search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-sflow.c
blobb945ce2c986bc499f7a912cd132f3984d384f1a5
1 /* packet-sflow.c
2 * Routines for sFlow v5 dissection implemented according to the specifications
3 * at http://www.sflow.org/sflow_version_5.txt
4 *
5 * Additional 802.11 structures support implemented according to the
6 * specifications at http://www.sflow.org/sflow_80211.txt
7 *
8 * By Yi Yu <yiyu.inbox@gmail.com>
9 *
10 * TODO:
11 * 802.11 aggregation data dissection (sFlow v5)
12 *
13 *
14 * Based on Jeff Rizzo's <riz@boogers.sf.ca.us> dissector for sFlow v2/4
15 * in Wireshark 1.0.8 public release.
16 *
17 * Wireshark - Network traffic analyzer
18 * By Gerald Combs <gerald@wireshark.org>
19 * Copyright 1998 Gerald Combs
20 *
21 * SPDX-License-Identifier: GPL-2.0-or-later
22 *
23 *
24 * This file (mostly) implements a dissector for sFlow (RFC3176),
25 * from the version 4 spec at http://www.sflow.org/SFLOW-DATAGRAM.txt .
26 *
27 * TODO:
28 * Fix the highlighting of the datastream when bits are selected
29 * split things out into packet-sflow.h ?
30 * make routines more consistent as to whether they return
31 * 'offset' or bytes consumed ('len') (sFlow v2/4)
32 * implement sampled_ipv4 and sampled_ipv6 packet data types (sFlow v2/4)
33 * implement extended_user (sFlow v2/4)
34 * implement extended_url (sFlow v2/4)
35 * implement non-generic counters sampling (sFlow v2/4)
36 */
37
38 #include "config.h"
39
40 #include <epan/packet.h>
41 #include <epan/exceptions.h>
42 #include <epan/prefs.h>
43 #include <epan/expert.h>
44 #include <epan/to_str.h>
45 #include <epan/ipproto.h>
46 #include <epan/tfs.h>
47 #include <epan/unit_strings.h>
48
49 #include <wsutil/array.h>
50 #include "packet-sflow.h"
51
52 #define SFLOW_UDP_PORTS "6343"
53
54 void proto_register_sflow(void);
55
56 static dissector_handle_t sflow_handle;
57
58 /*
59 * sflow_245_ports : holds the currently used range of ports for sflow
60 */
61 static bool global_dissect_samp_headers = true;
62 static bool global_analyze_samp_ip_headers;
63
64 #define ENTERPRISE_DEFAULT 0
65
66 #define ADDR_TYPE_UNKNOWN 0
67 #define ADDR_TYPE_IPV4 1
68 #define ADDR_TYPE_IPV6 2
69
70 #define FLOWSAMPLE 1
71 #define COUNTERSSAMPLE 2
72 #define EXPANDED_FLOWSAMPLE 3
73 #define EXPANDED_COUNTERSSAMPLE 4
74 #define LAG_PORT_STATS 7
75
76 static const value_string sflow_agent_address_types[] = {
77 { ADDR_TYPE_IPV4, "IPv4" },
78 { ADDR_TYPE_IPV6, "IPv6" },
79 { 0, NULL }
80 };
81
82 static const value_string sflow_245_sampletype[] = {
83 { FLOWSAMPLE, "Flow sample"},
84 { COUNTERSSAMPLE, "Counters sample"},
85 { EXPANDED_FLOWSAMPLE, "Expanded flow sample"},
86 { EXPANDED_COUNTERSSAMPLE, "Expanded counters sample"},
87 { LAG_PORT_STATS, "Lag Port stats"},
88 { 0, NULL}
89 };
90
91 #define SFLOW_5_IEEE80211_VERSION_A 1
92 #define SFLOW_5_IEEE80211_VERSION_B 2
93 #define SFLOW_5_IEEE80211_VERSION_G 3
94 #define SFLOW_5_IEEE80211_VERSION_N 4
95
96 static const value_string sflow_5_ieee80211_versions [] = {
97 { SFLOW_5_IEEE80211_VERSION_A, "802.11a"},
98 { SFLOW_5_IEEE80211_VERSION_B, "802.11b"},
99 { SFLOW_5_IEEE80211_VERSION_G, "802.11g"},
100 { SFLOW_5_IEEE80211_VERSION_N, "802.11n"},
101 { 0, NULL}
102 };
103
104 /* interface counter types */
105 #define SFLOW_245_COUNTERS_GENERIC 1
106 #define SFLOW_245_COUNTERS_ETHERNET 2
107 #define SFLOW_245_COUNTERS_TOKENRING 3
108 #define SFLOW_245_COUNTERS_FDDI 4
109 #define SFLOW_245_COUNTERS_VG 5
110 #define SFLOW_245_COUNTERS_WAN 6
111 #define SFLOW_245_COUNTERS_VLAN 7
112
113 static const value_string sflow_245_counterstype[] = {
114 { SFLOW_245_COUNTERS_GENERIC, "Generic counters"},
115 { SFLOW_245_COUNTERS_ETHERNET, "Ethernet counters"},
116 { SFLOW_245_COUNTERS_TOKENRING,"Token Ring counters"},
117 { SFLOW_245_COUNTERS_FDDI, "FDDI counters"},
118 { SFLOW_245_COUNTERS_VG, "100baseVG counters"},
119 { SFLOW_245_COUNTERS_WAN, "WAN counters"},
120 { SFLOW_245_COUNTERS_VLAN, "VLAN counters"},
121 { 0, NULL}
122 };
123
124 #define MAX_HEADER_SIZE 256
125
126 #define SFLOW_245_PACKET_DATA_TYPE_HEADER 1
127 #define SFLOW_245_PACKET_DATA_TYPE_IPV4 2
128 #define SFLOW_245_PACKET_DATA_TYPE_IPV6 3
129
130 static const value_string sflow_245_packet_information_type[] = {
131 { SFLOW_245_PACKET_DATA_TYPE_HEADER, "Packet headers are sampled"},
132 { SFLOW_245_PACKET_DATA_TYPE_IPV4, "IP Version 4 data"},
133 { SFLOW_245_PACKET_DATA_TYPE_IPV6, "IP Version 6 data"},
134 { 0, NULL}
135 };
136
137 static const value_string extended_80211_suite_type_vals[] = {
138 { 0, "Use group cipher suite"},
139 { 1, "WEP-40"},
140 { 2, "TKIP"},
141 { 4, "CCMP"},
142 { 5, "WEP-104"},
143 { 0, NULL}
144 };
145
146 static const value_string sflow_ifdirection_vals[] = {
147 { 1, "Full-Duplex"},
148 { 2, "Half-Duplex"},
149 { 3, "In"},
150 { 4, "Out"},
151 { 0, NULL}
152 };
153
154 static const true_false_string tfs_minimize_monetary_normal = { "Minimize Monetary", "Normal" };
155
156 static const value_string sflow_245_header_protocol[] = {
157 { SFLOW_245_HEADER_ETHERNET, "Ethernet"},
158 { SFLOW_245_HEADER_TOKENBUS, "Token Bus"},
159 { SFLOW_245_HEADER_TOKENRING, "Token Ring"},
160 { SFLOW_245_HEADER_FDDI, "FDDI"},
161 { SFLOW_245_HEADER_FRAME_RELAY, "Frame Relay"},
162 { SFLOW_245_HEADER_X25, "X.25"},
163 { SFLOW_245_HEADER_PPP, "PPP"},
164 { SFLOW_245_HEADER_SMDS, "SMDS"},
165 { SFLOW_245_HEADER_AAL5, "ATM AAL5"},
166 { SFLOW_245_HEADER_AAL5_IP, "ATM AAL5-IP (e.g., Cisco AAL5 mux)"},
167 { SFLOW_245_HEADER_IPv4, "IPv4"},
168 { SFLOW_245_HEADER_IPv6, "IPv6"},
169 { SFLOW_245_HEADER_MPLS, "MPLS"},
170 { SFLOW_5_HEADER_POS, "PPP over SONET/SDH (RFC 1662, 2615)"},
171 { SFLOW_5_HEADER_80211_MAC, "802.11 MAC"},
172 { SFLOW_5_HEADER_80211_AMPDU, "802.11n Aggregated MPDU"},
173 { SFLOW_5_HEADER_80211_AMSDU_SUBFRAME, "A-MSDU Subframe"},
174 { 0, NULL}
175 };
176 static value_string_ext sflow_245_header_protocol_ext = VALUE_STRING_EXT_INIT(sflow_245_header_protocol);
177
178 /* extended packet data types */
179 #define SFLOW_245_EXTENDED_SWITCH 1
180 #define SFLOW_245_EXTENDED_ROUTER 2
181 #define SFLOW_245_EXTENDED_GATEWAY 3
182 #define SFLOW_245_EXTENDED_USER 4
183 #define SFLOW_245_EXTENDED_URL 5
184
185 static const value_string sflow_245_extended_data_types[] = {
186 { SFLOW_245_EXTENDED_SWITCH, "Extended switch information"},
187 { SFLOW_245_EXTENDED_ROUTER, "Extended router information"},
188 { SFLOW_245_EXTENDED_GATEWAY, "Extended gateway information"},
189 { SFLOW_245_EXTENDED_USER, "Extended user information"},
190 { SFLOW_245_EXTENDED_URL, "Extended URL information"},
191 { 0, NULL}
192 };
193
194
195 #define SFLOW_245_AS_SET 1
196 #define SFLOW_245_AS_SEQUENCE 2
197
198 static const value_string sflow_245_as_types[] = {
199 { SFLOW_245_AS_SET, "AS Set"},
200 { SFLOW_245_AS_SEQUENCE, "AS Sequence"},
201 { 0, NULL}
202 };
203
204 #define SFLOW_245_IPV4_PRECEDENCE_ROUTINE 0
205 #define SFLOW_245_IPV4_PRECEDENCE_PRIORITY 1
206 #define SFLOW_245_IPV4_PRECEDENCE_IMMEDIATE 2
207 #define SFLOW_245_IPV4_PRECEDENCE_FLASH 3
208 #define SFLOW_245_IPV4_PRECEDENCE_FLASH_OVERRIDE 4
209 #define SFLOW_245_IPV4_PRECEDENCE_CRITIC_ECP 5
210 #define SFLOW_245_IPV4_PRECEDENCE_INTERNETWORK_CONTROL 6
211 #define SFLOW_245_IPV4_PRECEDENCE_NETWORK_CONTROL 7
212
213 static const value_string sflow_245_ipv4_precedence_types[] = {
214 { SFLOW_245_IPV4_PRECEDENCE_ROUTINE, "Routine"},
215 { SFLOW_245_IPV4_PRECEDENCE_PRIORITY, "Priority"},
216 { SFLOW_245_IPV4_PRECEDENCE_IMMEDIATE, "Immediate"},
217 { SFLOW_245_IPV4_PRECEDENCE_FLASH, "Flash"},
218 { SFLOW_245_IPV4_PRECEDENCE_FLASH_OVERRIDE, "Flash Override"},
219 { SFLOW_245_IPV4_PRECEDENCE_CRITIC_ECP, "CRITIC/ECP"},
220 { SFLOW_245_IPV4_PRECEDENCE_INTERNETWORK_CONTROL, "Internetwork Control"},
221 { SFLOW_245_IPV4_PRECEDENCE_NETWORK_CONTROL, "Network Control"},
222 { 0, NULL}
223 };
224
225 /* sFlow v5 flow record formats */
226 #define SFLOW_5_RAW_PACKET_HEADER 1
227 #define SFLOW_5_ETHERNET_FRAME 2
228 #define SFLOW_5_IPV4 3
229 #define SFLOW_5_IPV6 4
230 #define SFLOW_5_SWITCH 1001
231 #define SFLOW_5_ROUTER 1002
232 #define SFLOW_5_GATEWAY 1003
233 #define SFLOW_5_USER 1004
234 #define SFLOW_5_URL 1005
235 #define SFLOW_5_MPLS_DATA 1006
236 #define SFLOW_5_NAT 1007
237 #define SFLOW_5_MPLS_TUNNEL 1008
238 #define SFLOW_5_MPLS_VC 1009
239 #define SFLOW_5_MPLS_FEC 1010
240 #define SFLOW_5_MPLS_LVP_FEC 1011
241 #define SFLOW_5_VLAN_TUNNEL 1012
242 #define SFLOW_5_80211_PAYLOAD 1013
243 #define SFLOW_5_80211_RX 1014
244 #define SFLOW_5_80211_TX 1015
245 #define SFLOW_5_80211_AGGREGATION 1016
246
247
248 static const value_string sflow_5_flow_record_type[] = {
249 { SFLOW_5_RAW_PACKET_HEADER, "Raw packet header"},
250 { SFLOW_5_ETHERNET_FRAME, "Ethernet frame data"},
251 { SFLOW_5_IPV4, "IPv4 data"},
252 { SFLOW_5_IPV6, "IPv6 data"},
253 { SFLOW_5_SWITCH, "Extended switch data"},
254 { SFLOW_5_ROUTER, "Extended router data"},
255 { SFLOW_5_GATEWAY, "Extended gateway data"},
256 { SFLOW_5_USER, "Extended user data"},
257 { SFLOW_5_URL, "Extended URL data"},
258 { SFLOW_5_MPLS_DATA, "Extended MPLS data"},
259 { SFLOW_5_NAT, "Extended NAT data"},
260 { SFLOW_5_MPLS_TUNNEL, "Extended MPLS tunnel data"},
261 { SFLOW_5_MPLS_VC, "Extended MPLS VC data"},
