5s, tvb, offset, 4, ENC_BIG_ENDIAN);
1921     offset += 4;
1922     proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_1m, tvb, offset, 4, ENC_BIG_ENDIAN);
1923     offset += 4;
1924     proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_5m, tvb, offset, 4, ENC_BIG_ENDIAN);
1925     offset += 4;
1926     proto_tree_add_item(counter_data_tree, hf_sflow_5_total_memory, tvb, offset, 8, ENC_BIG_ENDIAN);
1927     offset += 8;
1928     proto_tree_add_item(counter_data_tree, hf_sflow_5_free_memory, tvb, offset, 8, ENC_BIG_ENDIAN);
1929     offset += 8;
1930
1931     return offset;
1932 }
1933
1934 /* dissect radio utilization */
1935 static gint
1936 dissect_sflow_5_radio_utilization(proto_tree *counter_data_tree, tvbuff_t *tvb, gint offset) {
1937
1938     proto_tree_add_item(counter_data_tree, hf_sflow_5_elapsed_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1939     offset += 4;
1940     proto_tree_add_item(counter_data_tree, hf_sflow_5_on_channel_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1941     offset += 4;
1942     proto_tree_add_item(counter_data_tree, hf_sflow_5_on_channel_busy_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1943     offset += 4;
1944
1945     return offset;
1946 }
1947
1948 /* dissect an sflow v5 counters record */
1949 static gint
1950 dissect_sflow_5_counters_record(tvbuff_t *tvb, proto_tree *tree, gint offset) {
1951     proto_tree *counter_data_tree;
1952     proto_item *ti;
1953     guint32 enterprise_format, enterprise, format;
1954
1955     /* what kind of flow sample is it? */
1956     enterprise_format = tvb_get_ntohl(tvb, offset);
1957     enterprise = enterprise_format >> 12;
1958     format = enterprise_format & 0x00000fff;
1959
1960     if (enterprise == ENTERPRISE_DEFAULT) { /* only accept default enterprise 0 (InMon sFlow) */
1961         ti = proto_tree_add_text(tree, tvb, offset, -1, "%s",
1962                 val_to_str_const(format, sflow_5_counters_record_type, "Unknown sample format"));
1963         counter_data_tree = proto_item_add_subtree(ti, ett_sflow_5_counters_record);
1964
1965         proto_tree_add_uint_format_value(counter_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1966                                 enterprise, "standard sFlow (%u)", enterprise);
1967
1968         proto_tree_add_item(counter_data_tree, hf_sflow_5_counters_record_format, tvb, offset, 4, ENC_BIG_ENDIAN);
1969         offset += 4;
1970
1971         proto_tree_add_item(counter_data_tree, hf_sflow_5_flow_data_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1972         offset += 4;
1973
1974         switch (format) {
1975             case SFLOW_5_GENERIC_INTERFACE:
1976                 offset = dissect_sflow_5_generic_interface(counter_data_tree, tvb, offset);
1977                 break;
1978             case SFLOW_5_ETHERNET_INTERFACE:
1979                 offset = dissect_sflow_5_ethernet_interface(counter_data_tree, tvb, offset);
1980                 break;
1981             case SFLOW_5_TOKEN_RING:
1982                 offset = dissect_sflow_5_token_ring(counter_data_tree, tvb, offset);
1983                 break;
1984             case SFLOW_5_100BASE_VG_INTERFACE:
1985                 offset = dissect_sflow_5_vg_interface(counter_data_tree, tvb, offset);
1986                 break;
1987             case SFLOW_5_VLAN:
1988                 offset = dissect_sflow_5_vlan(counter_data_tree, tvb, offset);
1989                 break;
1990             case SFLOW_5_80211_COUNTERS:
1991                 offset = dissect_sflow_5_80211_counters(counter_data_tree, tvb, offset);
1992                 break;
1993             case SFLOW_5_PROCESSOR:
1994                 offset = dissect_sflow_5_processor_information(counter_data_tree, tvb, offset);
1995                 break;
1996             case SFLOW_5_RADIO_UTILIZATION:
1997                 offset = dissect_sflow_5_radio_utilization(counter_data_tree, tvb, offset);
1998                 break;
1999             default:
2000                 break;
2001         }
2002     } else { /* unknown enterprise format, what to do?? */
2003         ti = proto_tree_add_text(tree, tvb, offset, -1, "Unknown enterprise format");
2004         counter_data_tree = proto_item_add_subtree(ti, ett_sflow_5_counters_record);
2005         proto_tree_add_uint_format_value(counter_data_tree, hf_sflow_enterprise, tvb, offset, -1,
2006                         enterprise, "Non-standard sFlow (%u)", enterprise);
2007     }
2008     proto_item_set_end(ti, tvb, offset);
2009
2010     return offset;
2011 }
2012
2013 /* dissect an sflow v5 flow sample */
2014 static void
2015 dissect_sflow_5_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
2016         proto_tree *tree, gint offset, proto_item *parent) {
2017
2018     guint32 sequence_number, sampling_rate, sample_pool,
2019             output, records, i;
2020
2021     sequence_number = tvb_get_ntohl(tvb, offset);
2022     proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2023     offset += 4;
2024     proto_item_append_text(parent, ", seq %u", sequence_number);
2025
2026     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_class, tvb, offset, 4, ENC_BIG_ENDIAN);
2027     proto_tree_add_item(tree, hf_sflow_flow_sample_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2028     offset += 4;
2029     sampling_rate = tvb_get_ntohl(tvb, offset);
2030     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset, 4,
2031             sampling_rate, "1 out of %u packets", sampling_rate);
2032     offset += 4;
2033     sample_pool = tvb_get_ntohl(tvb, offset);
2034     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sample_pool, tvb, offset, 4,
2035             sample_pool, "%u total packets", sample_pool);
2036     offset += 4;
2037     proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset, 4, ENC_BIG_ENDIAN);
2038     offset += 4;
2039     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface, tvb, offset, 4, ENC_BIG_ENDIAN);
2040     offset += 4;
2041     output = tvb_get_ntohl(tvb, offset);
2042     if (output & 0x80000000) {
2043         output & 0x7fffffff ?
2044             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset, 4,
2045                 output & 0x7fffffff, "%u interfaces", output & 0x7fffffff) :
2046             proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_multiple_outputs, tvb, offset, 4,
2047                 0x80000000, "unknown number");
2048     } else {
2049         proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface, tvb, offset, 4, ENC_BIG_ENDIAN);
2050     }
2051     offset += 4;
2052     records = tvb_get_ntohl(tvb, offset);
2053     proto_tree_add_item(tree, hf_sflow_flow_sample_flow_record, tvb, offset, 4, ENC_BIG_ENDIAN);
2054     offset += 4;
2055
2056     /* start loop processing flow records */
2057     /* we set an upper records limit to 255 in case corrupted data causes
2058      * huge number of loops! */
2059     for (i = 0; i < (records&0x000000ff); i++) {
2060         offset = dissect_sflow_5_flow_record(tvb, pinfo, tree, offset);
2061     }
2062
2063 }
2064
2065 /* dissect an expanded flow sample */
2066 static void
2067 dissect_sflow_5_expanded_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
2068         proto_tree *tree, gint offset, proto_item *parent) {
2069
2070     guint32 sequence_number, sampling_rate, sample_pool, records, i;
2071
2072     sequence_number = tvb_get_ntohl(tvb, offset);
2073     proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2074     offset += 4;
2075     proto_item_append_text(parent, ", seq %u", sequence_number);
2076     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2077     offset += 4;
2078     proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2079     offset += 4;
2080     sampling_rate = tvb_get_ntohl(tvb, offset);
2081     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset, 4,
2082             sampling_rate, "1 out of %u packets", sampling_rate);
2083     offset += 4;
2084     sample_pool = tvb_get_ntohl(tvb, offset);
2085     proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sample_pool, tvb, offset, 4,
2086             sample_pool, "%u total packets", sample_pool);
2087     offset += 4;
2088     proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset, 4, ENC_BIG_ENDIAN);
2089     offset += 4;
2090     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface_format, tvb, offset, 4, ENC_BIG_ENDIAN);
2091     offset += 4;
2092     proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface_value, tvb, offset, 4, ENC_BIG_ENDIAN);
2093     offset += 4;
2094     proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface_format, tvb, offset, 4, ENC_BIG_ENDIAN);
2095     offset += 4;
2096     proto_tree_add_item(tree, hf_sflow_flow_sample_output_interface_value, tvb, offset, 4, ENC_BIG_ENDIAN);
2097     offset += 4;
2098     records = tvb_get_ntohl(tvb, offset);
2099     proto_tree_add_item(tree, hf_sflow_flow_sample_flow_record, tvb, offset, 4, ENC_BIG_ENDIAN);
2100     offset += 4;
2101
2102     /* start loop processing flow records
2103      * we limit record count to 255 in case corrupted data may cause huge number of loops */
2104     for (i = 0; i < (records&0x000000ff); i++) {
2105         offset = dissect_sflow_5_flow_record(tvb, pinfo, tree, offset);
2106     }
2107 }
2108
2109 /* dissect an sflow v2/4 counters sample */
2110 static gint
2111 dissect_sflow_24_counters_sample(tvbuff_t *tvb, proto_tree *tree, gint offset, proto_item *parent) {
2112
2113     guint32 sequence_number, counters_type;
2114
2115     sequence_number = tvb_get_ntohl(tvb, offset);
2116     proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2117     proto_item_append_text(parent, ", seq %u", sequence_number);
2118
2119     proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_class, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
2120     proto_tree_add_item(tree, hf_sflow_counters_sample_index, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
2121     proto_tree_add_item(tree, hf_sflow_counters_sample_sampling_interval, tvb, offset + 8, 4, ENC_BIG_ENDIAN);
2122     counters_type = tvb_get_ntohl(tvb, offset + 12);
2123     proto_tree_add_item(tree, hf_sflow_counters_sample_counters_type, tvb, offset + 12, 4, ENC_BIG_ENDIAN);
2124
2125     offset += 16;
2126
2127     /* most counters types have the "generic" counters first */
2128     switch (counters_type) {
2129         case SFLOW_245_COUNTERS_GENERIC:
2130         case SFLOW_245_COUNTERS_ETHERNET:
2131         case SFLOW_245_COUNTERS_TOKENRING:
2132         case SFLOW_245_COUNTERS_FDDI:
2133         case SFLOW_245_COUNTERS_VG:
2134         case SFLOW_245_COUNTERS_WAN:
2135             proto_tree_add_item(tree, hf_sflow_245_ifindex, tvb, offset, 4, ENC_BIG_ENDIAN);
2136             proto_item_append_text(parent, ", ifIndex %u", tvb_get_ntohl(tvb, offset));
2137             offset += 4;
2138             proto_tree_add_item(tree, hf_sflow_245_iftype, tvb, offset, 4, ENC_BIG_ENDIAN);
2139             offset += 4;
2140             proto_tree_add_item(tree, hf_sflow_245_ifspeed, tvb, offset, 8, ENC_BIG_ENDIAN);
2141             offset += 8;
