search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
TODO drsuapi compressed
[wireshark-sm.git] / epan / dissectors / packet-sflow.c
blob34f5da6666944724da64d5caff24d0918b8a1f9e
1 /* packet-sflow.c
2 * Routines for sFlow v5 dissection implemented according to the specifications
3 * at http://www.sflow.org/sflow_version_5.txt
4 *
5 * Additional 802.11 structures support implemented according to the
6 * specifications at http://www.sflow.org/sflow_80211.txt
7 *
8 * By Yi Yu <yiyu.inbox@gmail.com>
9 *
10 * TODO:
11 * 802.11 aggregation data dissection (sFlow v5)
12 *
13 *
14 * Based on Jeff Rizzo's <riz@boogers.sf.ca.us> dissector for sFlow v2/4
15 * in Wireshark 1.0.8 public release.
16 *
17 * Wireshark - Network traffic analyzer
18 * By Gerald Combs <gerald@wireshark.org>
19 * Copyright 1998 Gerald Combs
20 *
21 * SPDX-License-Identifier: GPL-2.0-or-later
22 *
23 *
24 * This file (mostly) implements a dissector for sFlow (RFC3176),
25 * from the version 4 spec at http://www.sflow.org/SFLOW-DATAGRAM.txt .
26 *
27 * TODO:
28 * Fix the highlighting of the datastream when bits are selected
29 * split things out into packet-sflow.h ?
30 * make routines more consistent as to whether they return
31 * 'offset' or bytes consumed ('len') (sFlow v2/4)
32 * implement sampled_ipv4 and sampled_ipv6 packet data types (sFlow v2/4)
33 * implement extended_user (sFlow v2/4)
34 * implement extended_url (sFlow v2/4)
35 * implement non-generic counters sampling (sFlow v2/4)
36 */
37
38 #include "config.h"
39
40 #include <epan/packet.h>
41 #include <epan/exceptions.h>
42 #include <epan/prefs.h>
43 #include <epan/expert.h>
44 #include <epan/to_str.h>
45 #include <epan/ipproto.h>
46 #include <epan/tfs.h>
47 #include <epan/unit_strings.h>
48
49 #include <wsutil/array.h>
50 #include "packet-sflow.h"
51
52 #define SFLOW_UDP_PORTS "6343"
53
54 void proto_register_sflow(void);
55
56 static dissector_handle_t sflow_handle;
57
58 /*
59 * sflow_245_ports : holds the currently used range of ports for sflow
60 */
61 static bool global_dissect_samp_headers = true;
62 static bool global_analyze_samp_ip_headers;
63
64 #define ENTERPRISE_DEFAULT 0
65
66 #define ADDR_TYPE_UNKNOWN 0
67 #define ADDR_TYPE_IPV4 1
68 #define ADDR_TYPE_IPV6 2
69
70 #define FLOWSAMPLE 1
71 #define COUNTERSSAMPLE 2
72 #define EXPANDED_FLOWSAMPLE 3
73 #define EXPANDED_COUNTERSSAMPLE 4
74 #define LAG_PORT_STATS 7
75
76 static const value_string sflow_agent_address_types[] = {
77 { ADDR_TYPE_IPV4, "IPv4" },
78 { ADDR_TYPE_IPV6, "IPv6" },
79 { 0, NULL }
80 };
81
82 static const value_string sflow_245_sampletype[] = {
83 { FLOWSAMPLE, "Flow sample"},
84 { COUNTERSSAMPLE, "Counters sample"},
85 { EXPANDED_FLOWSAMPLE, "Expanded flow sample"},
86 { EXPANDED_COUNTERSSAMPLE, "Expanded counters sample"},
87 { LAG_PORT_STATS, "Lag Port stats"},
88 { 0, NULL}
89 };
90
91 #define SFLOW_5_IEEE80211_VERSION_A 1
92 #define SFLOW_5_IEEE80211_VERSION_B 2
93 #define SFLOW_5_IEEE80211_VERSION_G 3
94 #define SFLOW_5_IEEE80211_VERSION_N 4
95
96 static const value_string sflow_5_ieee80211_versions [] = {
97 { SFLOW_5_IEEE80211_VERSION_A, "802.11a"},
98 { SFLOW_5_IEEE80211_VERSION_B, "802.11b"},
99 { SFLOW_5_IEEE80211_VERSION_G, "802.11g"},
100 { SFLOW_5_IEEE80211_VERSION_N, "802.11n"},
101 { 0, NULL}
102 };
103
104 /* interface counter types */
105 #define SFLOW_245_COUNTERS_GENERIC 1
106 #define SFLOW_245_COUNTERS_ETHERNET 2
107 #define SFLOW_245_COUNTERS_TOKENRING 3
108 #define SFLOW_245_COUNTERS_FDDI 4
109 #define SFLOW_245_COUNTERS_VG 5
110 #define SFLOW_245_COUNTERS_WAN 6
111 #define SFLOW_245_COUNTERS_VLAN 7
112
113 static const value_string sflow_245_counterstype[] = {
114 { SFLOW_245_COUNTERS_GENERIC, "Generic counters"},
115 { SFLOW_245_COUNTERS_ETHERNET, "Ethernet counters"},
116 { SFLOW_245_COUNTERS_TOKENRING,"Token Ring counters"},
117 { SFLOW_245_COUNTERS_FDDI, "FDDI counters"},
118 { SFLOW_245_COUNTERS_VG, "100baseVG counters"},
119 { SFLOW_245_COUNTERS_WAN, "WAN counters"},
120 { SFLOW_245_COUNTERS_VLAN, "VLAN counters"},
121 { 0, NULL}
122 };
123
124 #define MAX_HEADER_SIZE 256
125
126 #define SFLOW_245_PACKET_DATA_TYPE_HEADER 1
127 #define SFLOW_245_PACKET_DATA_TYPE_IPV4 2
128 #define SFLOW_245_PACKET_DATA_TYPE_IPV6 3
129
130 static const value_string sflow_245_packet_information_type[] = {
131 { SFLOW_245_PACKET_DATA_TYPE_HEADER, "Packet headers are sampled"},
132 { SFLOW_245_PACKET_DATA_TYPE_IPV4, "IP Version 4 data"},
133 { SFLOW_245_PACKET_DATA_TYPE_IPV6, "IP Version 6 data"},
134 { 0, NULL}
135 };
136
137 static const value_string extended_80211_suite_type_vals[] = {
138 { 0, "Use group cipher suite"},
139 { 1, "WEP-40"},
140 { 2, "TKIP"},
141 { 4, "CCMP"},
142 { 5, "WEP-104"},
143 { 0, NULL}
144 };
145
146 static const value_string sflow_ifdirection_vals[] = {
147 { 1, "Full-Duplex"},
148 { 2, "Half-Duplex"},
149 { 3, "In"},
150 { 4, "Out"},
151 { 0, NULL}
152 };
153
154 static const true_false_string tfs_minimize_monetary_normal = { "Minimize Monetary", "Normal" };
155
156 static const value_string sflow_245_header_protocol[] = {
157 { SFLOW_245_HEADER_ETHERNET, "Ethernet"},
158 { SFLOW_245_HEADER_TOKENBUS, "Token Bus"},
159 { SFLOW_245_HEADER_TOKENRING, "Token Ring"},
160 { SFLOW_245_HEADER_FDDI, "FDDI"},
161 { SFLOW_245_HEADER_FRAME_RELAY, "Frame Relay"},
162 { SFLOW_245_HEADER_X25, "X.25"},
163 { SFLOW_245_HEADER_PPP, "PPP"},
164 { SFLOW_245_HEADER_SMDS, "SMDS"},
165 { SFLOW_245_HEADER_AAL5, "ATM AAL5"},
166 { SFLOW_245_HEADER_AAL5_IP, "ATM AAL5-IP (e.g., Cisco AAL5 mux)"},
167 { SFLOW_245_HEADER_IPv4, "IPv4"},
168 { SFLOW_245_HEADER_IPv6, "IPv6"},
169 { SFLOW_245_HEADER_MPLS, "MPLS"},
170 { SFLOW_5_HEADER_POS, "PPP over SONET/SDH (RFC 1662, 2615)"},
171 { SFLOW_5_HEADER_80211_MAC, "802.11 MAC"},
172 { SFLOW_5_HEADER_80211_AMPDU, "802.11n Aggregated MPDU"},
173 { SFLOW_5_HEADER_80211_AMSDU_SUBFRAME, "A-MSDU Subframe"},
174 { 0, NULL}
175 };
176 static value_string_ext sflow_245_header_protocol_ext = VALUE_STRING_EXT_INIT(sflow_245_header_protocol);
177
178 /* extended packet data types */
179 #define SFLOW_245_EXTENDED_SWITCH 1
180 #define SFLOW_245_EXTENDED_ROUTER 2
181 #define SFLOW_245_EXTENDED_GATEWAY 3
182 #define SFLOW_245_EXTENDED_USER 4
183 #define SFLOW_245_EXTENDED_URL 5
184
185 static const value_string sflow_245_extended_data_types[] = {
186 { SFLOW_245_EXTENDED_SWITCH, "Extended switch information"},
187 { SFLOW_245_EXTENDED_ROUTER, "Extended router information"},
188 { SFLOW_245_EXTENDED_GATEWAY, "Extended gateway information"},
189 { SFLOW_245_EXTENDED_USER, "Extended user information"},
190 { SFLOW_245_EXTENDED_URL, "Extended URL information"},
191 { 0, NULL}
192 };
193
194
195 #define SFLOW_245_AS_SET 1
196 #define SFLOW_245_AS_SEQUENCE 2
197
198 static const value_string sflow_245_as_types[] = {
199 { SFLOW_245_AS_SET, "AS Set"},
200 { SFLOW_245_AS_SEQUENCE, "AS Sequence"},
201 { 0, NULL}
202 };
203
204 #define SFLOW_245_IPV4_PRECEDENCE_ROUTINE 0
205 #define SFLOW_245_IPV4_PRECEDENCE_PRIORITY 1
206 #define SFLOW_245_IPV4_PRECEDENCE_IMMEDIATE 2
207 #define SFLOW_245_IPV4_PRECEDENCE_FLASH 3
208 #define SFLOW_245_IPV4_PRECEDENCE_FLASH_OVERRIDE 4
209 #define SFLOW_245_IPV4_PRECEDENCE_CRITIC_ECP 5
210 #define SFLOW_245_IPV4_PRECEDENCE_INTERNETWORK_CONTROL 6
211 #define SFLOW_245_IPV4_PRECEDENCE_NETWORK_CONTROL 7
212
213 static const value_string sflow_245_ipv4_precedence_types[] = {
214 { SFLOW_245_IPV4_PRECEDENCE_ROUTINE, "Routine"},
215 { SFLOW_245_IPV4_PRECEDENCE_PRIORITY, "Priority"},
216 { SFLOW_245_IPV4_PRECEDENCE_IMMEDIATE, "Immediate"},
217 { SFLOW_245_IPV4_PRECEDENCE_FLASH, "Flash"},
218 { SFLOW_245_IPV4_PRECEDENCE_FLASH_OVERRIDE, "Flash Override"},
219 { SFLOW_245_IPV4_PRECEDENCE_CRITIC_ECP, "CRITIC/ECP"},
220 { SFLOW_245_IPV4_PRECEDENCE_INTERNETWORK_CONTROL, "Internetwork Control"},
221 { SFLOW_245_IPV4_PRECEDENCE_NETWORK_CONTROL, "Network Control"},
222 { 0, NULL}
223 };
224
225 /* sFlow v5 flow record formats */
226 #define SFLOW_5_RAW_PACKET_HEADER 1
227 #define SFLOW_5_ETHERNET_FRAME 2
228 #define SFLOW_5_IPV4 3
229 #define SFLOW_5_IPV6 4
230 #define SFLOW_5_SWITCH 1001
231 #define SFLOW_5_ROUTER 1002
232 #define SFLOW_5_GATEWAY 1003
233 #define SFLOW_5_USER 1004
234 #define SFLOW_5_URL 1005
235 #define SFLOW_5_MPLS_DATA 1006
236 #define SFLOW_5_NAT 1007
237 #define SFLOW_5_MPLS_TUNNEL 1008
238 #define SFLOW_5_MPLS_VC 1009
239 #define SFLOW_5_MPLS_FEC 1010
240 #define SFLOW_5_MPLS_LVP_FEC 1011
241 #define SFLOW_5_VLAN_TUNNEL 1012
242 #define SFLOW_5_80211_PAYLOAD 1013
243 #define SFLOW_5_80211_RX 1014
244 #define SFLOW_5_80211_TX 1015
245 #define SFLOW_5_80211_AGGREGATION 1016
246
247
248 static const value_string sflow_5_flow_record_type[] = {
249 { SFLOW_5_RAW_PACKET_HEADER, "Raw packet header"},
250 { SFLOW_5_ETHERNET_FRAME, "Ethernet frame data"},
251 { SFLOW_5_IPV4, "IPv4 data"},
252 { SFLOW_5_IPV6, "IPv6 data"},
253 { SFLOW_5_SWITCH, "Extended switch data"},
254 { SFLOW_5_ROUTER, "Extended router data"},
255 { SFLOW_5_GATEWAY, "Extended gateway data"},
256 { SFLOW_5_USER, "Extended user data"},
257 { SFLOW_5_URL, "Extended URL data"},
258 { SFLOW_5_MPLS_DATA, "Extended MPLS data"},
259 { SFLOW_5_NAT, "Extended NAT data"},
260 { SFLOW_5_MPLS_TUNNEL, "Extended MPLS tunnel data"},
261 { SFLOW_5_MPLS_VC, "Extended MPLS VC data"},
262 { SFLOW_5_MPLS_FEC, "Extended MPLS FEC data"},
263 { SFLOW_5_MPLS_LVP_FEC, "Extended MPLS LVP FEC data"},
264 { SFLOW_5_VLAN_TUNNEL, "Extended VLAN tunnel"},
265 { SFLOW_5_80211_PAYLOAD, "Extended 802.11 payload"},
266 { SFLOW_5_80211_RX, "Extended 802.11 RX"},
267 { SFLOW_5_80211_TX, "Extended 802.11 TX"},
268 { SFLOW_5_80211_AGGREGATION, "Extended 802.11 aggregation"},
269 { 0, NULL}
270 };
271 static value_string_ext sflow_5_flow_record_type_ext = VALUE_STRING_EXT_INIT(sflow_5_flow_record_type);
272
273 /* sFlow v5 counters record formats */
274 #define SFLOW_5_GENERIC_INTERFACE 1
275 #define SFLOW_5_ETHERNET_INTERFACE 2
276 #define SFLOW_5_TOKEN_RING 3
277 #define SFLOW_5_100BASE_VG_INTERFACE 4
278 #define SFLOW_5_VLAN 5
279 #define SFLOW_5_80211_COUNTERS 6
280 #define SFLOW_5_LAG 7
281 #define SFLOW_5_PROCESSOR 1001
282 #define SFLOW_5_RADIO_UTILIZATION 1002
283
284 static const value_string sflow_5_counters_record_type[] = {
285 { SFLOW_5_GENERIC_INTERFACE, "Generic interface counters"},
286 { SFLOW_5_ETHERNET_INTERFACE, "Ethernet interface counters"},
287 { SFLOW_5_TOKEN_RING, "Token ring counters"},
288 { SFLOW_5_100BASE_VG_INTERFACE, "100 Base VG interface counters"},
289 { SFLOW_5_VLAN, "VLAN counters"},
290 { SFLOW_5_LAG, "LAG counters"},
291 { SFLOW_5_80211_COUNTERS, "IEEE 802.11 counters"},
292 { SFLOW_5_PROCESSOR, "Processor information"},
293 { SFLOW_5_RADIO_UTILIZATION, "Radio utilization"},
294 { 0, NULL}
295 };
296
297 /* sFlow v5 interface formats */
298 #define SFLOW_5_INT_FORMAT 0xC0000000
299 #define SFLOW_5_INT_VALUE 0x3FFFFFFF
300
301 #define SFLOW_5_INT_FORMAT_IFINDEX 0
302 #define SFLOW_5_INT_FORMAT_DISCARD 1
303 #define SFLOW_5_INT_FORMAT_MULTIPLE 2
304
305 static const value_string interface_format[] = {
306 { SFLOW_5_INT_FORMAT_IFINDEX, "ifindex"},
307 { SFLOW_5_INT_FORMAT_DISCARD, "packet discarded"},
308 { SFLOW_5_INT_FORMAT_MULTIPLE, "multiple interfaces"},
309 { 0, NULL}
310 };
311
312 static const value_string interface_discard[] = {
313 { 0, "Net Unreachable"},
314 { 1, "Host Unreachable"},
315 { 2, "Protocol Unreachable"},
316 { 3, "Port Unreachable"},
317 { 4, "Fragmentation Needed and Don't Fragment was Set"},
318 { 5, "Source Route Failed"},
319 { 6, "Destination Network Unknown"},
320 { 7, "Destination Host Unknown"},
321 { 8, "Source Host Isolated"},
322 { 9, "Communication with Destination Network is Administratively Prohibited"},
323 { 10, "Communication with Destination Host is Administratively Prohibited"},
324 { 11, "Destination Network Unreachable for Type of Service"},
325 { 12, "Destination Host Unreachable for Type of Service"},
326 { 13, "Communication Administratively Prohibited"},
327 { 14, "Host Precedence Violation"},
328 { 15, "Precedence cutoff in effect"},
329 { 256, "unknown"},
330 { 257, "ttl exceeded"},
331 { 258, "ACL"},
332 { 259, "no buffer space"},
333 { 260, "RED"},
334 { 261, "traffic shaping/rate limiting"},
335 { 262, "packet too big (for protocols that don't support fragmentation)"},
336 { 0, NULL}
337 };
338
339 /* ethernet counters. These will be preceded by generic counters. */
340 struct ethernet_counters {
341 uint32_t dot3StatsAlignmentErrors;
342 uint32_t dot3StatsFCSErrors;
343 uint32_t dot3StatsSingleCollisionFrames;
344 uint32_t dot3StatsMultipleCollisionFrames;
345 uint32_t dot3StatsSQETestErrors;
346 uint32_t dot3StatsDeferredTransmissions;
347 uint32_t dot3StatsLateCollisions;
348 uint32_t dot3StatsExcessiveCollisions;
349 uint32_t dot3StatsInternalMacTransmitErrors;
350 uint32_t dot3StatsCarrierSenseErrors;
351 uint32_t dot3StatsFrameTooLongs;
352 uint32_t dot3StatsInternalMacReceiveErrors;
353 uint32_t dot3StatsSymbolErrors;
354 };
355
356 struct sflow_address_type {
357 int hf_addr_v4;
358 int hf_addr_v6;
359 };
360
361
362 /* Initialize the protocol and registered fields */
363 static int proto_sflow;
364 static int hf_sflow_version;
365 static int hf_sflow_agent_address_type;
366 static int hf_sflow_agent_address_v4;
367 static int hf_sflow_agent_address_v6;
368 static int hf_sflow_5_sub_agent_id;
369 static int hf_sflow_5_sample_length;
370 static int hf_sflow_5_flow_data_length;
371 /* static int hf_sflow_5_counters_data_length; */
372 static int hf_sflow_245_seqnum;
373 static int hf_sflow_245_sysuptime;
374 static int hf_sflow_245_numsamples;
375 static int hf_sflow_245_header_protocol;
376 static int hf_sflow_245_sampletype;
377 static int hf_sflow_245_sampletype12;
378 static int hf_sflow_245_ipv4_precedence_type;
379 static int hf_sflow_5_flow_record_format;
380 static int hf_sflow_5_counters_record_format;
381 static int hf_sflow_245_header;
382 static int hf_sflow_245_packet_information_type;
383 static int hf_sflow_245_extended_information_type;
384 static int hf_sflow_245_vlan_in; /* incoming 802.1Q VLAN ID */
385 static int hf_sflow_245_vlan_out; /* outgoing 802.1Q VLAN ID */
386 static int hf_sflow_245_pri_in; /* incoming 802.1p priority */
387 static int hf_sflow_245_pri_out; /* outgoing 802.1p priority */
388 static int hf_sflow_245_nexthop_v4; /* nexthop address */
389 static int hf_sflow_245_nexthop_v6; /* nexthop address */
390 static int hf_sflow_245_ipv4_src;
391 static int hf_sflow_245_ipv4_dst;
392 static int hf_sflow_245_ipv6_src;
393 static int hf_sflow_245_ipv6_dst;
394 static int hf_sflow_245_nexthop_src_mask;
395 static int hf_sflow_245_nexthop_dst_mask;
396
397
398 /* extended gateway (all versions) */
399 static int hf_sflow_245_as;
400 static int hf_sflow_245_src_as;
401 static int hf_sflow_245_src_peer_as;
402 static int hf_sflow_245_dst_as_entries; /* aka length */
403 static int hf_sflow_245_dst_as;
404 /* extended gateway (>= version 4) */
405 static int hf_sflow_245_community_entries;
406 /* static int hf_sflow_245_community; */
407 static int hf_sflow_245_localpref;
408
409 /* generic interface counter */
410 static int hf_sflow_245_ifindex;
411 static int hf_sflow_245_iftype;
412 static int hf_sflow_245_ifspeed;
413 static int hf_sflow_245_ifdirection;
414 static int hf_sflow_245_ifadmin_status;
415 static int hf_sflow_245_ifoper_status;
416 static int hf_sflow_245_ifinoct;
417 static int hf_sflow_245_ifinpkt;
418 static int hf_sflow_245_ifinmcast;
419 static int hf_sflow_245_ifinbcast;
420 static int hf_sflow_245_ifinerr;
421 static int hf_sflow_245_ifindisc;
422 static int hf_sflow_245_ifinunk;
423 static int hf_sflow_245_ifoutoct;
424 static int hf_sflow_245_ifoutpkt;
425 static int hf_sflow_245_ifoutmcast;
426 static int hf_sflow_245_ifoutbcast;
427 static int hf_sflow_245_ifoutdisc;
428 static int hf_sflow_245_ifouterr;
429 static int hf_sflow_245_ifpromisc;
430
431 /* ethernet interface counter */
432 static int hf_sflow_245_dot3StatsAlignmentErrors;
433 static int hf_sflow_245_dot3StatsFCSErrors;
434 static int hf_sflow_245_dot3StatsSingleCollisionFrames;
435 static int hf_sflow_245_dot3StatsMultipleCollisionFrames;
436 static int hf_sflow_245_dot3StatsSQETestErrors;
437 static int hf_sflow_245_dot3StatsDeferredTransmissions;
438 static int hf_sflow_245_dot3StatsLateCollisions;
439 static int hf_sflow_245_dot3StatsExcessiveCollisions;
440 static int hf_sflow_245_dot3StatsInternalMacTransmitErrors;
441 static int hf_sflow_245_dot3StatsCarrierSenseErrors;
442 static int hf_sflow_245_dot3StatsFrameTooLongs;
443 static int hf_sflow_245_dot3StatsInternalMacReceiveErrors;
444 static int hf_sflow_245_dot3StatsSymbolErrors;
445
446 /* token ring counter */
447 static int hf_sflow_245_dot5StatsLineErrors;
448 static int hf_sflow_245_dot5StatsBurstErrors;
449 static int hf_sflow_245_dot5StatsACErrors;
450 static int hf_sflow_245_dot5StatsAbortTransErrors;
451 static int hf_sflow_245_dot5StatsInternalErrors;
452 static int hf_sflow_245_dot5StatsLostFrameErrors;
453 static int hf_sflow_245_dot5StatsReceiveCongestions;
454 static int hf_sflow_245_dot5StatsFrameCopiedErrors;
455 static int hf_sflow_245_dot5StatsTokenErrors;
456 static int hf_sflow_245_dot5StatsSoftErrors;
457 static int hf_sflow_245_dot5StatsHardErrors;
458 static int hf_sflow_245_dot5StatsSignalLoss;
459 static int hf_sflow_245_dot5StatsTransmitBeacons;
460 static int hf_sflow_245_dot5StatsRecoveries;
461 static int hf_sflow_245_dot5StatsLobeWires;
462 static int hf_sflow_245_dot5StatsRemoves;
463 static int hf_sflow_245_dot5StatsSingles;
464 static int hf_sflow_245_dot5StatsFreqErrors;
465
466 /* 100 BaseVG interface counters */
467 static int hf_sflow_245_dot12InHighPriorityFrames;
468 static int hf_sflow_245_dot12InHighPriorityOctets;
469 static int hf_sflow_245_dot12InNormPriorityFrames;
470 static int hf_sflow_245_dot12InNormPriorityOctets;
471 static int hf_sflow_245_dot12InIPMErrors;
472 static int hf_sflow_245_dot12InOversizeFrameErrors;
473 static int hf_sflow_245_dot12InDataErrors;
474 static int hf_sflow_245_dot12InNullAddressedFrames;
475 static int hf_sflow_245_dot12OutHighPriorityFrames;
476 static int hf_sflow_245_dot12OutHighPriorityOctets;
477 static int hf_sflow_245_dot12TransitionIntoTrainings;
478 static int hf_sflow_245_dot12HCInHighPriorityOctets;
479 static int hf_sflow_245_dot12HCInNormPriorityOctets;
480 static int hf_sflow_245_dot12HCOutHighPriorityOctets;
481
482 /* VLAN counters */
483 static int hf_sflow_245_vlan_id;
484 static int hf_sflow_245_octets;
485 static int hf_sflow_245_ucastPkts;
486 static int hf_sflow_245_multicastPkts;
487 static int hf_sflow_245_broadcastPkts;
488 static int hf_sflow_245_discards;
489
490 /* 802.11 interface counters */
491 static int hf_sflow_5_dot11TransmittedFragmentCount;
492 static int hf_sflow_5_dot11MulticastTransmittedFrameCount;
493 static int hf_sflow_5_dot11FailedCount;
494 static int hf_sflow_5_dot11RetryCount;
495 static int hf_sflow_5_dot11MultipleRetryCount;
496 static int hf_sflow_5_dot11FrameDuplicateCount;
497 static int hf_sflow_5_dot11RTSSuccessCount;
498 static int hf_sflow_5_dot11RTSFailureCount;
499 static int hf_sflow_5_dot11ACKFailureCount;
500 static int hf_sflow_5_dot11ReceivedFragmentCount;
501 static int hf_sflow_5_dot11MulticastReceivedFrameCount;
502 static int hf_sflow_5_dot11FCSErrorCount;
503 static int hf_sflow_5_dot11TransmittedFrameCount;
504 static int hf_sflow_5_dot11WEPUndecryptableCount;
505 static int hf_sflow_5_dot11QoSDiscardedFragmentCount;
506 static int hf_sflow_5_dot11AssociatedStationCount;
507 static int hf_sflow_5_dot11QoSCFPollsReceivedCount;
508 static int hf_sflow_5_dot11QoSCFPollsUnusedCount;