262 { SFLOW_5_MPLS_FEC, "Extended MPLS FEC data"},
263 { SFLOW_5_MPLS_LVP_FEC, "Extended MPLS LVP FEC data"},
264 { SFLOW_5_VLAN_TUNNEL, "Extended VLAN tunnel"},
265 { SFLOW_5_80211_PAYLOAD, "Extended 802.11 payload"},
266 { SFLOW_5_80211_RX, "Extended 802.11 RX"},
267 { SFLOW_5_80211_TX, "Extended 802.11 TX"},
268 { SFLOW_5_80211_AGGREGATION, "Extended 802.11 aggregation"},
269 { 0, NULL}
270 };
271 static value_string_ext sflow_5_flow_record_type_ext = VALUE_STRING_EXT_INIT(sflow_5_flow_record_type);
272
273 /* sFlow v5 counters record formats */
274 #define SFLOW_5_GENERIC_INTERFACE 1
275 #define SFLOW_5_ETHERNET_INTERFACE 2
276 #define SFLOW_5_TOKEN_RING 3
277 #define SFLOW_5_100BASE_VG_INTERFACE 4
278 #define SFLOW_5_VLAN 5
279 #define SFLOW_5_80211_COUNTERS 6
280 #define SFLOW_5_LAG 7
281 #define SFLOW_5_PROCESSOR 1001
282 #define SFLOW_5_RADIO_UTILIZATION 1002
283
284 static const value_string sflow_5_counters_record_type[] = {
285 { SFLOW_5_GENERIC_INTERFACE, "Generic interface counters"},
286 { SFLOW_5_ETHERNET_INTERFACE, "Ethernet interface counters"},
287 { SFLOW_5_TOKEN_RING, "Token ring counters"},
288 { SFLOW_5_100BASE_VG_INTERFACE, "100 Base VG interface counters"},
289 { SFLOW_5_VLAN, "VLAN counters"},
290 { SFLOW_5_LAG, "LAG counters"},
291 { SFLOW_5_80211_COUNTERS, "IEEE 802.11 counters"},
292 { SFLOW_5_PROCESSOR, "Processor information"},
293 { SFLOW_5_RADIO_UTILIZATION, "Radio utilization"},
294 { 0, NULL}
295 };
296
297 /* sFlow v5 interface formats */
298 #define SFLOW_5_INT_FORMAT 0xC0000000
299 #define SFLOW_5_INT_VALUE 0x3FFFFFFF
300
301 #define SFLOW_5_INT_FORMAT_IFINDEX 0
302 #define SFLOW_5_INT_FORMAT_DISCARD 1
303 #define SFLOW_5_INT_FORMAT_MULTIPLE 2
304
305 static const value_string interface_format[] = {
306 { SFLOW_5_INT_FORMAT_IFINDEX, "ifindex"},
307 { SFLOW_5_INT_FORMAT_DISCARD, "packet discarded"},
308 { SFLOW_5_INT_FORMAT_MULTIPLE, "multiple interfaces"},
309 { 0, NULL}
310 };
311
312 static const value_string interface_discard[] = {
313 { 0, "Net Unreachable"},
314 { 1, "Host Unreachable"},
315 { 2, "Protocol Unreachable"},
316 { 3, "Port Unreachable"},
317 { 4, "Fragmentation Needed and Don't Fragment was Set"},
318 { 5, "Source Route Failed"},
319 { 6, "Destination Network Unknown"},
320 { 7, "Destination Host Unknown"},
321 { 8, "Source Host Isolated"},
322 { 9, "Communication with Destination Network is Administratively Prohibited"},
323 { 10, "Communication with Destination Host is Administratively Prohibited"},
324 { 11, "Destination Network Unreachable for Type of Service"},
325 { 12, "Destination Host Unreachable for Type of Service"},
326 { 13, "Communication Administratively Prohibited"},
327 { 14, "Host Precedence Violation"},
328 { 15, "Precedence cutoff in effect"},
329 { 256, "unknown"},
330 { 257, "ttl exceeded"},
331 { 258, "ACL"},
332 { 259, "no buffer space"},
333 { 260, "RED"},
334 { 261, "traffic shaping/rate limiting"},
335 { 262, "packet too big (for protocols that don't support fragmentation)"},
336 { 263, "Source MAC is multicast"},
337 { 264, "VLAN tag mismatch"},
338 { 265, "Ingress VLAN filter"},
339 { 266, "Ingress spanning tree filter"},
340 { 267, "Port list is empty"},
341 { 268, "Port loopback filter"},
342 { 269, "Blackhole route"},
343 { 270, "Non IP"},
344 { 271, "Unicast destination IP over multicast destination MAC"},
345 { 272, "Destination IP is loopback address"},
346 { 273, "Source IP is multicast"},
347 { 274, "Source IP is looback address"},
348 { 275, "IP header corrupted"},
349 { 276, "IPv4 source address is limited broadcast"},
350 { 277, "IPv6 multicast destination IP reserved scope"},
351 { 278, "IPv6 multicast destination IP interface local scope"},
352 { 279, "Unresolved neighbor"},
353 { 280, "Multicast reverse path forwarding"},
354 { 281, "Non routable packet"},
355 { 282, "Decap error"},
356 { 283, "Overlay source MAC is multicast"},
357 { 284, "Unknown L2"},
358 { 285, "Unknown L3"},
359 { 286, "Unknown L3 exception"},
360 { 287, "Unknown buffer"},
361 { 288, "Unknown tunnel"},
362 { 289, "Unknown L4"},
363 { 290, "Source IP in unspecified"},
364 { 291, "Mlag port isolation"},
365 { 292, "Blackhole ARP neighbor"},
366 { 293, "Source MAC is destination MAC"},
367 { 294, "Destination MAC is reserved"},
368 { 295, "Source IP class E"},
369 { 296, "Multicast destination MAC mismatch"},
370 { 297, "Source IP is destination IP"},
371 { 298, "Destination IP is local network"},
372 { 299, "Destination IP is link local"},
373 { 300, "Overlay source MAC is destination MAC"},
374 { 301, "Egress VLAN filter"},
375 { 302, "Unicast reverse path forwarding"},
376 { 303, "Split horizon"},
377 { 304, "locked_port"},
378 { 305, "dmac_filter"},
379 { 306, "blackhole_nexthop"},
380 { 307, "vxlan_parsing"},
381 { 308, "llc_snap_parsing"},
382 { 309, "vlan_parsing"},
383 { 310, "pppoe_ppp_parsing"},
384 { 311, "mpls_parsing"},
385 { 312, "arp_parsing"},
386 { 313, "ip_1_parsing"},
387 { 314, "ip_n_parsing"},
388 { 315, "gre_parsing"},
389 { 316, "udp_parsing"},
390 { 317, "tcp_parsing"},
391 { 318, "ipsec_parsing"},
392 { 319, "sctp_parsing"},
393 { 320, "dccp_parsing"},
394 { 321, "gtp_parsing"},
395 { 322, "esp_parsing"},
396 { 323, "unknown_parsing"},
397 { 324, "pkt_too_small"},
398 { 325, "unhandled_proto"},
399 { 326, "ipv6disabled"},
400 { 327, "invalid_proto"},
401 { 328, "ip_noproto"},
402 { 329, "skb_csum"},
403 { 330, "skb_ucopy_fault"},
404 { 331, "dev_ready"},
405 { 332, "dev_hdr"},
406 { 333, "dup_frag"},
407 { 334, "skb_gso_seg"},
408 { 335, "reverse_path_forwarding"},
409 { 336, "icmp_parsing"},
410 { 337, "tcp_md5notfound"},
411 { 338, "tcp_md5unexpected"},
412 { 339, "tcp_md5failure"},
413 { 340, "tcp_flags"},
414 { 341, "tcp_zerowindow"},
415 { 342, "tcp_old_data"},
416 { 343, "tcp_overwindow"},
417 { 344, "tcp_ofomerge"},
418 { 345, "tcp_rfc7323_paws"},
419 { 346, "tcp_invalid_sequence"},
420 { 347, "tcp_reset"},
421 { 348, "tcp_invalid_syn"},
422 { 349, "tcp_close"},
423 { 350, "tcp_fastopen"},
424 { 351, "tcp_old_ack"},
425 { 352, "tcp_too_old_ack"},
426 { 353, "tcp_ack_unsent_data"},
427 { 354, "tcp_ofo_queue_prune"},
428 { 355, "tcp_ofo_drop"},
429 { 356, "tcp_minttl"},
430 { 357, "ipv6_bad_exthdr"},
431 { 358, "ipv6_ndisc_frag"},
432 { 359, "ipv6_ndisc_hop_limit"},
433 { 360, "ipv6_ndisc_bad_code"},
434 { 361, "ipv6_ndisc_bad_options"},
435 { 362, "ipv6_ndisc_ns_otherhost"},
436 { 363, "tap_filter"},
437 { 364, "tap_txfilter"},
438 { 365, "tc_ingress"},
439 { 366, "tc_egress"},
440 { 367, "xdp"},
441 { 368, "cpu_backlog"},
442 { 369, "bpf_cgroup_egress"},
443 { 370, "xfrm_policy"},
444 { 371, "socket_filter"},
445 { 372, "bgp_flowspec"},
446 { 0, NULL}
447 };
448
449 /* ethernet counters. These will be preceded by generic counters. */
450 struct ethernet_counters {
451 uint32_t dot3StatsAlignmentErrors;
452 uint32_t dot3StatsFCSErrors;
453 uint32_t dot3StatsSingleCollisionFrames;
454 uint32_t dot3StatsMultipleCollisionFrames;
455 uint32_t dot3StatsSQETestErrors;
456 uint32_t dot3StatsDeferredTransmissions;
457 uint32_t dot3StatsLateCollisions;
458 uint32_t dot3StatsExcessiveCollisions;
459 uint32_t dot3StatsInternalMacTransmitErrors;
460 uint32_t dot3StatsCarrierSenseErrors;
461 uint32_t dot3StatsFrameTooLongs;
462 uint32_t dot3StatsInternalMacReceiveErrors;
463 uint32_t dot3StatsSymbolErrors;
464 };
465
466 struct sflow_address_type {
467 int hf_addr_v4;
468 int hf_addr_v6;
469 };
470
471
472 /* Initialize the protocol and registered fields */
473 static int proto_sflow;
474 static int hf_sflow_version;
475 static int hf_sflow_agent_address_type;
476 static int hf_sflow_agent_address_v4;
477 static int hf_sflow_agent_address_v6;
478 static int hf_sflow_5_sub_agent_id;
479 static int hf_sflow_5_sample_length;
480 static int hf_sflow_5_flow_data_length;
481 /* static int hf_sflow_5_counters_data_length; */
482 static int hf_sflow_245_seqnum;
483 static int hf_sflow_245_sysuptime;
484 static int hf_sflow_245_numsamples;
485 static int hf_sflow_245_header_protocol;
486 static int hf_sflow_245_sampletype;
487 static int hf_sflow_245_sampletype12;
488 static int hf_sflow_245_ipv4_precedence_type;
489 static int hf_sflow_5_flow_record_format;
490 static int hf_sflow_5_counters_record_format;
491 static int hf_sflow_245_header;
492 static int hf_sflow_245_packet_information_type;
493 static int hf_sflow_245_extended_information_type;
494 static int hf_sflow_245_vlan_in; /* incoming 802.1Q VLAN ID */
495 static int hf_sflow_245_vlan_out; /* outgoing 802.1Q VLAN ID */
496 static int hf_sflow_245_pri_in; /* incoming 802.1p priority */
497 static int hf_sflow_245_pri_out; /* outgoing 802.1p priority */
498 static int hf_sflow_245_nexthop_v4; /* nexthop address */
499 static int hf_sflow_245_nexthop_v6; /* nexthop address */
500 static int hf_sflow_245_ipv4_src;
501 static int hf_sflow_245_ipv4_dst;
502 static int hf_sflow_245_ipv6_src;
503 static int hf_sflow_245_ipv6_dst;
504 static int hf_sflow_245_nexthop_src_mask;
505 static int hf_sflow_245_nexthop_dst_mask;
506
507
508 /* extended gateway (all versions) */
509 static int hf_sflow_245_as;
510 static int hf_sflow_245_src_as;
511 static int hf_sflow_245_src_peer_as;
512 static int hf_sflow_245_dst_as_entries; /* aka length */