2142             proto_tree_add_item(tree, hf_sflow_245_ifdirection, tvb, offset, 4, ENC_BIG_ENDIAN);
2143             offset += 4;
2144             proto_tree_add_item(tree, hf_sflow_245_ifadmin_status, tvb, offset, 4, ENC_BIG_ENDIAN);
2145             proto_tree_add_item(tree, hf_sflow_245_ifoper_status, tvb, offset, 4, ENC_BIG_ENDIAN);
2146             offset += 4;
2147             proto_tree_add_item(tree, hf_sflow_245_ifinoct, tvb, offset, 8, ENC_BIG_ENDIAN);
2148             offset += 8;
2149             proto_tree_add_item(tree, hf_sflow_245_ifinpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
2150             offset += 4;
2151             proto_tree_add_item(tree, hf_sflow_245_ifinmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2152             offset += 4;
2153             proto_tree_add_item(tree, hf_sflow_245_ifinbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2154             offset += 4;
2155             proto_tree_add_item(tree, hf_sflow_245_ifindisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2156             offset += 4;
2157             proto_tree_add_item(tree, hf_sflow_245_ifinerr, tvb, offset, 4, ENC_BIG_ENDIAN);
2158             offset += 4;
2159             proto_tree_add_item(tree, hf_sflow_245_ifinunk, tvb, offset, 4, ENC_BIG_ENDIAN);
2160             offset += 4;
2161             proto_tree_add_item(tree, hf_sflow_245_ifoutoct, tvb, offset, 8, ENC_BIG_ENDIAN);
2162             offset += 8;
2163             proto_tree_add_item(tree, hf_sflow_245_ifoutpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
2164             offset += 4;
2165             proto_tree_add_item(tree, hf_sflow_245_ifoutmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2166             offset += 4;
2167             proto_tree_add_item(tree, hf_sflow_245_ifoutbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2168             offset += 4;
2169             proto_tree_add_item(tree, hf_sflow_245_ifoutdisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2170             offset += 4;
2171             proto_tree_add_item(tree, hf_sflow_245_ifouterr, tvb, offset, 4, ENC_BIG_ENDIAN);
2172             offset += 4;
2173             proto_tree_add_item(tree, hf_sflow_245_ifpromisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2174             offset += 4;
2175             break;
2176     }
2177
2178     /* Some counter types have other info to gather */
2179     switch (counters_type) {
2180         case SFLOW_245_COUNTERS_ETHERNET:
2181             offset += (int)sizeof (struct ethernet_counters);
2182             break;
2183         case SFLOW_245_COUNTERS_TOKENRING:
2184             offset = dissect_sflow_5_token_ring(tree, tvb, offset);
2185             break;
2186         case SFLOW_245_COUNTERS_VG:
2187             offset = dissect_sflow_5_vg_interface(tree, tvb, offset);
2188             break;
2189         case SFLOW_245_COUNTERS_VLAN:
2190             offset = dissect_sflow_5_vlan(tree, tvb, offset);
2191             break;
2192         default:
2193             break;
2194     }
2195     return offset;
2196 }
2197
2198 /* dissect an sflow v5 counters sample */
2199 static void
2200 dissect_sflow_5_counters_sample(tvbuff_t *tvb, proto_tree *tree, gint offset, proto_item *parent) {
2201     guint32 sequence_number, records, i;
2202
2203     /* grab the flow header.  This will remain in network byte
2204        order, so must convert each item before use */
2205     sequence_number = tvb_get_ntohl(tvb, offset);
2206     proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2207     proto_item_append_text(parent, ", seq %u", sequence_number);
2208     offset += 4;
2209     proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2210     proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2211     offset += 4;
2212     records = tvb_get_ntohl(tvb, offset);
2213     proto_tree_add_item(tree, hf_sflow_counters_sample_counters_records, tvb, offset, 4, ENC_BIG_ENDIAN);
2214     offset += 4;
2215
2216     /* start loop processing counters records
2217      * limit record count to 255 in case corrupted data may cause huge number of loops */
2218     for (i = 0; i < (records&0x000000ff); i++) {
2219         offset = dissect_sflow_5_counters_record(tvb, tree, offset);
2220     }
2221 }
2222
2223 /* dissect an expanded counters sample */
2224 static void
2225 dissect_sflow_5_expanded_counters_sample(tvbuff_t *tvb, proto_tree *tree, gint offset, proto_item *parent) {
2226     guint32 sequence_number, records, i;
2227
2228     sequence_number = tvb_get_ntohl(tvb, offset);
2229     proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2230     proto_item_append_text(parent, ", seq %u", sequence_number);
2231     offset += 4;
2232     proto_tree_add_item(tree, hf_sflow_counters_sample_expanded_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2233     offset += 4;
2234     proto_tree_add_item(tree, hf_sflow_counters_sample_expanded_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2235     offset += 4;
2236     records = tvb_get_ntohl(tvb, offset);
2237     proto_tree_add_item(tree, hf_sflow_counters_sample_counters_records, tvb, offset, 4, ENC_BIG_ENDIAN);
2238     offset += 4;
2239
2240     /* start loop processing counters records
2241      * limit record count to 255 in case corrupted data may cause huge number of loops */
2242     for (i = 0; i < (records&0x000000ff); i++) {
2243         offset = dissect_sflow_5_counters_record(tvb, tree, offset);
2244     }
2245 }
2246
2247 /* Code to dissect the sflow v2/4/5 samples */
2248 static gint
2249 dissect_sflow_245_samples(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset, guint32 version) {
2250     proto_tree *sflow_245_sample_tree;
2251     proto_item *ti;             /* tree item */
2252     guint32     sample_type, enterprise, format, length;
2253
2254     /* decide what kind of sample it is. */
2255     sample_type = tvb_get_ntohl(tvb, offset);
2256     if (version == 5) {
2257         enterprise = sample_type >> 12;
2258         format = sample_type & 0x00000fff;
2259
2260         if (enterprise == ENTERPRISE_DEFAULT) { /* only accept default enterprise 0 (InMon sFlow) */
2261             ti = proto_tree_add_text(tree, tvb, offset, -1, "%s",
2262                     val_to_str_const(format, sflow_245_sampletype, "Unknown sample format"));
2263             sflow_245_sample_tree = proto_item_add_subtree(ti, ett_sflow_245_sample);
2264
2265             proto_tree_add_uint_format_value(sflow_245_sample_tree, hf_sflow_enterprise, tvb, offset, 4, enterprise, "standard sFlow (%u)", enterprise);
2266             proto_tree_add_item(sflow_245_sample_tree, hf_sflow_245_sampletype12, tvb, offset, 4, ENC_BIG_ENDIAN);
2267             offset += 4;
2268
2269             length = tvb_get_ntohl(tvb, offset);
2270             proto_tree_add_item(sflow_245_sample_tree, hf_sflow_5_sample_length, tvb, offset, 4, ENC_BIG_ENDIAN);
2271             offset += 4;
2272
2273             switch (format) {
2274                 case FLOWSAMPLE:
2275                     dissect_sflow_5_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2276                     break;
2277                 case COUNTERSSAMPLE:
2278                     dissect_sflow_5_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2279                     break;
2280                 case EXPANDED_FLOWSAMPLE:
2281                     dissect_sflow_5_expanded_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2282                     break;
2283                 case EXPANDED_COUNTERSSAMPLE:
2284                     dissect_sflow_5_expanded_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2285                     break;
2286                 default:
2287                     break;
2288             }
2289             /* Make sure the length doesn't run past the end of the packet */
2290             tvb_ensure_bytes_exist(tvb, offset, length);
2291             /* current offset points to sample length field, which is 4 bytes from the beginning of the packet*/
2292             offset += length;
2293         } else { /* unknown enterprise format, what to do?? */
2294             ti = proto_tree_add_text(tree, tvb, offset, -1, "Unknown enterprise format");
2295             sflow_245_sample_tree = proto_item_add_subtree(ti, ett_sflow_245_sample);
2296             proto_tree_add_uint_format_value(sflow_245_sample_tree, hf_sflow_enterprise, tvb, offset, -1,
2297                             enterprise, "Non-standard sFlow (%u)", enterprise);
2298         }
2299
2300     } else { /* version 2 or 4 */
2301         ti = proto_tree_add_text(tree, tvb, offset, -1, "%s",
2302                 val_to_str_const(sample_type, sflow_245_sampletype, "Unknown sample type"));
2303         sflow_245_sample_tree = proto_item_add_subtree(ti, ett_sflow_245_sample);
2304
2305         proto_tree_add_item(sflow_245_sample_tree, hf_sflow_245_sampletype, tvb, offset, 4, ENC_BIG_ENDIAN);
2306         offset += 4;
2307
2308         switch (sample_type) {
2309             case FLOWSAMPLE:
2310                 offset = dissect_sflow_24_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2311                 break;
2312             case COUNTERSSAMPLE:
2313                 offset = dissect_sflow_24_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2314                 break;
2315             default:
2316                 break;
2317         }
2318     }
2319     proto_item_set_end(ti, tvb, offset);
2320
2321     return offset;
2322 }
2323
2324 /* Code to actually dissect the packets */
2325 static int
2326 dissect_sflow_245(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2327 {
2328     /* Set up structures needed to add the protocol subtree and manage it */
2329     proto_item                   *ti;
2330     proto_tree                   *sflow_245_tree;
2331     guint32                       version, sub_agent_id, seqnum;
2332     struct sflow_address_details  addr_details;
2333     struct sflow_address_type     addr_type = {hf_sflow_agent_address_v4, hf_sflow_agent_address_v6};
2334
2335     guint32        numsamples;
2336     volatile guint offset = 0;
2337     guint          i      = 0;
2338
2339     /*
2340      * We fetch the version and address type so that we can determine,
2341      * ahead of time, whether this is an sFlow packet or not, before
2342      * we do *anything* to the columns or the protocol tree.
2343      *
2344      * XXX - we might want to deem this "not sFlow" if we don't have at
2345      * least 8 bytes worth of data.
2346      */
2347     version = tvb_get_ntohl(tvb, offset);
2348     if (version != 2 && version != 4 && version != 5) {
2349        /* Unknown version; assume it's not an sFlow packet. */
2350        return 0;
2351     }
2352     addr_details.addr_type = tvb_get_ntohl(tvb, offset + 4);
2353     switch (addr_details.addr_type) {
2354         case ADDR_TYPE_UNKNOWN:
2355         case ADDR_TYPE_IPV4:
2356         case ADDR_TYPE_IPV6:
2357             break;
2358
2359         default:
2360             /*
2361              * Address type we don't know about; assume it's not an sFlow
2362              * packet.