509 static int hf_sflow_5_dot11QoSCFPollsUnusableCount;
510 static int hf_sflow_5_dot11QoSCFPollsLostCount;
511 /* static int hf_sflow_5_ieee80211_version; */
512
513
514 /* processor information */
515 static int hf_sflow_5_cpu_5s;
516 static int hf_sflow_5_cpu_1m;
517 static int hf_sflow_5_cpu_5m;
518 static int hf_sflow_5_total_memory;
519 static int hf_sflow_5_free_memory;
520
521 /* radio utilisation */
522 static int hf_sflow_5_elapsed_time;
523 static int hf_sflow_5_on_channel_time;
524 static int hf_sflow_5_on_channel_busy_time;
525
526 /* Generated from convert_proto_tree_add_text.pl */
527 static int hf_sflow_5_extended_80211_suite_type;
528 static int hf_sflow_5_extended_80211_rx_channel;
529 static int hf_sflow_flow_sample_input_interface;
530 static int hf_sflow_counters_sample_sampling_interval;
531 static int hf_sflow_5_extended_url_host_length;
532 static int hf_sflow_245_ip_tcp_flag_syn;
533 static int hf_sflow_24_flow_sample_output_interface;
534 static int hf_sflow_5_flow_sample_output_interface;
535 static int hf_sflow_5_flow_sample_output_interface_form;
536 static int hf_sflow_5_flow_sample_output_interface_val;
537 static int hf_sflow_5_flow_sample_output_interface_val_discard;
538 static int hf_sflow_245_length_of_ip_packet;
539 static int hf_sflow_counters_sample_counters_type;
540 static int hf_sflow_5_extended_mpls_tunnel_id;
541 static int hf_sflow_flow_sample_sample_pool;
542 static int hf_sflow_5_extended_80211_tx_speed;
543 static int hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair;
544 static int hf_sflow_245_extended_mpls_out_label_stack_entries;
545 static int hf_sflow_flow_sample_input_interface_value;
546 static int hf_sflow_flow_sample_sampling_rate;
547 static int hf_sflow_5_extended_80211_rx_rcpi;
548 static int hf_sflow_enterprise;
549 static int hf_sflow_enterprise_length;
550 static int hf_sflow_enterprise_data;
551 static int hf_sflow_245_header_frame_length;
552 static int hf_sflow_5_extended_user_destination_character_set;
553 static int hf_sflow_5_extended_80211_rx_bssid;
554 static int hf_sflow_5_extended_80211_tx_retransmission_duration;
555 static int hf_sflow_245_ethernet_length_of_mac_packet;
556 static int hf_sflow_245_ip_tcp_flag_psh;
557 static int hf_sflow_flow_sample_flow_record;
558 static int hf_sflow_245_extended_mpls_in_label;
559 static int hf_sflow_5_extended_user_source_character_set;
560 static int hf_sflow_5_extended_user_destination_user_string_length;
561 static int hf_sflow_counters_sample_sequence_number;
562 static int hf_sflow_5_extended_80211_rx_speed;
563 static int hf_sflow_5_extended_80211_rx_rsni;
564 static int hf_sflow_flow_sample_source_id_index;
565 static int hf_sflow_245_ip_tcp_flag_ece;
566 static int hf_sflow_245_ipv4_throughput;
567 static int hf_sflow_5_extended_80211_oui;
568 static int hf_sflow_counters_sample_source_id_type;
569 static int hf_sflow_flow_sample_input_interface_format;
570 static int hf_sflow_5_extended_80211_tx_channel;
571 static int hf_sflow_245_ip_tcp_flag_urg;
572 static int hf_sflow_5_extended_mpls_tunnel_name_length;
573 static int hf_sflow_5_extended_80211_tx_version;
574 static int hf_sflow_245_ipv4_delay;
575 static int hf_sflow_flow_sample_source_id_class;
576 static int hf_sflow_245_ethernet_source_mac_address;
577 static int hf_sflow_5_extended_mpls_ftn_mask;
578 static int hf_sflow_245_extended_mpls_out_label;
579 static int hf_sflow_245_ipv6_priority;
580 static int hf_sflow_245_ip_tcp_flag_fin;
581 static int hf_sflow_245_ip_destination_port;
582 static int hf_sflow_5_extended_mpls_vc_label_cos_value;
583 static int hf_sflow_5_extended_80211_rx_packet_duration;
584 static int hf_sflow_5_extended_80211_tx_packet_duration;
585 static int hf_sflow_245_ipv4_reliability;
586 static int hf_sflow_5_extended_80211_tx_power;
587 static int hf_sflow_24_flow_sample_multiple_outputs;
588 static int hf_sflow_5_extended_user_source_user_string_length;
589 static int hf_sflow_5_extended_80211_payload_length;
590 static int hf_sflow_24_flow_sample_output_interface_format;
591 static int hf_sflow_5_flow_sample_output_interface_expanded_format;
592 static int hf_sflow_245_ethernet_packet_type;
593 static int hf_sflow_counters_sample_expanded_source_id_type;
594 static int hf_sflow_245_ip_source_port;
595 static int hf_sflow_245_extended_mpls_in_label_stack_entries;
596 static int hf_sflow_5_extended_mpls_vc_instance_name_length;
597 static int hf_sflow_245_ipv4_cost;
598 static int hf_sflow_5_extended_mpls_ftn_description_length;
599 static int hf_sflow_5_extended_vlan_tunnel_number_of_layers;
600 static int hf_sflow_5_extended_80211_tx_bssid;
601 static int hf_sflow_245_ip_tcp_flag_rst;
602 static int hf_sflow_245_ip_tcp_flag_ack;
603 static int hf_sflow_245_ip_tcp_flag_cwr;
604 static int hf_sflow_5_extended_80211_tx_retransmissions;
605 static int hf_sflow_5_extended_80211_rx_version;
606 static int hf_sflow_flow_sample_dropped_packets;
607 static int hf_sflow_counters_sample_expanded_source_id_index;
608 static int hf_sflow_245_header_payload_stripped;
609 static int hf_sflow_245_sampled_header_length;
610 static int hf_sflow_245_ethernet_destination_mac_address;
611 static int hf_sflow_counters_sample_source_id_class;
612 static int hf_sflow_5_extended_url_url_length;
613 static int hf_sflow_flow_sample_source_id_type;
614 static int hf_sflow_5_extended_mpls_fec_address_prefix_length;
615 static int hf_sflow_flow_sample_sequence_number;
616 static int hf_sflow_counters_sample_source_id_index;
617 static int hf_sflow_counters_sample_counters_records;
618 static int hf_sflow_5_extended_mpls_tunnel_cos_value;
619 static int hf_sflow_5_extended_mpls_vc_id;
620 static int hf_sflow_24_flow_sample_output_interface_value;
621 static int hf_sflow_5_flow_sample_output_interface_expanded_value;
622 static int hf_sflow_5_extended_user_destination_user;
623 static int hf_sflow_245_as_type;
624 static int hf_sflow_counters_sample_index;
625 static int hf_sflow_5_extended_url_url;
626 static int hf_sflow_flow_sample_index;
627 static int hf_sflow_5_extended_80211_rx_ssid;
628 static int hf_sflow_5_extended_mpls_vc_instance_name;
629 static int hf_sflow_5_extended_mpls_tunnel_name;
630 static int hf_sflow_5_extended_80211_payload;
631 static int hf_sflow_5_extended_user_source_user;
632 static int hf_sflow_5_extended_url_host;
633 static int hf_sflow_5_extended_80211_tx_ssid;
634 static int hf_sflow_5_extended_url_direction;
635 static int hf_sflow_5_extended_mpls_ftn_description;
636 static int hf_sflow_245_ip_protocol;
637
638 static int hf_sflow_lag_port_padding;
639 static int hf_sflow_lag_port_actorsystemid;
640 static int hf_sflow_lag_port_partneropersystemid;
641 static int hf_sflow_lag_port_attachedaggid;
642 static int hf_sflow_lag_port_state;
643 static int hf_sflow_lag_port_actoradminstate;
644 static int hf_sflow_lag_port_actoroperstate;
645 static int hf_sflow_lag_port_partneradminstate;
646 static int hf_sflow_lag_port_partneroperstate;
647 static int hf_sflow_lag_port_reserved;
648 static int hf_sflow_5_lag_port_actoradminstate;
649 static int hf_sflow_5_lag_port_actoroperstate;
650 static int hf_sflow_5_lag_port_partneradminstate;
651 static int hf_sflow_5_lag_port_partneroperstate;
652 static int hf_sflow_lag_port_stats_lacpdusrx;
653 static int hf_sflow_lag_port_stats_markerpdusrx;
654 static int hf_sflow_lag_port_stats_markerresponsepdusrx;
655 static int hf_sflow_lag_port_stats_unknownrx;
656 static int hf_sflow_lag_port_stats_illegalrx;
657 static int hf_sflow_lag_port_stats_lacpdustx;
658 static int hf_sflow_lag_port_stats_markerpdustx;
659 static int hf_sflow_lag_port_stats_markerresponsepdustx;
660
661 /* Initialize the subtree pointers */
662 static int ett_sflow_245;
663 static int ett_sflow_245_sample;
664 static int ett_sflow_5_flow_record;
665 static int ett_sflow_5_counters_record;
666 static int ett_sflow_5_mpls_in_label_stack;
667 static int ett_sflow_5_mpls_out_label_stack;
668 static int ett_sflow_245_extended_data;
669 static int ett_sflow_245_gw_as_dst;
670 static int ett_sflow_245_gw_as_dst_seg;
671 static int ett_sflow_245_gw_community;
672 static int ett_sflow_245_sampled_header;
673 static int ett_sflow_lag_port_state_flags;
674 static int ett_sflow_5_output_interface;
675
676 static expert_field ei_sflow_invalid_address_type;
677
678 static dissector_table_t header_subdissector_table;
679
680 static const unit_name_string units_total_packets = { " total packet", " total packets" };
681
682 void proto_reg_handoff_sflow_245(void);
683
684 /* dissect a sampled header - layer 2 protocols */
685 static int
686 dissect_sflow_245_sampled_header(tvbuff_t *tvb, packet_info *pinfo,
687 proto_tree *tree, volatile int offset) {
688 uint32_t version, header_proto, frame_length;
689 uint32_t header_length;
690 tvbuff_t *next_tvb;
691 proto_tree *sflow_245_header_tree;
692 proto_item *ti;
693 /* stuff for saving column state before calling other dissectors.
694 * Thanks to Guy Harris for the tip. */
695 bool save_writable;
696 bool save_in_error_pkt;
697 address save_dl_src, save_dl_dst, save_net_src, save_net_dst, save_src, save_dst;
698
699 version = tvb_get_ntohl(tvb, 0);
700 header_proto = tvb_get_ntohl(tvb, offset);
701 proto_tree_add_item(tree, hf_sflow_245_header_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
702 offset += 4;
703 frame_length = tvb_get_ntohl(tvb, offset);
704 proto_tree_add_item(tree, hf_sflow_245_header_frame_length, tvb, offset, 4, ENC_BIG_ENDIAN);
705 offset += 4;
706
707 if (version == 5) {
708 proto_tree_add_item(tree, hf_sflow_245_header_payload_stripped, tvb, offset, 4, ENC_BIG_ENDIAN);
709 offset += 4;
710 }
711
712 proto_tree_add_item_ret_uint(tree, hf_sflow_245_sampled_header_length, tvb, offset, 4, ENC_BIG_ENDIAN, &header_length);
713 offset += 4;
714
715 if (header_length % 4) /* XDR requires 4-byte alignment */
716 header_length += (4 - (header_length % 4));
717
718
719 ti = proto_tree_add_item(tree, hf_sflow_245_header, tvb, offset, header_length, ENC_NA);
720 sflow_245_header_tree = proto_item_add_subtree(ti, ett_sflow_245_sampled_header);
721
722 /* hand the header off to the appropriate dissector. It's probably
723 * a short frame, so ignore any exceptions. */
724 next_tvb = tvb_new_subset_length_caplen(tvb, offset, header_length, frame_length);
725
726 /* save some state */
727 save_writable = col_get_writable(pinfo->cinfo, -1);
728
729 /*
730 If sFlow samples a TCP packet it is very likely that the
731 TCP analysis will flag the packet as having some error with
732 the sequence numbers. sFlow only report on a "sample" of
733 traffic so many packets will not be reported on. This is
734 most obvious if the colorizing rules are on, but will also
735 cause confusion if you attempt to filter on
736 "tcp.analysis.flags".
737
738 The following only works to suppress IP/TCP errors, but
739 it is a start anyway. Other protocols carried as payloads
740 may exhibit similar issues.
741
742 I think what is really needed is a more general
743 "protocol_as_payload" flag. Of course then someone has to
744 play whack-a-mole and add code to implement it to any
745 protocols that could be carried as a payload. In the case
746 of sFlow that pretty much means anything on your network.
747 */
748 save_in_error_pkt = pinfo->flags.in_error_pkt;
749 if (!global_analyze_samp_ip_headers) {
750 pinfo->flags.in_error_pkt = true;
751 }
752
753 col_set_writable(pinfo->cinfo, -1, false);
754 copy_address_shallow(&save_dl_src, &pinfo->dl_src);
755 copy_address_shallow(&save_dl_dst, &pinfo->dl_dst);
756 copy_address_shallow(&save_net_src, &pinfo->net_src);
757 copy_address_shallow(&save_net_dst, &pinfo->net_dst);
758 copy_address_shallow(&save_src, &pinfo->src);
759 copy_address_shallow(&save_dst, &pinfo->dst);
760
761 TRY
762 {
763 if ((global_dissect_samp_headers == false) ||
764 !dissector_try_uint(header_subdissector_table, header_proto, next_tvb, pinfo, sflow_245_header_tree))
765 {
766 call_data_dissector(next_tvb, pinfo, sflow_245_header_tree);
767 }
768 }
769
770 CATCH_BOUNDS_ERRORS {
771 }
772 ENDTRY;
773
774 /* restore saved state */
775 col_set_writable(pinfo->cinfo, -1, save_writable);
776 pinfo->flags.in_error_pkt = save_in_error_pkt;
777 copy_address_shallow(&pinfo->dl_src, &save_dl_src);
778 copy_address_shallow(&pinfo->dl_dst, &save_dl_dst);
779 copy_address_shallow(&pinfo->net_src, &save_net_src);
780 copy_address_shallow(&pinfo->net_dst, &save_net_dst);
781 copy_address_shallow(&pinfo->src, &save_src);
782 copy_address_shallow(&pinfo->dst, &save_dst);
783
784 offset += header_length;
785 return offset;
786 }
787
788 static int
789 dissect_sflow_245_address_type(tvbuff_t *tvb, packet_info *pinfo,
790 proto_tree *tree, int offset,
791 struct sflow_address_type *hf_type,
792 address *addr) {
793 uint32_t addr_type;
794 int len;
795
796 addr_type = tvb_get_ntohl(tvb, offset);
797 offset += 4;
798
799 switch (addr_type) {
800 case ADDR_TYPE_UNKNOWN:
801 len = 0;
802 break;
803 case ADDR_TYPE_IPV4:
804 len = 4;
805 proto_tree_add_item(tree, hf_type->hf_addr_v4, tvb, offset, 4, ENC_BIG_ENDIAN);
806 break;
807 case ADDR_TYPE_IPV6:
808 len = 16;
809 proto_tree_add_item(tree, hf_type->hf_addr_v6, tvb, offset, 16, ENC_NA);
810 break;
811 default:
812 /* Invalid address type, or a type we don't understand; we don't
813 know the length. We treat it as having no contents; that
814 doesn't trap us in an endless loop, as we at least include
815 the address type and thus at least advance the offset by 4.
816 Note that we have a problem, though. */
817 len = 0;
818 proto_tree_add_expert_format(tree, pinfo, &ei_sflow_invalid_address_type, tvb,
819 offset - 4, 4, "Unknown address type (%u)", addr_type);
820 }
821
822 if (addr) {
823 switch (len) {
824 default:
825 clear_address(addr);
826 break;
827 case 4:
828 set_address_tvb(addr, AT_IPv4, len, tvb, offset);
829 break;
830 case 16:
831 set_address_tvb(addr, AT_IPv6, len, tvb, offset);
832 break;
833 }
834 }
835
836 return offset + len;
837 }
838
839 /* extended switch data, after the packet data */
840 static int
841 dissect_sflow_245_extended_switch(tvbuff_t *tvb, proto_tree *tree, int offset) {
842 proto_tree_add_item(tree, hf_sflow_245_vlan_in, tvb, offset, 4, ENC_BIG_ENDIAN);
843 offset += 4;
844 proto_tree_add_item(tree, hf_sflow_245_pri_in, tvb, offset, 4, ENC_BIG_ENDIAN);
845 offset += 4;
846 proto_tree_add_item(tree, hf_sflow_245_vlan_out, tvb, offset, 4, ENC_BIG_ENDIAN);
847 offset += 4;
848 proto_tree_add_item(tree, hf_sflow_245_pri_out, tvb, offset, 4, ENC_BIG_ENDIAN);
849 offset += 4;
850
851 return offset;
852 }
853
854 /* extended router data, after the packet data */
855 static int
856 dissect_sflow_245_extended_router(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) {
857 struct sflow_address_type addr_type;
858
859 addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
860 addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
861
862 offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
863 proto_tree_add_item(tree, hf_sflow_245_nexthop_src_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
864 offset += 4;
865 proto_tree_add_item(tree, hf_sflow_245_nexthop_dst_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
866 offset += 4;
867 return offset;
868 }
869
870 /* extended MPLS data */
871 static int
872 dissect_sflow_5_extended_mpls_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) {
873 uint32_t in_label_count, out_label_count, label, i, j;
874 proto_tree *in_stack;
875 proto_tree *out_stack;
876 struct sflow_address_type addr_type;
877
878 addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
879 addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
880
881 offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
882
883 in_label_count = tvb_get_ntohl(tvb, offset);
884 proto_tree_add_item(tree, hf_sflow_245_extended_mpls_in_label_stack_entries, tvb, offset, 4, ENC_BIG_ENDIAN);
885 offset += 4;
886
887 in_stack = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_mpls_in_label_stack, NULL, "In Label Stack");
888
889 /* by applying the mask, we avoid possible corrupted data that causes huge number of loops
890 * 255 is a sensible limit of label count */
891 for (i = 0, j = 0; i < (in_label_count & 0x000000ff); i++, j += 4) {
892 label = tvb_get_ntohl(tvb, offset + j);
893 proto_tree_add_uint_format(in_stack, hf_sflow_245_extended_mpls_in_label, tvb, offset, 4,
894 label, "Label %u: %u", i + 1, label);
895 }
896 offset += (in_label_count * 4);
897
898 out_label_count = tvb_get_ntohl(tvb, offset);
899 proto_tree_add_item(tree, hf_sflow_245_extended_mpls_out_label_stack_entries, tvb, offset, 4, ENC_BIG_ENDIAN);
900 offset += 4;
901
902 out_stack = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_mpls_in_label_stack, NULL, "Out Label Stack");
903
904 /* by applying the mask, we avoid possible corrupted data that causes huge number of loops
905 * 255 is a sensible limit of label count */
906 for (i = 0, j = 0; i < (out_label_count & 0x000000ff); i++, j += 4) {
907 label = tvb_get_ntohl(tvb, offset + j);
908 proto_tree_add_uint_format(out_stack, hf_sflow_245_extended_mpls_out_label, tvb, offset, 4,
909 label, "Label %u: %u", i + 1, label);
910 }
911 offset = offset + out_label_count * 4;
912
913 return offset;
914 }
915
916 /* extended NAT data */
917 static int
918 dissect_sflow_5_extended_nat(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) {
919 struct sflow_address_type addr_type;
920
921 addr_type.hf_addr_v4 = hf_sflow_245_ipv4_src;
922 addr_type.hf_addr_v6 = hf_sflow_245_ipv6_src;
923
924 offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
925
926 addr_type.hf_addr_v4 = hf_sflow_245_ipv4_dst;
927 addr_type.hf_addr_v6 = hf_sflow_245_ipv6_dst;
928
929 offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
930
931 return offset;
932 }
933
934 /* extended gateway data, after the packet data */
935 static int
936 dissect_sflow_245_extended_gateway(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) {
937 int32_t len = 0;
938 int32_t i, j, comm_len, dst_len, dst_seg_len;
939 uint32_t path_type;
940 int32_t kludge;
941
942 uint32_t version = tvb_get_ntohl(tvb, 0); /* get sFlow version */
943 proto_item *ti;
944 proto_tree *sflow_245_dst_as_tree;
945 proto_tree *sflow_245_comm_tree;
946 proto_tree *sflow_245_dst_as_seg_tree;
947
948 /* sFlow v5 contains next hop router IP address */
949 if (version == 5) {
950 struct sflow_address_type addr_type;
951
952 addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
953 addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
954
955 offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
956 }
957
958 proto_tree_add_item(tree, hf_sflow_245_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
959 len += 4;
960
961 proto_tree_add_item(tree, hf_sflow_245_src_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
962 len += 4;
963
964 proto_tree_add_item(tree, hf_sflow_245_src_peer_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
965 len += 4;
966
967 dst_len = tvb_get_ntohl(tvb, offset + len);
968 ti = proto_tree_add_uint(tree, hf_sflow_245_dst_as_entries, tvb, offset + len, 4, dst_len);
969 sflow_245_dst_as_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_as_dst);
970 len += 4;
971
972 for (i = 0; i < dst_len; i++) {
973 if (version < 4) {
974 /* Version 2 AS paths are different than versions >= 4 as
975 follows:
976
977 There is no type encoded in the packet.
978
979 The destination ASs are encoded as an array of integers
980 rather as an array of arrays of integers. I just
981 pretended they were encoded as an array of arrays with
982 an implicit length of 1 to not have to do two
983 completely separate blocks for the different versions.