513 static int hf_sflow_245_dst_as;
514 /* extended gateway (>= version 4) */
515 static int hf_sflow_245_community_entries;
516 /* static int hf_sflow_245_community; */
517 static int hf_sflow_245_localpref;
518
519 /* generic interface counter */
520 static int hf_sflow_245_ifindex;
521 static int hf_sflow_245_iftype;
522 static int hf_sflow_245_ifspeed;
523 static int hf_sflow_245_ifdirection;
524 static int hf_sflow_245_ifadmin_status;
525 static int hf_sflow_245_ifoper_status;
526 static int hf_sflow_245_ifinoct;
527 static int hf_sflow_245_ifinpkt;
528 static int hf_sflow_245_ifinmcast;
529 static int hf_sflow_245_ifinbcast;
530 static int hf_sflow_245_ifinerr;
531 static int hf_sflow_245_ifindisc;
532 static int hf_sflow_245_ifinunk;
533 static int hf_sflow_245_ifoutoct;
534 static int hf_sflow_245_ifoutpkt;
535 static int hf_sflow_245_ifoutmcast;
536 static int hf_sflow_245_ifoutbcast;
537 static int hf_sflow_245_ifoutdisc;
538 static int hf_sflow_245_ifouterr;
539 static int hf_sflow_245_ifpromisc;
540
541 /* ethernet interface counter */
542 static int hf_sflow_245_dot3StatsAlignmentErrors;
543 static int hf_sflow_245_dot3StatsFCSErrors;
544 static int hf_sflow_245_dot3StatsSingleCollisionFrames;
545 static int hf_sflow_245_dot3StatsMultipleCollisionFrames;
546 static int hf_sflow_245_dot3StatsSQETestErrors;
547 static int hf_sflow_245_dot3StatsDeferredTransmissions;
548 static int hf_sflow_245_dot3StatsLateCollisions;
549 static int hf_sflow_245_dot3StatsExcessiveCollisions;
550 static int hf_sflow_245_dot3StatsInternalMacTransmitErrors;
551 static int hf_sflow_245_dot3StatsCarrierSenseErrors;
552 static int hf_sflow_245_dot3StatsFrameTooLongs;
553 static int hf_sflow_245_dot3StatsInternalMacReceiveErrors;
554 static int hf_sflow_245_dot3StatsSymbolErrors;
555
556 /* token ring counter */
557 static int hf_sflow_245_dot5StatsLineErrors;
558 static int hf_sflow_245_dot5StatsBurstErrors;
559 static int hf_sflow_245_dot5StatsACErrors;
560 static int hf_sflow_245_dot5StatsAbortTransErrors;
561 static int hf_sflow_245_dot5StatsInternalErrors;
562 static int hf_sflow_245_dot5StatsLostFrameErrors;
563 static int hf_sflow_245_dot5StatsReceiveCongestions;
564 static int hf_sflow_245_dot5StatsFrameCopiedErrors;
565 static int hf_sflow_245_dot5StatsTokenErrors;
566 static int hf_sflow_245_dot5StatsSoftErrors;
567 static int hf_sflow_245_dot5StatsHardErrors;
568 static int hf_sflow_245_dot5StatsSignalLoss;
569 static int hf_sflow_245_dot5StatsTransmitBeacons;
570 static int hf_sflow_245_dot5StatsRecoveries;
571 static int hf_sflow_245_dot5StatsLobeWires;
572 static int hf_sflow_245_dot5StatsRemoves;
573 static int hf_sflow_245_dot5StatsSingles;
574 static int hf_sflow_245_dot5StatsFreqErrors;
575
576 /* 100 BaseVG interface counters */
577 static int hf_sflow_245_dot12InHighPriorityFrames;
578 static int hf_sflow_245_dot12InHighPriorityOctets;
579 static int hf_sflow_245_dot12InNormPriorityFrames;
580 static int hf_sflow_245_dot12InNormPriorityOctets;
581 static int hf_sflow_245_dot12InIPMErrors;
582 static int hf_sflow_245_dot12InOversizeFrameErrors;
583 static int hf_sflow_245_dot12InDataErrors;
584 static int hf_sflow_245_dot12InNullAddressedFrames;
585 static int hf_sflow_245_dot12OutHighPriorityFrames;
586 static int hf_sflow_245_dot12OutHighPriorityOctets;
587 static int hf_sflow_245_dot12TransitionIntoTrainings;
588 static int hf_sflow_245_dot12HCInHighPriorityOctets;
589 static int hf_sflow_245_dot12HCInNormPriorityOctets;
590 static int hf_sflow_245_dot12HCOutHighPriorityOctets;
591
592 /* VLAN counters */
593 static int hf_sflow_245_vlan_id;
594 static int hf_sflow_245_octets;
595 static int hf_sflow_245_ucastPkts;
596 static int hf_sflow_245_multicastPkts;
597 static int hf_sflow_245_broadcastPkts;
598 static int hf_sflow_245_discards;
599
600 /* 802.11 interface counters */
601 static int hf_sflow_5_dot11TransmittedFragmentCount;
602 static int hf_sflow_5_dot11MulticastTransmittedFrameCount;
603 static int hf_sflow_5_dot11FailedCount;
604 static int hf_sflow_5_dot11RetryCount;
605 static int hf_sflow_5_dot11MultipleRetryCount;
606 static int hf_sflow_5_dot11FrameDuplicateCount;
607 static int hf_sflow_5_dot11RTSSuccessCount;
608 static int hf_sflow_5_dot11RTSFailureCount;
609 static int hf_sflow_5_dot11ACKFailureCount;
610 static int hf_sflow_5_dot11ReceivedFragmentCount;
611 static int hf_sflow_5_dot11MulticastReceivedFrameCount;
612 static int hf_sflow_5_dot11FCSErrorCount;
613 static int hf_sflow_5_dot11TransmittedFrameCount;
614 static int hf_sflow_5_dot11WEPUndecryptableCount;
615 static int hf_sflow_5_dot11QoSDiscardedFragmentCount;
616 static int hf_sflow_5_dot11AssociatedStationCount;
617 static int hf_sflow_5_dot11QoSCFPollsReceivedCount;
618 static int hf_sflow_5_dot11QoSCFPollsUnusedCount;
619 static int hf_sflow_5_dot11QoSCFPollsUnusableCount;
620 static int hf_sflow_5_dot11QoSCFPollsLostCount;
621 /* static int hf_sflow_5_ieee80211_version; */
622
623
624 /* processor information */
625 static int hf_sflow_5_cpu_5s;
626 static int hf_sflow_5_cpu_1m;
627 static int hf_sflow_5_cpu_5m;
628 static int hf_sflow_5_total_memory;
629 static int hf_sflow_5_free_memory;
630
631 /* radio utilisation */
632 static int hf_sflow_5_elapsed_time;
633 static int hf_sflow_5_on_channel_time;
634 static int hf_sflow_5_on_channel_busy_time;
635
636 /* Generated from convert_proto_tree_add_text.pl */
637 static int hf_sflow_5_extended_80211_suite_type;
638 static int hf_sflow_5_extended_80211_rx_channel;
639 static int hf_sflow_flow_sample_input_interface;
640 static int hf_sflow_counters_sample_sampling_interval;
641 static int hf_sflow_5_extended_url_host_length;
642 static int hf_sflow_245_ip_tcp_flag_syn;
643 static int hf_sflow_24_flow_sample_output_interface;
644 static int hf_sflow_5_flow_sample_output_interface;
645 static int hf_sflow_5_flow_sample_output_interface_form;
646 static int hf_sflow_5_flow_sample_output_interface_val;
647 static int hf_sflow_5_flow_sample_output_interface_val_discard;
648 static int hf_sflow_245_length_of_ip_packet;
649 static int hf_sflow_counters_sample_counters_type;
650 static int hf_sflow_5_extended_mpls_tunnel_id;
651 static int hf_sflow_flow_sample_sample_pool;
652 static int hf_sflow_5_extended_80211_tx_speed;
653 static int hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair;
654 static int hf_sflow_245_extended_mpls_out_label_stack_entries;
655 static int hf_sflow_flow_sample_input_interface_value;
656 static int hf_sflow_flow_sample_sampling_rate;
657 static int hf_sflow_5_extended_80211_rx_rcpi;
658 static int hf_sflow_enterprise;
659 static int hf_sflow_enterprise_length;
660 static int hf_sflow_enterprise_data;
661 static int hf_sflow_245_header_frame_length;
662 static int hf_sflow_5_extended_user_destination_character_set;
663 static int hf_sflow_5_extended_80211_rx_bssid;
664 static int hf_sflow_5_extended_80211_tx_retransmission_duration;
665 static int hf_sflow_245_ethernet_length_of_mac_packet;
666 static int hf_sflow_245_ip_tcp_flag_psh;
667 static int hf_sflow_flow_sample_flow_record;
668 static int hf_sflow_245_extended_mpls_in_label;
669 static int hf_sflow_5_extended_user_source_character_set;
670 static int hf_sflow_5_extended_user_destination_user_string_length;
671 static int hf_sflow_counters_sample_sequence_number;
672 static int hf_sflow_5_extended_80211_rx_speed;
673 static int hf_sflow_5_extended_80211_rx_rsni;
674 static int hf_sflow_flow_sample_source_id_index;
675 static int hf_sflow_245_ip_tcp_flag_ece;
676 static int hf_sflow_245_ipv4_throughput;
677 static int hf_sflow_5_extended_80211_oui;
678 static int hf_sflow_counters_sample_source_id_type;
679 static int hf_sflow_flow_sample_input_interface_format;
680 static int hf_sflow_5_extended_80211_tx_channel;
681 static int hf_sflow_245_ip_tcp_flag_urg;
682 static int hf_sflow_5_extended_mpls_tunnel_name_length;
683 static int hf_sflow_5_extended_80211_tx_version;
684 static int hf_sflow_245_ipv4_delay;
685 static int hf_sflow_flow_sample_source_id_class;
686 static int hf_sflow_245_ethernet_source_mac_address;
687 static int hf_sflow_5_extended_mpls_ftn_mask;
688 static int hf_sflow_245_extended_mpls_out_label;
689 static int hf_sflow_245_ipv6_priority;
690 static int hf_sflow_245_ip_tcp_flag_fin;
691 static int hf_sflow_245_ip_destination_port;
692 static int hf_sflow_5_extended_mpls_vc_label_cos_value;
693 static int hf_sflow_5_extended_80211_rx_packet_duration;
694 static int hf_sflow_5_extended_80211_tx_packet_duration;
695 static int hf_sflow_245_ipv4_reliability;
696 static int hf_sflow_5_extended_80211_tx_power;
697 static int hf_sflow_24_flow_sample_multiple_outputs;
698 static int hf_sflow_5_extended_user_source_user_string_length;
699 static int hf_sflow_5_extended_80211_payload_length;
700 static int hf_sflow_5_flow_sample_output_interface_expanded_format;
701 static int hf_sflow_245_ethernet_packet_type;
702 static int hf_sflow_counters_sample_expanded_source_id_type;
703 static int hf_sflow_245_ip_source_port;
704 static int hf_sflow_245_extended_mpls_in_label_stack_entries;
705 static int hf_sflow_5_extended_mpls_vc_instance_name_length;
706 static int hf_sflow_245_ipv4_cost;
707 static int hf_sflow_5_extended_mpls_ftn_description_length;