2363              */
2364             return 0;
2365     }
2366
2367     /* Make entries in Protocol column and Info column on summary display */
2368     col_set_str(pinfo->cinfo, COL_PROTOCOL, "sFlow");
2369
2370     /* create display subtree for the protocol */
2371     ti = proto_tree_add_item(tree, proto_sflow, tvb, 0, -1, ENC_NA);
2372
2373     sflow_245_tree = proto_item_add_subtree(ti, ett_sflow_245);
2374
2375     col_add_fstr(pinfo->cinfo, COL_INFO, "V%u", version);
2376     proto_tree_add_item(sflow_245_tree, hf_sflow_version, tvb, offset, 4, ENC_BIG_ENDIAN);
2377     offset += 4;
2378
2379     offset = dissect_sflow_245_address_type(tvb, pinfo, sflow_245_tree, offset,
2380                                             &addr_type, &addr_details);
2381     switch (addr_details.addr_type) {
2382         case ADDR_TYPE_UNKNOWN:
2383             break;
2384         case ADDR_TYPE_IPV4:
2385             col_append_fstr(pinfo->cinfo, COL_INFO, ", agent %s", ip_to_str(addr_details.agent_address.v4));
2386             break;
2387         case ADDR_TYPE_IPV6:
2388             col_append_fstr(pinfo->cinfo, COL_INFO, ", agent %s",
2389                     ip6_to_str((struct e_in6_addr *) addr_details.agent_address.v6));
2390             break;
2391     }
2392
2393     if (version == 5) {
2394         sub_agent_id = tvb_get_ntohl(tvb, offset);
2395         col_append_fstr(pinfo->cinfo, COL_INFO, ", sub-agent ID %u", sub_agent_id);
2396         proto_tree_add_uint(sflow_245_tree, hf_sflow_5_sub_agent_id, tvb, offset, 4, sub_agent_id);
2397         offset += 4;
2398     }
2399     seqnum = tvb_get_ntohl(tvb, offset);
2400     col_append_fstr(pinfo->cinfo, COL_INFO, ", seq %u", seqnum);
2401     proto_tree_add_uint(sflow_245_tree, hf_sflow_245_seqnum, tvb, offset, 4, seqnum);
2402     offset += 4;
2403     proto_tree_add_item(sflow_245_tree, hf_sflow_245_sysuptime, tvb, offset, 4, ENC_BIG_ENDIAN);
2404     offset += 4;
2405     numsamples = tvb_get_ntohl(tvb, offset);
2406     col_append_fstr(pinfo->cinfo, COL_INFO, ", %u samples", numsamples);
2407     proto_tree_add_uint(sflow_245_tree, hf_sflow_245_numsamples, tvb, offset, 4, numsamples);
2408     offset += 4;
2409
2410     /* Ok, we're now at the end of the sflow_245 datagram header;
2411      * everything from here out should be samples. Loop over
2412      * the expected number of samples, and pass them to the appropriate
2413      * dissectors.
2414      */
2415
2416     /* limit number of samples to 255 to avoid huge number of loops
2417      * caused by corrupted data */
2418     for (i = 0; i < (numsamples & 0x000000ff); i++) {
2419         offset = dissect_sflow_245_samples(tvb, pinfo, sflow_245_tree, offset, version);
2420     }
2421
2422     return tvb_length(tvb);
2423 }
2424
2425 /* Register the protocol with Wireshark */
2426
2427 /* this format is require because a script is used to build the C function
2428    that calls all the protocol registration.
2429  */
2430
2431 void
2432 proto_register_sflow(void) {
2433
2434     module_t *sflow_245_module;
2435
2436     /* Setup list of header fields  See Section 1.6.1 for details*/
2437     static hf_register_info hf[] = {
2438         { &hf_sflow_version,
2439             { "Datagram version", "sflow_245.version",
2440                 FT_UINT32, BASE_DEC, NULL, 0x0,
2441                 "sFlow datagram version", HFILL}},
2442         { &hf_sflow_agent_address_v4,
2443             { "Agent address", "sflow_245.agent",
2444                 FT_IPv4, BASE_NONE, NULL, 0x0,
2445                 "sFlow Agent IP address", HFILL}},
2446         { &hf_sflow_agent_address_v6,
2447             { "Agent address", "sflow_245.agent.v6",
2448                 FT_IPv6, BASE_NONE, NULL, 0x0,
2449                 "sFlow Agent IPv6 address", HFILL}},
2450         { &hf_sflow_5_sub_agent_id,
2451             { "Sub-agent ID", "sflow_245.sub_agent_id",
2452                 FT_UINT32, BASE_DEC, NULL, 0x0,
2453                 "sFlow sub-agent ID", HFILL}},
2454         { &hf_sflow_5_sample_length,
2455             { "Sample length (byte)", "sflow_5.sample_length",
2456                 FT_UINT32, BASE_DEC, NULL, 0x0,
2457                 "sFlow sample length", HFILL}},
2458         { &hf_sflow_5_flow_data_length,
2459             { "Flow data length (byte)", "sflow_5.flow_data_length",
2460                 FT_UINT32, BASE_DEC, NULL, 0x0,
2461                 "sFlow flow data length", HFILL}},
2462 #if 0
2463         { &hf_sflow_5_counters_data_length,
2464             { "Counters data length (byte)", "sflow_5.counter_data_length",
2465                 FT_UINT32, BASE_DEC, NULL, 0x0,
2466                 "sFlow counters data length", HFILL}},
2467 #endif
2468         { &hf_sflow_245_seqnum,
2469             { "Sequence number", "sflow_245.sequence_number",
2470                 FT_UINT32, BASE_DEC, NULL, 0x0,
2471                 "sFlow datagram sequence number", HFILL}},
2472         { &hf_sflow_245_sysuptime,
2473             { "SysUptime", "sflow_245.sysuptime",
2474                 FT_UINT32, BASE_DEC, NULL, 0x0,
2475                 "System Uptime", HFILL}},
2476         { &hf_sflow_245_numsamples,
2477             { "NumSamples", "sflow_245.numsamples",
2478                 FT_UINT32, BASE_DEC, NULL, 0x0,
2479                 "Number of samples in sFlow datagram", HFILL}},
2480         { &hf_sflow_245_sampletype,
2481             { "sFlow sample type", "sflow_245.sampletype",
2482                 FT_UINT32, BASE_DEC, VALS(sflow_245_sampletype), 0x0,
2483                 "Type of sFlow sample", HFILL}},
2484         { &hf_sflow_245_sampletype12,
2485             { "sFlow sample type", "sflow_245.sampletype",
2486                 FT_UINT32, BASE_DEC, VALS(sflow_245_sampletype), 0x00000FFF,
2487                 "Type of sFlow sample", HFILL}},
2488 #if 0
2489         { &hf_sflow_5_ieee80211_version,
2490             { "Version", "sflow_245.ieee80211_version",
2491                 FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
2492                 "IEEE 802.11 Version", HFILL}},
2493 #endif
2494         { &hf_sflow_245_ipv4_precedence_type,
2495             { "Precedence", "sflow_245.ipv4_precedence_type",
2496                 FT_UINT8, BASE_DEC, VALS(sflow_245_ipv4_precedence_types), 0xE0,
2497                 "IPv4 Precedence Type", HFILL}},
2498         { &hf_sflow_5_flow_record_format,
2499             { "Format", "sflow_245.flow_record_format",
2500                 FT_UINT32, BASE_DEC, VALS(sflow_5_flow_record_type), 0x0,
2501                 "Format of sFlow flow record", HFILL}},
2502         { &hf_sflow_5_counters_record_format,
2503             { "Format", "sflow_245.counters_record_format",
2504                 FT_UINT32, BASE_DEC, VALS(sflow_5_counters_record_type), 0x00000FFF,
2505                 "Format of sFlow counters record", HFILL}},
2506         { &hf_sflow_245_header_protocol,
2507             { "Header protocol", "sflow_245.header_protocol",
2508                 FT_UINT32, BASE_DEC, VALS(sflow_245_header_protocol), 0x0,
2509                 "Protocol of sampled header", HFILL}},
2510         { &hf_sflow_245_header,
2511             { "Header of sampled packet", "sflow_245.header",
2512                 FT_BYTES, BASE_NONE, NULL, 0x0,
2513                 "Data from sampled header", HFILL}},
2514         { &hf_sflow_245_packet_information_type,
2515             { "Sample type", "sflow_245.packet_information_type",
2516                 FT_UINT32, BASE_DEC, VALS(sflow_245_packet_information_type), 0x0,
2517                 "Type of sampled information", HFILL}},
2518         { &hf_sflow_245_extended_information_type,
2519             { "Extended information type", "sflow_245.extended_information_type",
2520                 FT_UINT32, BASE_DEC, VALS(sflow_245_extended_data_types), 0x0,
2521                 "Type of extended information", HFILL}},
2522         { &hf_sflow_245_vlan_in,
2523             { "Incoming 802.1Q VLAN", "sflow_245.vlan.in",
2524                 FT_UINT32, BASE_DEC, NULL, 0x0,
2525                 "Incoming VLAN ID", HFILL}},
2526         { &hf_sflow_245_vlan_out,
2527             { "Outgoing 802.1Q VLAN", "sflow_245.vlan.out",
2528                 FT_UINT32, BASE_DEC, NULL, 0x0,
2529                 "Outgoing VLAN ID", HFILL}},
2530         { &hf_sflow_245_pri_in,
2531             { "Incoming 802.1p priority", "sflow_245.pri.in",
2532                 FT_UINT32, BASE_DEC, NULL, 0x0,
2533                 NULL, HFILL}},
2534         { &hf_sflow_245_pri_out,
2535             { "Outgoing 802.1p priority", "sflow_245.pri.out",
2536                 FT_UINT32, BASE_DEC, NULL, 0x0,
2537                 NULL, HFILL}},
2538         { &hf_sflow_245_nexthop_v4,
2539             { "Next hop", "sflow_245.nexthop",
2540                 FT_IPv4, BASE_NONE, NULL, 0x0,
2541                 "Next hop address", HFILL}},
2542         { &hf_sflow_245_ipv4_src,
2543             { "Source IP address", "sflow_245.ipv4_src",
2544                 FT_IPv4, BASE_NONE, NULL, 0x0,
2545                 "Source IPv4 address", HFILL}},
2546         { &hf_sflow_245_ipv4_dst,
2547             { "Destination IP address", "sflow_245.ipv4_dst",
2548                 FT_IPv4, BASE_NONE, NULL, 0x0,
2549                 "Destination IPv4 address", HFILL}},
2550         { &hf_sflow_245_nexthop_v6,
2551             { "Next hop", "sflow_245.nexthop",
2552                 FT_IPv6, BASE_NONE, NULL, 0x0,
2553                 "Next hop address", HFILL}},
2554         { &hf_sflow_245_ipv6_src,
2555             { "Source IP address", "sflow_245.ipv6_src",
2556                 FT_IPv6, BASE_NONE, NULL, 0x0,
2557                 "Source IPv6 address", HFILL}},
2558         { &hf_sflow_245_ipv6_dst,
2559             { "Destination IP address", "sflow_245.ipv6_dst",