984
985 Having a subtree for "arrays" guaranteed to have only a
986 single element proved cumbersome to navigate so I moved
987 the creation of the subtree to only happen for versions
988 >= 4.
989 */
990 dst_seg_len = 1;
991 sflow_245_dst_as_seg_tree = sflow_245_dst_as_tree;
992 } else {
993 path_type = tvb_get_ntohl(tvb, offset + len);
994 len += 4;
995 dst_seg_len = tvb_get_ntohl(tvb, offset + len);
996 len += 4;
997 kludge = 8;
998 ti = proto_tree_add_uint_format(tree, hf_sflow_245_as_type, tvb, offset + len - kludge, kludge, path_type,
999 "%s, (%u entries)", val_to_str_const(path_type, sflow_245_as_types, "Unknown AS type"), dst_seg_len);
1000 sflow_245_dst_as_seg_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_as_dst_seg);
1001 }
1002
1003 for (j = 0; j < dst_seg_len; j++) {
1004 proto_tree_add_item(sflow_245_dst_as_seg_tree, hf_sflow_245_dst_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
1005 len += 4;
1006 }
1007 }
1008
1009
1010 if (version >= 4) {
1011 comm_len = tvb_get_ntohl(tvb, offset + len);
1012
1013 ti = proto_tree_add_uint(tree, hf_sflow_245_community_entries, tvb, offset + len, 4, comm_len);
1014 sflow_245_comm_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_community);
1015 len += 4;
1016 for (i = 0; i < comm_len; i++) {
1017 proto_tree_add_item(sflow_245_comm_tree,
1018 hf_sflow_245_dst_as, tvb, offset + len,
1019 4, ENC_BIG_ENDIAN);
1020 len += 4;
1021 }
1022
1023 proto_tree_add_item(tree, hf_sflow_245_localpref, tvb, offset + len, 4, ENC_BIG_ENDIAN);
1024 len += 4;
1025
1026 }
1027
1028 return offset + len;
1029 }
1030
1031 /* sflow v5 ethernet frame data */
1032 static int
1033 dissect_sflow_5_ethernet_frame(tvbuff_t *tvb, proto_tree *tree, int offset) {
1034
1035 proto_tree_add_item(tree, hf_sflow_245_ethernet_length_of_mac_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1036 offset += 4;
1037
1038 proto_tree_add_item(tree, hf_sflow_245_ethernet_source_mac_address, tvb, offset, 6, ENC_NA);
1039 /* Padded to 4 byte offset */
1040 offset += 8;
1041
1042 proto_tree_add_item(tree, hf_sflow_245_ethernet_destination_mac_address, tvb, offset, 6, ENC_NA);
1043 /* Padded to 4 byte offset */
1044 offset += 8;
1045
1046 proto_tree_add_item(tree, hf_sflow_245_ethernet_packet_type, tvb, offset, 4, ENC_BIG_ENDIAN);
1047 offset += 4;
1048
1049 return offset;
1050 }
1051
1052 /* sflow v5 IPv4 data */
1053 static int
1054 dissect_sflow_5_ipv4(tvbuff_t *tvb, proto_tree *tree, int offset) {
1055
1056 proto_tree_add_item(tree, hf_sflow_245_length_of_ip_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1057 offset += 4;
1058
1059 proto_tree_add_item(tree, hf_sflow_245_ip_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
1060 offset += 4;
1061
1062 proto_tree_add_item(tree, hf_sflow_245_ipv4_src, tvb, offset, 4, ENC_BIG_ENDIAN);
1063 offset += 4;
1064
1065 proto_tree_add_item(tree, hf_sflow_245_ipv4_dst, tvb, offset, 4, ENC_BIG_ENDIAN);
1066 offset += 4;
1067
1068 proto_tree_add_item(tree, hf_sflow_245_ip_source_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1069 offset += 4;
1070
1071 proto_tree_add_item(tree, hf_sflow_245_ip_destination_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1072 offset += 4;
1073
1074 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_cwr, tvb, offset, 4, ENC_BIG_ENDIAN);
1075 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ece, tvb, offset, 4, ENC_BIG_ENDIAN);
1076 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_urg, tvb, offset, 4, ENC_BIG_ENDIAN);
1077 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ack, tvb, offset, 4, ENC_BIG_ENDIAN);
1078 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_psh, tvb, offset, 4, ENC_BIG_ENDIAN);
1079 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_rst, tvb, offset, 4, ENC_BIG_ENDIAN);
1080 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_syn, tvb, offset, 4, ENC_BIG_ENDIAN);
1081 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_fin, tvb, offset, 4, ENC_BIG_ENDIAN);
1082 offset += 4;
1083
1084 /* 7 bits for type of service, plus 1 reserved bit */
1085 proto_tree_add_item(tree, hf_sflow_245_ipv4_precedence_type, tvb, offset, 4, ENC_BIG_ENDIAN);
1086 proto_tree_add_item(tree, hf_sflow_245_ipv4_delay, tvb, offset, 4, ENC_BIG_ENDIAN);
1087 proto_tree_add_item(tree, hf_sflow_245_ipv4_throughput, tvb, offset, 4, ENC_BIG_ENDIAN);
1088 proto_tree_add_item(tree, hf_sflow_245_ipv4_reliability, tvb, offset, 4, ENC_BIG_ENDIAN);
1089 proto_tree_add_item(tree, hf_sflow_245_ipv4_cost, tvb, offset, 4, ENC_BIG_ENDIAN);
1090 offset += 4;
1091
1092 return offset;
1093 }
1094
1095 /* sflow v5 IPv6 data */
1096 static int
1097 dissect_sflow_5_ipv6(tvbuff_t *tvb, proto_tree *tree, int offset) {
1098
1099 proto_tree_add_item(tree, hf_sflow_245_length_of_ip_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1100 offset += 4;
1101
1102 proto_tree_add_item(tree, hf_sflow_245_ip_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
1103 offset += 4;
1104
1105 proto_tree_add_item(tree, hf_sflow_245_ipv6_src, tvb, offset, 16, ENC_NA);
1106 offset += 16;
1107
1108 proto_tree_add_item(tree, hf_sflow_245_ipv6_dst, tvb, offset, 16, ENC_NA);
1109 offset += 16;
1110
1111 proto_tree_add_item(tree, hf_sflow_245_ip_source_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1112 offset += 4;
1113
1114 proto_tree_add_item(tree, hf_sflow_245_ip_destination_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1115 offset += 4;
1116
1117 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_cwr, tvb, offset, 4, ENC_BIG_ENDIAN);
1118 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ece, tvb, offset, 4, ENC_BIG_ENDIAN);
1119 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_urg, tvb, offset, 4, ENC_BIG_ENDIAN);
1120 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ack, tvb, offset, 4, ENC_BIG_ENDIAN);
1121 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_psh, tvb, offset, 4, ENC_BIG_ENDIAN);
1122 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_rst, tvb, offset, 4, ENC_BIG_ENDIAN);
1123 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_syn, tvb, offset, 4, ENC_BIG_ENDIAN);
1124 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_fin, tvb, offset, 4, ENC_BIG_ENDIAN);
1125 offset += 4;
1126
1127 /* Priority -- Traffic class field enables a source to identify the desired
1128 delivery priority of the packets. Priority values are divided into
1129 ranges: traffic where the source provides congestion control and
1130 non-congestion control traffic.
1131
1132 It is displayed as unsigned integer here according to sFlow specification */
1133
1134 proto_tree_add_item(tree, hf_sflow_245_ipv6_priority, tvb, offset, 4, ENC_BIG_ENDIAN);
1135 offset += 4;
1136
1137 return offset;
1138 }
1139
1140 /* sflow v5 user data */
1141 static int
1142 dissect_sflow_5_extended_user(tvbuff_t *tvb, proto_tree *tree, int offset) {
1143 uint32_t src_length, dest_length;
1144
1145 /* charset is not processed here, all chars are assumed to be ASCII */
1146 proto_tree_add_item(tree, hf_sflow_5_extended_user_source_character_set, tvb, offset, 4, ENC_BIG_ENDIAN);
1147 offset += 4;
1148
1149 src_length = tvb_get_ntohl(tvb, offset);
1150 proto_tree_add_item(tree, hf_sflow_5_extended_user_source_user_string_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1151 offset += 4;
1152
1153 /* extract source user info char by char */
1154 proto_tree_add_item(tree, hf_sflow_5_extended_user_source_user, tvb, offset, src_length, ENC_NA|ENC_ASCII);
1155 offset += src_length;
1156 /* get the correct offset by adding padding byte count */
1157 if (src_length % 4)
1158 offset += (4 - src_length % 4);
1159
1160 /* charset is not processed here, all chars are assumed to be ASCII */
1161 proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_character_set, tvb, offset, 4, ENC_BIG_ENDIAN);
1162 offset += 4;
1163
1164 dest_length = tvb_get_ntohl(tvb, offset);
1165 proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_user_string_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1166 offset += 4;
1167
1168 /* extract destination user info char by char */
1169 proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_user, tvb, offset, dest_length, ENC_NA|ENC_ASCII);
1170 offset += dest_length;
1171 /* get the correct offset by adding padding byte count */
1172 if (dest_length % 4)
1173 offset += (4 - dest_length % 4);
1174
1175 return offset;
1176 }
1177
1178 /* sflow v5 URL data */
1179 static int
1180 dissect_sflow_5_extended_url(tvbuff_t *tvb, proto_tree *tree, int offset) {
1181 uint32_t direction, url_length, host_length;
1182
1183 direction = tvb_get_ntohl(tvb, offset);
1184 switch (direction) {
1185 case 1:
1186 proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1187 "Source Address is Server(%u)", direction);
1188 break;
1189 case 2:
1190 proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1191 "Destination Address is Server (%u)", direction);
1192 break;
1193 default:
1194 proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1195 "Server Unspecified (%u)", direction);
1196 break;
1197 }
1198 offset += 4;
1199
1200 url_length = tvb_get_ntohl(tvb, offset);
1201 proto_tree_add_item(tree, hf_sflow_5_extended_url_url_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1202 offset += 4;
1203
1204 /* extract URL char by char */
1205 proto_tree_add_item(tree, hf_sflow_5_extended_url_url, tvb, offset, url_length, ENC_NA|ENC_ASCII);
1206 offset += url_length;
1207 /* get the correct offset by adding padding byte count */
1208 if (url_length % 4)
1209 offset += (4 - url_length % 4);
1210
1211 host_length = tvb_get_ntohl(tvb, offset);
1212 proto_tree_add_item(tree, hf_sflow_5_extended_url_host_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1213 offset += 4;
1214
1215 /* extract host info char by char */
1216 proto_tree_add_item(tree, hf_sflow_5_extended_url_host, tvb, offset, host_length, ENC_NA|ENC_ASCII);
1217 offset += host_length;
1218 /* get the correct offset by adding padding byte count */
1219 if (host_length % 4)
1220 offset += (4 - host_length % 4);
1221
1222 return offset;
1223 }
1224
1225 /* sflow v5 MPLS tunnel */
1226 static int
1227 dissect_sflow_5_extended_mpls_tunnel(tvbuff_t *tvb, proto_tree *tree, int offset) {
1228 uint32_t name_length;
1229
1230 name_length = tvb_get_ntohl(tvb, offset);
1231 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_name_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1232 offset += 4;
1233
1234 /* extract tunnel name char by char */
1235 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_name, tvb, offset, name_length, ENC_NA|ENC_ASCII);
1236 offset += name_length;
1237 /* get the correct offset by adding padding byte count */
1238 if (name_length % 4)
1239 offset += (4 - name_length % 4);
1240
1241 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1242 offset += 4;
1243
1244 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_cos_value, tvb, offset, 4, ENC_BIG_ENDIAN);
1245 offset += 4;
1246
1247 return offset;
1248 }
1249
1250 /* sflow v5 MPLS VC */
1251 static int
1252 dissect_sflow_5_extended_mpls_vc(tvbuff_t *tvb, proto_tree *tree, int offset) {
1253 uint32_t name_length;
1254
1255 name_length = tvb_get_ntohl(tvb, offset);
1256 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_instance_name_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1257 offset += 4;
1258
1259 /* extract source user info char by char */
1260 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_instance_name, tvb, offset, name_length, ENC_NA|ENC_ASCII);
1261 offset += name_length;
1262 /* get the correct offset by adding padding byte count */
1263 if (name_length % 4)
1264 offset += (4 - name_length % 4);
1265
1266 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1267 offset += 4;
1268
1269 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_label_cos_value, tvb, offset, 4, ENC_BIG_ENDIAN);
1270 offset += 4;
1271
1272 return offset;
1273 }
1274
1275 /* sflow v5 MPLS FEC */
1276 static int
1277 dissect_sflow_5_extended_mpls_fec(tvbuff_t *tvb, proto_tree *tree, int offset) {
1278 uint32_t length;
1279
1280 length = tvb_get_ntohl(tvb, offset);
1281 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_description_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1282 offset += 4;
1283
1284 /* extract MPLS FTN description char by char */
1285 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_description, tvb, offset, length, ENC_NA|ENC_ASCII);
1286 offset += length;
1287 /* get the correct offset by adding padding byte count */
1288 if (length % 4)
1289 offset += (4 - length % 4);
1290
1291 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
1292 offset += 4;
1293
1294 return offset;
1295 }
1296
1297 /* sflow v5 MPLS LVP FEC */
1298 static int
1299 dissect_sflow_5_extended_mpls_lvp_fec(tvbuff_t *tvb, proto_tree *tree, int offset) {
1300
1301 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_fec_address_prefix_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1302 offset += 4;
1303 return offset;
1304 }
1305
1306 /* sflow v5 extended VLAN tunnel */
1307 static int
1308 dissect_sflow_5_extended_vlan_tunnel(tvbuff_t *tvb, proto_tree *tree, int offset) {
1309 uint32_t num, i;
1310
1311 num = tvb_get_ntohl(tvb, offset);
1312 proto_tree_add_item(tree, hf_sflow_5_extended_vlan_tunnel_number_of_layers, tvb, offset, 4, ENC_BIG_ENDIAN);
1313 offset += 4;
1314
1315 /* loop strip 802.1Q TPID/TCI layers. each TPID/TCI pair is represented as a
1316 single 32 bit integer layers listed from outermost to innermost */
1317 for (i = 0; i < num; i++) {
1318 proto_tree_add_item(tree, hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair, tvb, offset, 4, ENC_BIG_ENDIAN);
1319 offset += 4;
1320 }
1321
1322 return offset;
1323 }
1324
1325 /* sflow v5 extended 802.11 payload */
1326 static int
1327 dissect_sflow_5_extended_80211_payload(tvbuff_t *tvb, proto_tree *tree, int offset) {
1328 uint32_t cipher_suite, OUI, suite_type, length;
1329
1330 cipher_suite = tvb_get_ntohl(tvb, offset);
1331 OUI = cipher_suite >> 8;
1332 suite_type = cipher_suite & 0x000000ff;
1333
1334 if (OUI == 0x000FAC) {
1335 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_oui, tvb, offset, 3, OUI, "Default (0x%X)", OUI);
1336 offset += 3;
1337 proto_tree_add_item(tree, hf_sflow_5_extended_80211_suite_type, tvb, offset, 1, ENC_BIG_ENDIAN);
1338 } else {
1339 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_oui, tvb, offset, 3, OUI, "Other vendor (0x%X)", OUI);
1340 offset += 3;
1341 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_suite_type, tvb, offset, 1,
1342 suite_type, "vendor specific (%u)", suite_type);
1343 }
1344 offset++;
1345
1346 length = tvb_get_ntohl(tvb, offset);
1347 proto_tree_add_item(tree, hf_sflow_5_extended_80211_payload_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1348 offset += 4;
1349
1350 /* extract data byte by byte */
1351 proto_tree_add_item(tree, hf_sflow_5_extended_80211_payload, tvb, offset, length, ENC_NA);
1352 offset += length;
1353 /* get the correct offset by adding padding byte count */
1354 if (length % 4)
1355 offset += (4 - length % 4);
1356
1357 return offset;
1358 }
1359
1360 /* sflow v5 extended 802.11 rx */
1361 static int
1362 dissect_sflow_5_extended_80211_rx(tvbuff_t *tvb, proto_tree *tree, int offset) {
1363 uint32_t ssid_length, duration;
1364
1365 /* extract SSID char by char. max char count = 32 */
1366 ssid_length = tvb_get_ntohl(tvb, offset);
1367 offset += 4;
1368 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_ssid, tvb, offset, ssid_length, ENC_NA|ENC_ASCII);
1369 offset += ssid_length;
1370 /* get the correct offset by adding padding byte count */
1371 if (ssid_length % 4)
1372 offset += (4 - ssid_length % 4);
1373
1374 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_bssid, tvb, offset, 6, ENC_NA);
1375 /* Padded to 4 byte offset */
1376 offset += 8;
1377
1378 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_version, tvb, offset, 4, ENC_BIG_ENDIAN);
1379 offset += 4;
1380
1381 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
1382 offset += 4;
1383
1384 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_speed, tvb, offset, 8, ENC_BIG_ENDIAN);
1385 offset += 8;
1386
1387 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_rsni, tvb, offset, 4, ENC_BIG_ENDIAN);
1388 offset += 4;
1389
1390 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_rcpi, tvb, offset, 4, ENC_BIG_ENDIAN);
1391 offset += 4;
1392
1393 duration = tvb_get_ntohl(tvb, offset);
1394 if (duration == 0) {
1395 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_rx_packet_duration, tvb, offset, 4, duration, "Unknown");
1396 } else {
1397 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_packet_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1398 }
1399 offset += 4;
1400
1401 return offset;
1402 }
1403
1404 /* sflow v5 extended 802.11 tx */
1405 static int
1406 dissect_sflow_5_extended_80211_tx(tvbuff_t *tvb, proto_tree *tree, int offset) {
1407 uint32_t ssid_length, transmissions, packet_duration, retrans_duration;
1408
1409 /* extract SSID char by char. max char count = 32 */
1410 ssid_length = tvb_get_ntohl(tvb, offset);
1411 if (ssid_length > 32)
1412 ssid_length = 32;
1413 offset += 4;
1414 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_ssid, tvb, offset, ssid_length, ENC_NA|ENC_ASCII);
1415 offset += ssid_length;
1416 /* get the correct offset by adding padding byte count */
1417 if (ssid_length % 4)
1418 offset += (4 - ssid_length % 4);
1419
1420 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_bssid, tvb, offset, 6, ENC_NA);
1421 /* Padded to 4 byte offset */
1422 offset += 8;
1423
1424 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_version, tvb, offset, 4, ENC_BIG_ENDIAN);
1425 offset += 4;
1426
1427 transmissions = tvb_get_ntohl(tvb, offset);
1428 switch (transmissions) {
1429 case 0:
1430 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4,
1431 0, "Unknown");
1432 break;
1433 case 1:
1434 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4,
1435 1, "Packet transmitted successfully on first attempt");
1436 break;
1437 default:
1438 proto_tree_add_uint(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4, transmissions - 1);
1439 break;
1440 }
1441 offset += 4;
1442
1443 packet_duration = tvb_get_ntohl(tvb, offset);
1444 if (packet_duration == 0) {
1445 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_packet_duration, tvb, offset, 4, packet_duration, "Unknown");
1446 } else {
1447 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_packet_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1448 }
1449 offset += 4;
1450
1451 retrans_duration = tvb_get_ntohl(tvb, offset);
1452 if (retrans_duration == 0) {
1453 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmission_duration, tvb, offset, 4, retrans_duration, "Unknown");
1454 } else {
1455 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_retransmission_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1456 }
1457 offset += 4;
1458
1459 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
1460 offset += 4;
1461
1462 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_speed, tvb, offset, 8, ENC_BIG_ENDIAN);
1463 offset += 8;
1464
1465 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_power, tvb, offset, 4, ENC_BIG_ENDIAN);
1466 offset += 4;
1467
1468 return offset;
1469 }
1470
1471 /* sflow v5 extended 802.11 aggregation */
1472 static int
1473 dissect_sflow_5_extended_80211_aggregation(tvbuff_t *tvb _U_, proto_tree *tree _U_, int offset) {
1474
1475 return offset;
1476 }
1477
1478 /* dissect an sflow v2/4 flow sample */
1479 static int
1480 dissect_sflow_24_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
1481 proto_tree *tree, int offset, proto_item *parent) {
1482 uint32_t sequence_number, sampling_rate, output;
1483
1484 proto_tree *extended_data_tree;
1485 proto_item *ti;
1486 uint32_t packet_type, extended_data, ext_type, i;
1487
1488 sequence_number = tvb_get_ntohl(tvb, offset);
1489 proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
1490 proto_item_append_text(parent, ", seq %u", sequence_number);
1491 proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_class, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1492 proto_tree_add_item(tree, hf_sflow_flow_sample_index, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1493 sampling_rate = tvb_get_ntohl(tvb, offset + 8);
1494 proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset + 8, 4,
1495 sampling_rate, "1 out of %u packets",
1496 sampling_rate);
1497
1498 proto_tree_add_item(tree, hf_sflow_flow_sample_sample_pool, tvb, offset + 12, 4, ENC_BIG_ENDIAN);
1499 proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset + 16, 4, ENC_BIG_ENDIAN);
1500 proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface, tvb, offset + 20, 4, ENC_BIG_ENDIAN);
1501 output = tvb_get_ntohl(tvb, offset + 24);
1502 if (output & 0x80000000) {
1503 output & 0x7fffffff ?
1504 proto_tree_add_uint_format_value(tree, hf_sflow_24_flow_sample_multiple_outputs, tvb, offset + 24, 4,
1505 output & 0x7fffffff, "%u interfaces", output & 0x7fffffff) :
1506 proto_tree_add_uint_format_value(tree, hf_sflow_24_flow_sample_multiple_outputs, tvb, offset + 24, 4,
1507 0x80000000, "unknown number");
1508 } else {
1509 proto_tree_add_item(tree, hf_sflow_24_flow_sample_output_interface, tvb, offset + 24, 4, ENC_BIG_ENDIAN);
1510 }
1511 offset += 28;
1512
1513 /* what kind of flow sample is it? */
1514 packet_type = tvb_get_ntohl(tvb, offset);
1515 proto_tree_add_item(tree, hf_sflow_245_packet_information_type, tvb, offset, 4, ENC_BIG_ENDIAN);
1516 offset += 4;
1517 switch (packet_type) {
1518 case SFLOW_245_PACKET_DATA_TYPE_HEADER:
1519 offset = dissect_sflow_245_sampled_header(tvb, pinfo, tree, offset);
1520 break;
1521 case SFLOW_245_PACKET_DATA_TYPE_IPV4:
1522 case SFLOW_245_PACKET_DATA_TYPE_IPV6:
1523 default:
1524 break;
1525 }
1526 /* still need to dissect extended data */
1527 extended_data = tvb_get_ntohl(tvb, offset);
1528 offset += 4;
1529
1530 for (i = 0; i < extended_data; i++) {
1531 /* figure out what kind of extended data it is */
1532 ext_type = tvb_get_ntohl(tvb, offset);
1533
1534 /* create a subtree. Might want to move this to
1535 * the end, so more info can be correct.