708 static int hf_sflow_5_extended_vlan_tunnel_number_of_layers;
709 static int hf_sflow_5_extended_80211_tx_bssid;
710 static int hf_sflow_245_ip_tcp_flag_rst;
711 static int hf_sflow_245_ip_tcp_flag_ack;
712 static int hf_sflow_245_ip_tcp_flag_cwr;
713 static int hf_sflow_5_extended_80211_tx_retransmissions;
714 static int hf_sflow_5_extended_80211_rx_version;
715 static int hf_sflow_flow_sample_dropped_packets;
716 static int hf_sflow_counters_sample_expanded_source_id_index;
717 static int hf_sflow_245_header_payload_stripped;
718 static int hf_sflow_245_sampled_header_length;
719 static int hf_sflow_245_ethernet_destination_mac_address;
720 static int hf_sflow_counters_sample_source_id_class;
721 static int hf_sflow_5_extended_url_url_length;
722 static int hf_sflow_flow_sample_source_id_type;
723 static int hf_sflow_5_extended_mpls_fec_address_prefix_length;
724 static int hf_sflow_flow_sample_sequence_number;
725 static int hf_sflow_counters_sample_source_id_index;
726 static int hf_sflow_counters_sample_counters_records;
727 static int hf_sflow_5_extended_mpls_tunnel_cos_value;
728 static int hf_sflow_5_extended_mpls_vc_id;
729 static int hf_sflow_24_flow_sample_output_interface_value;
730 static int hf_sflow_5_flow_sample_output_interface_expanded_value;
731 static int hf_sflow_5_flow_sample_output_interface_expanded_value_discarded;
732 static int hf_sflow_5_flow_sample_output_interface_expanded_value_number;
733 static int hf_sflow_5_flow_sample_output_interface_expanded_value_ifindex;
734 static int hf_sflow_5_extended_user_destination_user;
735 static int hf_sflow_245_as_type;
736 static int hf_sflow_counters_sample_index;
737 static int hf_sflow_5_extended_url_url;
738 static int hf_sflow_flow_sample_index;
739 static int hf_sflow_5_extended_80211_rx_ssid;
740 static int hf_sflow_5_extended_mpls_vc_instance_name;
741 static int hf_sflow_5_extended_mpls_tunnel_name;
742 static int hf_sflow_5_extended_80211_payload;
743 static int hf_sflow_5_extended_user_source_user;
744 static int hf_sflow_5_extended_url_host;
745 static int hf_sflow_5_extended_80211_tx_ssid;
746 static int hf_sflow_5_extended_url_direction;
747 static int hf_sflow_5_extended_mpls_ftn_description;
748 static int hf_sflow_245_ip_protocol;
749
750 static int hf_sflow_lag_port_padding;
751 static int hf_sflow_lag_port_actorsystemid;
752 static int hf_sflow_lag_port_partneropersystemid;
753 static int hf_sflow_lag_port_attachedaggid;
754 static int hf_sflow_lag_port_state;
755 static int hf_sflow_lag_port_actoradminstate;
756 static int hf_sflow_lag_port_actoroperstate;
757 static int hf_sflow_lag_port_partneradminstate;
758 static int hf_sflow_lag_port_partneroperstate;
759 static int hf_sflow_lag_port_reserved;
760 static int hf_sflow_5_lag_port_actoradminstate;
761 static int hf_sflow_5_lag_port_actoroperstate;
762 static int hf_sflow_5_lag_port_partneradminstate;
763 static int hf_sflow_5_lag_port_partneroperstate;
764 static int hf_sflow_lag_port_stats_lacpdusrx;
765 static int hf_sflow_lag_port_stats_markerpdusrx;
766 static int hf_sflow_lag_port_stats_markerresponsepdusrx;
767 static int hf_sflow_lag_port_stats_unknownrx;
768 static int hf_sflow_lag_port_stats_illegalrx;
769 static int hf_sflow_lag_port_stats_lacpdustx;
770 static int hf_sflow_lag_port_stats_markerpdustx;
771 static int hf_sflow_lag_port_stats_markerresponsepdustx;
772
773 /* Initialize the subtree pointers */
774 static int ett_sflow_245;
775 static int ett_sflow_245_sample;
776 static int ett_sflow_5_flow_record;
777 static int ett_sflow_5_counters_record;
778 static int ett_sflow_5_mpls_in_label_stack;
779 static int ett_sflow_5_mpls_out_label_stack;
780 static int ett_sflow_245_extended_data;
781 static int ett_sflow_245_gw_as_dst;
782 static int ett_sflow_245_gw_as_dst_seg;
783 static int ett_sflow_245_gw_community;
784 static int ett_sflow_245_sampled_header;
785 static int ett_sflow_lag_port_state_flags;
786 static int ett_sflow_5_output_interface;
787
788 static expert_field ei_sflow_invalid_address_type;
789
790 static dissector_table_t header_subdissector_table;
791
792 static const unit_name_string units_total_packets = { " total packet", " total packets" };
793
794 void proto_reg_handoff_sflow_245(void);
795
796 /* dissect a sampled header - layer 2 protocols */
797 static int
798 dissect_sflow_245_sampled_header(tvbuff_t *tvb, packet_info *pinfo,
799 proto_tree *tree, volatile int offset) {
800 uint32_t version, header_proto, frame_length;
801 uint32_t header_length;
802 tvbuff_t *next_tvb;
803 proto_tree *sflow_245_header_tree;
804 proto_item *ti;
805 /* stuff for saving column state before calling other dissectors.
806 * Thanks to Guy Harris for the tip. */
807 bool save_writable;
808 bool save_in_error_pkt;
809 address save_dl_src, save_dl_dst, save_net_src, save_net_dst, save_src, save_dst;
810
811 version = tvb_get_ntohl(tvb, 0);
812 header_proto = tvb_get_ntohl(tvb, offset);
813 proto_tree_add_item(tree, hf_sflow_245_header_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
814 offset += 4;
815 frame_length = tvb_get_ntohl(tvb, offset);
816 proto_tree_add_item(tree, hf_sflow_245_header_frame_length, tvb, offset, 4, ENC_BIG_ENDIAN);
817 offset += 4;
818
819 if (version == 5) {
820 proto_tree_add_item(tree, hf_sflow_245_header_payload_stripped, tvb, offset, 4, ENC_BIG_ENDIAN);
821 offset += 4;
822 }
823
824 proto_tree_add_item_ret_uint(tree, hf_sflow_245_sampled_header_length, tvb, offset, 4, ENC_BIG_ENDIAN, &header_length);
825 offset += 4;
826
827 if (header_length % 4) /* XDR requires 4-byte alignment */
828 header_length += (4 - (header_length % 4));
829
830
831 ti = proto_tree_add_item(tree, hf_sflow_245_header, tvb, offset, header_length, ENC_NA);
832 sflow_245_header_tree = proto_item_add_subtree(ti, ett_sflow_245_sampled_header);
833
834 /* hand the header off to the appropriate dissector. It's probably
835 * a short frame, so ignore any exceptions. */
836 next_tvb = tvb_new_subset_length_caplen(tvb, offset, header_length, frame_length);
837
838 /* save some state */
839 save_writable = col_get_writable(pinfo->cinfo, -1);
840
841 /*
842 If sFlow samples a TCP packet it is very likely that the
843 TCP analysis will flag the packet as having some error with
844 the sequence numbers. sFlow only report on a "sample" of
845 traffic so many packets will not be reported on. This is
846 most obvious if the colorizing rules are on, but will also
847 cause confusion if you attempt to filter on
848 "tcp.analysis.flags".
849
850 The following only works to suppress IP/TCP errors, but
851 it is a start anyway. Other protocols carried as payloads
852 may exhibit similar issues.
853
854 I think what is really needed is a more general
855 "protocol_as_payload" flag. Of course then someone has to
856 play whack-a-mole and add code to implement it to any
857 protocols that could be carried as a payload. In the case
858 of sFlow that pretty much means anything on your network.
859 */
860 save_in_error_pkt = pinfo->flags.in_error_pkt;
861 if (!global_analyze_samp_ip_headers) {
862 pinfo->flags.in_error_pkt = true;
863 }
864
865 col_set_writable(pinfo->cinfo, -1, false);
866 copy_address_shallow(&save_dl_src, &pinfo->dl_src);
867 copy_address_shallow(&save_dl_dst, &pinfo->dl_dst);
868 copy_address_shallow(&save_net_src, &pinfo->net_src);
869 copy_address_shallow(&save_net_dst, &pinfo->net_dst);
870 copy_address_shallow(&save_src, &pinfo->src);
871 copy_address_shallow(&save_dst, &pinfo->dst);
872
873 TRY
874 {
875 if ((global_dissect_samp_headers == false) ||
876 !dissector_try_uint(header_subdissector_table, header_proto, next_tvb, pinfo, sflow_245_header_tree))
877 {
878 call_data_dissector(next_tvb, pinfo, sflow_245_header_tree);
879 }
880 }
881
882 CATCH_BOUNDS_ERRORS {
883 }
884 ENDTRY;
885
886 /* restore saved state */
887 col_set_writable(pinfo->cinfo, -1, save_writable);
888 pinfo->flags.in_error_pkt = save_in_error_pkt;
889 copy_address_shallow(&pinfo->dl_src, &save_dl_src);
890 copy_address_shallow(&pinfo->dl_dst, &save_dl_dst);
891 copy_address_shallow(&pinfo->net_src, &save_net_src);
892 copy_address_shallow(&pinfo->net_dst, &save_net_dst);
893 copy_address_shallow(&pinfo->src, &save_src);
894 copy_address_shallow(&pinfo->dst, &save_dst);
895
896 offset += header_length;
897 return offset;
898 }
899
900 static int
901 dissect_sflow_245_address_type(tvbuff_t *tvb, packet_info *pinfo,
902 proto_tree *tree, int offset,
903 struct sflow_address_type *hf_type,
904 address *addr) {
905 uint32_t addr_type;
906 int len;
907
908 addr_type = tvb_get_ntohl(tvb, offset);
909 offset += 4;
910
911 switch (addr_type) {
912 case ADDR_TYPE_UNKNOWN:
913 len = 0;
914 break;
915 case ADDR_TYPE_IPV4:
916 len = 4;
917 proto_tree_add_item(tree, hf_type->hf_addr_v4, tvb, offset, 4, ENC_BIG_ENDIAN);
918 break;
919 case ADDR_TYPE_IPV6:
920 len = 16;
921 proto_tree_add_item(tree, hf_type->hf_addr_v6, tvb, offset, 16, ENC_NA);
922 break;
923 default:
924 /* Invalid address type, or a type we don't understand; we don't
925 know the length. We treat it as having no contents; that
926 doesn't trap us in an endless loop, as we at least include
927 the address type and thus at least advance the offset by 4.