2560                 FT_IPv6, BASE_NONE, NULL, 0x0,
2561                 "Destination IPv6 address", HFILL}},
2562         { &hf_sflow_245_nexthop_src_mask,
2563             { "Next hop source mask", "sflow_245.nexthop.src_mask",
2564                 FT_UINT32, BASE_DEC, NULL, 0x0,
2565                 "Next hop source mask bits", HFILL}},
2566         { &hf_sflow_245_nexthop_dst_mask,
2567             { "Next hop destination mask", "sflow_245.nexthop.dst_mask",
2568                 FT_UINT32, BASE_DEC, NULL, 0x0,
2569                 "Next hop destination mask bits", HFILL}},
2570         { &hf_sflow_245_ifindex,
2571             { "Interface index", "sflow_245.ifindex",
2572                 FT_UINT32, BASE_DEC, NULL, 0x0,
2573                 NULL, HFILL}},
2574         { &hf_sflow_245_as,
2575             { "AS Router", "sflow_245.as",
2576                 FT_UINT32, BASE_DEC, NULL, 0x0,
2577                 "Autonomous System of Router", HFILL}},
2578         { &hf_sflow_245_src_as,
2579             { "AS Source", "sflow_245.srcAS",
2580                 FT_UINT32, BASE_DEC, NULL, 0x0,
2581                 "Autonomous System of Source", HFILL}},
2582         { &hf_sflow_245_src_peer_as,
2583             { "AS Peer", "sflow_245.peerAS",
2584                 FT_UINT32, BASE_DEC, NULL, 0x0,
2585                 "Autonomous System of Peer", HFILL}},
2586         { &hf_sflow_245_dst_as_entries,
2587             { "AS Destinations", "sflow_245.dstASentries",
2588                 FT_UINT32, BASE_DEC, NULL, 0x0,
2589                 "Autonomous System destinations", HFILL}},
2590         { &hf_sflow_245_dst_as,
2591             { "AS Destination", "sflow_245.dstAS",
2592                 FT_UINT32, BASE_DEC, NULL, 0x0,
2593                 "Autonomous System destination", HFILL}},
2594         /* Needed for sFlow >= 4.  If I had a capture to test... */
2595         { &hf_sflow_245_community_entries,
2596             { "Gateway Communities", "sflow_245.communityEntries",
2597                 FT_UINT32, BASE_DEC, NULL, 0x0,
2598                 NULL, HFILL}},
2599 #if 0
2600         { &hf_sflow_245_community,
2601             { "Gateway Community", "sflow_245.community",
2602                 FT_UINT32, BASE_DEC, NULL, 0x0,
2603                 "Gateway Communities", HFILL}},
2604 #endif
2605         { &hf_sflow_245_localpref,
2606             { "localpref", "sflow_245.localpref",
2607                 FT_UINT32, BASE_DEC, NULL, 0x0,
2608                 "Local preferences of AS route", HFILL}},
2609         /**/
2610         { &hf_sflow_245_iftype,
2611             { "Interface Type", "sflow_245.iftype",
2612                 FT_UINT32, BASE_DEC, NULL, 0x0,
2613                 NULL, HFILL}},
2614         { &hf_sflow_245_ifspeed,
2615             { "Interface Speed", "sflow_245.ifspeed",
2616                 FT_UINT64, BASE_DEC, NULL, 0x0,
2617                 NULL, HFILL}},
2618         { &hf_sflow_245_ifdirection,
2619             { "Interface Direction", "sflow_245.ifdirection",
2620                 FT_UINT32, BASE_DEC, VALS(sflow_ifdirection_vals), 0x0,
2621                 NULL, HFILL}},
2622         { &hf_sflow_245_ifadmin_status,
2623             { "IfAdminStatus", "sflow_245.ifadmin_status",
2624                 FT_BOOLEAN, 32, TFS(&tfs_up_down), 0x00000001,
2625                 NULL, HFILL}},
2626         { &hf_sflow_245_ifoper_status,
2627             { "IfOperStatus", "sflow_245.ifoper_status",
2628                 FT_BOOLEAN, 32, TFS(&tfs_up_down), 0x00000002,
2629                 NULL, HFILL}},
2630         { &hf_sflow_245_ifinoct,
2631             { "Input Octets", "sflow_245.ifinoct",
2632                 FT_UINT64, BASE_DEC, NULL, 0x0,
2633                 NULL, HFILL}},
2634         { &hf_sflow_245_ifinpkt,
2635             { "Input Packets", "sflow_245.ifinpkt",
2636                 FT_UINT32, BASE_DEC, NULL, 0x0,
2637                 NULL, HFILL}},
2638         { &hf_sflow_245_ifinmcast,
2639             { "Input Multicast Packets", "sflow_245.ifinmcast",
2640                 FT_UINT32, BASE_DEC, NULL, 0x0,
2641                 NULL, HFILL}},
2642         { &hf_sflow_245_ifinbcast,
2643             { "Input Broadcast Packets", "sflow_245.ifinbcast",
2644                 FT_UINT32, BASE_DEC, NULL, 0x0,
2645                 NULL, HFILL}},
2646         { &hf_sflow_245_ifindisc,
2647             { "Input Discarded Packets", "sflow_245.ifindisc",
2648                 FT_UINT32, BASE_DEC, NULL, 0x0,
2649                 NULL, HFILL}},
2650         { &hf_sflow_245_ifinerr,
2651             { "Input Errors", "sflow_245.ifinerr",
2652                 FT_UINT32, BASE_DEC, NULL, 0x0,
2653                 NULL, HFILL}},
2654         { &hf_sflow_245_ifinunk,
2655             { "Input Unknown Protocol Packets", "sflow_245.ifinunk",
2656                 FT_UINT32, BASE_DEC, NULL, 0x0,
2657                 NULL, HFILL}},
2658         { &hf_sflow_245_ifoutoct,
2659             { "Output Octets", "sflow_245.ifoutoct",
2660                 FT_UINT64, BASE_DEC, NULL, 0x0,
2661                 NULL, HFILL}},
2662         { &hf_sflow_245_ifoutpkt,
2663             { "Output Packets", "sflow_245.ifoutpkt",
2664                 FT_UINT32, BASE_DEC, NULL, 0x0,
2665                 NULL, HFILL}},
2666         { &hf_sflow_245_ifoutmcast,
2667             { "Output Multicast Packets", "sflow_245.ifoutmcast",
2668                 FT_UINT32, BASE_DEC, NULL, 0x0,
2669                 NULL, HFILL}},
2670         { &hf_sflow_245_ifoutbcast,
2671             { "Output Broadcast Packets", "sflow_245.ifoutbcast",
2672                 FT_UINT32, BASE_DEC, NULL, 0x0,
2673                 NULL, HFILL}},
2674         { &hf_sflow_245_ifoutdisc,
2675             { "Output Discarded Packets", "sflow_245.ifoutdisc",
2676                 FT_UINT32, BASE_DEC, NULL, 0x0,
2677                 NULL, HFILL}},
2678         { &hf_sflow_245_ifouterr,
2679             { "Output Errors", "sflow_245.ifouterr",
2680                 FT_UINT32, BASE_DEC, NULL, 0x0,
2681                 NULL, HFILL}},
2682         { &hf_sflow_245_ifpromisc,
2683             { "Promiscuous Mode", "sflow_245.ifpromisc",
2684                 FT_UINT32, BASE_DEC, NULL, 0x0,
2685                 NULL, HFILL}},
2686         { &hf_sflow_245_dot3StatsAlignmentErrors,
2687             { "Alignment Errors", "sflow_245.dot3StatsAlignmentErrors",
2688                 FT_UINT32, BASE_DEC, NULL, 0x0,
2689                 "dot3 Stats Alignment Errors", HFILL}},
2690         { &hf_sflow_245_dot3StatsFCSErrors,
2691             { "FCS Errors", "sflow_245.dot3StatsFCSErrors",
2692                 FT_UINT32, BASE_DEC, NULL, 0x0,
2693                 "dot3 Stats FCS Errors", HFILL}},
2694         { &hf_sflow_245_dot3StatsSingleCollisionFrames,
2695             { "Single Collision Frames", "sflow_245.dot3StatsSingleCollisionFrames",
2696                 FT_UINT32, BASE_DEC, NULL, 0x0,
2697                 "dot3 Stats Single Collision Frames", HFILL}},
2698         { &hf_sflow_245_dot3StatsMultipleCollisionFrames,
2699             { "Multiple Collision Frames", "sflow_245.dot3StatsMultipleCollisionFrames",
2700                 FT_UINT32, BASE_DEC, NULL, 0x0,
2701                 "dot3 Stats Multiple Collision Frames", HFILL}},
2702         { &hf_sflow_245_dot3StatsSQETestErrors,
2703             { "SQE Test Errors", "sflow_245.dot3StatsSQETestErrors",
2704                 FT_UINT32, BASE_DEC, NULL, 0x0,
2705                 "dot3 Stats SQE Test Errors", HFILL}},
2706         { &hf_sflow_245_dot3StatsDeferredTransmissions,
2707             { "Deferred Transmissions", "sflow_245.dot3StatsDeferredTransmissions",
2708                 FT_UINT32, BASE_DEC, NULL, 0x0,
2709                 "dot3 Stats Deferred Transmissions", HFILL}},
2710         { &hf_sflow_245_dot3StatsLateCollisions,
2711             { "Late Collisions", "sflow_245.dot3StatsLateCollisions",
2712                 FT_UINT32, BASE_DEC, NULL, 0x0,
2713                 "dot3 Stats Late Collisions", HFILL}},
2714         { &hf_sflow_245_dot3StatsExcessiveCollisions,
2715             { "Excessive Collisions", "sflow_245.dot3StatsExcessiveCollisions",
2716                 FT_UINT32, BASE_DEC, NULL, 0x0,
2717                 "dot3 Stats Excessive Collisions", HFILL}},
2718         { &hf_sflow_245_dot3StatsInternalMacTransmitErrors,
2719             { "Internal Mac Transmit Errors", "sflow_245.dot3StatsInternalMacTransmitErrors",
2720                 FT_UINT32, BASE_DEC, NULL, 0x0,
2721                 "dot3 Stats Internal Mac Transmit Errors", HFILL}},
2722         { &hf_sflow_245_dot3StatsCarrierSenseErrors,
2723             { "Carrier Sense Errors", "sflow_245.dot3StatsCarrierSenseErrors",
2724                 FT_UINT32, BASE_DEC, NULL, 0x0,
2725                 "dot3 Stats Carrier Sense Errors", HFILL}},
2726         { &hf_sflow_245_dot3StatsFrameTooLongs,
2727             { "Frame Too Longs", "sflow_245.dot3StatsFrameTooLongs",
2728                 FT_UINT32, BASE_DEC, NULL, 0x0,
2729                 "dot3 Stats Frame Too Longs", HFILL}},
2730         { &hf_sflow_245_dot3StatsInternalMacReceiveErrors,
2731             { "Internal Mac Receive Errors", "sflow_245.dot3StatsInternalMacReceiveErrors",
2732                 FT_UINT32, BASE_DEC, NULL, 0x0,
2733                 "dot3 Stats Internal Mac Receive Errors", HFILL}},
2734         { &hf_sflow_245_dot3StatsSymbolErrors,
2735             { "Symbol Errors", "sflow_245.dot3StatsSymbolErrors",
2736                 FT_UINT32, BASE_DEC, NULL, 0x0,
2737                 "dot3 Stats Symbol Errors", HFILL}},
2738         { &hf_sflow_245_dot5StatsLineErrors,
2739             { "Line Errors", "sflow_245.dot5StatsLineErrors",
2740                 FT_UINT32, BASE_DEC, NULL, 0x0,