1536 */
1537 ti = proto_tree_add_uint(tree, hf_sflow_245_extended_information_type, tvb, offset, 4, ext_type);
1538 extended_data_tree = proto_item_add_subtree(ti, ett_sflow_245_extended_data);
1539 offset += 4;
1540
1541 switch (ext_type) {
1542 case SFLOW_245_EXTENDED_SWITCH:
1543 offset = dissect_sflow_245_extended_switch(tvb, extended_data_tree, offset);
1544 break;
1545 case SFLOW_245_EXTENDED_ROUTER:
1546 offset = dissect_sflow_245_extended_router(tvb, pinfo, extended_data_tree, offset);
1547 break;
1548 case SFLOW_245_EXTENDED_GATEWAY:
1549 offset = dissect_sflow_245_extended_gateway(tvb, pinfo, extended_data_tree, offset);
1550 break;
1551 case SFLOW_245_EXTENDED_USER:
1552 break;
1553 case SFLOW_245_EXTENDED_URL:
1554 break;
1555 default:
1556 break;
1557 }
1558 proto_item_set_end(ti, tvb, offset);
1559 }
1560 return offset;
1561
1562 }
1563
1564 /* dissect an sflow v5 flow record */
1565 static int
1566 dissect_sflow_5_flow_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) {
1567 proto_tree *flow_data_tree;
1568 proto_item *ti;
1569 uint32_t enterprise_format, enterprise, format;
1570
1571 /* what kind of flow sample is it? */
1572 enterprise_format = tvb_get_ntohl(tvb, offset);
1573 enterprise = enterprise_format >> 12;
1574 format = enterprise_format & 0x00000fff;
1575
1576 /* only accept default enterprise 0 (InMon sFlow) */
1577 if (enterprise == ENTERPRISE_DEFAULT) {
1578 flow_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_flow_record, &ti,
1579 val_to_str_ext_const(format, &sflow_5_flow_record_type_ext, "Unknown sample format"));
1580
1581 proto_tree_add_uint_format_value(flow_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1582 enterprise, "standard sFlow (%u)", enterprise);
1583 proto_tree_add_item(flow_data_tree, hf_sflow_5_flow_record_format, tvb, offset, 4, ENC_BIG_ENDIAN);
1584 offset += 4;
1585
1586 proto_tree_add_item(flow_data_tree, hf_sflow_5_flow_data_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1587 offset += 4;
1588
1589 switch (format) {
1590 case SFLOW_5_RAW_PACKET_HEADER:
1591 offset = dissect_sflow_245_sampled_header(tvb, pinfo, flow_data_tree, offset);
1592 break;
1593 case SFLOW_5_ETHERNET_FRAME:
1594 offset = dissect_sflow_5_ethernet_frame(tvb, flow_data_tree, offset);
1595 break;
1596 case SFLOW_5_IPV4:
1597 offset = dissect_sflow_5_ipv4(tvb, flow_data_tree, offset);
1598 break;
1599 case SFLOW_5_IPV6:
1600 offset = dissect_sflow_5_ipv6(tvb, flow_data_tree, offset);
1601 break;
1602 case SFLOW_5_SWITCH:
1603 offset = dissect_sflow_245_extended_switch(tvb, flow_data_tree, offset);
1604 break;
1605 case SFLOW_5_ROUTER:
1606 offset = dissect_sflow_245_extended_router(tvb, pinfo, flow_data_tree, offset);
1607 break;
1608 case SFLOW_5_GATEWAY:
1609 offset = dissect_sflow_245_extended_gateway(tvb, pinfo, flow_data_tree, offset);
1610 break;
1611 case SFLOW_5_USER:
1612 offset = dissect_sflow_5_extended_user(tvb, flow_data_tree, offset);
1613 break;
1614 case SFLOW_5_URL:
1615 offset = dissect_sflow_5_extended_url(tvb, flow_data_tree, offset);
1616 break;
1617 case SFLOW_5_MPLS_DATA:
1618 offset = dissect_sflow_5_extended_mpls_data(tvb, pinfo, flow_data_tree, offset);
1619 break;
1620 case SFLOW_5_NAT:
1621 offset = dissect_sflow_5_extended_nat(tvb, pinfo, flow_data_tree, offset);
1622 break;
1623 case SFLOW_5_MPLS_TUNNEL:
1624 offset = dissect_sflow_5_extended_mpls_tunnel(tvb, flow_data_tree, offset);
1625 break;
1626 case SFLOW_5_MPLS_VC:
1627 offset = dissect_sflow_5_extended_mpls_vc(tvb, flow_data_tree, offset);
1628 break;
1629 case SFLOW_5_MPLS_FEC:
1630 offset = dissect_sflow_5_extended_mpls_fec(tvb, flow_data_tree, offset);
1631 break;
1632 case SFLOW_5_MPLS_LVP_FEC:
1633 offset = dissect_sflow_5_extended_mpls_lvp_fec(tvb, flow_data_tree, offset);
1634 break;
1635 case SFLOW_5_VLAN_TUNNEL:
1636 offset = dissect_sflow_5_extended_vlan_tunnel(tvb, flow_data_tree, offset);
1637 break;
1638 case SFLOW_5_80211_PAYLOAD:
1639 offset = dissect_sflow_5_extended_80211_payload(tvb, flow_data_tree, offset);
1640 break;
1641 case SFLOW_5_80211_RX:
1642 offset = dissect_sflow_5_extended_80211_rx(tvb, flow_data_tree, offset);
1643 break;
1644 case SFLOW_5_80211_TX:
1645 offset = dissect_sflow_5_extended_80211_tx(tvb, flow_data_tree, offset);
1646 break;
1647 case SFLOW_5_80211_AGGREGATION:
1648 offset = dissect_sflow_5_extended_80211_aggregation(tvb, flow_data_tree, offset);
1649 break;
1650 default:
1651 break;
1652 }
1653 } else {
1654 /* unknown enterprise format, what to do?? */
1655 uint32_t length;
1656
1657 flow_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1,
1658 ett_sflow_5_flow_record, &ti, "Unknown enterprise format");
1659 proto_tree_add_uint_format_value(flow_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1660 enterprise, "Non-standard sFlow (%u)", enterprise);
1661 offset += 4;
1662 /* get length */
1663 proto_tree_add_item_ret_uint(flow_data_tree, hf_sflow_enterprise_length, tvb, offset, 4, ENC_BIG_ENDIAN, &length);
1664 offset += 4;
1665 /* show data as bytes */
1666 proto_tree_add_item(flow_data_tree, hf_sflow_enterprise_data, tvb, offset, length, ENC_NA);
1667 offset += length;
1668 /* get the correct offset by adding padding byte count */
1669 if (length % 4)
1670 offset += (4 - length % 4);
1671 }
1672 proto_item_set_end(ti, tvb, offset);
1673
1674 return offset;
1675 }
1676
1677 /* dissect generic interface counters */
1678 static int
1679 dissect_sflow_5_generic_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1680
1681 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifindex, tvb, offset, 4, ENC_BIG_ENDIAN);
1682 offset += 4;
1683 proto_tree_add_item(counter_data_tree, hf_sflow_245_iftype, tvb, offset, 4, ENC_BIG_ENDIAN);
1684 offset += 4;
1685 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifspeed, tvb, offset, 8, ENC_BIG_ENDIAN);
1686 offset += 8;
1687 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifdirection, tvb, offset, 4, ENC_BIG_ENDIAN);
1688 offset += 4;
1689 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifadmin_status, tvb, offset, 4, ENC_BIG_ENDIAN);
1690 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoper_status, tvb, offset, 4, ENC_BIG_ENDIAN);
1691 offset += 4;
1692 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinoct, tvb, offset, 8, ENC_BIG_ENDIAN);
1693 offset += 8;
1694 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
1695 offset += 4;
1696 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1697 offset += 4;
1698 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1699 offset += 4;
1700 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifindisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1701 offset += 4;
1702 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinerr, tvb, offset, 4, ENC_BIG_ENDIAN);
1703 offset += 4;
1704 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinunk, tvb, offset, 4, ENC_BIG_ENDIAN);
1705 offset += 4;
1706 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutoct, tvb, offset, 8, ENC_BIG_ENDIAN);
1707 offset += 8;
1708 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
1709 offset += 4;
1710 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1711 offset += 4;
1712 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1713 offset += 4;
1714 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutdisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1715 offset += 4;
1716 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifouterr, tvb, offset, 4, ENC_BIG_ENDIAN);
1717 offset += 4;
1718 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifpromisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1719 offset += 4;
1720
1721 return offset;
1722 }
1723
1724 /* dissect ethernet interface counters */
1725 static int
1726 dissect_sflow_5_ethernet_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1727
1728 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsAlignmentErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1729 offset += 4;
1730 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsFCSErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1731 offset += 4;
1732 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSingleCollisionFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1733 offset += 4;
1734 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsMultipleCollisionFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1735 offset += 4;
1736 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSQETestErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1737 offset += 4;
1738 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsDeferredTransmissions, tvb, offset, 4, ENC_BIG_ENDIAN);
1739 offset += 4;
1740 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsLateCollisions, tvb, offset, 4, ENC_BIG_ENDIAN);
1741 offset += 4;
1742 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsExcessiveCollisions, tvb, offset, 4, ENC_BIG_ENDIAN);
1743 offset += 4;
1744 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsInternalMacTransmitErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1745 offset += 4;
1746 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsCarrierSenseErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1747 offset += 4;
1748 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsFrameTooLongs, tvb, offset, 4, ENC_BIG_ENDIAN);
1749 offset += 4;
1750 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsInternalMacReceiveErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1751 offset += 4;
1752 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSymbolErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1753 offset += 4;
1754
1755 return offset;
1756 }
1757
1758 /* dissect token ring counters */
1759 static int
1760 dissect_sflow_5_token_ring(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1761
1762 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLineErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1763 offset += 4;
1764 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsBurstErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1765 offset += 4;
1766 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsACErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1767 offset += 4;
1768 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsAbortTransErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1769 offset += 4;
1770 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsInternalErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1771 offset += 4;
1772 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLostFrameErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1773 offset += 4;
1774 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsReceiveCongestions, tvb, offset, 4, ENC_BIG_ENDIAN);
1775 offset += 4;
1776 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsFrameCopiedErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1777 offset += 4;
1778 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsTokenErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1779 offset += 4;
1780 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSoftErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1781 offset += 4;
1782 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsHardErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1783 offset += 4;
1784 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSignalLoss, tvb, offset, 4, ENC_BIG_ENDIAN);
1785 offset += 4;
1786 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsTransmitBeacons, tvb, offset, 4, ENC_BIG_ENDIAN);
1787 offset += 4;
1788 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsRecoveries, tvb, offset, 4, ENC_BIG_ENDIAN);
1789 offset += 4;
1790 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLobeWires, tvb, offset, 4, ENC_BIG_ENDIAN);
1791 offset += 4;
1792 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsRemoves, tvb, offset, 4, ENC_BIG_ENDIAN);
1793 offset += 4;
1794 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSingles, tvb, offset, 4, ENC_BIG_ENDIAN);
1795 offset += 4;
1796 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsFreqErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1797 offset += 4;
1798
1799 return offset;
1800 }
1801
1802 /* dissect 100 BaseVG interface counters */
1803 static int
1804 dissect_sflow_5_vg_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1805
1806 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InHighPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1807 offset += 4;
1808 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1809 offset += 8;
1810 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNormPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1811 offset += 4;
1812 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNormPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1813 offset += 8;
1814 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InIPMErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1815 offset += 4;
1816 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InOversizeFrameErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1817 offset += 4;
1818 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InDataErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1819 offset += 4;
1820 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNullAddressedFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1821 offset += 4;
1822 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12OutHighPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1823 offset += 4;
1824 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12OutHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1825 offset += 8;
1826 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12TransitionIntoTrainings, tvb, offset, 4, ENC_BIG_ENDIAN);
1827 offset += 4;
1828 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCInHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1829 offset += 8;
1830 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCInNormPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1831 offset += 8;
1832 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCOutHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1833 offset += 8;
1834
1835 return offset;
1836 }
1837
1838 /* dissect VLAN counters */
1839 static int
1840 dissect_sflow_5_vlan(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1841
1842 proto_tree_add_item(counter_data_tree, hf_sflow_245_vlan_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1843 offset += 4;
1844 proto_tree_add_item(counter_data_tree, hf_sflow_245_octets, tvb, offset, 8, ENC_BIG_ENDIAN);
1845 offset += 8;
1846 proto_tree_add_item(counter_data_tree, hf_sflow_245_ucastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1847 offset += 4;
1848 proto_tree_add_item(counter_data_tree, hf_sflow_245_multicastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1849 offset += 4;
1850 proto_tree_add_item(counter_data_tree, hf_sflow_245_broadcastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1851 offset += 4;
1852 proto_tree_add_item(counter_data_tree, hf_sflow_245_discards, tvb, offset, 4, ENC_BIG_ENDIAN);
1853 offset += 4;
1854
1855 return offset;
1856 }
1857
1858 static int * const sflow_5_lag_port_state_flags[] = {
1859 &hf_sflow_5_lag_port_actoradminstate,
1860 &hf_sflow_5_lag_port_actoroperstate,
1861 &hf_sflow_5_lag_port_partneradminstate,
1862 &hf_sflow_5_lag_port_partneroperstate,
1863 NULL
1864 };
1865
1866 static int
1867 dissect_sflow_5_lag(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1868 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_actorsystemid, tvb, offset, 6, ENC_NA);
1869 offset += 6;
1870 /* XDR requires 4-byte alignment */
1871 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_padding, tvb, offset, 2, ENC_NA);
1872 offset += 2;
1873 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_partneropersystemid, tvb, offset, 6, ENC_NA);
1874 offset += 6;
1875 /* XDR requires 4-byte alignment */
1876 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_padding, tvb, offset, 2, ENC_NA);
1877 offset += 2;
1878 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_attachedaggid, tvb, offset, 4, ENC_BIG_ENDIAN);
1879 offset += 4;
1880 proto_tree_add_bitmask(counter_data_tree, tvb, offset, hf_sflow_lag_port_state, ett_sflow_lag_port_state_flags, sflow_5_lag_port_state_flags, ENC_BIG_ENDIAN);
1881 offset += 4;
1882 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_lacpdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
1883 offset += 4;
1884 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_markerpdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
1885 offset += 4;
1886 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_markerresponsepdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
1887 offset += 4;
1888 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_unknownrx, tvb, offset, 4, ENC_BIG_ENDIAN);
1889 offset += 4;
1890 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_illegalrx, tvb, offset, 4, ENC_BIG_ENDIAN);
1891 offset += 4;
1892 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_lacpdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
1893 offset += 4;
1894 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_markerpdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
1895 offset += 4;
1896 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_markerresponsepdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
1897 offset += 4;
1898
1899 return offset;
1900 }
1901
1902 /* dissect 802.11 counters */
1903 static int
1904 dissect_sflow_5_80211_counters(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1905
1906 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11TransmittedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1907 offset += 4;
1908 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MulticastTransmittedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1909 offset += 4;
1910 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FailedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1911 offset += 4;
1912 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RetryCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1913 offset += 4;
1914 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MultipleRetryCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1915 offset += 4;
1916 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FrameDuplicateCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1917 offset += 4;
1918 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RTSSuccessCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1919 offset += 4;
1920 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RTSFailureCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1921 offset += 4;
1922 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11ACKFailureCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1923 offset += 4;
1924 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11ReceivedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1925 offset += 4;
1926 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MulticastReceivedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1927 offset += 4;
1928 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FCSErrorCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1929 offset += 4;
1930 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11TransmittedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1931 offset += 4;
1932 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11WEPUndecryptableCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1933 offset += 4;
1934 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSDiscardedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1935 offset += 4;
1936 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11AssociatedStationCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1937 offset += 4;
1938 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsReceivedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1939 offset += 4;
1940 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsUnusedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1941 offset += 4;
1942 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsUnusableCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1943 offset += 4;
1944 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsLostCount, tvb, offset, 4, ENC_BIG_ENDIAN);
1945 offset += 4;
1946
1947 return offset;
1948 }
1949
1950 /* dissect processor information */
1951 static int
1952 dissect_sflow_5_processor_information(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1953
1954 proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_5s, tvb, offset, 4, ENC_BIG_ENDIAN);
1955 offset += 4;
1956 proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_1m, tvb, offset, 4, ENC_BIG_ENDIAN);
1957 offset += 4;
1958 proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_5m, tvb, offset, 4, ENC_BIG_ENDIAN);
1959 offset += 4;
1960 proto_tree_add_item(counter_data_tree, hf_sflow_5_total_memory, tvb, offset, 8, ENC_BIG_ENDIAN);
1961 offset += 8;
1962 proto_tree_add_item(counter_data_tree, hf_sflow_5_free_memory, tvb, offset, 8, ENC_BIG_ENDIAN);
1963 offset += 8;
1964
1965 return offset;
1966 }
1967
1968 /* dissect radio utilization */
1969 static int
1970 dissect_sflow_5_radio_utilization(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1971
1972 proto_tree_add_item(counter_data_tree, hf_sflow_5_elapsed_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1973 offset += 4;
1974 proto_tree_add_item(counter_data_tree, hf_sflow_5_on_channel_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1975 offset += 4;
1976 proto_tree_add_item(counter_data_tree, hf_sflow_5_on_channel_busy_time, tvb, offset, 4, ENC_BIG_ENDIAN);
1977 offset += 4;
1978
1979 return offset;
1980 }
1981
1982 /* dissect an sflow v5 counters record */
1983 static int
1984 dissect_sflow_5_counters_record(tvbuff_t *tvb, proto_tree *tree, int offset) {
1985 proto_tree *counter_data_tree;
1986 proto_item *ti;
1987 uint32_t enterprise_format, enterprise, format;
1988
1989 /* what kind of flow sample is it? */
1990 enterprise_format = tvb_get_ntohl(tvb, offset);
1991 enterprise = enterprise_format >> 12;
1992 format = enterprise_format & 0x00000fff;
1993
1994 if (enterprise == ENTERPRISE_DEFAULT) { /* only accept default enterprise 0 (InMon sFlow) */
1995 counter_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_counters_record, &ti,
1996 val_to_str_const(format, sflow_5_counters_record_type, "Unknown sample format"));
1997
1998 proto_tree_add_uint_format_value(counter_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1999 enterprise, "standard sFlow (%u)", enterprise);