928 Note that we have a problem, though. */
929 len = 0;
930 proto_tree_add_expert_format(tree, pinfo, &ei_sflow_invalid_address_type, tvb,
931 offset - 4, 4, "Unknown address type (%u)", addr_type);
932 }
933
934 if (addr) {
935 switch (len) {
936 default:
937 clear_address(addr);
938 break;
939 case 4:
940 set_address_tvb(addr, AT_IPv4, len, tvb, offset);
941 break;
942 case 16:
943 set_address_tvb(addr, AT_IPv6, len, tvb, offset);
944 break;
945 }
946 }
947
948 return offset + len;
949 }
950
951 /* extended switch data, after the packet data */
952 static int
953 dissect_sflow_245_extended_switch(tvbuff_t *tvb, proto_tree *tree, int offset) {
954 proto_tree_add_item(tree, hf_sflow_245_vlan_in, tvb, offset, 4, ENC_BIG_ENDIAN);
955 offset += 4;
956 proto_tree_add_item(tree, hf_sflow_245_pri_in, tvb, offset, 4, ENC_BIG_ENDIAN);
957 offset += 4;
958 proto_tree_add_item(tree, hf_sflow_245_vlan_out, tvb, offset, 4, ENC_BIG_ENDIAN);
959 offset += 4;
960 proto_tree_add_item(tree, hf_sflow_245_pri_out, tvb, offset, 4, ENC_BIG_ENDIAN);
961 offset += 4;
962
963 return offset;
964 }
965
966 /* extended router data, after the packet data */
967 static int
968 dissect_sflow_245_extended_router(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) {
969 struct sflow_address_type addr_type;
970
971 addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
972 addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
973
974 offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
975 proto_tree_add_item(tree, hf_sflow_245_nexthop_src_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
976 offset += 4;
977 proto_tree_add_item(tree, hf_sflow_245_nexthop_dst_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
978 offset += 4;
979 return offset;
980 }
981
982 /* extended MPLS data */
983 static int
984 dissect_sflow_5_extended_mpls_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) {
985 uint32_t in_label_count, out_label_count, label, i, j;
986 proto_tree *in_stack;
987 proto_tree *out_stack;
988 struct sflow_address_type addr_type;
989
990 addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
991 addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
992
993 offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
994
995 in_label_count = tvb_get_ntohl(tvb, offset);
996 proto_tree_add_item(tree, hf_sflow_245_extended_mpls_in_label_stack_entries, tvb, offset, 4, ENC_BIG_ENDIAN);
997 offset += 4;
998
999 in_stack = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_mpls_in_label_stack, NULL, "In Label Stack");
1000
1001 /* by applying the mask, we avoid possible corrupted data that causes huge number of loops
1002 * 255 is a sensible limit of label count */
1003 for (i = 0, j = 0; i < (in_label_count & 0x000000ff); i++, j += 4) {
1004 label = tvb_get_ntohl(tvb, offset + j);
1005 proto_tree_add_uint_format(in_stack, hf_sflow_245_extended_mpls_in_label, tvb, offset, 4,
1006 label, "Label %u: %u", i + 1, label);
1007 }
1008 offset += (in_label_count * 4);
1009
1010 out_label_count = tvb_get_ntohl(tvb, offset);
1011 proto_tree_add_item(tree, hf_sflow_245_extended_mpls_out_label_stack_entries, tvb, offset, 4, ENC_BIG_ENDIAN);
1012 offset += 4;
1013
1014 out_stack = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_mpls_in_label_stack, NULL, "Out Label Stack");
1015
1016 /* by applying the mask, we avoid possible corrupted data that causes huge number of loops
1017 * 255 is a sensible limit of label count */
1018 for (i = 0, j = 0; i < (out_label_count & 0x000000ff); i++, j += 4) {
1019 label = tvb_get_ntohl(tvb, offset + j);
1020 proto_tree_add_uint_format(out_stack, hf_sflow_245_extended_mpls_out_label, tvb, offset, 4,
1021 label, "Label %u: %u", i + 1, label);
1022 }
1023 offset = offset + out_label_count * 4;
1024
1025 return offset;
1026 }
1027
1028 /* extended NAT data */
1029 static int
1030 dissect_sflow_5_extended_nat(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) {
1031 struct sflow_address_type addr_type;
1032
1033 addr_type.hf_addr_v4 = hf_sflow_245_ipv4_src;
1034 addr_type.hf_addr_v6 = hf_sflow_245_ipv6_src;
1035
1036 offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
1037
1038 addr_type.hf_addr_v4 = hf_sflow_245_ipv4_dst;
1039 addr_type.hf_addr_v6 = hf_sflow_245_ipv6_dst;
1040
1041 offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
1042
1043 return offset;
1044 }
1045
1046 /* extended gateway data, after the packet data */
1047 static int
1048 dissect_sflow_245_extended_gateway(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) {
1049 int32_t len = 0;
1050 int32_t i, j, comm_len, dst_len, dst_seg_len;
1051 uint32_t path_type;
1052 int32_t kludge;
1053
1054 uint32_t version = tvb_get_ntohl(tvb, 0); /* get sFlow version */
1055 proto_item *ti;
1056 proto_tree *sflow_245_dst_as_tree;
1057 proto_tree *sflow_245_comm_tree;
1058 proto_tree *sflow_245_dst_as_seg_tree;
1059
1060 /* sFlow v5 contains next hop router IP address */
1061 if (version == 5) {
1062 struct sflow_address_type addr_type;
1063
1064 addr_type.hf_addr_v4 = hf_sflow_245_nexthop_v4;
1065 addr_type.hf_addr_v6 = hf_sflow_245_nexthop_v6;
1066
1067 offset = dissect_sflow_245_address_type(tvb, pinfo, tree, offset, &addr_type, NULL);
1068 }
1069
1070 proto_tree_add_item(tree, hf_sflow_245_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
1071 len += 4;
1072
1073 proto_tree_add_item(tree, hf_sflow_245_src_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
1074 len += 4;
1075
1076 proto_tree_add_item(tree, hf_sflow_245_src_peer_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
1077 len += 4;
1078
1079 dst_len = tvb_get_ntohl(tvb, offset + len);
1080 ti = proto_tree_add_uint(tree, hf_sflow_245_dst_as_entries, tvb, offset + len, 4, dst_len);
1081 sflow_245_dst_as_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_as_dst);
1082 len += 4;
1083
1084 for (i = 0; i < dst_len; i++) {
1085 if (version < 4) {
1086 /* Version 2 AS paths are different than versions >= 4 as
1087 follows:
1088
1089 There is no type encoded in the packet.
1090
1091 The destination ASs are encoded as an array of integers
1092 rather as an array of arrays of integers. I just
1093 pretended they were encoded as an array of arrays with
1094 an implicit length of 1 to not have to do two
1095 completely separate blocks for the different versions.
1096
1097 Having a subtree for "arrays" guaranteed to have only a
1098 single element proved cumbersome to navigate so I moved
1099 the creation of the subtree to only happen for versions
1100 >= 4.
1101 */
1102 dst_seg_len = 1;
1103 sflow_245_dst_as_seg_tree = sflow_245_dst_as_tree;
1104 } else {
1105 path_type = tvb_get_ntohl(tvb, offset + len);
1106 len += 4;
1107 dst_seg_len = tvb_get_ntohl(tvb, offset + len);
1108 len += 4;
1109 kludge = 8;
1110 ti = proto_tree_add_uint_format(tree, hf_sflow_245_as_type, tvb, offset + len - kludge, kludge, path_type,
1111 "%s, (%u entries)", val_to_str_const(path_type, sflow_245_as_types, "Unknown AS type"), dst_seg_len);
1112 sflow_245_dst_as_seg_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_as_dst_seg);
1113 }
1114
1115 for (j = 0; j < dst_seg_len; j++) {
1116 proto_tree_add_item(sflow_245_dst_as_seg_tree, hf_sflow_245_dst_as, tvb, offset + len, 4, ENC_BIG_ENDIAN);
1117 len += 4;
1118 }
1119 }
1120
1121
1122 if (version >= 4) {
1123 comm_len = tvb_get_ntohl(tvb, offset + len);
1124
1125 ti = proto_tree_add_uint(tree, hf_sflow_245_community_entries, tvb, offset + len, 4, comm_len);
1126 sflow_245_comm_tree = proto_item_add_subtree(ti, ett_sflow_245_gw_community);
1127 len += 4;
1128 for (i = 0; i < comm_len; i++) {
1129 proto_tree_add_item(sflow_245_comm_tree,
1130 hf_sflow_245_dst_as, tvb, offset + len,
1131 4, ENC_BIG_ENDIAN);
1132 len += 4;
1133 }
1134
1135 proto_tree_add_item(tree, hf_sflow_245_localpref, tvb, offset + len, 4, ENC_BIG_ENDIAN);
1136 len += 4;
1137
1138 }
1139
1140 return offset + len;
1141 }
1142
1143 /* sflow v5 ethernet frame data */
1144 static int
1145 dissect_sflow_5_ethernet_frame(tvbuff_t *tvb, proto_tree *tree, int offset) {
1146
1147 proto_tree_add_item(tree, hf_sflow_245_ethernet_length_of_mac_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1148 offset += 4;
1149
1150 proto_tree_add_item(tree, hf_sflow_245_ethernet_source_mac_address, tvb, offset, 6, ENC_NA);
1151 /* Padded to 4 byte offset */
1152 offset += 8;
1153
1154 proto_tree_add_item(tree, hf_sflow_245_ethernet_destination_mac_address, tvb, offset, 6, ENC_NA);
1155 /* Padded to 4 byte offset */
1156 offset += 8;
1157
1158 proto_tree_add_item(tree, hf_sflow_245_ethernet_packet_type, tvb, offset, 4, ENC_BIG_ENDIAN);
1159 offset += 4;
1160
1161 return offset;
1162 }
1163
1164 /* sflow v5 IPv4 data */
1165 static int
1166 dissect_sflow_5_ipv4(tvbuff_t *tvb, proto_tree *tree, int offset) {
1167
1168 proto_tree_add_item(tree, hf_sflow_245_length_of_ip_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1169 offset += 4;
1170
1171 proto_tree_add_item(tree, hf_sflow_245_ip_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
1172 offset += 4;
1173
1174 proto_tree_add_item(tree, hf_sflow_245_ipv4_src, tvb, offset, 4, ENC_BIG_ENDIAN);
1175 offset += 4;
1176
1177 proto_tree_add_item(tree, hf_sflow_245_ipv4_dst, tvb, offset, 4, ENC_BIG_ENDIAN);
1178 offset += 4;
1179
1180 proto_tree_add_item(tree, hf_sflow_245_ip_source_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1181 offset += 4;
1182
1183 proto_tree_add_item(tree, hf_sflow_245_ip_destination_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1184 offset += 4;
1185
1186 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_cwr, tvb, offset, 4, ENC_BIG_ENDIAN);
1187 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ece, tvb, offset, 4, ENC_BIG_ENDIAN);
1188 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_urg, tvb, offset, 4, ENC_BIG_ENDIAN);
1189 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ack, tvb, offset, 4, ENC_BIG_ENDIAN);
1190 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_psh, tvb, offset, 4, ENC_BIG_ENDIAN);
1191 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_rst, tvb, offset, 4, ENC_BIG_ENDIAN);
1192 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_syn, tvb, offset, 4, ENC_BIG_ENDIAN);
1193 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_fin, tvb, offset, 4, ENC_BIG_ENDIAN);
1194 offset += 4;
1195
1196 /* 7 bits for type of service, plus 1 reserved bit */
1197 proto_tree_add_item(tree, hf_sflow_245_ipv4_precedence_type, tvb, offset, 4, ENC_BIG_ENDIAN);
1198 proto_tree_add_item(tree, hf_sflow_245_ipv4_delay, tvb, offset, 4, ENC_BIG_ENDIAN);
1199 proto_tree_add_item(tree, hf_sflow_245_ipv4_throughput, tvb, offset, 4, ENC_BIG_ENDIAN);
1200 proto_tree_add_item(tree, hf_sflow_245_ipv4_reliability, tvb, offset, 4, ENC_BIG_ENDIAN);
1201 proto_tree_add_item(tree, hf_sflow_245_ipv4_cost, tvb, offset, 4, ENC_BIG_ENDIAN);
1202 offset += 4;
1203
1204 return offset;
1205 }
1206
1207 /* sflow v5 IPv6 data */
1208 static int
1209 dissect_sflow_5_ipv6(tvbuff_t *tvb, proto_tree *tree, int offset) {
1210
1211 proto_tree_add_item(tree, hf_sflow_245_length_of_ip_packet, tvb, offset, 4, ENC_BIG_ENDIAN);
1212 offset += 4;
1213
1214 proto_tree_add_item(tree, hf_sflow_245_ip_protocol, tvb, offset, 4, ENC_BIG_ENDIAN);
1215 offset += 4;
1216
1217 proto_tree_add_item(tree, hf_sflow_245_ipv6_src, tvb, offset, 16, ENC_NA);
1218 offset += 16;
1219
1220 proto_tree_add_item(tree, hf_sflow_245_ipv6_dst, tvb, offset, 16, ENC_NA);
1221 offset += 16;
1222
1223 proto_tree_add_item(tree, hf_sflow_245_ip_source_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1224 offset += 4;
1225
1226 proto_tree_add_item(tree, hf_sflow_245_ip_destination_port, tvb, offset, 4, ENC_BIG_ENDIAN);
1227 offset += 4;
1228
1229 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_cwr, tvb, offset, 4, ENC_BIG_ENDIAN);
1230 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ece, tvb, offset, 4, ENC_BIG_ENDIAN);
1231 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_urg, tvb, offset, 4, ENC_BIG_ENDIAN);
1232 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_ack, tvb, offset, 4, ENC_BIG_ENDIAN);
1233 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_psh, tvb, offset, 4, ENC_BIG_ENDIAN);
1234 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_rst, tvb, offset, 4, ENC_BIG_ENDIAN);
1235 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_syn, tvb, offset, 4, ENC_BIG_ENDIAN);
1236 proto_tree_add_item(tree, hf_sflow_245_ip_tcp_flag_fin, tvb, offset, 4, ENC_BIG_ENDIAN);
1237 offset += 4;
1238
1239 /* Priority -- Traffic class field enables a source to identify the desired
1240 delivery priority of the packets. Priority values are divided into
1241 ranges: traffic where the source provides congestion control and
1242 non-congestion control traffic.