2741                 "dot5 Stats Line Errors", HFILL}},
2742         { &hf_sflow_245_dot5StatsBurstErrors,
2743             { "Burst Errors", "sflow_245.dot5StatsBurstErrors",
2744                 FT_UINT32, BASE_DEC, NULL, 0x0,
2745                 "dot5 Stats Burst Errors", HFILL}},
2746         { &hf_sflow_245_dot5StatsACErrors,
2747             { "AC Errors", "sflow_245.dot5StatsACErrors",
2748                 FT_UINT32, BASE_DEC, NULL, 0x0,
2749                 "dot5 Stats AC Errors", HFILL}},
2750         { &hf_sflow_245_dot5StatsAbortTransErrors,
2751             { "Abort Trans Errors", "sflow_245.dot5StatsAbortTransErrors",
2752                 FT_UINT32, BASE_DEC, NULL, 0x0,
2753                 "dot5 Stats Abort Trans Errors", HFILL}},
2754         { &hf_sflow_245_dot5StatsInternalErrors,
2755             { "Internal Errors", "sflow_245.dot5StatsInternalErrors",
2756                 FT_UINT32, BASE_DEC, NULL, 0x0,
2757                 "dot5 Stats Internal Errors", HFILL}},
2758         { &hf_sflow_245_dot5StatsLostFrameErrors,
2759             { "Lost Frame Errors", "sflow_245.dot5StatsLostFrameErrors",
2760                 FT_UINT32, BASE_DEC, NULL, 0x0,
2761                 "dot5 Stats Lost Frame Errors", HFILL}},
2762         { &hf_sflow_245_dot5StatsReceiveCongestions,
2763             { "Receive Congestions", "sflow_245.dot5StatsReceiveCongestions",
2764                 FT_UINT32, BASE_DEC, NULL, 0x0,
2765                 "dot5 Stats Receive Congestions", HFILL}},
2766         { &hf_sflow_245_dot5StatsFrameCopiedErrors,
2767             { "Frame Copied Errors", "sflow_245.dot5StatsFrameCopiedErrors",
2768                 FT_UINT32, BASE_DEC, NULL, 0x0,
2769                 "dot5 Stats Frame Copied Errors", HFILL}},
2770         { &hf_sflow_245_dot5StatsTokenErrors,
2771             { "Token Errors", "sflow_245.dot5StatsTokenErrors",
2772                 FT_UINT32, BASE_DEC, NULL, 0x0,
2773                 "dot5 Stats Token Errors", HFILL}},
2774         { &hf_sflow_245_dot5StatsSoftErrors,
2775             { "Soft Errors", "sflow_245.dot5StatsSoftErrors",
2776                 FT_UINT32, BASE_DEC, NULL, 0x0,
2777                 "dot5 Stats Soft Errors", HFILL}},
2778         { &hf_sflow_245_dot5StatsHardErrors,
2779             { "Hard Errors", "sflow_245.dot5StatsHardErrors",
2780                 FT_UINT32, BASE_DEC, NULL, 0x0,
2781                 "dot5 Stats Hard Errors", HFILL}},
2782         { &hf_sflow_245_dot5StatsSignalLoss,
2783             { "Signal Loss", "sflow_245.dot5StatsSignalLoss",
2784                 FT_UINT32, BASE_DEC, NULL, 0x0,
2785                 "dot5 Stats Signal Loss", HFILL}},
2786         { &hf_sflow_245_dot5StatsTransmitBeacons,
2787             { "Transmit Beacons", "sflow_245.dot5StatsTransmitBeacons",
2788                 FT_UINT32, BASE_DEC, NULL, 0x0,
2789                 "dot5 Stats Transmit Beacons", HFILL}},
2790         { &hf_sflow_245_dot5StatsRecoveries,
2791             { "Recoveries", "sflow_245.dot5StatsRecoveries",
2792                 FT_UINT32, BASE_DEC, NULL, 0x0,
2793                 "dot5 Stats Recoveries", HFILL}},
2794         { &hf_sflow_245_dot5StatsLobeWires,
2795             { "Lobe Wires", "sflow_245.dot5StatsLobeWires",
2796                 FT_UINT32, BASE_DEC, NULL, 0x0,
2797                 "dot5 Stats Lobe Wires", HFILL}},
2798         { &hf_sflow_245_dot5StatsRemoves,
2799             { "Removes", "sflow_245.dot5StatsRemoves",
2800                 FT_UINT32, BASE_DEC, NULL, 0x0,
2801                 "dot5 Stats Removes", HFILL}},
2802         { &hf_sflow_245_dot5StatsSingles,
2803             { "Singles", "sflow_245.dot5StatsSingles",
2804                 FT_UINT32, BASE_DEC, NULL, 0x0,
2805                 "dot5 Stats Singles", HFILL}},
2806         { &hf_sflow_245_dot5StatsFreqErrors,
2807             { "Freq Errors", "sflow_245.dot5StatsFreqErrors",
2808                 FT_UINT32, BASE_DEC, NULL, 0x0,
2809                 "dot5 Stats Freq Errors", HFILL}},
2810         { &hf_sflow_245_dot12InHighPriorityFrames,
2811             { "In High Priority Frames", "sflow_245.dot12InHighPriorityFrames",
2812                 FT_UINT32, BASE_DEC, NULL, 0x0,
2813                 "dot12 Input High Priority Frames", HFILL}},
2814         { &hf_sflow_245_dot12InHighPriorityOctets,
2815             { "In High Priority Octets", "sflow_245.dot12InHighPriorityOctets",
2816                 FT_UINT64, BASE_DEC, NULL, 0x0,
2817                 "dot12 Input High Priority Octets", HFILL}},
2818         { &hf_sflow_245_dot12InNormPriorityFrames,
2819             { "In Normal Priority Frames", "sflow_245.dot12InNormPriorityFrames",
2820                 FT_UINT32, BASE_DEC, NULL, 0x0,
2821                 "dot12 Input Normal Priority Frames", HFILL}},
2822         { &hf_sflow_245_dot12InNormPriorityOctets,
2823             { "In Normal Priority Octets", "sflow_245.dot12InNormPriorityOctets",
2824                 FT_UINT64, BASE_DEC, NULL, 0x0,
2825                 "dot12 Input Normal Priority Octets", HFILL}},
2826         { &hf_sflow_245_dot12InIPMErrors,
2827             { "In IPM Errors", "sflow_245.dot12InIPMErrors",
2828                 FT_UINT32, BASE_DEC, NULL, 0x0,
2829                 "dot12 Input IPM Errors", HFILL}},
2830         { &hf_sflow_245_dot12InOversizeFrameErrors,
2831             { "In Oversize Frame Errors", "sflow_245.dot12InOversizeFrameErrors",
2832                 FT_UINT32, BASE_DEC, NULL, 0x0,
2833                 "dot12 Input Oversize Frame Errors", HFILL}},
2834         { &hf_sflow_245_dot12InDataErrors,
2835             { "In Data Errors", "sflow_245.dot12InDataErrors",
2836                 FT_UINT32, BASE_DEC, NULL, 0x0,
2837                 "dot12 Input Data Errors", HFILL}},
2838         { &hf_sflow_245_dot12InNullAddressedFrames,
2839             { "In Null Addressed Frames", "sflow_245.dot12InNullAddressedFrames",
2840                 FT_UINT32, BASE_DEC, NULL, 0x0,
2841                 "dot12 Input Null Addressed Frames", HFILL}},
2842         { &hf_sflow_245_dot12OutHighPriorityFrames,
2843             { "Out High Priority Frames", "sflow_245.dot12OutHighPriorityFrames",
2844                 FT_UINT32, BASE_DEC, NULL, 0x0,
2845                 "dot12 Output High Priority Frames", HFILL}},
2846         { &hf_sflow_245_dot12OutHighPriorityOctets,
2847             { "Out High Priority Octets", "sflow_245.dot12OutHighPriorityOctets",
2848                 FT_UINT64, BASE_DEC, NULL, 0x0,
2849                 "dot12 Out High Priority Octets", HFILL}},
2850         { &hf_sflow_245_dot12TransitionIntoTrainings,
2851             { "Transition Into Trainings", "sflow_245.dot12TransitionIntoTrainings",
2852                 FT_UINT32, BASE_DEC, NULL, 0x0,
2853                 "dot12 Transition Into Trainings", HFILL}},
2854         { &hf_sflow_245_dot12HCInHighPriorityOctets,
2855             { "HC In High Priority Octets", "sflow_245.dot12HCInHighPriorityOctets",
2856                 FT_UINT64, BASE_DEC, NULL, 0x0,
2857                 "dot12 HC Input High Priority Octets", HFILL}},
2858         { &hf_sflow_245_dot12HCInNormPriorityOctets,
2859             { "HC In Normal Priority Octets", "sflow_245.dot12HCInNormPriorityOctets",
2860                 FT_UINT64, BASE_DEC, NULL, 0x0,
2861                 "dot12 HC Input Normal Priority Octets", HFILL}},
2862         { &hf_sflow_245_dot12HCOutHighPriorityOctets,
2863             { "HC Out High Priority Octets", "sflow_245.dot12HCOutHighPriorityOctets",
2864                 FT_UINT64, BASE_DEC, NULL, 0x0,
2865                 "dot12 HC Output High Priority Octets", HFILL}},
2866         { &hf_sflow_245_vlan_id,
2867             { "VLAN ID", "sflow_245.vlan_id",
2868                 FT_UINT32, BASE_DEC, NULL, 0x0,
2869                 NULL, HFILL}},
2870         { &hf_sflow_245_octets,
2871             { "Octets", "sflow_245.octets",
2872                 FT_UINT64, BASE_DEC, NULL, 0x0,
2873                 NULL, HFILL}},
2874         { &hf_sflow_245_ucastPkts,
2875             { "Unicast Packets", "sflow_245.ucastPkts",
2876                 FT_UINT32, BASE_DEC, NULL, 0x0,
2877                 NULL, HFILL}},
2878         { &hf_sflow_245_multicastPkts,
2879             { "Multicast Packets", "sflow_245.multicastPkts",
2880                 FT_UINT32, BASE_DEC, NULL, 0x0,
2881                 NULL, HFILL}},
2882         { &hf_sflow_245_broadcastPkts,
2883             { "Broadcast Packets", "sflow_245.broadcastPkts",
2884                 FT_UINT32, BASE_DEC, NULL, 0x0,
2885                 NULL, HFILL}},
2886         { &hf_sflow_245_discards,
2887             { "Discards", "sflow_245.discards",
2888                 FT_UINT32, BASE_DEC, NULL, 0x0,
2889                 NULL, HFILL}},
2890         { &hf_sflow_5_dot11TransmittedFragmentCount,
2891             { "Transmitted Fragment Count", "sflow_5.dot11TransmittedFragmentCount",
2892                 FT_UINT32, BASE_DEC, NULL, 0x0,
2893                 NULL, HFILL}},
2894         { &hf_sflow_5_dot11MulticastTransmittedFrameCount,
2895             { "Multicast Transmitted Frame Count", "sflow_5.dot11MulticastTransmittedFrameCount",
2896                 FT_UINT32, BASE_DEC, NULL, 0x0,
2897                 NULL, HFILL}},
2898         { &hf_sflow_5_dot11FailedCount,
2899             { "Failed Count", "sflow_5.dot11FailedCount",
2900                 FT_UINT32, BASE_DEC, NULL, 0x0,
2901                 NULL, HFILL}},
2902         { &hf_sflow_5_dot11RetryCount,
2903             { "Retry Count", "sflow_5.dot11RetryCount",
2904                 FT_UINT32, BASE_DEC, NULL, 0x0,
2905                 NULL, HFILL}},
2906         { &hf_sflow_5_dot11MultipleRetryCount,
2907             { "Multiple Retry Count", "sflow_5.dot11MultipleRetryCount",