2000
2001 proto_tree_add_item(counter_data_tree, hf_sflow_5_counters_record_format, tvb, offset, 4, ENC_BIG_ENDIAN);
2002 offset += 4;
2003
2004 proto_tree_add_item(counter_data_tree, hf_sflow_5_flow_data_length, tvb, offset, 4, ENC_BIG_ENDIAN);
2005 offset += 4;
2006
2007 switch (format) {
2008 case SFLOW_5_GENERIC_INTERFACE:
2009 offset = dissect_sflow_5_generic_interface(counter_data_tree, tvb, offset);
2010 break;
2011 case SFLOW_5_ETHERNET_INTERFACE:
2012 offset = dissect_sflow_5_ethernet_interface(counter_data_tree, tvb, offset);
2013 break;
2014 case SFLOW_5_TOKEN_RING:
2015 offset = dissect_sflow_5_token_ring(counter_data_tree, tvb, offset);
2016 break;
2017 case SFLOW_5_100BASE_VG_INTERFACE:
2018 offset = dissect_sflow_5_vg_interface(counter_data_tree, tvb, offset);
2019 break;
2020 case SFLOW_5_VLAN:
2021 offset = dissect_sflow_5_vlan(counter_data_tree, tvb, offset);
2022 break;
2023 case SFLOW_5_LAG:
2024 offset = dissect_sflow_5_lag(counter_data_tree, tvb, offset);
2025 break;
2026 case SFLOW_5_80211_COUNTERS:
2027 offset = dissect_sflow_5_80211_counters(counter_data_tree, tvb, offset);
2028 break;
2029 case SFLOW_5_PROCESSOR:
2030 offset = dissect_sflow_5_processor_information(counter_data_tree, tvb, offset);
2031 break;
2032 case SFLOW_5_RADIO_UTILIZATION:
2033 offset = dissect_sflow_5_radio_utilization(counter_data_tree, tvb, offset);
2034 break;
2035 default:
2036 break;
2037 }
2038 } else { /* unknown enterprise format, what to do?? */
2039 uint32_t length;
2040
2041 counter_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1,
2042 ett_sflow_5_counters_record, &ti, "Unknown enterprise format");
2043 proto_tree_add_uint_format_value(counter_data_tree, hf_sflow_enterprise, tvb, offset, 4,
2044 enterprise, "Non-standard sFlow (%u)", enterprise);
2045 offset += 4;
2046 /* get length */
2047 proto_tree_add_item_ret_uint(counter_data_tree, hf_sflow_enterprise_length, tvb, offset, 4, ENC_BIG_ENDIAN, &length);
2048 offset += 4;
2049 /* show data as bytes */
2050 proto_tree_add_item(counter_data_tree, hf_sflow_enterprise_data, tvb, offset, length, ENC_NA);
2051 offset += length;
2052 /* get the correct offset by adding padding byte count */
2053 if (length % 4)
2054 offset += (4 - length % 4);
2055 }
2056 proto_item_set_end(ti, tvb, offset);
2057
2058 return offset;
2059 }
2060
2061 /* dissect an sflow v5 flow sample */
2062 static void
2063 dissect_sflow_5_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
2064 proto_tree *tree, int offset, proto_item *parent) {
2065
2066 uint32_t sequence_number, sampling_rate,
2067 output, records, i, output_format;
2068 proto_item *ti;
2069 proto_tree *output_interface_tree;
2070
2071 sequence_number = tvb_get_ntohl(tvb, offset);
2072 proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2073 offset += 4;
2074 proto_item_append_text(parent, ", seq %u", sequence_number);
2075
2076 proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_class, tvb, offset, 4, ENC_BIG_ENDIAN);
2077 proto_tree_add_item(tree, hf_sflow_flow_sample_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2078 offset += 4;
2079 sampling_rate = tvb_get_ntohl(tvb, offset);
2080 proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset, 4,
2081 sampling_rate, "1 out of %u packets", sampling_rate);
2082 offset += 4;
2083 proto_tree_add_item(tree, hf_sflow_flow_sample_sample_pool, tvb, offset, 4, ENC_BIG_ENDIAN);
2084 offset += 4;
2085 proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset, 4, ENC_BIG_ENDIAN);
2086 offset += 4;
2087 proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface, tvb, offset, 4, ENC_BIG_ENDIAN);
2088 offset += 4;
2089 ti = proto_tree_add_item_ret_uint(tree, hf_sflow_5_flow_sample_output_interface, tvb, offset, 4, ENC_BIG_ENDIAN, &output);
2090 output_interface_tree = proto_item_add_subtree(ti, ett_sflow_5_output_interface);
2091 output_format = output >> 30;
2092 proto_tree_add_item(output_interface_tree, hf_sflow_5_flow_sample_output_interface_form, tvb, offset, 4, ENC_BIG_ENDIAN);
2093 switch(output_format) {
2094 case SFLOW_5_INT_FORMAT_DISCARD:
2095 proto_tree_add_item(output_interface_tree, hf_sflow_5_flow_sample_output_interface_val_discard, tvb, offset, 4, ENC_BIG_ENDIAN);
2096 break;
2097 case SFLOW_5_INT_FORMAT_MULTIPLE:
2098 ti =proto_tree_add_item(output_interface_tree, hf_sflow_5_flow_sample_output_interface_val, tvb, offset, 4, ENC_BIG_ENDIAN);
2099 if (output == 0x80000000) {
2100 proto_item_append_text(ti, " unknown number of interfaces greater than 1");
2101 }
2102 break;
2103 case SFLOW_5_INT_FORMAT_IFINDEX:
2104 default:
2105 proto_tree_add_item(output_interface_tree, hf_sflow_5_flow_sample_output_interface_val, tvb, offset, 4, ENC_BIG_ENDIAN);
2106 break;
2107 }
2108 offset += 4;
2109 records = tvb_get_ntohl(tvb, offset);
2110 proto_tree_add_item(tree, hf_sflow_flow_sample_flow_record, tvb, offset, 4, ENC_BIG_ENDIAN);
2111 offset += 4;
2112
2113 /* start loop processing flow records */
2114 /* we set an upper records limit to 255 in case corrupted data causes
2115 * huge number of loops! */
2116 for (i = 0; i < (records&0x000000ff); i++) {
2117 offset = dissect_sflow_5_flow_record(tvb, pinfo, tree, offset);
2118 }
2119
2120 }
2121
2122 /* dissect an expanded flow sample */
2123 static void
2124 dissect_sflow_5_expanded_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
2125 proto_tree *tree, int offset, proto_item *parent) {
2126
2127 uint32_t sequence_number, sampling_rate, records, i;
2128
2129 sequence_number = tvb_get_ntohl(tvb, offset);
2130 proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2131 offset += 4;
2132 proto_item_append_text(parent, ", seq %u", sequence_number);
2133 proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2134 offset += 4;
2135 proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2136 offset += 4;
2137 sampling_rate = tvb_get_ntohl(tvb, offset);
2138 proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset, 4,
2139 sampling_rate, "1 out of %u packets", sampling_rate);
2140 offset += 4;
2141 proto_tree_add_item(tree, hf_sflow_flow_sample_sample_pool, tvb, offset, 4, ENC_BIG_ENDIAN);
2142 offset += 4;
2143 proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset, 4, ENC_BIG_ENDIAN);
2144 offset += 4;
2145 proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface_format, tvb, offset, 4, ENC_BIG_ENDIAN);
2146 offset += 4;
2147 proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface_value, tvb, offset, 4, ENC_BIG_ENDIAN);
2148 offset += 4;
2149 proto_tree_add_item(tree, hf_sflow_5_flow_sample_output_interface_expanded_format, tvb, offset, 4, ENC_BIG_ENDIAN);
2150 offset += 4;
2151 proto_tree_add_item(tree, hf_sflow_5_flow_sample_output_interface_expanded_value, tvb, offset, 4, ENC_BIG_ENDIAN);
2152 offset += 4;
2153 records = tvb_get_ntohl(tvb, offset);
2154 proto_tree_add_item(tree, hf_sflow_flow_sample_flow_record, tvb, offset, 4, ENC_BIG_ENDIAN);
2155 offset += 4;
2156
2157 /* start loop processing flow records
2158 * we limit record count to 255 in case corrupted data may cause huge number of loops */
2159 for (i = 0; i < (records&0x000000ff); i++) {
2160 offset = dissect_sflow_5_flow_record(tvb, pinfo, tree, offset);
2161 }
2162 }
2163
2164 /* dissect an sflow v2/4 counters sample */
2165 static int
2166 dissect_sflow_24_counters_sample(tvbuff_t *tvb, proto_tree *tree, int offset, proto_item *parent) {
2167
2168 uint32_t sequence_number, counters_type;
2169
2170 sequence_number = tvb_get_ntohl(tvb, offset);
2171 proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2172 proto_item_append_text(parent, ", seq %u", sequence_number);
2173
2174 proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_class, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
2175 proto_tree_add_item(tree, hf_sflow_counters_sample_index, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
2176 proto_tree_add_item(tree, hf_sflow_counters_sample_sampling_interval, tvb, offset + 8, 4, ENC_BIG_ENDIAN);
2177 counters_type = tvb_get_ntohl(tvb, offset + 12);
2178 proto_tree_add_item(tree, hf_sflow_counters_sample_counters_type, tvb, offset + 12, 4, ENC_BIG_ENDIAN);
2179
2180 offset += 16;
2181
2182 /* most counters types have the "generic" counters first */
2183 switch (counters_type) {
2184 case SFLOW_245_COUNTERS_GENERIC:
2185 case SFLOW_245_COUNTERS_ETHERNET:
2186 case SFLOW_245_COUNTERS_TOKENRING:
2187 case SFLOW_245_COUNTERS_FDDI:
2188 case SFLOW_245_COUNTERS_VG:
2189 case SFLOW_245_COUNTERS_WAN:
2190 proto_tree_add_item(tree, hf_sflow_245_ifindex, tvb, offset, 4, ENC_BIG_ENDIAN);
2191 proto_item_append_text(parent, ", ifIndex %u", tvb_get_ntohl(tvb, offset));
2192 offset += 4;
2193 proto_tree_add_item(tree, hf_sflow_245_iftype, tvb, offset, 4, ENC_BIG_ENDIAN);
2194 offset += 4;
2195 proto_tree_add_item(tree, hf_sflow_245_ifspeed, tvb, offset, 8, ENC_BIG_ENDIAN);
2196 offset += 8;
2197 proto_tree_add_item(tree, hf_sflow_245_ifdirection, tvb, offset, 4, ENC_BIG_ENDIAN);
2198 offset += 4;
2199 proto_tree_add_item(tree, hf_sflow_245_ifadmin_status, tvb, offset, 4, ENC_BIG_ENDIAN);
2200 proto_tree_add_item(tree, hf_sflow_245_ifoper_status, tvb, offset, 4, ENC_BIG_ENDIAN);
2201 offset += 4;
2202 proto_tree_add_item(tree, hf_sflow_245_ifinoct, tvb, offset, 8, ENC_BIG_ENDIAN);
2203 offset += 8;
2204 proto_tree_add_item(tree, hf_sflow_245_ifinpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
2205 offset += 4;
2206 proto_tree_add_item(tree, hf_sflow_245_ifinmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2207 offset += 4;
2208 proto_tree_add_item(tree, hf_sflow_245_ifinbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2209 offset += 4;
2210 proto_tree_add_item(tree, hf_sflow_245_ifindisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2211 offset += 4;
2212 proto_tree_add_item(tree, hf_sflow_245_ifinerr, tvb, offset, 4, ENC_BIG_ENDIAN);
2213 offset += 4;
2214 proto_tree_add_item(tree, hf_sflow_245_ifinunk, tvb, offset, 4, ENC_BIG_ENDIAN);
2215 offset += 4;
2216 proto_tree_add_item(tree, hf_sflow_245_ifoutoct, tvb, offset, 8, ENC_BIG_ENDIAN);
2217 offset += 8;
2218 proto_tree_add_item(tree, hf_sflow_245_ifoutpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
2219 offset += 4;
2220 proto_tree_add_item(tree, hf_sflow_245_ifoutmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2221 offset += 4;
2222 proto_tree_add_item(tree, hf_sflow_245_ifoutbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2223 offset += 4;
2224 proto_tree_add_item(tree, hf_sflow_245_ifoutdisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2225 offset += 4;
2226 proto_tree_add_item(tree, hf_sflow_245_ifouterr, tvb, offset, 4, ENC_BIG_ENDIAN);
2227 offset += 4;
2228 proto_tree_add_item(tree, hf_sflow_245_ifpromisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2229 offset += 4;
2230 break;
2231 }
2232
2233 /* Some counter types have other info to gather */
2234 switch (counters_type) {
2235 case SFLOW_245_COUNTERS_ETHERNET:
2236 offset += (int)sizeof (struct ethernet_counters);
2237 break;
2238 case SFLOW_245_COUNTERS_TOKENRING:
2239 offset = dissect_sflow_5_token_ring(tree, tvb, offset);
2240 break;
2241 case SFLOW_245_COUNTERS_VG:
2242 offset = dissect_sflow_5_vg_interface(tree, tvb, offset);
2243 break;
2244 case SFLOW_245_COUNTERS_VLAN:
2245 offset = dissect_sflow_5_vlan(tree, tvb, offset);
2246 break;
2247 default:
2248 break;
2249 }
2250 return offset;
2251 }
2252
2253 /* dissect an sflow v5 counters sample */
2254 static void
2255 dissect_sflow_5_counters_sample(tvbuff_t *tvb, proto_tree *tree, int offset, proto_item *parent) {
2256 uint32_t sequence_number, records, i;
2257
2258 /* grab the flow header. This will remain in network byte
2259 order, so must convert each item before use */
2260 sequence_number = tvb_get_ntohl(tvb, offset);
2261 proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2262 proto_item_append_text(parent, ", seq %u", sequence_number);
2263 offset += 4;
2264 proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2265 proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2266 offset += 4;
2267 records = tvb_get_ntohl(tvb, offset);
2268 proto_tree_add_item(tree, hf_sflow_counters_sample_counters_records, tvb, offset, 4, ENC_BIG_ENDIAN);
2269 offset += 4;
2270
2271 /* start loop processing counters records
2272 * limit record count to 255 in case corrupted data may cause huge number of loops */
2273 for (i = 0; i < (records&0x000000ff); i++) {
2274 offset = dissect_sflow_5_counters_record(tvb, tree, offset);
2275 }
2276 }
2277
2278 /* dissect an expanded counters sample */
2279 static void
2280 dissect_sflow_5_expanded_counters_sample(tvbuff_t *tvb, proto_tree *tree, int offset, proto_item *parent) {
2281 uint32_t sequence_number, records, i;
2282
2283 sequence_number = tvb_get_ntohl(tvb, offset);
2284 proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2285 proto_item_append_text(parent, ", seq %u", sequence_number);
2286 offset += 4;
2287 proto_tree_add_item(tree, hf_sflow_counters_sample_expanded_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2288 offset += 4;
2289 proto_tree_add_item(tree, hf_sflow_counters_sample_expanded_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2290 offset += 4;
2291 records = tvb_get_ntohl(tvb, offset);
2292 proto_tree_add_item(tree, hf_sflow_counters_sample_counters_records, tvb, offset, 4, ENC_BIG_ENDIAN);
2293 offset += 4;
2294
2295 /* start loop processing counters records
2296 * limit record count to 255 in case corrupted data may cause huge number of loops */
2297 for (i = 0; i < (records&0x000000ff); i++) {
2298 offset = dissect_sflow_5_counters_record(tvb, tree, offset);
2299 }
2300 }
2301
2302 static int * const sflow_lag_port_state_flags[] = {
2303 &hf_sflow_lag_port_actoradminstate,
2304 &hf_sflow_lag_port_actoroperstate,
2305 &hf_sflow_lag_port_partneradminstate,
2306 &hf_sflow_lag_port_partneroperstate,
2307 &hf_sflow_lag_port_reserved,
2308 NULL
2309 };
2310
2311 /* dissect an LAG Port Stats ( http://www.sflow.org/sflow_lag.txt ) */
2312 static void
2313 dissect_sflow_5_lag_port_stats(tvbuff_t *tvb, proto_tree *tree, int offset, proto_item *parent _U_) {
2314
2315 proto_tree_add_item(tree, hf_sflow_lag_port_actorsystemid, tvb, offset, 6, ENC_NA);
2316 offset += 6;
2317
2318 proto_tree_add_item(tree, hf_sflow_lag_port_partneropersystemid, tvb, offset, 6, ENC_NA);
2319 offset += 6;
2320
2321 proto_tree_add_item(tree, hf_sflow_lag_port_attachedaggid, tvb, offset, 4, ENC_BIG_ENDIAN);
2322 offset += 4;
2323
2324 proto_tree_add_bitmask(tree, tvb, offset, hf_sflow_lag_port_state, ett_sflow_lag_port_state_flags, sflow_lag_port_state_flags, ENC_BIG_ENDIAN);
2325 offset += 4;
2326
2327 proto_tree_add_item(tree, hf_sflow_lag_port_stats_lacpdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2328 offset += 4;
2329
2330 proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerpdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2331 offset += 4;
2332
2333 proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerresponsepdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2334 offset += 4;
2335
2336 proto_tree_add_item(tree, hf_sflow_lag_port_stats_unknownrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2337 offset += 4;
2338
2339 proto_tree_add_item(tree, hf_sflow_lag_port_stats_illegalrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2340 offset += 4;
2341
2342 proto_tree_add_item(tree, hf_sflow_lag_port_stats_lacpdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2343 offset += 4;
2344
2345 proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerpdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2346 offset += 4;
2347
2348 proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerresponsepdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2349 /*offset += 4;*/
2350 }
2351
2352 /* Code to dissect the sflow v2/4/5 samples */
2353 static int
2354 dissect_sflow_245_samples(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint32_t version) {
2355 proto_tree *sflow_245_sample_tree;
2356 proto_item *ti; /* tree item */
2357 uint32_t sample_type, enterprise, format, length;
2358
2359 /* decide what kind of sample it is. */
2360 sample_type = tvb_get_ntohl(tvb, offset);
2361 if (version == 5) {
2362 enterprise = sample_type >> 12;
2363 format = sample_type & 0x00000fff;
2364
2365 if (enterprise == ENTERPRISE_DEFAULT) { /* only accept default enterprise 0 (InMon sFlow) */
2366 sflow_245_sample_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_245_sample, &ti,
2367 val_to_str_const(format, sflow_245_sampletype, "Unknown sample format"));
2368
2369 proto_tree_add_uint_format_value(sflow_245_sample_tree, hf_sflow_enterprise, tvb, offset, 4, enterprise, "standard sFlow (%u)", enterprise);
2370 proto_tree_add_item(sflow_245_sample_tree, hf_sflow_245_sampletype12, tvb, offset, 4, ENC_BIG_ENDIAN);
2371 offset += 4;
2372
2373 length = tvb_get_ntohl(tvb, offset);
2374 proto_tree_add_item(sflow_245_sample_tree, hf_sflow_5_sample_length, tvb, offset, 4, ENC_BIG_ENDIAN);
2375 offset += 4;
2376
2377 switch (format) {
2378 case FLOWSAMPLE:
2379 dissect_sflow_5_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2380 break;
2381 case COUNTERSSAMPLE:
2382 dissect_sflow_5_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2383 break;
2384 case EXPANDED_FLOWSAMPLE:
2385 dissect_sflow_5_expanded_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2386 break;
2387 case EXPANDED_COUNTERSSAMPLE:
2388 dissect_sflow_5_expanded_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2389 break;
2390 case LAG_PORT_STATS:
2391 dissect_sflow_5_lag_port_stats(tvb, sflow_245_sample_tree, offset, ti);
2392 break;
2393 default:
2394 break;
2395 }
2396 /* Make sure the length doesn't run past the end of the packet */
2397 tvb_ensure_bytes_exist(tvb, offset, length);
2398 /* current offset points to sample length field, which is 4 bytes from the beginning of the packet*/
2399 offset += length;
2400 } else { /* unknown enterprise format, what to do?? */
2401 sflow_245_sample_tree = proto_tree_add_subtree(tree, tvb, offset, -1,
2402 ett_sflow_245_sample, &ti, "Unknown enterprise format");
2403 proto_tree_add_uint_format_value(sflow_245_sample_tree, hf_sflow_enterprise, tvb, offset, 4,
2404 enterprise, "Non-standard sFlow (%u)", enterprise);
2405 offset = tvb_captured_length(tvb);
2406 }
2407
2408 } else { /* version 2 or 4 */
2409 sflow_245_sample_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_245_sample, &ti,
2410 val_to_str_const(sample_type, sflow_245_sampletype, "Unknown sample type"));
2411
2412 proto_tree_add_item(sflow_245_sample_tree, hf_sflow_245_sampletype, tvb, offset, 4, ENC_BIG_ENDIAN);
2413 offset += 4;
2414
2415 switch (sample_type) {
2416 case FLOWSAMPLE:
2417 offset = dissect_sflow_24_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2418 break;
2419 case COUNTERSSAMPLE:
2420 offset = dissect_sflow_24_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2421 break;
2422 default:
2423 break;
2424 }
2425 }
2426 proto_item_set_end(ti, tvb, offset);
2427
2428 return offset;
2429 }
2430
2431 /* Code to actually dissect the packets */
2432 static int
2433 dissect_sflow_245(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2434 {
2435 /* Set up structures needed to add the protocol subtree and manage it */
2436 proto_item *ti;
2437 proto_tree *sflow_245_tree;
2438 uint32_t version, sub_agent_id, seqnum;
2439 address addr_details;
2440 int sflow_addr_type;
2441 struct sflow_address_type addr_type;
2442 uint32_t uptime;
2443
2444 uint32_t numsamples;
2445 unsigned offset = 0;
2446 unsigned i = 0;
2447
2448 addr_type.hf_addr_v4 = hf_sflow_agent_address_v4;
2449 addr_type.hf_addr_v6 = hf_sflow_agent_address_v6;
2450
2451 /*
2452 * We fetch the version and address type so that we can determine,
2453 * ahead of time, whether this is an sFlow packet or not, before
2454 * we do *anything* to the columns or the protocol tree.
2455 *
2456 * XXX - we might want to deem this "not sFlow" if we don't have at
2457 * least 8 bytes worth of data.
2458 */
2459 version = tvb_get_ntohl(tvb, offset);
2460 if (version != 2 && version != 4 && version != 5) {
2461 /* Unknown version; assume it's not an sFlow packet. */
2462 return 0;
2463 }
2464
2465 sflow_addr_type = tvb_get_ntohl(tvb, offset + 4);
2466 switch (sflow_addr_type) {
2467 case ADDR_TYPE_UNKNOWN:
2468 case ADDR_TYPE_IPV4:
2469 case ADDR_TYPE_IPV6:
2470 break;
2471
2472 default:
2473 /*
2474 * Address type we don't know about; assume it's not an sFlow
2475 * packet.
2476 */
2477 return 0;
2478 }
2479 /* Make entries in Protocol column and Info column on summary display */
2480 col_set_str(pinfo->cinfo, COL_PROTOCOL, "sFlow");
2481
2482 /* create display subtree for the protocol */
2483 ti = proto_tree_add_item(tree, proto_sflow, tvb, 0, -1, ENC_NA);
2484
2485 sflow_245_tree = proto_item_add_subtree(ti, ett_sflow_245);
2486
2487 col_add_fstr(pinfo->cinfo, COL_INFO, "V%u", version);
2488 proto_tree_add_item(sflow_245_tree, hf_sflow_version, tvb, offset, 4, ENC_BIG_ENDIAN);
2489 offset += 4;
2490
2491 proto_tree_add_item(sflow_245_tree, hf_sflow_agent_address_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2492 offset = dissect_sflow_245_address_type(tvb, pinfo, sflow_245_tree, offset,
2493 &addr_type, &addr_details);
2494 switch (sflow_addr_type) {
2495 case ADDR_TYPE_UNKNOWN:
2496 break;
2497 case ADDR_TYPE_IPV4:
2498 case ADDR_TYPE_IPV6:
2499 col_append_fstr(pinfo->cinfo, COL_INFO, ", agent %s", address_to_str(pinfo->pool, &addr_details));
2500 break;
2501 }
2502
2503 if (version == 5) {
2504 sub_agent_id = tvb_get_ntohl(tvb, offset);
2505 col_append_fstr(pinfo->cinfo, COL_INFO, ", sub-agent ID %u", sub_agent_id);
2506 proto_tree_add_uint(sflow_245_tree, hf_sflow_5_sub_agent_id, tvb, offset, 4, sub_agent_id);
2507 offset += 4;
2508 }
2509 seqnum = tvb_get_ntohl(tvb, offset);
2510 col_append_fstr(pinfo->cinfo, COL_INFO, ", seq %u", seqnum);
2511 proto_tree_add_uint(sflow_245_tree, hf_sflow_245_seqnum, tvb, offset, 4, seqnum);
2512 offset += 4;
2513 uptime = tvb_get_ntohl(tvb, offset);
2514 proto_tree_add_uint_format_value(sflow_245_tree, hf_sflow_245_sysuptime, tvb, offset, 4, uptime, "%s (%ums)",
2515 unsigned_time_secs_to_str(pinfo->pool, uptime / 1000), uptime);
2516 offset += 4;
2517 numsamples = tvb_get_ntohl(tvb, offset);
2518 col_append_fstr(pinfo->cinfo, COL_INFO, ", %u samples", numsamples);
2519 proto_tree_add_uint(sflow_245_tree, hf_sflow_245_numsamples, tvb, offset, 4, numsamples);
2520 offset += 4;
2521
2522 /* Ok, we're now at the end of the sflow_245 datagram header;
2523 * everything from here out should be samples. Loop over
2524 * the expected number of samples, and pass them to the appropriate
2525 * dissectors.