1243
1244 It is displayed as unsigned integer here according to sFlow specification */
1245
1246 proto_tree_add_item(tree, hf_sflow_245_ipv6_priority, tvb, offset, 4, ENC_BIG_ENDIAN);
1247 offset += 4;
1248
1249 return offset;
1250 }
1251
1252 /* sflow v5 user data */
1253 static int
1254 dissect_sflow_5_extended_user(tvbuff_t *tvb, proto_tree *tree, int offset) {
1255 uint32_t src_length, dest_length;
1256
1257 /* charset is not processed here, all chars are assumed to be ASCII */
1258 proto_tree_add_item(tree, hf_sflow_5_extended_user_source_character_set, tvb, offset, 4, ENC_BIG_ENDIAN);
1259 offset += 4;
1260
1261 src_length = tvb_get_ntohl(tvb, offset);
1262 proto_tree_add_item(tree, hf_sflow_5_extended_user_source_user_string_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1263 offset += 4;
1264
1265 /* extract source user info char by char */
1266 proto_tree_add_item(tree, hf_sflow_5_extended_user_source_user, tvb, offset, src_length, ENC_NA|ENC_ASCII);
1267 offset += src_length;
1268 /* get the correct offset by adding padding byte count */
1269 if (src_length % 4)
1270 offset += (4 - src_length % 4);
1271
1272 /* charset is not processed here, all chars are assumed to be ASCII */
1273 proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_character_set, tvb, offset, 4, ENC_BIG_ENDIAN);
1274 offset += 4;
1275
1276 dest_length = tvb_get_ntohl(tvb, offset);
1277 proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_user_string_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1278 offset += 4;
1279
1280 /* extract destination user info char by char */
1281 proto_tree_add_item(tree, hf_sflow_5_extended_user_destination_user, tvb, offset, dest_length, ENC_NA|ENC_ASCII);
1282 offset += dest_length;
1283 /* get the correct offset by adding padding byte count */
1284 if (dest_length % 4)
1285 offset += (4 - dest_length % 4);
1286
1287 return offset;
1288 }
1289
1290 /* sflow v5 URL data */
1291 static int
1292 dissect_sflow_5_extended_url(tvbuff_t *tvb, proto_tree *tree, int offset) {
1293 uint32_t direction, url_length, host_length;
1294
1295 direction = tvb_get_ntohl(tvb, offset);
1296 switch (direction) {
1297 case 1:
1298 proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1299 "Source Address is Server(%u)", direction);
1300 break;
1301 case 2:
1302 proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1303 "Destination Address is Server (%u)", direction);
1304 break;
1305 default:
1306 proto_tree_add_uint_format(tree, hf_sflow_5_extended_url_direction, tvb, offset, 4, direction,
1307 "Server Unspecified (%u)", direction);
1308 break;
1309 }
1310 offset += 4;
1311
1312 url_length = tvb_get_ntohl(tvb, offset);
1313 proto_tree_add_item(tree, hf_sflow_5_extended_url_url_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1314 offset += 4;
1315
1316 /* extract URL char by char */
1317 proto_tree_add_item(tree, hf_sflow_5_extended_url_url, tvb, offset, url_length, ENC_NA|ENC_ASCII);
1318 offset += url_length;
1319 /* get the correct offset by adding padding byte count */
1320 if (url_length % 4)
1321 offset += (4 - url_length % 4);
1322
1323 host_length = tvb_get_ntohl(tvb, offset);
1324 proto_tree_add_item(tree, hf_sflow_5_extended_url_host_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1325 offset += 4;
1326
1327 /* extract host info char by char */
1328 proto_tree_add_item(tree, hf_sflow_5_extended_url_host, tvb, offset, host_length, ENC_NA|ENC_ASCII);
1329 offset += host_length;
1330 /* get the correct offset by adding padding byte count */
1331 if (host_length % 4)
1332 offset += (4 - host_length % 4);
1333
1334 return offset;
1335 }
1336
1337 /* sflow v5 MPLS tunnel */
1338 static int
1339 dissect_sflow_5_extended_mpls_tunnel(tvbuff_t *tvb, proto_tree *tree, int offset) {
1340 uint32_t name_length;
1341
1342 name_length = tvb_get_ntohl(tvb, offset);
1343 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_name_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1344 offset += 4;
1345
1346 /* extract tunnel name char by char */
1347 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_name, tvb, offset, name_length, ENC_NA|ENC_ASCII);
1348 offset += name_length;
1349 /* get the correct offset by adding padding byte count */
1350 if (name_length % 4)
1351 offset += (4 - name_length % 4);
1352
1353 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1354 offset += 4;
1355
1356 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_tunnel_cos_value, tvb, offset, 4, ENC_BIG_ENDIAN);
1357 offset += 4;
1358
1359 return offset;
1360 }
1361
1362 /* sflow v5 MPLS VC */
1363 static int
1364 dissect_sflow_5_extended_mpls_vc(tvbuff_t *tvb, proto_tree *tree, int offset) {
1365 uint32_t name_length;
1366
1367 name_length = tvb_get_ntohl(tvb, offset);
1368 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_instance_name_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1369 offset += 4;
1370
1371 /* extract source user info char by char */
1372 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_instance_name, tvb, offset, name_length, ENC_NA|ENC_ASCII);
1373 offset += name_length;
1374 /* get the correct offset by adding padding byte count */
1375 if (name_length % 4)
1376 offset += (4 - name_length % 4);
1377
1378 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1379 offset += 4;
1380
1381 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_vc_label_cos_value, tvb, offset, 4, ENC_BIG_ENDIAN);
1382 offset += 4;
1383
1384 return offset;
1385 }
1386
1387 /* sflow v5 MPLS FEC */
1388 static int
1389 dissect_sflow_5_extended_mpls_fec(tvbuff_t *tvb, proto_tree *tree, int offset) {
1390 uint32_t length;
1391
1392 length = tvb_get_ntohl(tvb, offset);
1393 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_description_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1394 offset += 4;
1395
1396 /* extract MPLS FTN description char by char */
1397 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_description, tvb, offset, length, ENC_NA|ENC_ASCII);
1398 offset += length;
1399 /* get the correct offset by adding padding byte count */
1400 if (length % 4)
1401 offset += (4 - length % 4);
1402
1403 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_ftn_mask, tvb, offset, 4, ENC_BIG_ENDIAN);
1404 offset += 4;
1405
1406 return offset;
1407 }
1408
1409 /* sflow v5 MPLS LVP FEC */
1410 static int
1411 dissect_sflow_5_extended_mpls_lvp_fec(tvbuff_t *tvb, proto_tree *tree, int offset) {
1412
1413 proto_tree_add_item(tree, hf_sflow_5_extended_mpls_fec_address_prefix_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1414 offset += 4;
1415 return offset;
1416 }
1417
1418 /* sflow v5 extended VLAN tunnel */
1419 static int
1420 dissect_sflow_5_extended_vlan_tunnel(tvbuff_t *tvb, proto_tree *tree, int offset) {
1421 uint32_t num, i;
1422
1423 num = tvb_get_ntohl(tvb, offset);
1424 proto_tree_add_item(tree, hf_sflow_5_extended_vlan_tunnel_number_of_layers, tvb, offset, 4, ENC_BIG_ENDIAN);
1425 offset += 4;
1426
1427 /* loop strip 802.1Q TPID/TCI layers. each TPID/TCI pair is represented as a
1428 single 32 bit integer layers listed from outermost to innermost */
1429 for (i = 0; i < num; i++) {
1430 proto_tree_add_item(tree, hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair, tvb, offset, 4, ENC_BIG_ENDIAN);
1431 offset += 4;
1432 }
1433
1434 return offset;
1435 }
1436
1437 /* sflow v5 extended 802.11 payload */
1438 static int
1439 dissect_sflow_5_extended_80211_payload(tvbuff_t *tvb, proto_tree *tree, int offset) {
1440 uint32_t cipher_suite, OUI, suite_type, length;
1441
1442 cipher_suite = tvb_get_ntohl(tvb, offset);
1443 OUI = cipher_suite >> 8;
1444 suite_type = cipher_suite & 0x000000ff;
1445
1446 if (OUI == 0x000FAC) {
1447 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_oui, tvb, offset, 3, OUI, "Default (0x%X)", OUI);
1448 offset += 3;
1449 proto_tree_add_item(tree, hf_sflow_5_extended_80211_suite_type, tvb, offset, 1, ENC_BIG_ENDIAN);
1450 } else {
1451 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_oui, tvb, offset, 3, OUI, "Other vendor (0x%X)", OUI);
1452 offset += 3;
1453 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_suite_type, tvb, offset, 1,
1454 suite_type, "vendor specific (%u)", suite_type);
1455 }
1456 offset++;
1457
1458 length = tvb_get_ntohl(tvb, offset);
1459 proto_tree_add_item(tree, hf_sflow_5_extended_80211_payload_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1460 offset += 4;
1461
1462 /* extract data byte by byte */
1463 proto_tree_add_item(tree, hf_sflow_5_extended_80211_payload, tvb, offset, length, ENC_NA);
1464 offset += length;
1465 /* get the correct offset by adding padding byte count */
1466 if (length % 4)
1467 offset += (4 - length % 4);
1468
1469 return offset;
1470 }
1471
1472 /* sflow v5 extended 802.11 rx */
1473 static int
1474 dissect_sflow_5_extended_80211_rx(tvbuff_t *tvb, proto_tree *tree, int offset) {
1475 uint32_t ssid_length, duration;
1476
1477 /* extract SSID char by char. max char count = 32 */
1478 ssid_length = tvb_get_ntohl(tvb, offset);
1479 offset += 4;
1480 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_ssid, tvb, offset, ssid_length, ENC_NA|ENC_ASCII);
1481 offset += ssid_length;
1482 /* get the correct offset by adding padding byte count */
1483 if (ssid_length % 4)
1484 offset += (4 - ssid_length % 4);
1485
1486 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_bssid, tvb, offset, 6, ENC_NA);
1487 /* Padded to 4 byte offset */
1488 offset += 8;
1489
1490 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_version, tvb, offset, 4, ENC_BIG_ENDIAN);
1491 offset += 4;
1492
1493 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
1494 offset += 4;
1495
1496 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_speed, tvb, offset, 8, ENC_BIG_ENDIAN);
1497 offset += 8;
1498
1499 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_rsni, tvb, offset, 4, ENC_BIG_ENDIAN);
1500 offset += 4;
1501
1502 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_rcpi, tvb, offset, 4, ENC_BIG_ENDIAN);
1503 offset += 4;
1504
1505 duration = tvb_get_ntohl(tvb, offset);
1506 if (duration == 0) {
1507 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_rx_packet_duration, tvb, offset, 4, duration, "Unknown");
1508 } else {
1509 proto_tree_add_item(tree, hf_sflow_5_extended_80211_rx_packet_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1510 }
1511 offset += 4;
1512
1513 return offset;
1514 }
1515
1516 /* sflow v5 extended 802.11 tx */
1517 static int
1518 dissect_sflow_5_extended_80211_tx(tvbuff_t *tvb, proto_tree *tree, int offset) {
1519 uint32_t ssid_length, transmissions, packet_duration, retrans_duration;
1520
1521 /* extract SSID char by char. max char count = 32 */
1522 ssid_length = tvb_get_ntohl(tvb, offset);
1523 if (ssid_length > 32)
1524 ssid_length = 32;
1525 offset += 4;
1526 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_ssid, tvb, offset, ssid_length, ENC_NA|ENC_ASCII);
1527 offset += ssid_length;
1528 /* get the correct offset by adding padding byte count */
1529 if (ssid_length % 4)
1530 offset += (4 - ssid_length % 4);
1531
1532 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_bssid, tvb, offset, 6, ENC_NA);
1533 /* Padded to 4 byte offset */
1534 offset += 8;
1535
1536 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_version, tvb, offset, 4, ENC_BIG_ENDIAN);
1537 offset += 4;
1538
1539 transmissions = tvb_get_ntohl(tvb, offset);
1540 switch (transmissions) {
1541 case 0:
1542 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4,
1543 0, "Unknown");
1544 break;
1545 case 1:
1546 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4,
1547 1, "Packet transmitted successfully on first attempt");
1548 break;
1549 default:
1550 proto_tree_add_uint(tree, hf_sflow_5_extended_80211_tx_retransmissions, tvb, offset, 4, transmissions - 1);
1551 break;
1552 }
1553 offset += 4;
1554
1555 packet_duration = tvb_get_ntohl(tvb, offset);
1556 if (packet_duration == 0) {
1557 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_packet_duration, tvb, offset, 4, packet_duration, "Unknown");
1558 } else {
1559 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_packet_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1560 }
1561 offset += 4;
1562
1563 retrans_duration = tvb_get_ntohl(tvb, offset);
1564 if (retrans_duration == 0) {
1565 proto_tree_add_uint_format_value(tree, hf_sflow_5_extended_80211_tx_retransmission_duration, tvb, offset, 4, retrans_duration, "Unknown");
1566 } else {
1567 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_retransmission_duration, tvb, offset, 4, ENC_BIG_ENDIAN);
1568 }
1569 offset += 4;
1570
1571 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_channel, tvb, offset, 4, ENC_BIG_ENDIAN);
1572 offset += 4;
1573
1574 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_speed, tvb, offset, 8, ENC_BIG_ENDIAN);
1575 offset += 8;
1576
1577 proto_tree_add_item(tree, hf_sflow_5_extended_80211_tx_power, tvb, offset, 4, ENC_BIG_ENDIAN);
1578 offset += 4;
1579
1580 return offset;
1581 }
1582
1583 /* sflow v5 extended 802.11 aggregation */
1584 static int
1585 dissect_sflow_5_extended_80211_aggregation(tvbuff_t *tvb _U_, proto_tree *tree _U_, int offset) {
1586
1587 return offset;
1588 }
1589
1590 /* dissect an sflow v2/4 flow sample */
1591 static int
1592 dissect_sflow_24_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
1593 proto_tree *tree, int offset, proto_item *parent) {
1594 uint32_t sequence_number, sampling_rate, output;
1595
1596 proto_tree *extended_data_tree;
1597 proto_item *ti;
1598 uint32_t packet_type, extended_data, ext_type, i;
1599
1600 sequence_number = tvb_get_ntohl(tvb, offset);
1601 proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
1602 proto_item_append_text(parent, ", seq %u", sequence_number);
1603 proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_class, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1604 proto_tree_add_item(tree, hf_sflow_flow_sample_index, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1605 sampling_rate = tvb_get_ntohl(tvb, offset + 8);
1606 proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset + 8, 4,
1607 sampling_rate, "1 out of %u packets",
1608 sampling_rate);
1609
1610 proto_tree_add_item(tree, hf_sflow_flow_sample_sample_pool, tvb, offset + 12, 4, ENC_BIG_ENDIAN);
1611 proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset + 16, 4, ENC_BIG_ENDIAN);
1612 proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface, tvb, offset + 20, 4, ENC_BIG_ENDIAN);
1613 output = tvb_get_ntohl(tvb, offset + 24);
1614 if (output & 0x80000000) {
1615 output & 0x7fffffff ?