2908                 FT_UINT32, BASE_DEC, NULL, 0x0,
2909                 NULL, HFILL}},
2910         { &hf_sflow_5_dot11FrameDuplicateCount,
2911             { "Frame Duplicate Count", "sflow_5.dot11FrameDuplicateCount",
2912                 FT_UINT32, BASE_DEC, NULL, 0x0,
2913                 NULL, HFILL}},
2914         { &hf_sflow_5_dot11RTSSuccessCount,
2915             { "RTS Success Count", "sflow_5.dot11RTSSuccessCount",
2916                 FT_UINT32, BASE_DEC, NULL, 0x0,
2917                 NULL, HFILL}},
2918         { &hf_sflow_5_dot11RTSFailureCount,
2919             { "Failure Count", "sflow_5.dot11RTSFailureCount",
2920                 FT_UINT32, BASE_DEC, NULL, 0x0,
2921                 NULL, HFILL}},
2922         { &hf_sflow_5_dot11ACKFailureCount,
2923             { "ACK Failure Count", "sflow_5.dot11ACKFailureCount",
2924                 FT_UINT32, BASE_DEC, NULL, 0x0,
2925                 NULL, HFILL}},
2926         { &hf_sflow_5_dot11ReceivedFragmentCount,
2927             { "Received Fragment Count", "sflow_5.dot11ReceivedFragmentCount",
2928                 FT_UINT32, BASE_DEC, NULL, 0x0,
2929                 NULL, HFILL}},
2930         { &hf_sflow_5_dot11MulticastReceivedFrameCount,
2931             { "Multicast Received Frame Count", "sflow_5.dot11MulticastReceivedFrameCount",
2932                 FT_UINT32, BASE_DEC, NULL, 0x0,
2933                 NULL, HFILL}},
2934         { &hf_sflow_5_dot11FCSErrorCount,
2935             { "FCS Error Count", "sflow_5.dot11FCSErrorCount",
2936                 FT_UINT32, BASE_DEC, NULL, 0x0,
2937                 NULL, HFILL}},
2938         { &hf_sflow_5_dot11TransmittedFrameCount,
2939             { "Transmitted Frame Count", "sflow_5.dot11TransmittedFrameCount",
2940                 FT_UINT32, BASE_DEC, NULL, 0x0,
2941                 NULL, HFILL}},
2942         { &hf_sflow_5_dot11WEPUndecryptableCount,
2943             { "WEP Undecryptable Count", "sflow_5.dot11WEPUndecryptableCount",
2944                 FT_UINT32, BASE_DEC, NULL, 0x0,
2945                 NULL, HFILL}},
2946         { &hf_sflow_5_dot11QoSDiscardedFragmentCount,
2947             { "QoS Discarded Fragment Count", "sflow_5.dot11QoSDiscardedFragmentCount",
2948                 FT_UINT32, BASE_DEC, NULL, 0x0,
2949                 NULL, HFILL}},
2950         { &hf_sflow_5_dot11AssociatedStationCount,
2951             { "Associated Station Count", "sflow_5.dot11AssociatedStationCount",
2952                 FT_UINT32, BASE_DEC, NULL, 0x0,
2953                 NULL, HFILL}},
2954         { &hf_sflow_5_dot11QoSCFPollsReceivedCount,
2955             { "QoS CF Polls Received Count", "sflow_5.dot11QoSCFPollsReceivedCount",
2956                 FT_UINT32, BASE_DEC, NULL, 0x0,
2957                 NULL, HFILL}},
2958         { &hf_sflow_5_dot11QoSCFPollsUnusedCount,
2959             { "QoS CF Polls Unused Count", "sflow_5.dot11QoSCFPollsUnusedCount",
2960                 FT_UINT32, BASE_DEC, NULL, 0x0,
2961                 NULL, HFILL}},
2962         { &hf_sflow_5_dot11QoSCFPollsUnusableCount,
2963             { "QoS CF Polls Unusable Count", "sflow_5.dot11QoSCFPollsUnusableCount",
2964                 FT_UINT32, BASE_DEC, NULL, 0x0,
2965                 NULL, HFILL}},
2966         { &hf_sflow_5_dot11QoSCFPollsLostCount,
2967             { "QoS CF Polls Lost Count", "sflow_5.dot11QoSCFPollsLostCount",
2968                 FT_UINT32, BASE_DEC, NULL, 0x0,
2969                 NULL, HFILL}},
2970         { &hf_sflow_5_cpu_5s,
2971             { "5s CPU Load (100 = 1%)", "sflow_5.cpu_5s",
2972                 FT_UINT32, BASE_DEC, NULL, 0x0,
2973                 "Average CPU Load Over 5 Seconds (100 = 1%)", HFILL}},
2974         { &hf_sflow_5_cpu_1m,
2975             { "1m CPU Load (100 = 1%)", "sflow_5.cpu_1m",
2976                 FT_UINT32, BASE_DEC, NULL, 0x0,
2977                 "Average CPU Load Over 1 Minute (100 = 1%)", HFILL}},
2978         { &hf_sflow_5_cpu_5m,
2979             { "5m CPU Load (100 = 1%)", "sflow_5.cpu_5m",
2980                 FT_UINT32, BASE_DEC, NULL, 0x0,
2981                 "Average CPU Load Over 5 Minutes (100 = 1%)", HFILL}},
2982         { &hf_sflow_5_total_memory,
2983             { "Total Memory", "sflow_5.total_memory",
2984                 FT_UINT64, BASE_DEC, NULL, 0x0,
2985                 NULL, HFILL}},
2986         { &hf_sflow_5_free_memory,
2987             { "Free Memory", "sflow_5.free_memory",
2988                 FT_UINT64, BASE_DEC, NULL, 0x0,
2989                 NULL, HFILL}},
2990         { &hf_sflow_5_elapsed_time,
2991             { "Elapsed Time (ms)", "sflow_5.elapsed_time",
2992                 FT_UINT32, BASE_DEC, NULL, 0x0,
2993                 "Elapsed Time in ms", HFILL}},
2994         { &hf_sflow_5_on_channel_time,
2995             { "On Channel (ms)", "sflow_5.on_channel_time",
2996                 FT_UINT32, BASE_DEC, NULL, 0x0,
2997                 "Time in ms Spent on Channel", HFILL}},
2998         { &hf_sflow_5_on_channel_busy_time,
2999             { "On Channel Busy (ms)", "sflow_5.channel_busy_time",
3000                 FT_UINT32, BASE_DEC, NULL, 0x0,
3001                 "Time in ms Spent on Channel and Busy", HFILL}},
3002
3003       /* Generated from convert_proto_tree_add_text.pl */
3004       { &hf_sflow_245_header_frame_length, { "Frame Length", "sflow_245.header.frame_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3005       { &hf_sflow_245_header_payload_removed, { "Payload removed", "sflow_245.header.payload_removed", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3006       { &hf_sflow_245_extended_mpls_in_label_stack_entries, { "In Label Stack Entries", "sflow_245.extended_mpls.in_label_stack_entries", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3007       { &hf_sflow_245_extended_mpls_in_label, { "Label", "sflow_245.extended_mpls.in_label", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3008       { &hf_sflow_245_extended_mpls_out_label_stack_entries, { "Out Label Stack Entries", "sflow_245.extended_mpls.out_label_stack_entries", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3009       { &hf_sflow_245_extended_mpls_out_label, { "Label", "sflow_245.extended_mpls.out_label", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3010       { &hf_sflow_245_ethernet_length_of_mac_packet, { "Length of MAC Packet", "sflow_245.ethernet.length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3011       { &hf_sflow_245_ethernet_source_mac_address, { "Source MAC Address", "sflow_245.ethernet.source_mac_address", FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3012       { &hf_sflow_245_ethernet_destination_mac_address, { "Destination MAC Address", "sflow_245.ethernet.destination_mac_address", FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3013       { &hf_sflow_245_ethernet_packet_type, { "Ethernet Packet Type", "sflow_245.ethernet.packet_type", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3014       { &hf_sflow_245_length_of_ip_packet, { "Length of IP Packet", "sflow_245.ip.length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3015       { &hf_sflow_245_ip_source_port, { "Source Port", "sflow_245.ip.source_port", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3016       { &hf_sflow_245_ip_destination_port, { "Destination Port", "sflow.ip.destination_port", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3017       { &hf_sflow_245_ip_tcp_flag_cwr, { "TCP Flag (CWR)", "sflow_245.ip.tcp_flag.cwr", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x80, NULL, HFILL }},
3018       { &hf_sflow_245_ip_tcp_flag_ece, { "TCP Flag (ECE)", "sflow_245.ip.tcp_flag.ece", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x40, NULL, HFILL }},
3019       { &hf_sflow_245_ip_tcp_flag_urg, { "TCP Flag (URG)", "sflow_245.ip.tcp_flag.urg", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x20, NULL, HFILL }},
3020       { &hf_sflow_245_ip_tcp_flag_ack, { "TCP Flag (ACK)", "sflow_245.ip.tcp_flag.ack", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x10, NULL, HFILL }},
3021       { &hf_sflow_245_ip_tcp_flag_psh, { "TCP Flag (PSH)", "sflow_245.ip.tcp_flag.psh", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x08, NULL, HFILL }},
3022       { &hf_sflow_245_ip_tcp_flag_rst, { "TCP Flag (RST)", "sflow_245.ip.tcp_flag.rst", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x04, NULL, HFILL }},
3023       { &hf_sflow_245_ip_tcp_flag_syn, { "TCP Flag (SYN)", "sflow_245.ip.tcp_flag.syn", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x02, NULL, HFILL }},
3024       { &hf_sflow_245_ip_tcp_flag_fin, { "TCP Flag (FIN)", "sflow_245.ip.tcp_flag.fin", FT_BOOLEAN, 8, TFS(&tfs_set_notset), 0x01, NULL, HFILL }},
3025       { &hf_sflow_245_ipv4_delay, { "Delay", "sflow_245.ipv4_delay", FT_BOOLEAN, 8, TFS(&tfs_low_normal), 0x10, NULL, HFILL }},
3026       { &hf_sflow_245_ipv4_throughput, { "Throughput", "sflow_245.ipv4_throughput", FT_BOOLEAN, 8, TFS(&tfs_high_normal), 0x08, NULL, HFILL }},
3027       { &hf_sflow_245_ipv4_reliability, { "Reliability", "sflow_245.ipv4_reliability", FT_BOOLEAN, 8, TFS(&tfs_high_normal), 0x04, NULL, HFILL }},
3028       { &hf_sflow_245_ipv4_cost, { "Cost (RFC1349)", "sflow_245.ipv4_cost", FT_BOOLEAN, 8, TFS(&tfs_minimize_monetary_normal), 0x02, NULL, HFILL }},