2526 */
2527
2528 /* limit number of samples to 255 to avoid huge number of loops
2529 * caused by corrupted data */
2530 for (i = 0; i < (numsamples & 0x000000ff); i++) {
2531 offset = dissect_sflow_245_samples(tvb, pinfo, sflow_245_tree, offset, version);
2532 }
2533
2534 return tvb_captured_length(tvb);
2535 }
2536
2537 /* Register the protocol with Wireshark */
2538
2539 void
2540 proto_register_sflow(void) {
2541
2542 module_t *sflow_245_module;
2543
2544 /* Setup list of header fields See Section 1.6.1 for details*/
2545 static hf_register_info hf[] = {
2546 { &hf_sflow_version,
2547 { "Datagram version", "sflow_245.version",
2548 FT_UINT32, BASE_DEC, NULL, 0x0,
2549 "sFlow datagram version", HFILL}},
2550 { &hf_sflow_agent_address_type,
2551 { "Agent address type", "sflow_245.agenttype",
2552 FT_UINT32, BASE_DEC, VALS(sflow_agent_address_types), 0x0,
2553 "sFlow agent address type", HFILL}},
2554 { &hf_sflow_agent_address_v4,
2555 { "Agent address", "sflow_245.agent",
2556 FT_IPv4, BASE_NONE, NULL, 0x0,
2557 "sFlow Agent IP address", HFILL}},
2558 { &hf_sflow_agent_address_v6,
2559 { "Agent address", "sflow_245.agent.v6",
2560 FT_IPv6, BASE_NONE, NULL, 0x0,
2561 "sFlow Agent IPv6 address", HFILL}},
2562 { &hf_sflow_5_sub_agent_id,
2563 { "Sub-agent ID", "sflow_245.sub_agent_id",
2564 FT_UINT32, BASE_DEC, NULL, 0x0,
2565 "sFlow sub-agent ID", HFILL}},
2566 { &hf_sflow_5_sample_length,
2567 { "Sample length (byte)", "sflow_5.sample_length",
2568 FT_UINT32, BASE_DEC, NULL, 0x0,
2569 "sFlow sample length", HFILL}},
2570 { &hf_sflow_5_flow_data_length,
2571 { "Flow data length (byte)", "sflow_5.flow_data_length",
2572 FT_UINT32, BASE_DEC, NULL, 0x0,
2573 "sFlow flow data length", HFILL}},
2574 #if 0
2575 { &hf_sflow_5_counters_data_length,
2576 { "Counters data length (byte)", "sflow_5.counter_data_length",
2577 FT_UINT32, BASE_DEC, NULL, 0x0,
2578 "sFlow counters data length", HFILL}},
2579 #endif
2580 { &hf_sflow_245_seqnum,
2581 { "Sequence number", "sflow_245.sequence_number",
2582 FT_UINT32, BASE_DEC, NULL, 0x0,
2583 "sFlow datagram sequence number", HFILL}},
2584 { &hf_sflow_245_sysuptime,
2585 { "SysUptime", "sflow_245.sysuptime",
2586 FT_UINT32, BASE_DEC, NULL, 0x0,
2587 "System Uptime", HFILL}},
2588 { &hf_sflow_245_numsamples,
2589 { "NumSamples", "sflow_245.numsamples",
2590 FT_UINT32, BASE_DEC, NULL, 0x0,
2591 "Number of samples in sFlow datagram", HFILL}},
2592 { &hf_sflow_245_sampletype,
2593 { "sFlow sample type", "sflow_245.sampletype",
2594 FT_UINT32, BASE_DEC, VALS(sflow_245_sampletype), 0x0,
2595 "Type of sFlow sample", HFILL}},
2596 { &hf_sflow_245_sampletype12,
2597 { "sFlow sample type", "sflow_245.sampletype",
2598 FT_UINT32, BASE_DEC, VALS(sflow_245_sampletype), 0x00000FFF,
2599 "Type of sFlow sample", HFILL}},
2600 #if 0
2601 { &hf_sflow_5_ieee80211_version,
2602 { "Version", "sflow_245.ieee80211_version",
2603 FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
2604 "IEEE 802.11 Version", HFILL}},
2605 #endif
2606 { &hf_sflow_245_ipv4_precedence_type,
2607 { "Precedence", "sflow_245.ipv4_precedence_type",
2608 FT_UINT32, BASE_DEC, VALS(sflow_245_ipv4_precedence_types), 0xE0,
2609 "IPv4 Precedence Type", HFILL}},
2610 { &hf_sflow_5_flow_record_format,
2611 { "Format", "sflow_245.flow_record_format",
2612 FT_UINT32, BASE_DEC | BASE_EXT_STRING, &sflow_5_flow_record_type_ext, 0x0,
2613 "Format of sFlow flow record", HFILL}},
2614 { &hf_sflow_5_counters_record_format,
2615 { "Format", "sflow_245.counters_record_format",
2616 FT_UINT32, BASE_DEC, VALS(sflow_5_counters_record_type), 0x00000FFF,
2617 "Format of sFlow counters record", HFILL}},
2618 { &hf_sflow_245_header_protocol,
2619 { "Header protocol", "sflow_245.header_protocol",
2620 FT_UINT32, BASE_DEC | BASE_EXT_STRING, &sflow_245_header_protocol_ext, 0x0,
2621 "Protocol of sampled header", HFILL}},
2622 { &hf_sflow_245_header,
2623 { "Header of sampled packet", "sflow_245.header",
2624 FT_BYTES, BASE_NONE, NULL, 0x0,
2625 "Data from sampled header", HFILL}},
2626 { &hf_sflow_245_packet_information_type,
2627 { "Sample type", "sflow_245.packet_information_type",
2628 FT_UINT32, BASE_DEC, VALS(sflow_245_packet_information_type), 0x0,
2629 "Type of sampled information", HFILL}},
2630 { &hf_sflow_245_extended_information_type,
2631 { "Extended information type", "sflow_245.extended_information_type",
2632 FT_UINT32, BASE_DEC, VALS(sflow_245_extended_data_types), 0x0,
2633 "Type of extended information", HFILL}},
2634 { &hf_sflow_245_vlan_in,
2635 { "Incoming 802.1Q VLAN", "sflow_245.vlan.in",
2636 FT_UINT32, BASE_DEC, NULL, 0x0,
2637 "Incoming VLAN ID", HFILL}},
2638 { &hf_sflow_245_vlan_out,
2639 { "Outgoing 802.1Q VLAN", "sflow_245.vlan.out",
2640 FT_UINT32, BASE_DEC, NULL, 0x0,
2641 "Outgoing VLAN ID", HFILL}},
2642 { &hf_sflow_245_pri_in,
2643 { "Incoming 802.1p priority", "sflow_245.pri.in",
2644 FT_UINT32, BASE_DEC, NULL, 0x0,
2645 NULL, HFILL}},
2646 { &hf_sflow_245_pri_out,
2647 { "Outgoing 802.1p priority", "sflow_245.pri.out",
2648 FT_UINT32, BASE_DEC, NULL, 0x0,
2649 NULL, HFILL}},
2650 { &hf_sflow_245_nexthop_v4,
2651 { "Next hop", "sflow_245.nexthop",
2652 FT_IPv4, BASE_NONE, NULL, 0x0,
2653 "Next hop address", HFILL}},
2654 { &hf_sflow_245_ipv4_src,
2655 { "Source IP address", "sflow_245.ipv4_src",
2656 FT_IPv4, BASE_NONE, NULL, 0x0,
2657 "Source IPv4 address", HFILL}},
2658 { &hf_sflow_245_ipv4_dst,
2659 { "Destination IP address", "sflow_245.ipv4_dst",
2660 FT_IPv4, BASE_NONE, NULL, 0x0,
2661 "Destination IPv4 address", HFILL}},
2662 { &hf_sflow_245_nexthop_v6,
2663 { "Next hop", "sflow_245.nexthop.v6",
2664 FT_IPv6, BASE_NONE, NULL, 0x0,
2665 "Next hop address", HFILL}},
2666 { &hf_sflow_245_ipv6_src,
2667 { "Source IP address", "sflow_245.ipv6_src",
2668 FT_IPv6, BASE_NONE, NULL, 0x0,
2669 "Source IPv6 address", HFILL}},
2670 { &hf_sflow_245_ipv6_dst,
2671 { "Destination IP address", "sflow_245.ipv6_dst",
2672 FT_IPv6, BASE_NONE, NULL, 0x0,
2673 "Destination IPv6 address", HFILL}},
2674 { &hf_sflow_245_nexthop_src_mask,
2675 { "Next hop source mask", "sflow_245.nexthop.src_mask",
2676 FT_UINT32, BASE_DEC, NULL, 0x0,
2677 "Next hop source mask bits", HFILL}},
2678 { &hf_sflow_245_nexthop_dst_mask,
2679 { "Next hop destination mask", "sflow_245.nexthop.dst_mask",
2680 FT_UINT32, BASE_DEC, NULL, 0x0,
2681 "Next hop destination mask bits", HFILL}},
2682 { &hf_sflow_245_ifindex,
2683 { "Interface index", "sflow_245.ifindex",
2684 FT_UINT32, BASE_DEC, NULL, 0x0,
2685 NULL, HFILL}},
2686 { &hf_sflow_245_as,
2687 { "AS Router", "sflow_245.as",
2688 FT_UINT32, BASE_DEC, NULL, 0x0,
2689 "Autonomous System of Router", HFILL}},
2690 { &hf_sflow_245_src_as,
2691 { "AS Source", "sflow_245.srcAS",
2692 FT_UINT32, BASE_DEC, NULL, 0x0,
2693 "Autonomous System of Source", HFILL}},
2694 { &hf_sflow_245_src_peer_as,
2695 { "AS Peer", "sflow_245.peerAS",
2696 FT_UINT32, BASE_DEC, NULL, 0x0,
2697 "Autonomous System of Peer", HFILL}},
2698 { &hf_sflow_245_dst_as_entries,
2699 { "AS Destinations", "sflow_245.dstASentries",
2700 FT_UINT32, BASE_DEC, NULL, 0x0,
2701 "Autonomous System destinations", HFILL}},
2702 { &hf_sflow_245_dst_as,
2703 { "AS Destination", "sflow_245.dstAS",
2704 FT_UINT32, BASE_DEC, NULL, 0x0,
2705 "Autonomous System destination", HFILL}},
2706 /* Needed for sFlow >= 4. If I had a capture to test... */
2707 { &hf_sflow_245_community_entries,
2708 { "Gateway Communities", "sflow_245.communityEntries",
2709 FT_UINT32, BASE_DEC, NULL, 0x0,
2710 NULL, HFILL}},
2711 #if 0
2712 { &hf_sflow_245_community,
2713 { "Gateway Community", "sflow_245.community",
2714 FT_UINT32, BASE_DEC, NULL, 0x0,
2715 "Gateway Communities", HFILL}},
2716 #endif
2717 { &hf_sflow_245_localpref,
2718 { "localpref", "sflow_245.localpref",
2719 FT_UINT32, BASE_DEC, NULL, 0x0,
2720 "Local preferences of AS route", HFILL}},
2721 /**/
2722 { &hf_sflow_245_iftype,
2723 { "Interface Type", "sflow_245.iftype",
2724 FT_UINT32, BASE_DEC, NULL, 0x0,
2725 NULL, HFILL}},
2726 { &hf_sflow_245_ifspeed,
2727 { "Interface Speed", "sflow_245.ifspeed",
2728 FT_UINT64, BASE_DEC, NULL, 0x0,
2729 NULL, HFILL}},
2730 { &hf_sflow_245_ifdirection,
2731 { "Interface Direction", "sflow_245.ifdirection",
2732 FT_UINT32, BASE_DEC, VALS(sflow_ifdirection_vals), 0x0,
2733 NULL, HFILL}},
2734 { &hf_sflow_245_ifadmin_status,
2735 { "IfAdminStatus", "sflow_245.ifadmin_status",
2736 FT_BOOLEAN, 32, TFS(&tfs_up_down), 0x00000001,
2737 NULL, HFILL}},
2738 { &hf_sflow_245_ifoper_status,
2739 { "IfOperStatus", "sflow_245.ifoper_status",
2740 FT_BOOLEAN, 32, TFS(&tfs_up_down), 0x00000002,
2741 NULL, HFILL}},
2742 { &hf_sflow_245_ifinoct,
2743 { "Input Octets", "sflow_245.ifinoct",
2744 FT_UINT64, BASE_DEC, NULL, 0x0,
2745 NULL, HFILL}},
2746 { &hf_sflow_245_ifinpkt,
2747 { "Input Packets", "sflow_245.ifinpkt",
2748 FT_UINT32, BASE_DEC, NULL, 0x0,
2749 NULL, HFILL}},
2750 { &hf_sflow_245_ifinmcast,
2751 { "Input Multicast Packets", "sflow_245.ifinmcast",
2752 FT_UINT32, BASE_DEC, NULL, 0x0,
2753 NULL, HFILL}},
2754 { &hf_sflow_245_ifinbcast,
2755 { "Input Broadcast Packets", "sflow_245.ifinbcast",
2756 FT_UINT32, BASE_DEC, NULL, 0x0,
2757 NULL, HFILL}},
2758 { &hf_sflow_245_ifindisc,
2759 { "Input Discarded Packets", "sflow_245.ifindisc",
2760 FT_UINT32, BASE_DEC, NULL, 0x0,
2761 NULL, HFILL}},
2762 { &hf_sflow_245_ifinerr,
2763 { "Input Errors", "sflow_245.ifinerr",
2764 FT_UINT32, BASE_DEC, NULL, 0x0,
2765 NULL, HFILL}},
2766 { &hf_sflow_245_ifinunk,
2767 { "Input Unknown Protocol Packets", "sflow_245.ifinunk",
2768 FT_UINT32, BASE_DEC, NULL, 0x0,
2769 NULL, HFILL}},
2770 { &hf_sflow_245_ifoutoct,
2771 { "Output Octets", "sflow_245.ifoutoct",
2772 FT_UINT64, BASE_DEC, NULL, 0x0,
2773 NULL, HFILL}},
2774 { &hf_sflow_245_ifoutpkt,
2775 { "Output Packets", "sflow_245.ifoutpkt",
2776 FT_UINT32, BASE_DEC, NULL, 0x0,
2777 NULL, HFILL}},
2778 { &hf_sflow_245_ifoutmcast,
2779 { "Output Multicast Packets", "sflow_245.ifoutmcast",
2780 FT_UINT32, BASE_DEC, NULL, 0x0,
2781 NULL, HFILL}},
2782 { &hf_sflow_245_ifoutbcast,
2783 { "Output Broadcast Packets", "sflow_245.ifoutbcast",
2784 FT_UINT32, BASE_DEC, NULL, 0x0,
2785 NULL, HFILL}},
2786 { &hf_sflow_245_ifoutdisc,
2787 { "Output Discarded Packets", "sflow_245.ifoutdisc",
2788 FT_UINT32, BASE_DEC, NULL, 0x0,
2789 NULL, HFILL}},
2790 { &hf_sflow_245_ifouterr,
2791 { "Output Errors", "sflow_245.ifouterr",
2792 FT_UINT32, BASE_DEC, NULL, 0x0,
2793 NULL, HFILL}},
2794 { &hf_sflow_245_ifpromisc,
2795 { "Promiscuous Mode", "sflow_245.ifpromisc",
2796 FT_UINT32, BASE_DEC, NULL, 0x0,
2797 NULL, HFILL}},
2798 { &hf_sflow_245_dot3StatsAlignmentErrors,
2799 { "Alignment Errors", "sflow_245.dot3StatsAlignmentErrors",
2800 FT_UINT32, BASE_DEC, NULL, 0x0,
2801 "dot3 Stats Alignment Errors", HFILL}},
2802 { &hf_sflow_245_dot3StatsFCSErrors,
2803 { "FCS Errors", "sflow_245.dot3StatsFCSErrors",
2804 FT_UINT32, BASE_DEC, NULL, 0x0,
2805 "dot3 Stats FCS Errors", HFILL}},
2806 { &hf_sflow_245_dot3StatsSingleCollisionFrames,
2807 { "Single Collision Frames", "sflow_245.dot3StatsSingleCollisionFrames",
2808 FT_UINT32, BASE_DEC, NULL, 0x0,
2809 "dot3 Stats Single Collision Frames", HFILL}},
2810 { &hf_sflow_245_dot3StatsMultipleCollisionFrames,
2811 { "Multiple Collision Frames", "sflow_245.dot3StatsMultipleCollisionFrames",
2812 FT_UINT32, BASE_DEC, NULL, 0x0,
2813 "dot3 Stats Multiple Collision Frames", HFILL}},
2814 { &hf_sflow_245_dot3StatsSQETestErrors,
2815 { "SQE Test Errors", "sflow_245.dot3StatsSQETestErrors",
2816 FT_UINT32, BASE_DEC, NULL, 0x0,
2817 "dot3 Stats SQE Test Errors", HFILL}},
2818 { &hf_sflow_245_dot3StatsDeferredTransmissions,
2819 { "Deferred Transmissions", "sflow_245.dot3StatsDeferredTransmissions",
2820 FT_UINT32, BASE_DEC, NULL, 0x0,
2821 "dot3 Stats Deferred Transmissions", HFILL}},
2822 { &hf_sflow_245_dot3StatsLateCollisions,
2823 { "Late Collisions", "sflow_245.dot3StatsLateCollisions",
2824 FT_UINT32, BASE_DEC, NULL, 0x0,
2825 "dot3 Stats Late Collisions", HFILL}},
2826 { &hf_sflow_245_dot3StatsExcessiveCollisions,
2827 { "Excessive Collisions", "sflow_245.dot3StatsExcessiveCollisions",
2828 FT_UINT32, BASE_DEC, NULL, 0x0,
2829 "dot3 Stats Excessive Collisions", HFILL}},
2830 { &hf_sflow_245_dot3StatsInternalMacTransmitErrors,
2831 { "Internal Mac Transmit Errors", "sflow_245.dot3StatsInternalMacTransmitErrors",
2832 FT_UINT32, BASE_DEC, NULL, 0x0,
2833 "dot3 Stats Internal Mac Transmit Errors", HFILL}},
2834 { &hf_sflow_245_dot3StatsCarrierSenseErrors,
2835 { "Carrier Sense Errors", "sflow_245.dot3StatsCarrierSenseErrors",
2836 FT_UINT32, BASE_DEC, NULL, 0x0,
2837 "dot3 Stats Carrier Sense Errors", HFILL}},
2838 { &hf_sflow_245_dot3StatsFrameTooLongs,
2839 { "Frame Too Longs", "sflow_245.dot3StatsFrameTooLongs",
2840 FT_UINT32, BASE_DEC, NULL, 0x0,
2841 "dot3 Stats Frame Too Longs", HFILL}},
2842 { &hf_sflow_245_dot3StatsInternalMacReceiveErrors,
2843 { "Internal Mac Receive Errors", "sflow_245.dot3StatsInternalMacReceiveErrors",
2844 FT_UINT32, BASE_DEC, NULL, 0x0,
2845 "dot3 Stats Internal Mac Receive Errors", HFILL}},
2846 { &hf_sflow_245_dot3StatsSymbolErrors,
2847 { "Symbol Errors", "sflow_245.dot3StatsSymbolErrors",
2848 FT_UINT32, BASE_DEC, NULL, 0x0,
2849 "dot3 Stats Symbol Errors", HFILL}},
2850 { &hf_sflow_245_dot5StatsLineErrors,
2851 { "Line Errors", "sflow_245.dot5StatsLineErrors",
2852 FT_UINT32, BASE_DEC, NULL, 0x0,
2853 "dot5 Stats Line Errors", HFILL}},
2854 { &hf_sflow_245_dot5StatsBurstErrors,
2855 { "Burst Errors", "sflow_245.dot5StatsBurstErrors",
2856 FT_UINT32, BASE_DEC, NULL, 0x0,
2857 "dot5 Stats Burst Errors", HFILL}},
2858 { &hf_sflow_245_dot5StatsACErrors,
2859 { "AC Errors", "sflow_245.dot5StatsACErrors",
2860 FT_UINT32, BASE_DEC, NULL, 0x0,
2861 "dot5 Stats AC Errors", HFILL}},
2862 { &hf_sflow_245_dot5StatsAbortTransErrors,
2863 { "Abort Trans Errors", "sflow_245.dot5StatsAbortTransErrors",
2864 FT_UINT32, BASE_DEC, NULL, 0x0,
2865 "dot5 Stats Abort Trans Errors", HFILL}},
2866 { &hf_sflow_245_dot5StatsInternalErrors,
2867 { "Internal Errors", "sflow_245.dot5StatsInternalErrors",
2868 FT_UINT32, BASE_DEC, NULL, 0x0,
2869 "dot5 Stats Internal Errors", HFILL}},
2870 { &hf_sflow_245_dot5StatsLostFrameErrors,
2871 { "Lost Frame Errors", "sflow_245.dot5StatsLostFrameErrors",
2872 FT_UINT32, BASE_DEC, NULL, 0x0,
2873 "dot5 Stats Lost Frame Errors", HFILL}},
2874 { &hf_sflow_245_dot5StatsReceiveCongestions,
2875 { "Receive Congestions", "sflow_245.dot5StatsReceiveCongestions",
2876 FT_UINT32, BASE_DEC, NULL, 0x0,
2877 "dot5 Stats Receive Congestions", HFILL}},
2878 { &hf_sflow_245_dot5StatsFrameCopiedErrors,
2879 { "Frame Copied Errors", "sflow_245.dot5StatsFrameCopiedErrors",
2880 FT_UINT32, BASE_DEC, NULL, 0x0,
2881 "dot5 Stats Frame Copied Errors", HFILL}},
2882 { &hf_sflow_245_dot5StatsTokenErrors,
2883 { "Token Errors", "sflow_245.dot5StatsTokenErrors",
2884 FT_UINT32, BASE_DEC, NULL, 0x0,
2885 "dot5 Stats Token Errors", HFILL}},
2886 { &hf_sflow_245_dot5StatsSoftErrors,
2887 { "Soft Errors", "sflow_245.dot5StatsSoftErrors",
2888 FT_UINT32, BASE_DEC, NULL, 0x0,
2889 "dot5 Stats Soft Errors", HFILL}},
2890 { &hf_sflow_245_dot5StatsHardErrors,
2891 { "Hard Errors", "sflow_245.dot5StatsHardErrors",
2892 FT_UINT32, BASE_DEC, NULL, 0x0,
2893 "dot5 Stats Hard Errors", HFILL}},
2894 { &hf_sflow_245_dot5StatsSignalLoss,
2895 { "Signal Loss", "sflow_245.dot5StatsSignalLoss",
2896 FT_UINT32, BASE_DEC, NULL, 0x0,
2897 "dot5 Stats Signal Loss", HFILL}},
2898 { &hf_sflow_245_dot5StatsTransmitBeacons,
2899 { "Transmit Beacons", "sflow_245.dot5StatsTransmitBeacons",
2900 FT_UINT32, BASE_DEC, NULL, 0x0,
2901 "dot5 Stats Transmit Beacons", HFILL}},
2902 { &hf_sflow_245_dot5StatsRecoveries,
2903 { "Recoveries", "sflow_245.dot5StatsRecoveries",
2904 FT_UINT32, BASE_DEC, NULL, 0x0,
2905 "dot5 Stats Recoveries", HFILL}},
2906 { &hf_sflow_245_dot5StatsLobeWires,
2907 { "Lobe Wires", "sflow_245.dot5StatsLobeWires",
2908 FT_UINT32, BASE_DEC, NULL, 0x0,
2909 "dot5 Stats Lobe Wires", HFILL}},
2910 { &hf_sflow_245_dot5StatsRemoves,
2911 { "Removes", "sflow_245.dot5StatsRemoves",
2912 FT_UINT32, BASE_DEC, NULL, 0x0,
2913 "dot5 Stats Removes", HFILL}},
2914 { &hf_sflow_245_dot5StatsSingles,
2915 { "Singles", "sflow_245.dot5StatsSingles",
2916 FT_UINT32, BASE_DEC, NULL, 0x0,
2917 "dot5 Stats Singles", HFILL}},
2918 { &hf_sflow_245_dot5StatsFreqErrors,
2919 { "Freq Errors", "sflow_245.dot5StatsFreqErrors",
2920 FT_UINT32, BASE_DEC, NULL, 0x0,
2921 "dot5 Stats Freq Errors", HFILL}},
2922 { &hf_sflow_245_dot12InHighPriorityFrames,
2923 { "In High Priority Frames", "sflow_245.dot12InHighPriorityFrames",
2924 FT_UINT32, BASE_DEC, NULL, 0x0,
2925 "dot12 Input High Priority Frames", HFILL}},
2926 { &hf_sflow_245_dot12InHighPriorityOctets,
2927 { "In High Priority Octets", "sflow_245.dot12InHighPriorityOctets",
2928 FT_UINT64, BASE_DEC, NULL, 0x0,
2929 "dot12 Input High Priority Octets", HFILL}},
2930 { &hf_sflow_245_dot12InNormPriorityFrames,
2931 { "In Normal Priority Frames", "sflow_245.dot12InNormPriorityFrames",
2932 FT_UINT32, BASE_DEC, NULL, 0x0,
2933 "dot12 Input Normal Priority Frames", HFILL}},
2934 { &hf_sflow_245_dot12InNormPriorityOctets,
2935 { "In Normal Priority Octets", "sflow_245.dot12InNormPriorityOctets",
2936 FT_UINT64, BASE_DEC, NULL, 0x0,
2937 "dot12 Input Normal Priority Octets", HFILL}},
2938 { &hf_sflow_245_dot12InIPMErrors,