1616 proto_tree_add_uint_format_value(tree, hf_sflow_24_flow_sample_multiple_outputs, tvb, offset + 24, 4,
1617 output & 0x7fffffff, "%u interfaces", output & 0x7fffffff) :
1618 proto_tree_add_uint_format_value(tree, hf_sflow_24_flow_sample_multiple_outputs, tvb, offset + 24, 4,
1619 0x80000000, "unknown number");
1620 } else {
1621 proto_tree_add_item(tree, hf_sflow_24_flow_sample_output_interface, tvb, offset + 24, 4, ENC_BIG_ENDIAN);
1622 }
1623 offset += 28;
1624
1625 /* what kind of flow sample is it? */
1626 packet_type = tvb_get_ntohl(tvb, offset);
1627 proto_tree_add_item(tree, hf_sflow_245_packet_information_type, tvb, offset, 4, ENC_BIG_ENDIAN);
1628 offset += 4;
1629 switch (packet_type) {
1630 case SFLOW_245_PACKET_DATA_TYPE_HEADER:
1631 offset = dissect_sflow_245_sampled_header(tvb, pinfo, tree, offset);
1632 break;
1633 case SFLOW_245_PACKET_DATA_TYPE_IPV4:
1634 case SFLOW_245_PACKET_DATA_TYPE_IPV6:
1635 default:
1636 break;
1637 }
1638 /* still need to dissect extended data */
1639 extended_data = tvb_get_ntohl(tvb, offset);
1640 offset += 4;
1641
1642 for (i = 0; i < extended_data; i++) {
1643 /* figure out what kind of extended data it is */
1644 ext_type = tvb_get_ntohl(tvb, offset);
1645
1646 /* create a subtree. Might want to move this to
1647 * the end, so more info can be correct.
1648 */
1649 ti = proto_tree_add_uint(tree, hf_sflow_245_extended_information_type, tvb, offset, 4, ext_type);
1650 extended_data_tree = proto_item_add_subtree(ti, ett_sflow_245_extended_data);
1651 offset += 4;
1652
1653 switch (ext_type) {
1654 case SFLOW_245_EXTENDED_SWITCH:
1655 offset = dissect_sflow_245_extended_switch(tvb, extended_data_tree, offset);
1656 break;
1657 case SFLOW_245_EXTENDED_ROUTER:
1658 offset = dissect_sflow_245_extended_router(tvb, pinfo, extended_data_tree, offset);
1659 break;
1660 case SFLOW_245_EXTENDED_GATEWAY:
1661 offset = dissect_sflow_245_extended_gateway(tvb, pinfo, extended_data_tree, offset);
1662 break;
1663 case SFLOW_245_EXTENDED_USER:
1664 break;
1665 case SFLOW_245_EXTENDED_URL:
1666 break;
1667 default:
1668 break;
1669 }
1670 proto_item_set_end(ti, tvb, offset);
1671 }
1672 return offset;
1673
1674 }
1675
1676 /* dissect an sflow v5 flow record */
1677 static int
1678 dissect_sflow_5_flow_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset) {
1679 proto_tree *flow_data_tree;
1680 proto_item *ti;
1681 uint32_t enterprise_format, enterprise, format;
1682
1683 /* what kind of flow sample is it? */
1684 enterprise_format = tvb_get_ntohl(tvb, offset);
1685 enterprise = enterprise_format >> 12;
1686 format = enterprise_format & 0x00000fff;
1687
1688 /* only accept default enterprise 0 (InMon sFlow) */
1689 if (enterprise == ENTERPRISE_DEFAULT) {
1690 flow_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_flow_record, &ti,
1691 val_to_str_ext_const(format, &sflow_5_flow_record_type_ext, "Unknown sample format"));
1692
1693 proto_tree_add_uint_format_value(flow_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1694 enterprise, "standard sFlow (%u)", enterprise);
1695 proto_tree_add_item(flow_data_tree, hf_sflow_5_flow_record_format, tvb, offset, 4, ENC_BIG_ENDIAN);
1696 offset += 4;
1697
1698 proto_tree_add_item(flow_data_tree, hf_sflow_5_flow_data_length, tvb, offset, 4, ENC_BIG_ENDIAN);
1699 offset += 4;
1700
1701 switch (format) {
1702 case SFLOW_5_RAW_PACKET_HEADER:
1703 offset = dissect_sflow_245_sampled_header(tvb, pinfo, flow_data_tree, offset);
1704 break;
1705 case SFLOW_5_ETHERNET_FRAME:
1706 offset = dissect_sflow_5_ethernet_frame(tvb, flow_data_tree, offset);
1707 break;
1708 case SFLOW_5_IPV4:
1709 offset = dissect_sflow_5_ipv4(tvb, flow_data_tree, offset);
1710 break;
1711 case SFLOW_5_IPV6:
1712 offset = dissect_sflow_5_ipv6(tvb, flow_data_tree, offset);
1713 break;
1714 case SFLOW_5_SWITCH:
1715 offset = dissect_sflow_245_extended_switch(tvb, flow_data_tree, offset);
1716 break;
1717 case SFLOW_5_ROUTER:
1718 offset = dissect_sflow_245_extended_router(tvb, pinfo, flow_data_tree, offset);
1719 break;
1720 case SFLOW_5_GATEWAY:
1721 offset = dissect_sflow_245_extended_gateway(tvb, pinfo, flow_data_tree, offset);
1722 break;
1723 case SFLOW_5_USER:
1724 offset = dissect_sflow_5_extended_user(tvb, flow_data_tree, offset);
1725 break;
1726 case SFLOW_5_URL:
1727 offset = dissect_sflow_5_extended_url(tvb, flow_data_tree, offset);
1728 break;
1729 case SFLOW_5_MPLS_DATA:
1730 offset = dissect_sflow_5_extended_mpls_data(tvb, pinfo, flow_data_tree, offset);
1731 break;
1732 case SFLOW_5_NAT:
1733 offset = dissect_sflow_5_extended_nat(tvb, pinfo, flow_data_tree, offset);
1734 break;
1735 case SFLOW_5_MPLS_TUNNEL:
1736 offset = dissect_sflow_5_extended_mpls_tunnel(tvb, flow_data_tree, offset);
1737 break;
1738 case SFLOW_5_MPLS_VC:
1739 offset = dissect_sflow_5_extended_mpls_vc(tvb, flow_data_tree, offset);
1740 break;
1741 case SFLOW_5_MPLS_FEC:
1742 offset = dissect_sflow_5_extended_mpls_fec(tvb, flow_data_tree, offset);
1743 break;
1744 case SFLOW_5_MPLS_LVP_FEC:
1745 offset = dissect_sflow_5_extended_mpls_lvp_fec(tvb, flow_data_tree, offset);
1746 break;
1747 case SFLOW_5_VLAN_TUNNEL:
1748 offset = dissect_sflow_5_extended_vlan_tunnel(tvb, flow_data_tree, offset);
1749 break;
1750 case SFLOW_5_80211_PAYLOAD:
1751 offset = dissect_sflow_5_extended_80211_payload(tvb, flow_data_tree, offset);
1752 break;
1753 case SFLOW_5_80211_RX:
1754 offset = dissect_sflow_5_extended_80211_rx(tvb, flow_data_tree, offset);
1755 break;
1756 case SFLOW_5_80211_TX:
1757 offset = dissect_sflow_5_extended_80211_tx(tvb, flow_data_tree, offset);
1758 break;
1759 case SFLOW_5_80211_AGGREGATION:
1760 offset = dissect_sflow_5_extended_80211_aggregation(tvb, flow_data_tree, offset);
1761 break;
1762 default:
1763 break;
1764 }
1765 } else {
1766 /* unknown enterprise format, what to do?? */
1767 uint32_t length;
1768
1769 flow_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1,
1770 ett_sflow_5_flow_record, &ti, "Unknown enterprise format");
1771 proto_tree_add_uint_format_value(flow_data_tree, hf_sflow_enterprise, tvb, offset, 4,
1772 enterprise, "Non-standard sFlow (%u)", enterprise);
1773 offset += 4;
1774 /* get length */
1775 proto_tree_add_item_ret_uint(flow_data_tree, hf_sflow_enterprise_length, tvb, offset, 4, ENC_BIG_ENDIAN, &length);
1776 offset += 4;
1777 /* show data as bytes */
1778 proto_tree_add_item(flow_data_tree, hf_sflow_enterprise_data, tvb, offset, length, ENC_NA);
1779 offset += length;
1780 /* get the correct offset by adding padding byte count */
1781 if (length % 4)
1782 offset += (4 - length % 4);
1783 }
1784 proto_item_set_end(ti, tvb, offset);
1785
1786 return offset;
1787 }
1788
1789 /* dissect generic interface counters */
1790 static int
1791 dissect_sflow_5_generic_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1792
1793 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifindex, tvb, offset, 4, ENC_BIG_ENDIAN);
1794 offset += 4;
1795 proto_tree_add_item(counter_data_tree, hf_sflow_245_iftype, tvb, offset, 4, ENC_BIG_ENDIAN);
1796 offset += 4;
1797 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifspeed, tvb, offset, 8, ENC_BIG_ENDIAN);
1798 offset += 8;
1799 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifdirection, tvb, offset, 4, ENC_BIG_ENDIAN);
1800 offset += 4;
1801 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifadmin_status, tvb, offset, 4, ENC_BIG_ENDIAN);
1802 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoper_status, tvb, offset, 4, ENC_BIG_ENDIAN);
1803 offset += 4;
1804 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinoct, tvb, offset, 8, ENC_BIG_ENDIAN);
1805 offset += 8;
1806 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
1807 offset += 4;
1808 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1809 offset += 4;
1810 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1811 offset += 4;
1812 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifindisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1813 offset += 4;
1814 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinerr, tvb, offset, 4, ENC_BIG_ENDIAN);
1815 offset += 4;
1816 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifinunk, tvb, offset, 4, ENC_BIG_ENDIAN);
1817 offset += 4;
1818 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutoct, tvb, offset, 8, ENC_BIG_ENDIAN);
1819 offset += 8;
1820 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
1821 offset += 4;
1822 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1823 offset += 4;
1824 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
1825 offset += 4;
1826 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifoutdisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1827 offset += 4;
1828 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifouterr, tvb, offset, 4, ENC_BIG_ENDIAN);
1829 offset += 4;
1830 proto_tree_add_item(counter_data_tree, hf_sflow_245_ifpromisc, tvb, offset, 4, ENC_BIG_ENDIAN);
1831 offset += 4;
1832
1833 return offset;
1834 }
1835
1836 /* dissect ethernet interface counters */
1837 static int
1838 dissect_sflow_5_ethernet_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1839
1840 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsAlignmentErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1841 offset += 4;
1842 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsFCSErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1843 offset += 4;
1844 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSingleCollisionFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1845 offset += 4;
1846 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsMultipleCollisionFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1847 offset += 4;
1848 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSQETestErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1849 offset += 4;
1850 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsDeferredTransmissions, tvb, offset, 4, ENC_BIG_ENDIAN);
1851 offset += 4;
1852 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsLateCollisions, tvb, offset, 4, ENC_BIG_ENDIAN);
1853 offset += 4;
1854 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsExcessiveCollisions, tvb, offset, 4, ENC_BIG_ENDIAN);
1855 offset += 4;
1856 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsInternalMacTransmitErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1857 offset += 4;
1858 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsCarrierSenseErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1859 offset += 4;
1860 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsFrameTooLongs, tvb, offset, 4, ENC_BIG_ENDIAN);
1861 offset += 4;
1862 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsInternalMacReceiveErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1863 offset += 4;
1864 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot3StatsSymbolErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1865 offset += 4;
1866
1867 return offset;
1868 }
1869
1870 /* dissect token ring counters */
1871 static int
1872 dissect_sflow_5_token_ring(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1873
1874 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLineErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1875 offset += 4;
1876 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsBurstErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1877 offset += 4;
1878 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsACErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1879 offset += 4;
1880 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsAbortTransErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1881 offset += 4;
1882 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsInternalErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1883 offset += 4;
1884 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLostFrameErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1885 offset += 4;
1886 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsReceiveCongestions, tvb, offset, 4, ENC_BIG_ENDIAN);
1887 offset += 4;
1888 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsFrameCopiedErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1889 offset += 4;
1890 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsTokenErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1891 offset += 4;