3029       { &hf_sflow_245_ipv6_priority, { "Priority", "sflow_245.ipv6_priority", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3030       { &hf_sflow_5_extended_user_source_character_set, { "Source Character Set", "sflow_5.extended_user.source_character_set", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3031       { &hf_sflow_5_extended_user_source_user_string_length, { "Source User String Length (bytes)", "sflow_5.extended_user.source_user_string_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3032       { &hf_sflow_5_extended_user_destination_character_set, { "Destination Character Set", "sflow_5.extended_user.destination_character_set", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3033       { &hf_sflow_5_extended_user_destination_user_string_length, { "Destination User String Length (bytes)", "sflow_5.extended_user.destination_user_string_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3034       { &hf_sflow_5_extended_url_url_length, { "URL Length (bytes)", "sflow_5.extended_url.url_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3035       { &hf_sflow_5_extended_url_host_length, { "Host Length (bytes)", "sflow_5.extended_url.host_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3036       { &hf_sflow_5_extended_mpls_tunnel_name_length, { "Tunnel Name Length (bytes)", "sflow_5.extended_mpls_tunnel.name_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3037       { &hf_sflow_5_extended_mpls_tunnel_id, { "Tunnel ID", "sflow_5.extended_mpls_tunnel.id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3038       { &hf_sflow_5_extended_mpls_tunnel_cos_value, { "Tunnel COS Value", "sflow_5.extended_mpls_tunnel.cos_value", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3039       { &hf_sflow_5_extended_mpls_vc_instance_name_length, { "VC Instance Name Length (bytes)", "sflow_5.extended_mpls_vc.instance_name_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3040       { &hf_sflow_5_extended_mpls_vc_id, { "VLL/VC ID", "sflow_5.extended_mpls_vc.id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3041       { &hf_sflow_5_extended_mpls_vc_label_cos_value, { "VC Label COS Value", "sflow_5.extended_mpls_vc.label_cos_value", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3042       { &hf_sflow_5_extended_mpls_ftn_description_length, { "MPLS FTN Description Length (bytes)", "sflow_5.extended_mpls.ftn_description_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3043       { &hf_sflow_5_extended_mpls_ftn_mask, { "MPLS FTN Mask", "sflow_5.extended_mpls.ftn_mask", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3044       { &hf_sflow_5_extended_mpls_fec_address_prefix_length, { "MPLS FEC Address Prefix Length (bytes)", "sflow_5.extended_mpls.fec_address_prefix_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3045       { &hf_sflow_5_extended_vlan_tunnel_number_of_layers, { "Number of Layers", "sflow_5.extended_vlan_tunnel.number_of_layers", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3046       { &hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair, { "TPID/TCI Pair as Integer", "sflow_5.extended_vlan_tunnel.tpid_tci_pair", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3047       { &hf_sflow_5_extended_80211_oui, { "OUI", "sflow_5.extended_80211.oui", FT_UINT24, BASE_HEX, NULL, 0x0, NULL, HFILL }},
3048       { &hf_sflow_5_extended_80211_suite_type, { "Suite Type", "sflow_5.extended_80211.suite_type", FT_UINT8, BASE_DEC, VALS(extended_80211_suite_type_vals), 0x0, NULL, HFILL }},
3049       { &hf_sflow_5_extended_80211_payload_length, { "Payload Length", "sflow_5.extended_80211.payload_length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3050       { &hf_sflow_5_extended_80211_rx_bssid, { "BSSID", "sflow_5.extended_80211.rx.bssid", FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3051       { &hf_sflow_5_extended_80211_rx_version, { "Version", "sflow_5.extended_80211.rx.version", FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0, NULL, HFILL }},
3052       { &hf_sflow_5_extended_80211_rx_channel, { "Channel", "sflow_5.extended_80211.rx.channel", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3053       { &hf_sflow_5_extended_80211_rx_speed, { "Speed", "sflow_5.extended_80211.rx.speed", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3054       { &hf_sflow_5_extended_80211_rx_rsni, { "RSNI", "sflow_5.extended_80211.rx.rsni", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3055       { &hf_sflow_5_extended_80211_rx_rcpi, { "RCPI", "sflow_5.extended_80211.rx.rcpi", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3056       { &hf_sflow_5_extended_80211_rx_packet_duration, { "Packet Duration (ms)", "sflow_5.rx.extended_80211.packet_duration", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3057       { &hf_sflow_5_extended_80211_tx_bssid, { "BSSID", "sflow_5.extended_80211.tx.bssid", FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3058       { &hf_sflow_5_extended_80211_tx_version, { "Version", "sflow_5.extended_80211.tx.version", FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0, NULL, HFILL }},
3059       { &hf_sflow_5_extended_80211_tx_retransmissions, { "Retransmissions", "sflow_5.extended_80211.tx.retransmissions", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3060       { &hf_sflow_5_extended_80211_tx_packet_duration, { "Packet Duration (ms)", "sflow_5.extended_80211.tx.packet_duration", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3061       { &hf_sflow_5_extended_80211_tx_retransmission_duration, { "Retransmission Duration (ms)", "sflow_5.extended_80211.tx.retransmission_duration", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3062       { &hf_sflow_5_extended_80211_tx_channel, { "Channel", "sflow_5.extended_80211.tx.channel", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3063       { &hf_sflow_5_extended_80211_tx_speed, { "Speed", "sflow_5.extended_80211.tx.speed", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3064       { &hf_sflow_5_extended_80211_tx_power, { "Power", "sflow_5.extended_80211.tx.power", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3065       { &hf_sflow_flow_sample_sequence_number, { "Sequence number", "sflow.flow_sample.sequence_number", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3066       { &hf_sflow_flow_sample_source_id_class, { "Source ID class", "sflow.flow_sample.source_id_class", FT_UINT32, BASE_DEC, NULL, 0xFF000000, NULL, HFILL }},
3067       { &hf_sflow_flow_sample_sampling_rate, { "Sampling rate", "sflow.flow_sample.sampling_rate", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3068       { &hf_sflow_flow_sample_sample_pool, { "Sample pool", "sflow.flow_sample.sample_pool", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3069       { &hf_sflow_flow_sample_dropped_packets, { "Dropped packets", "sflow.flow_sample.dropped_packets", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3070       { &hf_sflow_flow_sample_input_interface, { "Input interface (ifIndex)", "sflow.flow_sample.input_interface", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3071       { &hf_sflow_flow_sample_multiple_outputs, { "Multiple outputs", "sflow.flow_sample.multiple_outputs", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3072       { &hf_sflow_flow_sample_output_interface, { "Output interface (ifIndex)", "sflow.flow_sample.output_interface", FT_UINT32, BASE_DEC, NULL, 0x7fffffff, NULL, HFILL }},
3073       { &hf_sflow_enterprise, { "Enterprise", "sflow.enterprise", FT_UINT32, BASE_DEC, NULL, 0xFFFFF000, NULL, HFILL }},
3074       { &hf_sflow_flow_sample_flow_record, { "Flow record", "sflow.flow_sample.flow_record", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3075       { &hf_sflow_flow_sample_source_id_type, { "Source ID type", "sflow.flow_sample.source_id_type", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3076       { &hf_sflow_flow_sample_source_id_index, { "Source ID index", "sflow.flow_sample.source_id_index", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3077       { &hf_sflow_flow_sample_input_interface_format, { "Input interface format", "sflow.flow_sample.input_interface_format", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3078       { &hf_sflow_flow_sample_input_interface_value, { "Input interface value", "sflow.flow_sample.input_interface_value", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3079       { &hf_sflow_flow_sample_output_interface_format, { "Output interface format", "sflow.flow_sample.output_interface_format", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3080       { &hf_sflow_flow_sample_output_interface_value, { "Output interface value", "sflow.flow_sample.output_interface_value", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3081       { &hf_sflow_counters_sample_sequence_number, { "Sequence number", "sflow.counters_sample.sequence_number", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3082       { &hf_sflow_counters_sample_source_id_class, { "Source ID class", "sflow.counters_sample.source_id_class", FT_UINT32, BASE_DEC, NULL, 0xFF000000, NULL, HFILL }},
3083       { &hf_sflow_counters_sample_sampling_interval, { "Sampling Interval", "sflow.counters_sample.sampling_interval", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3084       { &hf_sflow_counters_sample_counters_type, { "Counters type", "sflow.counters_sample.counters_type", FT_UINT32, BASE_DEC, VALS(sflow_245_counterstype), 0x0, NULL, HFILL }},
3085       { &hf_sflow_counters_sample_source_id_type, { "Source ID type", "sflow.counters_sample.source_id_type", FT_UINT32, BASE_DEC, NULL, 0xFF000000, NULL, HFILL }},
3086       { &hf_sflow_counters_sample_source_id_index, { "Source ID index", "sflow.counters_sample.source_id_index", FT_UINT32, BASE_DEC, NULL, 0x00FFFFFF, NULL, HFILL }},
3087       { &hf_sflow_counters_sample_counters_records, { "Counters records", "sflow.counters_sample.counters_records", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3088       { &hf_sflow_counters_sample_expanded_source_id_type, { "Source ID type", "sflow.counters_sample.source_id_type", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3089       { &hf_sflow_counters_sample_expanded_source_id_index, { "Source ID index", "sflow.counters_sample.source_id_index", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3090       { &hf_sflow_245_as_type, { "AS Type", "sflow.as_type", FT_UINT32, BASE_DEC, VALS(sflow_245_as_types), 0x0, NULL, HFILL }},