2939 { "In IPM Errors", "sflow_245.dot12InIPMErrors",
2940 FT_UINT32, BASE_DEC, NULL, 0x0,
2941 "dot12 Input IPM Errors", HFILL}},
2942 { &hf_sflow_245_dot12InOversizeFrameErrors,
2943 { "In Oversize Frame Errors", "sflow_245.dot12InOversizeFrameErrors",
2944 FT_UINT32, BASE_DEC, NULL, 0x0,
2945 "dot12 Input Oversize Frame Errors", HFILL}},
2946 { &hf_sflow_245_dot12InDataErrors,
2947 { "In Data Errors", "sflow_245.dot12InDataErrors",
2948 FT_UINT32, BASE_DEC, NULL, 0x0,
2949 "dot12 Input Data Errors", HFILL}},
2950 { &hf_sflow_245_dot12InNullAddressedFrames,
2951 { "In Null Addressed Frames", "sflow_245.dot12InNullAddressedFrames",
2952 FT_UINT32, BASE_DEC, NULL, 0x0,
2953 "dot12 Input Null Addressed Frames", HFILL}},
2954 { &hf_sflow_245_dot12OutHighPriorityFrames,
2955 { "Out High Priority Frames", "sflow_245.dot12OutHighPriorityFrames",
2956 FT_UINT32, BASE_DEC, NULL, 0x0,
2957 "dot12 Output High Priority Frames", HFILL}},
2958 { &hf_sflow_245_dot12OutHighPriorityOctets,
2959 { "Out High Priority Octets", "sflow_245.dot12OutHighPriorityOctets",
2960 FT_UINT64, BASE_DEC, NULL, 0x0,
2961 "dot12 Out High Priority Octets", HFILL}},
2962 { &hf_sflow_245_dot12TransitionIntoTrainings,
2963 { "Transition Into Trainings", "sflow_245.dot12TransitionIntoTrainings",
2964 FT_UINT32, BASE_DEC, NULL, 0x0,
2965 "dot12 Transition Into Trainings", HFILL}},
2966 { &hf_sflow_245_dot12HCInHighPriorityOctets,
2967 { "HC In High Priority Octets", "sflow_245.dot12HCInHighPriorityOctets",
2968 FT_UINT64, BASE_DEC, NULL, 0x0,
2969 "dot12 HC Input High Priority Octets", HFILL}},
2970 { &hf_sflow_245_dot12HCInNormPriorityOctets,
2971 { "HC In Normal Priority Octets", "sflow_245.dot12HCInNormPriorityOctets",
2972 FT_UINT64, BASE_DEC, NULL, 0x0,
2973 "dot12 HC Input Normal Priority Octets", HFILL}},
2974 { &hf_sflow_245_dot12HCOutHighPriorityOctets,
2975 { "HC Out High Priority Octets", "sflow_245.dot12HCOutHighPriorityOctets",
2976 FT_UINT64, BASE_DEC, NULL, 0x0,
2977 "dot12 HC Output High Priority Octets", HFILL}},
2978 { &hf_sflow_245_vlan_id,
2979 { "VLAN ID", "sflow_245.vlan_id",
2980 FT_UINT32, BASE_DEC, NULL, 0x0,
2981 NULL, HFILL}},
2982 { &hf_sflow_245_octets,
2983 { "Octets", "sflow_245.octets",
2984 FT_UINT64, BASE_DEC, NULL, 0x0,
2985 NULL, HFILL}},
2986 { &hf_sflow_245_ucastPkts,
2987 { "Unicast Packets", "sflow_245.ucastPkts",
2988 FT_UINT32, BASE_DEC, NULL, 0x0,
2989 NULL, HFILL}},
2990 { &hf_sflow_245_multicastPkts,
2991 { "Multicast Packets", "sflow_245.multicastPkts",
2992 FT_UINT32, BASE_DEC, NULL, 0x0,
2993 NULL, HFILL}},
2994 { &hf_sflow_245_broadcastPkts,
2995 { "Broadcast Packets", "sflow_245.broadcastPkts",
2996 FT_UINT32, BASE_DEC, NULL, 0x0,
2997 NULL, HFILL}},
2998 { &hf_sflow_245_discards,
2999 { "Discards", "sflow_245.discards",
3000 FT_UINT32, BASE_DEC, NULL, 0x0,
3001 NULL, HFILL}},
3002 { &hf_sflow_5_dot11TransmittedFragmentCount,
3003 { "Transmitted Fragment Count", "sflow_5.dot11TransmittedFragmentCount",
3004 FT_UINT32, BASE_DEC, NULL, 0x0,
3005 NULL, HFILL}},
3006 { &hf_sflow_5_dot11MulticastTransmittedFrameCount,
3007 { "Multicast Transmitted Frame Count", "sflow_5.dot11MulticastTransmittedFrameCount",
3008 FT_UINT32, BASE_DEC, NULL, 0x0,
3009 NULL, HFILL}},
3010 { &hf_sflow_5_dot11FailedCount,
3011 { "Failed Count", "sflow_5.dot11FailedCount",
3012 FT_UINT32, BASE_DEC, NULL, 0x0,
3013 NULL, HFILL}},
3014 { &hf_sflow_5_dot11RetryCount,
3015 { "Retry Count", "sflow_5.dot11RetryCount",
3016 FT_UINT32, BASE_DEC, NULL, 0x0,
3017 NULL, HFILL}},
3018 { &hf_sflow_5_dot11MultipleRetryCount,
3019 { "Multiple Retry Count", "sflow_5.dot11MultipleRetryCount",
3020 FT_UINT32, BASE_DEC, NULL, 0x0,
3021 NULL, HFILL}},
3022 { &hf_sflow_5_dot11FrameDuplicateCount,
3023 { "Frame Duplicate Count", "sflow_5.dot11FrameDuplicateCount",
3024 FT_UINT32, BASE_DEC, NULL, 0x0,
3025 NULL, HFILL}},
3026 { &hf_sflow_5_dot11RTSSuccessCount,
3027 { "RTS Success Count", "sflow_5.dot11RTSSuccessCount",
3028 FT_UINT32, BASE_DEC, NULL, 0x0,
3029 NULL, HFILL}},
3030 { &hf_sflow_5_dot11RTSFailureCount,
3031 { "Failure Count", "sflow_5.dot11RTSFailureCount",
3032 FT_UINT32, BASE_DEC, NULL, 0x0,
3033 NULL, HFILL}},
3034 { &hf_sflow_5_dot11ACKFailureCount,
3035 { "ACK Failure Count", "sflow_5.dot11ACKFailureCount",
3036 FT_UINT32, BASE_DEC, NULL, 0x0,
3037 NULL, HFILL}},
3038 { &hf_sflow_5_dot11ReceivedFragmentCount,
3039 { "Received Fragment Count", "sflow_5.dot11ReceivedFragmentCount",
3040 FT_UINT32, BASE_DEC, NULL, 0x0,
3041 NULL, HFILL}},
3042 { &hf_sflow_5_dot11MulticastReceivedFrameCount,
3043 { "Multicast Received Frame Count", "sflow_5.dot11MulticastReceivedFrameCount",
3044 FT_UINT32, BASE_DEC, NULL, 0x0,
3045 NULL, HFILL}},
3046 { &hf_sflow_5_dot11FCSErrorCount,
3047 { "FCS Error Count", "sflow_5.dot11FCSErrorCount",
3048 FT_UINT32, BASE_DEC, NULL, 0x0,
3049 NULL, HFILL}},
3050 { &hf_sflow_5_dot11TransmittedFrameCount,
3051 { "Transmitted Frame Count", "sflow_5.dot11TransmittedFrameCount",
3052 FT_UINT32, BASE_DEC, NULL, 0x0,
3053 NULL, HFILL}},
3054 { &hf_sflow_5_dot11WEPUndecryptableCount,
3055 { "WEP Undecryptable Count", "sflow_5.dot11WEPUndecryptableCount",
3056 FT_UINT32, BASE_DEC, NULL, 0x0,
3057 NULL, HFILL}},
3058 { &hf_sflow_5_dot11QoSDiscardedFragmentCount,
3059 { "QoS Discarded Fragment Count", "sflow_5.dot11QoSDiscardedFragmentCount",
3060 FT_UINT32, BASE_DEC, NULL, 0x0,
3061 NULL, HFILL}},
3062 { &hf_sflow_5_dot11AssociatedStationCount,
3063 { "Associated Station Count", "sflow_5.dot11AssociatedStationCount",
3064 FT_UINT32, BASE_DEC, NULL, 0x0,
3065 NULL, HFILL}},
3066 { &hf_sflow_5_dot11QoSCFPollsReceivedCount,
3067 { "QoS CF Polls Received Count", "sflow_5.dot11QoSCFPollsReceivedCount",
3068 FT_UINT32, BASE_DEC, NULL, 0x0,
3069 NULL, HFILL}},
3070 { &hf_sflow_5_dot11QoSCFPollsUnusedCount,
3071 { "QoS CF Polls Unused Count", "sflow_5.dot11QoSCFPollsUnusedCount",
3072 FT_UINT32, BASE_DEC, NULL, 0x0,
3073 NULL, HFILL}},
3074 { &hf_sflow_5_dot11QoSCFPollsUnusableCount,
3075 { "QoS CF Polls Unusable Count", "sflow_5.dot11QoSCFPollsUnusableCount",
3076 FT_UINT32, BASE_DEC, NULL, 0x0,
3077 NULL, HFILL}},
3078 { &hf_sflow_5_dot11QoSCFPollsLostCount,
3079 { "QoS CF Polls Lost Count", "sflow_5.dot11QoSCFPollsLostCount",
3080 FT_UINT32, BASE_DEC, NULL, 0x0,
3081 NULL, HFILL}},
3082 { &hf_sflow_5_cpu_5s,
3083 { "5s CPU Load (100 = 1%)", "sflow_5.cpu_5s",
3084 FT_UINT32, BASE_DEC, NULL, 0x0,
3085 "Average CPU Load Over 5 Seconds (100 = 1%)", HFILL}},
3086 { &hf_sflow_5_cpu_1m,
3087 { "1m CPU Load (100 = 1%)", "sflow_5.cpu_1m",
3088 FT_UINT32, BASE_DEC, NULL, 0x0,
3089 "Average CPU Load Over 1 Minute (100 = 1%)", HFILL}},
3090 { &hf_sflow_5_cpu_5m,
3091 { "5m CPU Load (100 = 1%)", "sflow_5.cpu_5m",
3092 FT_UINT32, BASE_DEC, NULL, 0x0,
3093 "Average CPU Load Over 5 Minutes (100 = 1%)", HFILL}},
3094 { &hf_sflow_5_total_memory,
3095 { "Total Memory", "sflow_5.total_memory",
3096 FT_UINT64, BASE_DEC, NULL, 0x0,
3097 NULL, HFILL}},
3098 { &hf_sflow_5_free_memory,
3099 { "Free Memory", "sflow_5.free_memory",
3100 FT_UINT64, BASE_DEC, NULL, 0x0,
3101 NULL, HFILL}},
3102 { &hf_sflow_5_elapsed_time,
3103 { "Elapsed Time (ms)", "sflow_5.elapsed_time",
3104 FT_UINT32, BASE_DEC, NULL, 0x0,
3105 "Elapsed Time in ms", HFILL}},
3106 { &hf_sflow_5_on_channel_time,
3107 { "On Channel (ms)", "sflow_5.on_channel_time",
3108 FT_UINT32, BASE_DEC, NULL, 0x0,
3109 "Time in ms Spent on Channel", HFILL}},
3110 { &hf_sflow_5_on_channel_busy_time,
3111 { "On Channel Busy (ms)", "sflow_5.channel_busy_time",
3112 FT_UINT32, BASE_DEC, NULL, 0x0,
3113 "Time in ms Spent on Channel and Busy", HFILL}},
3114
3115 /* Generated from convert_proto_tree_add_text.pl */
3116 { &hf_sflow_245_header_frame_length,
3117 { "Frame Length", "sflow_245.header.frame_length",
3118 FT_UINT32, BASE_DEC, NULL, 0x0,
3119 NULL, HFILL }
3120 },
3121 { &hf_sflow_245_header_payload_stripped,
3122 { "Payload stripped", "sflow_245.header.payload_stripped",
3123 FT_UINT32, BASE_DEC, NULL, 0x0,
3124 NULL, HFILL }
3125 },
3126 { &hf_sflow_245_sampled_header_length,
3127 { "Sampled header length", "sflow_245.header.sampled_header_length",
3128 FT_UINT32, BASE_DEC, NULL, 0x0,
3129 NULL, HFILL }
3130 },
3131 { &hf_sflow_245_extended_mpls_in_label_stack_entries,
3132 { "In Label Stack Entries", "sflow_245.extended_mpls.in_label_stack_entries",
3133 FT_UINT32, BASE_DEC, NULL, 0x0,
3134 NULL, HFILL }
3135 },
3136 { &hf_sflow_245_extended_mpls_in_label,
3137 { "Label", "sflow_245.extended_mpls.in_label",
3138 FT_UINT32, BASE_DEC, NULL, 0x0,
3139 NULL, HFILL }
3140 },
3141 { &hf_sflow_245_extended_mpls_out_label_stack_entries,
3142 { "Out Label Stack Entries", "sflow_245.extended_mpls.out_label_stack_entries",
3143 FT_UINT32, BASE_DEC, NULL, 0x0,
3144 NULL, HFILL }
3145 },
3146 { &hf_sflow_245_extended_mpls_out_label,
3147 { "Label", "sflow_245.extended_mpls.out_label",
3148 FT_UINT32, BASE_DEC, NULL, 0x0,
3149 NULL, HFILL }
3150 },
3151 { &hf_sflow_245_ethernet_length_of_mac_packet,
3152 { "Length of MAC Packet", "sflow_245.ethernet.length",
3153 FT_UINT32, BASE_DEC, NULL, 0x0,
3154 NULL, HFILL }
3155 },
3156 { &hf_sflow_245_ethernet_source_mac_address,
3157 { "Source MAC Address", "sflow_245.ethernet.source_mac_address",
3158 FT_ETHER, BASE_NONE, NULL, 0x0,
3159 NULL, HFILL }
3160 },
3161 { &hf_sflow_245_ethernet_destination_mac_address,
3162 { "Destination MAC Address", "sflow_245.ethernet.destination_mac_address",
3163 FT_ETHER, BASE_NONE, NULL, 0x0,
3164 NULL, HFILL }
3165 },
3166 { &hf_sflow_245_ethernet_packet_type,
3167 { "Ethernet Packet Type", "sflow_245.ethernet.packet_type",
3168 FT_UINT32, BASE_DEC, NULL, 0x0,
3169 NULL, HFILL }
3170 },
3171 { &hf_sflow_245_length_of_ip_packet,
3172 { "Length of IP Packet", "sflow_245.ip.length",
3173 FT_UINT32, BASE_DEC, NULL, 0x0,
3174 NULL, HFILL }
3175 },
3176 { &hf_sflow_245_ip_source_port,
3177 { "Source Port", "sflow_245.ip.source_port",
3178 FT_UINT32, BASE_DEC, NULL, 0x0,
3179 NULL, HFILL }
3180 },
3181 { &hf_sflow_245_ip_destination_port,
3182 { "Destination Port", "sflow.ip.destination_port",
3183 FT_UINT32, BASE_DEC, NULL, 0x0,
3184 NULL, HFILL }
3185 },
3186 { &hf_sflow_245_ip_tcp_flag_cwr,
3187 { "TCP Flag (CWR)", "sflow_245.ip.tcp_flag.cwr",
3188 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000080,
3189 NULL, HFILL }
3190 },
3191 { &hf_sflow_245_ip_tcp_flag_ece,
3192 { "TCP Flag (ECE)", "sflow_245.ip.tcp_flag.ece",
3193 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000040,
3194 NULL, HFILL }
3195 },
3196 { &hf_sflow_245_ip_tcp_flag_urg,
3197 { "TCP Flag (URG)", "sflow_245.ip.tcp_flag.urg",
3198 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000020,
3199 NULL, HFILL }
3200 },
3201 { &hf_sflow_245_ip_tcp_flag_ack,
3202 { "TCP Flag (ACK)", "sflow_245.ip.tcp_flag.ack",
3203 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000010,
3204 NULL, HFILL }
3205 },
3206 { &hf_sflow_245_ip_tcp_flag_psh,
3207 { "TCP Flag (PSH)", "sflow_245.ip.tcp_flag.psh",
3208 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000008,
3209 NULL, HFILL }
3210 },
3211 { &hf_sflow_245_ip_tcp_flag_rst,
3212 { "TCP Flag (RST)", "sflow_245.ip.tcp_flag.rst",
3213 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000004,
3214 NULL, HFILL }
3215 },
3216 { &hf_sflow_245_ip_tcp_flag_syn,
3217 { "TCP Flag (SYN)", "sflow_245.ip.tcp_flag.syn",
3218 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000002,
3219 NULL, HFILL }
3220 },
3221 { &hf_sflow_245_ip_tcp_flag_fin,
3222 { "TCP Flag (FIN)", "sflow_245.ip.tcp_flag.fin",
3223 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000001,
3224 NULL, HFILL }
3225 },
3226 { &hf_sflow_245_ipv4_delay,
3227 { "Delay", "sflow_245.ipv4_delay",
3228 FT_BOOLEAN, 32, TFS(&tfs_low_normal), 0x00000010,
3229 NULL, HFILL }
3230 },
3231 { &hf_sflow_245_ipv4_throughput,
3232 { "Throughput", "sflow_245.ipv4_throughput",
3233 FT_BOOLEAN, 32, TFS(&tfs_high_normal), 0x00000008,
3234 NULL, HFILL }
3235 },
3236 { &hf_sflow_245_ipv4_reliability,
3237 { "Reliability", "sflow_245.ipv4_reliability",
3238 FT_BOOLEAN, 32, TFS(&tfs_high_normal), 0x00000004,
3239 NULL, HFILL }
3240 },
3241 { &hf_sflow_245_ipv4_cost,
3242 { "Cost (RFC1349)", "sflow_245.ipv4_cost",
3243 FT_BOOLEAN, 32, TFS(&tfs_minimize_monetary_normal), 0x00000002,
3244 NULL, HFILL }
3245 },
3246 { &hf_sflow_245_ipv6_priority,
3247 { "Priority", "sflow_245.ipv6_priority",
3248 FT_UINT32, BASE_DEC, NULL, 0x0,
3249 NULL, HFILL }
3250 },
3251 { &hf_sflow_5_extended_user_source_character_set,
3252 { "Source Character Set", "sflow_5.extended_user.source_character_set",
3253 FT_UINT32, BASE_DEC, NULL, 0x0,
3254 NULL, HFILL }
3255 },
3256 { &hf_sflow_5_extended_user_source_user_string_length,
3257 { "Source User String Length (bytes)", "sflow_5.extended_user.source_user_string_length",
3258 FT_UINT32, BASE_DEC, NULL, 0x0,
3259 NULL, HFILL }
3260 },
3261 { &hf_sflow_5_extended_user_destination_character_set,
3262 { "Destination Character Set", "sflow_5.extended_user.destination_character_set",
3263 FT_UINT32, BASE_DEC, NULL, 0x0,
3264 NULL, HFILL }
3265 },
3266 { &hf_sflow_5_extended_user_destination_user_string_length,
3267 { "Destination User String Length (bytes)", "sflow_5.extended_user.destination_user_string_length",
3268 FT_UINT32, BASE_DEC, NULL, 0x0,
3269 NULL, HFILL }
3270 },
3271 { &hf_sflow_5_extended_url_url_length,
3272 { "URL Length (bytes)", "sflow_5.extended_url.url_length",
3273 FT_UINT32, BASE_DEC, NULL, 0x0,
3274 NULL, HFILL }
3275 },
3276 { &hf_sflow_5_extended_url_host_length,
3277 { "Host Length (bytes)", "sflow_5.extended_url.host_length",
3278 FT_UINT32, BASE_DEC, NULL, 0x0,
3279 NULL, HFILL }
3280 },
3281 { &hf_sflow_5_extended_mpls_tunnel_name_length,
3282 { "Tunnel Name Length (bytes)", "sflow_5.extended_mpls_tunnel.name_length",
3283 FT_UINT32, BASE_DEC, NULL, 0x0,
3284 NULL, HFILL }
3285 },
3286 { &hf_sflow_5_extended_mpls_tunnel_id,
3287 { "Tunnel ID", "sflow_5.extended_mpls_tunnel.id",
3288 FT_UINT32, BASE_DEC, NULL, 0x0,
3289 NULL, HFILL }
3290 },
3291 { &hf_sflow_5_extended_mpls_tunnel_cos_value,
3292 { "Tunnel COS Value", "sflow_5.extended_mpls_tunnel.cos_value",
3293 FT_UINT32, BASE_DEC, NULL, 0x0,
3294 NULL, HFILL }
3295 },
3296 { &hf_sflow_5_extended_mpls_vc_instance_name_length,
3297 { "VC Instance Name Length (bytes)", "sflow_5.extended_mpls_vc.instance_name_length",
3298 FT_UINT32, BASE_DEC, NULL, 0x0,
3299 NULL, HFILL }
3300 },
3301 { &hf_sflow_5_extended_mpls_vc_id,
3302 { "VLL/VC ID", "sflow_5.extended_mpls_vc.id",
3303 FT_UINT32, BASE_DEC, NULL, 0x0,
3304 NULL, HFILL }
3305 },
3306 { &hf_sflow_5_extended_mpls_vc_label_cos_value,
3307 { "VC Label COS Value", "sflow_5.extended_mpls_vc.label_cos_value",
3308 FT_UINT32, BASE_DEC, NULL, 0x0,
3309 NULL, HFILL }
3310 },
3311 { &hf_sflow_5_extended_mpls_ftn_description_length,
3312 { "MPLS FTN Description Length (bytes)", "sflow_5.extended_mpls.ftn_description_length",
3313 FT_UINT32, BASE_DEC, NULL, 0x0,
3314 NULL, HFILL }
3315 },
3316 { &hf_sflow_5_extended_mpls_ftn_mask,
3317 { "MPLS FTN Mask", "sflow_5.extended_mpls.ftn_mask",
3318 FT_UINT32, BASE_DEC, NULL, 0x0,
3319 NULL, HFILL }
3320 },
3321 { &hf_sflow_5_extended_mpls_fec_address_prefix_length,
3322 { "MPLS FEC Address Prefix Length (bytes)", "sflow_5.extended_mpls.fec_address_prefix_length",
3323 FT_UINT32, BASE_DEC, NULL, 0x0,
3324 NULL, HFILL }
3325 },
3326 { &hf_sflow_5_extended_vlan_tunnel_number_of_layers,
3327 { "Number of Layers", "sflow_5.extended_vlan_tunnel.number_of_layers",
3328 FT_UINT32, BASE_DEC, NULL, 0x0,
3329 NULL, HFILL }
3330 },
3331 { &hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair,
3332 { "TPID/TCI Pair as Integer", "sflow_5.extended_vlan_tunnel.tpid_tci_pair",
3333 FT_UINT32, BASE_DEC, NULL, 0x0,
3334 NULL, HFILL }
3335 },
3336 { &hf_sflow_5_extended_80211_oui,
3337 { "OUI", "sflow_5.extended_80211.oui",
3338 FT_UINT24, BASE_HEX, NULL, 0x0,
3339 NULL, HFILL }
3340 },
3341 { &hf_sflow_5_extended_80211_suite_type,
3342 { "Suite Type", "sflow_5.extended_80211.suite_type",
3343 FT_UINT8, BASE_DEC, VALS(extended_80211_suite_type_vals), 0x0,
3344 NULL, HFILL }
3345 },
3346 { &hf_sflow_5_extended_80211_payload_length,
3347 { "Payload Length", "sflow_5.extended_80211.payload_length",
3348 FT_UINT32, BASE_DEC, NULL, 0x0,
3349 NULL, HFILL }
3350 },
3351 { &hf_sflow_5_extended_80211_rx_bssid,
3352 { "BSSID", "sflow_5.extended_80211.rx.bssid",
3353 FT_ETHER, BASE_NONE, NULL, 0x0,
3354 NULL, HFILL }
3355 },
3356 { &hf_sflow_5_extended_80211_rx_version,
3357 { "Version", "sflow_5.extended_80211.rx.version",
3358 FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
3359 NULL, HFILL }
3360 },
3361 { &hf_sflow_5_extended_80211_rx_channel,
3362 { "Channel", "sflow_5.extended_80211.rx.channel",
3363 FT_UINT32, BASE_DEC, NULL, 0x0,
3364 NULL, HFILL }
3365 },
3366 { &hf_sflow_5_extended_80211_rx_speed,
3367 { "Speed", "sflow_5.extended_80211.rx.speed",
3368 FT_UINT64, BASE_DEC, NULL, 0x0,
3369 NULL, HFILL }
3370 },
3371 { &hf_sflow_5_extended_80211_rx_rsni,
3372 { "RSNI", "sflow_5.extended_80211.rx.rsni",
3373 FT_UINT32, BASE_DEC, NULL, 0x0,
3374 NULL, HFILL }
3375 },
3376 { &hf_sflow_5_extended_80211_rx_rcpi,
3377 { "RCPI", "sflow_5.extended_80211.rx.rcpi",
3378 FT_UINT32, BASE_DEC, NULL, 0x0,
3379 NULL, HFILL }
3380 },
3381 { &hf_sflow_5_extended_80211_rx_packet_duration,
3382 { "Packet Duration (ms)", "sflow_5.extended_80211.rx.packet_duration",