3091       { &hf_sflow_245_ip_protocol, { "IP Protocol", "sflow.ip_protocol", FT_UINT32, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0, NULL, HFILL }},
3092       { &hf_sflow_5_extended_user_source_user, { "Source User", "sflow_5.extended_user.source_user", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3093       { &hf_sflow_5_extended_user_destination_user, { "Destination User", "sflow_5.extended_user.destination_user", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3094       { &hf_sflow_5_extended_url_direction, { "Direction", "sflow_5.extended_url.direction", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3095       { &hf_sflow_5_extended_url_url, { "URL", "sflow_5.extended_url.url", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3096       { &hf_sflow_5_extended_url_host, { "Host", "sflow_5.extended_url.host", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3097       { &hf_sflow_5_extended_mpls_tunnel_name, { "Tunnel Name", "sflow_5.extended_mpls_tunnel.tunnel_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3098       { &hf_sflow_5_extended_mpls_vc_instance_name, { "VC Instance Name", "sflow_5.extended_mpls_vc.vc_instance_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3099       { &hf_sflow_5_extended_mpls_ftn_description, { "MPLS FTN Description", "sflow_5.extended_mpls.ftn_description", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3100       { &hf_sflow_5_extended_80211_payload, { "Payload", "sflow_5.extended_80211.payload", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3101       { &hf_sflow_5_extended_80211_rx_ssid, { "SSID", "sflow_5.extended_80211.rx.ssid", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3102       { &hf_sflow_5_extended_80211_tx_ssid, { "SSID", "sflow_5.extended_80211.tx.ssid", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3103       { &hf_sflow_flow_sample_index, { "Index", "sflow.flow_sample.index", FT_UINT32, BASE_DEC, NULL, 0x00FFFFFF, NULL, HFILL }},
3104       { &hf_sflow_counters_sample_index, { "Index", "sflow.counters_sample.index", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3105     };
3106
3107     /* Setup protocol subtree array */
3108     static gint * ett[] = {
3109         &ett_sflow_245,
3110         &ett_sflow_245_sample,
3111         &ett_sflow_5_flow_record,
3112         &ett_sflow_5_counters_record,
3113         &ett_sflow_5_mpls_in_label_stack,
3114         &ett_sflow_5_mpls_out_label_stack,
3115         &ett_sflow_245_extended_data,
3116         &ett_sflow_245_gw_as_dst,
3117         &ett_sflow_245_gw_as_dst_seg,
3118         &ett_sflow_245_gw_community,
3119         &ett_sflow_245_sampled_header,
3120     };
3121
3122     static ei_register_info ei[] = {
3123         { &ei_sflow_invalid_address_type, { "sflow.invalid_address_type", PI_MALFORMED, PI_ERROR, "Unknown/invalid address type", EXPFILL }},
3124     };
3125
3126     expert_module_t* expert_sflow;
3127
3128     /* Register the protocol name and description */
3129     proto_sflow = proto_register_protocol(
3130             "InMon sFlow", /* name       */
3131             "sFlow", /* short name */
3132             "sflow" /* abbrev     */
3133             );
3134
3135     /* Required function calls to register the header fields and subtrees used */
3136     proto_register_field_array(proto_sflow, hf, array_length(hf));
3137     proto_register_subtree_array(ett, array_length(ett));
3138     expert_sflow = expert_register_protocol(proto_sflow);
3139     expert_register_field_array(expert_sflow, ei, array_length(ei));
3140
3141     /* Register our configuration options for sFlow */
3142     sflow_245_module = prefs_register_protocol(proto_sflow, proto_reg_handoff_sflow_245);
3143
3144     /* Set default Neflow port(s) */
3145     range_convert_str(&global_sflow_ports, SFLOW_UDP_PORTS, MAX_UDP_PORT);
3146
3147     prefs_register_obsolete_preference(sflow_245_module, "udp.port");
3148
3149     prefs_register_range_preference(sflow_245_module, "ports",
3150             "sFlow UDP Port(s)",
3151             "Set the port(s) for sFlow messages"
3152             " (default: " SFLOW_UDP_PORTS ")",
3153             &global_sflow_ports, MAX_UDP_PORT);
3154
3155     /*
3156        If I use a filter like "ip.src == 10.1.1.1" this will, in
3157        addition to the usual suspects, find every sFlow packet
3158        where *any* of the payload headers contain 10.1.1.1 as a
3159        src addr.  I think this may not be the desired behavior.
3160        It can certainly be confusing since the ip.src being found
3161        is buried about 3 subtrees deep and the subtrees might be
3162        under any one of the sampled (payload) header trees. It is
3163        certainly not quickly obvious why the filter matched.
3164      */
3165     prefs_register_bool_preference(sflow_245_module, "enable_dissection",
3166             "Dissect data in sampled headers",
3167             "Enabling dissection makes it easy to view protocol details in each of the sampled headers.  Disabling dissection may reduce noise caused when display filters match the contents of any sampled header(s).",
3168             &global_dissect_samp_headers);
3169     /*
3170        It is not clear to me that it *ever* makes sense to enable
3171        this option.  However, it was previously the default
3172        behavior so I'll leave it as an option if someone thinks
3173        they have a use for it.
3174      */
3175     prefs_register_bool_preference(sflow_245_module, "enable_analysis",
3176             "Analyze data in sampled IP headers",
3177             "This option only makes sense if dissection of sampled headers is enabled and probably not even then.",
3178             &global_analyze_samp_ip_headers);
3179 }
3180
3181 void
3182 proto_reg_handoff_sflow_245(void) {
3183     static range_t *sflow_ports;
3184     static gboolean sflow_245_prefs_initialized = FALSE;
3185
3186     if (!sflow_245_prefs_initialized) {
3187         sflow_handle = new_create_dissector_handle(dissect_sflow_245, proto_sflow);
3188         data_handle = find_dissector("data");
3189         sflow_245_prefs_initialized = TRUE;
3190     } else {
3191                 dissector_delete_uint_range("udp.port", sflow_ports, sflow_handle);
3192         g_free(sflow_ports);
3193     }
3194
3195     sflow_ports = range_copy(global_sflow_ports);
3196     dissector_add_uint_range("udp.port", sflow_ports, sflow_handle);
3197
3198
3199     /*dissector_handle_t sflow_245_handle;*/
3200
3201     /*
3202      * XXX - should this be done with a dissector table?
3203      */
3204
3205     if (global_dissect_samp_headers) {
3206         eth_withoutfcs_handle = find_dissector("eth_withoutfcs");
3207         tr_handle = find_dissector("tr");
3208         fddi_handle = find_dissector("fddi");
3209         fr_handle = find_dissector("fr");
3210         x25_handle = find_dissector("x.25");
3211         ppp_hdlc_handle = find_dissector("ppp_hdlc");
3212 #if 0
3213         smds_handle = find_dissector("smds");
3214 #else
3215         /* We don't have an SMDS dissector yet
3216          *
3217          *Switched multimegabit data service (SMDS) was a connectionless service
3218          *used to connect LANs, MANs and WANs to exchange data. SMDS was based on
3219          *the IEEE 802.6 DQDB standard. SMDS fragmented its datagrams into smaller
3220          *"cells" for transport, and can be viewed as a technological precursor of ATM.
3221          */
3222         smds_handle = data_handle;
3223 #endif
3224 #if 0
3225         aal5_handle = find_dissector("aal5");
3226 #else
3227         /*
3228          * No AAL5 (ATM Adaptation Layer 5) dissector available.
3229          * What does the packet look like?  An AAL5 PDU?  Where
3230          * do the VPI/VCI pair appear, if anywhere?
3231          */
3232         aal5_handle = data_handle;
3233 #endif
3234         ipv4_handle = find_dissector("ip");
3235         ipv6_handle = find_dissector("ipv6");
3236         mpls_handle = find_dissector("mpls");
3237 #if 0
3238         pos_handle = find_dissector("pos");
3239 #else
3240         /* wireshark does not have POS dissector yet */
3241         pos_handle = data_handle;
3242 #endif
3243         ieee80211_mac_handle = find_dissector("wlan");
3244 #if 0
3245         ieee80211_ampdu_handle = find_dissector("ampdu");
3246         ieee80211_amsdu_subframe_handle = find_dissector("wlan_aggregate");
3247 #else
3248         /* No handles for these */
3249         ieee80211_ampdu_handle = data_handle;
3250         ieee80211_amsdu_subframe_handle = data_handle;
3251 #endif
3252     } else {
3253         eth_withoutfcs_handle = data_handle;
3254         tr_handle = data_handle;
3255         fddi_handle = data_handle;
3256         fr_handle = data_handle;
3257         x25_handle = data_handle;
3258         ppp_hdlc_handle = data_handle;
3259         smds_handle = data_handle;
3260         aal5_handle = data_handle;
3261         ipv4_handle = data_handle;
3262         ipv6_handle = data_handle;
3263         mpls_handle = data_handle;
3264         pos_handle = data_handle;
3265         ieee80211_mac_handle = data_handle;
3266         ieee80211_ampdu_handle = data_handle;
3267         ieee80211_amsdu_subframe_handle = data_handle;
3268     }
3269
3270 }
3271
3272
3273 /*
3274  * Editor modelines
3275  *
3276  * Local Variables:
3277  * c-basic-offset: 4
3278  * tab-width: 8
3279  * indent-tabs-mode: nil
3280  * End:
3281  *
3282  * ex: set shiftwidth=4 tabstop=8 noexpandtab
3283  * :indentSize=4:tabSize=8:noTabs=true:
3284  */
Unnamed repository; edit this file to name it for gitweb.