3383 FT_UINT32, BASE_DEC, NULL, 0x0,
3384 NULL, HFILL }
3385 },
3386 { &hf_sflow_5_extended_80211_tx_bssid,
3387 { "BSSID", "sflow_5.extended_80211.tx.bssid",
3388 FT_ETHER, BASE_NONE, NULL, 0x0,
3389 NULL, HFILL }
3390 },
3391 { &hf_sflow_5_extended_80211_tx_version,
3392 { "Version", "sflow_5.extended_80211.tx.version",
3393 FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
3394 NULL, HFILL }
3395 },
3396 { &hf_sflow_5_extended_80211_tx_retransmissions,
3397 { "Retransmissions", "sflow_5.extended_80211.tx.retransmissions",
3398 FT_UINT32, BASE_DEC, NULL, 0x0,
3399 NULL, HFILL }
3400 },
3401 { &hf_sflow_5_extended_80211_tx_packet_duration,
3402 { "Packet Duration (ms)", "sflow_5.extended_80211.tx.packet_duration",
3403 FT_UINT32, BASE_DEC, NULL, 0x0,
3404 NULL, HFILL }
3405 },
3406 { &hf_sflow_5_extended_80211_tx_retransmission_duration,
3407 { "Retransmission Duration (ms)", "sflow_5.extended_80211.tx.retransmission_duration",
3408 FT_UINT32, BASE_DEC, NULL, 0x0,
3409 NULL, HFILL }
3410 },
3411 { &hf_sflow_5_extended_80211_tx_channel,
3412 { "Channel", "sflow_5.extended_80211.tx.channel",
3413 FT_UINT32, BASE_DEC, NULL, 0x0,
3414 NULL, HFILL }
3415 },
3416 { &hf_sflow_5_extended_80211_tx_speed,
3417 { "Speed", "sflow_5.extended_80211.tx.speed",
3418 FT_UINT64, BASE_DEC, NULL, 0x0,
3419 NULL, HFILL }
3420 },
3421 { &hf_sflow_5_extended_80211_tx_power,
3422 { "Power", "sflow_5.extended_80211.tx.power",
3423 FT_UINT32, BASE_DEC, NULL, 0x0,
3424 NULL, HFILL }
3425 },
3426 { &hf_sflow_flow_sample_sequence_number,
3427 { "Sequence number", "sflow.flow_sample.sequence_number",
3428 FT_UINT32, BASE_DEC, NULL, 0x0,
3429 NULL, HFILL }
3430 },
3431 { &hf_sflow_flow_sample_source_id_class,
3432 { "Source ID class", "sflow.flow_sample.source_id_class",
3433 FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3434 NULL, HFILL }
3435 },
3436 { &hf_sflow_flow_sample_sampling_rate,
3437 { "Sampling rate", "sflow.flow_sample.sampling_rate",
3438 FT_UINT32, BASE_DEC, NULL, 0x0,
3439 NULL, HFILL }
3440 },
3441 { &hf_sflow_flow_sample_sample_pool,
3442 { "Sample pool", "sflow.flow_sample.sample_pool",
3443 FT_UINT32, BASE_DEC|BASE_UNIT_STRING, UNS(&units_total_packets), 0x0,
3444 NULL, HFILL }
3445 },
3446 { &hf_sflow_flow_sample_dropped_packets,
3447 { "Dropped packets", "sflow.flow_sample.dropped_packets",
3448 FT_UINT32, BASE_DEC, NULL, 0x0,
3449 NULL, HFILL }
3450 },
3451 { &hf_sflow_flow_sample_input_interface,
3452 { "Input interface (ifIndex)", "sflow.flow_sample.input_interface",
3453 FT_UINT32, BASE_DEC, NULL, 0x0,
3454 NULL, HFILL }
3455 },
3456 { &hf_sflow_24_flow_sample_multiple_outputs,
3457 { "Multiple outputs", "sflow.flow_sample.multiple_outputs",
3458 FT_UINT32, BASE_DEC, NULL, 0x0,
3459 NULL, HFILL }
3460 },
3461 { &hf_sflow_24_flow_sample_output_interface_format,
3462 { "Output interface format", "sflow.flow_sample.output_interface.format",
3463 FT_UINT32, BASE_DEC, NULL, 0x7fffffff,
3464 NULL, HFILL }
3465 },
3466 { &hf_sflow_5_flow_sample_output_interface_expanded_format,
3467 { "Output interface expanded format", "sflow.flow_sample.output_interface.expanded.format",
3468 FT_UINT32, BASE_DEC, NULL, 0x0,
3469 NULL, HFILL }
3470 },
3471 { &hf_sflow_24_flow_sample_output_interface,
3472 { "Output interface (ifIndex)", "sflow.flow_sample.output_interface",
3473 FT_UINT32, BASE_DEC, NULL, 0x7fffffff,
3474 NULL, HFILL }
3475 },
3476 { &hf_sflow_5_flow_sample_output_interface,
3477 { "Output interface", "sflow.flow_sample.output_interface",
3478 FT_UINT32, BASE_HEX, NULL, 0x0,
3479 NULL, HFILL }
3480 },
3481 { &hf_sflow_5_flow_sample_output_interface_form,
3482 { "Output interface format", "sflow.flow_sample.output_interface_format",
3483 FT_UINT32, BASE_DEC, VALS(interface_format), SFLOW_5_INT_FORMAT,
3484 NULL, HFILL }
3485 },
3486 { &hf_sflow_5_flow_sample_output_interface_val,
3487 { "Output interface value", "sflow.flow_sample.output_interface_value",
3488 FT_UINT32, BASE_DEC, NULL, SFLOW_5_INT_VALUE,
3489 NULL, HFILL }
3490 },
3491 { &hf_sflow_5_flow_sample_output_interface_val_discard,
3492 { "Output interface value", "sflow.flow_sample.output_interface_value",
3493 FT_UINT32, BASE_DEC, VALS(interface_discard), SFLOW_5_INT_VALUE,
3494 NULL, HFILL }
3495 },
3496 { &hf_sflow_enterprise,
3497 { "Enterprise", "sflow.enterprise",
3498 FT_UINT32, BASE_DEC, NULL, 0xFFFFF000,
3499 NULL, HFILL }
3500 },
3501 { &hf_sflow_enterprise_length,
3502 { "Length", "sflow.enterprise.length",
3503 FT_UINT32, BASE_DEC, NULL, 0x0,
3504 NULL, HFILL }
3505 },
3506 { &hf_sflow_enterprise_data,
3507 { "Data", "sflow.enterprise.data",
3508 FT_BYTES, BASE_NONE, NULL, 0x0,
3509 NULL, HFILL }
3510 },
3511 { &hf_sflow_flow_sample_flow_record,
3512 { "Flow record", "sflow.flow_sample.flow_record",
3513 FT_UINT32, BASE_DEC, NULL, 0x0,
3514 NULL, HFILL }
3515 },
3516 { &hf_sflow_flow_sample_source_id_type,
3517 { "Source ID type", "sflow.flow_sample.source_id_type",
3518 FT_UINT32, BASE_DEC, NULL, 0x0,
3519 NULL, HFILL }
3520 },
3521 { &hf_sflow_flow_sample_source_id_index,
3522 { "Source ID index", "sflow.flow_sample.source_id_index",
3523 FT_UINT32, BASE_DEC, NULL, 0x0,
3524 NULL, HFILL }
3525 },
3526 { &hf_sflow_flow_sample_input_interface_format,
3527 { "Input interface format", "sflow.flow_sample.input_interface_format",
3528 FT_UINT32, BASE_DEC, NULL, 0x0,
3529 NULL, HFILL }
3530 },
3531 { &hf_sflow_flow_sample_input_interface_value,
3532 { "Input interface value", "sflow.flow_sample.input_interface_value",
3533 FT_UINT32, BASE_DEC, NULL, 0x0,
3534 NULL, HFILL }
3535 },
3536 { &hf_sflow_24_flow_sample_output_interface_value,
3537 { "Output interface value", "sflow.flow_sample.output_interface_value",
3538 FT_UINT32, BASE_DEC, NULL, 0x0,
3539 NULL, HFILL }
3540 },
3541 { &hf_sflow_5_flow_sample_output_interface_expanded_value,
3542 { "Output interface expanded value", "sflow.flow_sample.output_interface_expanded.value",
3543 FT_UINT32, BASE_DEC, NULL, 0x0,
3544 NULL, HFILL }
3545 },
3546 { &hf_sflow_counters_sample_sequence_number,
3547 { "Sequence number", "sflow.counters_sample.sequence_number",
3548 FT_UINT32, BASE_DEC, NULL, 0x0,
3549 NULL, HFILL }
3550 },
3551 { &hf_sflow_counters_sample_source_id_class,
3552 { "Source ID class", "sflow.counters_sample.source_id_class",
3553 FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3554 NULL, HFILL }
3555 },
3556 { &hf_sflow_counters_sample_sampling_interval,
3557 { "Sampling Interval", "sflow.counters_sample.sampling_interval",
3558 FT_UINT32, BASE_DEC, NULL, 0x0,
3559 NULL, HFILL }
3560 },
3561 { &hf_sflow_counters_sample_counters_type,
3562 { "Counters type", "sflow.counters_sample.counters_type",
3563 FT_UINT32, BASE_DEC, VALS(sflow_245_counterstype), 0x0,
3564 NULL, HFILL }
3565 },
3566 { &hf_sflow_counters_sample_source_id_type,
3567 { "Source ID type", "sflow.counters_sample.source_id_type",
3568 FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3569 NULL, HFILL }
3570 },
3571 { &hf_sflow_counters_sample_source_id_index,
3572 { "Source ID index", "sflow.counters_sample.source_id_index",
3573 FT_UINT32, BASE_DEC, NULL, 0x00FFFFFF,
3574 NULL, HFILL }
3575 },
3576 { &hf_sflow_counters_sample_counters_records,
3577 { "Counters records", "sflow.counters_sample.counters_records",
3578 FT_UINT32, BASE_DEC, NULL, 0x0,
3579 NULL, HFILL }
3580 },
3581 { &hf_sflow_counters_sample_expanded_source_id_type,
3582 { "Source ID type", "sflow.counters_sample.source_id_type",
3583 FT_UINT32, BASE_DEC, NULL, 0x0,
3584 NULL, HFILL }
3585 },
3586 { &hf_sflow_counters_sample_expanded_source_id_index,
3587 { "Source ID index", "sflow.counters_sample.source_id_index",
3588 FT_UINT32, BASE_DEC, NULL, 0x0,
3589 NULL, HFILL }
3590 },
3591 { &hf_sflow_lag_port_padding,
3592 { "Padding", "sflow.lag_port.padding",
3593 FT_BYTES, BASE_NONE, NULL, 0x0,
3594 NULL, HFILL }
3595 },
3596 { &hf_sflow_lag_port_actorsystemid,
3597 { "Actor System ID", "sflow.lag_port.actor_system_id",
3598 FT_ETHER, BASE_NONE, NULL, 0x0,
3599 NULL, HFILL }
3600 },
3601 { &hf_sflow_lag_port_partneropersystemid,
3602 { "Partner Oper System ID", "sflow.lag_port.partner_oper_system_id",
3603 FT_ETHER, BASE_NONE, NULL, 0x0,
3604 NULL, HFILL }
3605 },
3606 { &hf_sflow_lag_port_attachedaggid,
3607 { "Port Attached Agg ID", "sflow.lag_port.attached_agg_id",
3608 FT_UINT32, BASE_DEC, NULL, 0x0,
3609 NULL, HFILL }
3610 },
3611 { &hf_sflow_lag_port_state,
3612 { "State", "sflow.lag_port.state",
3613 FT_UINT32, BASE_HEX, NULL, 0x0,
3614 NULL, HFILL }
3615 },
3616 { &hf_sflow_lag_port_actoradminstate,
3617 { "Actor Admin State", "sflow.lag_port.actor_admin_state",
3618 FT_BOOLEAN, 32, NULL, 0x00000001,
3619 NULL, HFILL }
3620 },
3621 { &hf_sflow_lag_port_actoroperstate,
3622 { "Actor Oper State", "sflow.lag_port.actor_oper_state",
3623 FT_BOOLEAN, 32, NULL, 0x00000002,
3624 NULL, HFILL }
3625 },
3626 { &hf_sflow_lag_port_partneradminstate,
3627 { "Partner Admin State", "sflow.lag_port.partner_admin_state",
3628 FT_BOOLEAN, 32, NULL, 0x00000004,
3629 NULL, HFILL }
3630 },
3631 { &hf_sflow_lag_port_partneroperstate,
3632 { "Partner Oper State", "sflow.lag_port.partner_oper_state",
3633 FT_BOOLEAN, 32, NULL, 0x00000008,
3634 NULL, HFILL }
3635 },
3636 { &hf_sflow_lag_port_reserved,
3637 { "Reserved", "sflow.lag_port.reserved",
3638 FT_UINT32, BASE_HEX, NULL, 0xFFFFFFF0,
3639 NULL, HFILL }
3640 },
3641 { &hf_sflow_5_lag_port_actoradminstate,
3642 { "Actor Admin State", "sflow.lag_port.actor_admin_state",
3643 FT_BOOLEAN, 32, NULL, 0x000000FF,
3644 NULL, HFILL }
3645 },
3646 { &hf_sflow_5_lag_port_actoroperstate,
3647 { "Actor Oper State", "sflow.lag_port.actor_oper_state",
3648 FT_BOOLEAN, 32, NULL, 0x0000FF00,
3649 NULL, HFILL }
3650 },
3651 { &hf_sflow_5_lag_port_partneradminstate,
3652 { "Partner Admin State", "sflow.lag_port.partner_admin_state",
3653 FT_BOOLEAN, 32, NULL, 0x00FF0000,
3654 NULL, HFILL }
3655 },
3656 { &hf_sflow_5_lag_port_partneroperstate,
3657 { "Partner Oper State", "sflow.lag_port.partner_oper_state",
3658 FT_BOOLEAN, 32, NULL, 0xFF000000,
3659 NULL, HFILL }
3660 },
3661 { &hf_sflow_lag_port_stats_lacpdusrx,
3662 { "LACPDUs Rx", "sflow.lag_port.lacpdus.rx",
3663 FT_UINT32, BASE_DEC, NULL, 0x0,
3664 NULL, HFILL }
3665 },
3666 { &hf_sflow_lag_port_stats_markerpdusrx,
3667 { "Marker PDUs Rx", "sflow.lag_port.marker_pdus.rx",
3668 FT_UINT32, BASE_DEC, NULL, 0x0,
3669 NULL, HFILL }
3670 },
3671 { &hf_sflow_lag_port_stats_markerresponsepdusrx,
3672 { "Marker Response PDUs Rx", "sflow.lag_port.marker_response_pdus.rx",
3673 FT_UINT32, BASE_DEC, NULL, 0x0,
3674 NULL, HFILL }
3675 },
3676 { &hf_sflow_lag_port_stats_unknownrx,
3677 { "Unknown Rx", "sflow.lag_port.unknown.rx",
3678 FT_UINT32, BASE_DEC, NULL, 0x0,
3679 NULL, HFILL }
3680 },
3681 { &hf_sflow_lag_port_stats_illegalrx,
3682 { "Illegal Rx", "sflow.lag_port.illegal.rx",
3683 FT_UINT32, BASE_DEC, NULL, 0x0,
3684 NULL, HFILL }
3685 },
3686 { &hf_sflow_lag_port_stats_lacpdustx,
3687 { "LACPDUs Tx", "sflow.lag_port.lacpdus.tx",
3688 FT_UINT32, BASE_DEC, NULL, 0x0,
3689 NULL, HFILL }
3690 },
3691 { &hf_sflow_lag_port_stats_markerpdustx,
3692 { "Marker PDUs Tx", "sflow.lag_port.marker_pdus.tx",
3693 FT_UINT32, BASE_DEC, NULL, 0x0,
3694 NULL, HFILL }
3695 },
3696 { &hf_sflow_lag_port_stats_markerresponsepdustx,
3697 { "Marker Response PDUs Tx", "sflow.lag_port.marker_response_pdus.tx",
3698 FT_UINT32, BASE_DEC, NULL, 0x0,
3699 NULL, HFILL }
3700 },
3701
3702 { &hf_sflow_245_as_type,
3703 { "AS Type", "sflow.as_type",
3704 FT_UINT32, BASE_DEC, VALS(sflow_245_as_types), 0x0,
3705 NULL, HFILL }
3706 },
3707 { &hf_sflow_245_ip_protocol,
3708 { "IP Protocol", "sflow.ip_protocol",
3709 FT_UINT32, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
3710 NULL, HFILL }
3711 },
3712 { &hf_sflow_5_extended_user_source_user,
3713 { "Source User", "sflow_5.extended_user.source_user",
3714 FT_STRING, BASE_NONE, NULL, 0x0,
3715 NULL, HFILL }
3716 },
3717 { &hf_sflow_5_extended_user_destination_user,
3718 { "Destination User", "sflow_5.extended_user.destination_user",
3719 FT_STRING, BASE_NONE, NULL, 0x0,
3720 NULL, HFILL }
3721 },
3722 { &hf_sflow_5_extended_url_direction,
3723 { "Direction", "sflow_5.extended_url.direction",
3724 FT_UINT32, BASE_DEC, NULL, 0x0,
3725 NULL, HFILL }
3726 },
3727 { &hf_sflow_5_extended_url_url,
3728 { "URL", "sflow_5.extended_url.url",
3729 FT_STRING, BASE_NONE, NULL, 0x0,
3730 NULL, HFILL }
3731 },
3732 { &hf_sflow_5_extended_url_host,
3733 { "Host", "sflow_5.extended_url.host",
3734 FT_STRING, BASE_NONE, NULL, 0x0,
3735 NULL, HFILL }
3736 },
3737 { &hf_sflow_5_extended_mpls_tunnel_name,
3738 { "Tunnel Name", "sflow_5.extended_mpls_tunnel.tunnel_name",
3739 FT_STRING, BASE_NONE, NULL, 0x0,
3740 NULL, HFILL }
3741 },
3742 { &hf_sflow_5_extended_mpls_vc_instance_name,
3743 { "VC Instance Name", "sflow_5.extended_mpls_vc.vc_instance_name",
3744 FT_STRING, BASE_NONE, NULL, 0x0,
3745 NULL, HFILL }
3746 },
3747 { &hf_sflow_5_extended_mpls_ftn_description,
3748 { "MPLS FTN Description", "sflow_5.extended_mpls.ftn_description",
3749 FT_STRING, BASE_NONE, NULL, 0x0,
3750 NULL, HFILL }
3751 },
3752 { &hf_sflow_5_extended_80211_payload,
3753 { "Payload", "sflow_5.extended_80211.payload",
3754 FT_BYTES, BASE_NONE, NULL, 0x0,
3755 NULL, HFILL }
3756 },
3757 { &hf_sflow_5_extended_80211_rx_ssid,
3758 { "SSID", "sflow_5.extended_80211.rx.ssid",
3759 FT_STRING, BASE_NONE, NULL, 0x0,
3760 NULL, HFILL }
3761 },
3762 { &hf_sflow_5_extended_80211_tx_ssid,
3763 { "SSID", "sflow_5.extended_80211.tx.ssid",
3764 FT_STRING, BASE_NONE, NULL, 0x0,
3765 NULL, HFILL }
3766 },
3767 { &hf_sflow_flow_sample_index,
3768 { "Index", "sflow.flow_sample.index",
3769 FT_UINT32, BASE_DEC, NULL, 0x00FFFFFF,
3770 NULL, HFILL }
3771 },
3772 { &hf_sflow_counters_sample_index,
3773 { "Index", "sflow.counters_sample.index",
3774 FT_UINT32, BASE_DEC, NULL, 0x0,
3775 NULL, HFILL }
3776 },
3777 };
3778
3779 /* Setup protocol subtree array */
3780 static int * ett[] = {
3781 &ett_sflow_245,
3782 &ett_sflow_245_sample,
3783 &ett_sflow_5_flow_record,
3784 &ett_sflow_5_counters_record,
3785 &ett_sflow_5_mpls_in_label_stack,
3786 &ett_sflow_5_mpls_out_label_stack,
3787 &ett_sflow_245_extended_data,
3788 &ett_sflow_245_gw_as_dst,
3789 &ett_sflow_245_gw_as_dst_seg,
3790 &ett_sflow_245_gw_community,
3791 &ett_sflow_245_sampled_header,
3792 &ett_sflow_lag_port_state_flags,
3793 &ett_sflow_5_output_interface,
3794 };
3795
3796 static ei_register_info ei[] = {
3797 { &ei_sflow_invalid_address_type, { "sflow.invalid_address_type", PI_MALFORMED, PI_ERROR, "Unknown/invalid address type", EXPFILL }},
3798 };
3799
3800 expert_module_t* expert_sflow;
3801
3802 /* Register the protocol name and description */
3803 proto_sflow = proto_register_protocol("InMon sFlow", "sFlow", "sflow");
3804
3805 /* Required function calls to register the header fields and subtrees used */
3806 proto_register_field_array(proto_sflow, hf, array_length(hf));
3807 proto_register_subtree_array(ett, array_length(ett));
3808 expert_sflow = expert_register_protocol(proto_sflow);
3809 expert_register_field_array(expert_sflow, ei, array_length(ei));
3810
3811 header_subdissector_table = register_dissector_table("sflow_245.header_protocol", "SFLOW header protocol", proto_sflow, FT_UINT32, BASE_DEC);
3812
3813 /* Register our dissector handle */
3814 sflow_handle = register_dissector("sflow", dissect_sflow_245, proto_sflow);
3815
3816 /* Register our configuration options for sFlow */
3817 sflow_245_module = prefs_register_protocol(proto_sflow, NULL);
3818
3819 /*
3820 If I use a filter like "ip.src == 10.1.1.1" this will, in
3821 addition to the usual suspects, find every sFlow packet
3822 where *any* of the payload headers contain 10.1.1.1 as a
3823 src addr. I think this may not be the desired behavior.
3824 It can certainly be confusing since the ip.src being found
3825 is buried about 3 subtrees deep and the subtrees might be
3826 under any one of the sampled (payload) header trees. It is
3827 certainly not quickly obvious why the filter matched.
3828 */
3829 prefs_register_bool_preference(sflow_245_module, "enable_dissection",
3830 "Dissect data in sampled headers",
3831 "Enabling dissection makes it easy to view protocol details in each of the sampled headers."
3832 " Disabling dissection may reduce noise caused when display filters match the contents of"
3833 " any sampled header(s).",
3834 &global_dissect_samp_headers);
3835 /*
3836 It is not clear to me that it *ever* makes sense to enable
3837 this option. However, it was previously the default
3838 behavior so I'll leave it as an option if someone thinks
3839 they have a use for it.
3840 */
3841 prefs_register_bool_preference(sflow_245_module, "enable_analysis",
3842 "Analyze data in sampled IP headers",
3843 "This option only makes sense if dissection of sampled headers is enabled and probably not even then.",
3844 &global_analyze_samp_ip_headers);
3845 }
3846
3847 void
3848 proto_reg_handoff_sflow_245(void) {
3849
3850 dissector_add_uint_range_with_preference("udp.port", SFLOW_UDP_PORTS, sflow_handle);
3851 }
3852
3853 /*
3854 * Editor modelines - https://www.wireshark.org/tools/modelines.html
3855 *
3856 * Local variables:
3857 * c-basic-offset: 4
3858 * tab-width: 8
3859 * indent-tabs-mode: nil
3860 * End:
3861 *
3862 * vi: set shiftwidth=4 tabstop=8 expandtab:
3863 * :indentSize=4:tabSize=8:noTabs=true:
3864 */
Metzes wireshark repo