1892 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSoftErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1893 offset += 4;
1894 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsHardErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1895 offset += 4;
1896 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSignalLoss, tvb, offset, 4, ENC_BIG_ENDIAN);
1897 offset += 4;
1898 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsTransmitBeacons, tvb, offset, 4, ENC_BIG_ENDIAN);
1899 offset += 4;
1900 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsRecoveries, tvb, offset, 4, ENC_BIG_ENDIAN);
1901 offset += 4;
1902 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsLobeWires, tvb, offset, 4, ENC_BIG_ENDIAN);
1903 offset += 4;
1904 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsRemoves, tvb, offset, 4, ENC_BIG_ENDIAN);
1905 offset += 4;
1906 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsSingles, tvb, offset, 4, ENC_BIG_ENDIAN);
1907 offset += 4;
1908 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot5StatsFreqErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1909 offset += 4;
1910
1911 return offset;
1912 }
1913
1914 /* dissect 100 BaseVG interface counters */
1915 static int
1916 dissect_sflow_5_vg_interface(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1917
1918 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InHighPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1919 offset += 4;
1920 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1921 offset += 8;
1922 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNormPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1923 offset += 4;
1924 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNormPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1925 offset += 8;
1926 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InIPMErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1927 offset += 4;
1928 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InOversizeFrameErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1929 offset += 4;
1930 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InDataErrors, tvb, offset, 4, ENC_BIG_ENDIAN);
1931 offset += 4;
1932 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12InNullAddressedFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1933 offset += 4;
1934 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12OutHighPriorityFrames, tvb, offset, 4, ENC_BIG_ENDIAN);
1935 offset += 4;
1936 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12OutHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1937 offset += 8;
1938 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12TransitionIntoTrainings, tvb, offset, 4, ENC_BIG_ENDIAN);
1939 offset += 4;
1940 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCInHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1941 offset += 8;
1942 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCInNormPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1943 offset += 8;
1944 proto_tree_add_item(counter_data_tree, hf_sflow_245_dot12HCOutHighPriorityOctets, tvb, offset, 8, ENC_BIG_ENDIAN);
1945 offset += 8;
1946
1947 return offset;
1948 }
1949
1950 /* dissect VLAN counters */
1951 static int
1952 dissect_sflow_5_vlan(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1953
1954 proto_tree_add_item(counter_data_tree, hf_sflow_245_vlan_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1955 offset += 4;
1956 proto_tree_add_item(counter_data_tree, hf_sflow_245_octets, tvb, offset, 8, ENC_BIG_ENDIAN);
1957 offset += 8;
1958 proto_tree_add_item(counter_data_tree, hf_sflow_245_ucastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1959 offset += 4;
1960 proto_tree_add_item(counter_data_tree, hf_sflow_245_multicastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1961 offset += 4;
1962 proto_tree_add_item(counter_data_tree, hf_sflow_245_broadcastPkts, tvb, offset, 4, ENC_BIG_ENDIAN);
1963 offset += 4;
1964 proto_tree_add_item(counter_data_tree, hf_sflow_245_discards, tvb, offset, 4, ENC_BIG_ENDIAN);
1965 offset += 4;
1966
1967 return offset;
1968 }
1969
1970 static int * const sflow_5_lag_port_state_flags[] = {
1971 &hf_sflow_5_lag_port_actoradminstate,
1972 &hf_sflow_5_lag_port_actoroperstate,
1973 &hf_sflow_5_lag_port_partneradminstate,
1974 &hf_sflow_5_lag_port_partneroperstate,
1975 NULL
1976 };
1977
1978 static int
1979 dissect_sflow_5_lag(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
1980 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_actorsystemid, tvb, offset, 6, ENC_NA);
1981 offset += 6;
1982 /* XDR requires 4-byte alignment */
1983 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_padding, tvb, offset, 2, ENC_NA);
1984 offset += 2;
1985 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_partneropersystemid, tvb, offset, 6, ENC_NA);
1986 offset += 6;
1987 /* XDR requires 4-byte alignment */
1988 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_padding, tvb, offset, 2, ENC_NA);
1989 offset += 2;
1990 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_attachedaggid, tvb, offset, 4, ENC_BIG_ENDIAN);
1991 offset += 4;
1992 proto_tree_add_bitmask(counter_data_tree, tvb, offset, hf_sflow_lag_port_state, ett_sflow_lag_port_state_flags, sflow_5_lag_port_state_flags, ENC_BIG_ENDIAN);
1993 offset += 4;
1994 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_lacpdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
1995 offset += 4;
1996 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_markerpdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
1997 offset += 4;
1998 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_markerresponsepdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
1999 offset += 4;
2000 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_unknownrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2001 offset += 4;
2002 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_illegalrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2003 offset += 4;
2004 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_lacpdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2005 offset += 4;
2006 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_markerpdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2007 offset += 4;
2008 proto_tree_add_item(counter_data_tree, hf_sflow_lag_port_stats_markerresponsepdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2009 offset += 4;
2010
2011 return offset;
2012 }
2013
2014 /* dissect 802.11 counters */
2015 static int
2016 dissect_sflow_5_80211_counters(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
2017
2018 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11TransmittedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2019 offset += 4;
2020 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MulticastTransmittedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2021 offset += 4;
2022 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FailedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2023 offset += 4;
2024 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RetryCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2025 offset += 4;
2026 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MultipleRetryCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2027 offset += 4;
2028 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FrameDuplicateCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2029 offset += 4;
2030 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RTSSuccessCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2031 offset += 4;
2032 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11RTSFailureCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2033 offset += 4;
2034 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11ACKFailureCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2035 offset += 4;
2036 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11ReceivedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2037 offset += 4;
2038 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11MulticastReceivedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2039 offset += 4;
2040 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11FCSErrorCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2041 offset += 4;
2042 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11TransmittedFrameCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2043 offset += 4;
2044 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11WEPUndecryptableCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2045 offset += 4;
2046 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSDiscardedFragmentCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2047 offset += 4;
2048 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11AssociatedStationCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2049 offset += 4;
2050 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsReceivedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2051 offset += 4;
2052 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsUnusedCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2053 offset += 4;
2054 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsUnusableCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2055 offset += 4;
2056 proto_tree_add_item(counter_data_tree, hf_sflow_5_dot11QoSCFPollsLostCount, tvb, offset, 4, ENC_BIG_ENDIAN);
2057 offset += 4;
2058
2059 return offset;
2060 }
2061
2062 /* dissect processor information */
2063 static int
2064 dissect_sflow_5_processor_information(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
2065
2066 proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_5s, tvb, offset, 4, ENC_BIG_ENDIAN);
2067 offset += 4;
2068 proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_1m, tvb, offset, 4, ENC_BIG_ENDIAN);
2069 offset += 4;
2070 proto_tree_add_item(counter_data_tree, hf_sflow_5_cpu_5m, tvb, offset, 4, ENC_BIG_ENDIAN);
2071 offset += 4;
2072 proto_tree_add_item(counter_data_tree, hf_sflow_5_total_memory, tvb, offset, 8, ENC_BIG_ENDIAN);
2073 offset += 8;
2074 proto_tree_add_item(counter_data_tree, hf_sflow_5_free_memory, tvb, offset, 8, ENC_BIG_ENDIAN);
2075 offset += 8;
2076
2077 return offset;
2078 }
2079
2080 /* dissect radio utilization */
2081 static int
2082 dissect_sflow_5_radio_utilization(proto_tree *counter_data_tree, tvbuff_t *tvb, int offset) {
2083
2084 proto_tree_add_item(counter_data_tree, hf_sflow_5_elapsed_time, tvb, offset, 4, ENC_BIG_ENDIAN);
2085 offset += 4;
2086 proto_tree_add_item(counter_data_tree, hf_sflow_5_on_channel_time, tvb, offset, 4, ENC_BIG_ENDIAN);
2087 offset += 4;
2088 proto_tree_add_item(counter_data_tree, hf_sflow_5_on_channel_busy_time, tvb, offset, 4, ENC_BIG_ENDIAN);
2089 offset += 4;
2090
2091 return offset;
2092 }
2093
2094 /* dissect an sflow v5 counters record */
2095 static int
2096 dissect_sflow_5_counters_record(tvbuff_t *tvb, proto_tree *tree, int offset) {
2097 proto_tree *counter_data_tree;
2098 proto_item *ti;
2099 uint32_t enterprise_format, enterprise, format;
2100
2101 /* what kind of flow sample is it? */
2102 enterprise_format = tvb_get_ntohl(tvb, offset);
2103 enterprise = enterprise_format >> 12;
2104 format = enterprise_format & 0x00000fff;
2105
2106 if (enterprise == ENTERPRISE_DEFAULT) { /* only accept default enterprise 0 (InMon sFlow) */
2107 counter_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_5_counters_record, &ti,
2108 val_to_str_const(format, sflow_5_counters_record_type, "Unknown sample format"));
2109
2110 proto_tree_add_uint_format_value(counter_data_tree, hf_sflow_enterprise, tvb, offset, 4,
2111 enterprise, "standard sFlow (%u)", enterprise);
2112
2113 proto_tree_add_item(counter_data_tree, hf_sflow_5_counters_record_format, tvb, offset, 4, ENC_BIG_ENDIAN);
2114 offset += 4;
2115
2116 proto_tree_add_item(counter_data_tree, hf_sflow_5_flow_data_length, tvb, offset, 4, ENC_BIG_ENDIAN);
2117 offset += 4;
2118
2119 switch (format) {
2120 case SFLOW_5_GENERIC_INTERFACE:
2121 offset = dissect_sflow_5_generic_interface(counter_data_tree, tvb, offset);
2122 break;
2123 case SFLOW_5_ETHERNET_INTERFACE:
2124 offset = dissect_sflow_5_ethernet_interface(counter_data_tree, tvb, offset);
2125 break;
2126 case SFLOW_5_TOKEN_RING:
2127 offset = dissect_sflow_5_token_ring(counter_data_tree, tvb, offset);
2128 break;
2129 case SFLOW_5_100BASE_VG_INTERFACE:
2130 offset = dissect_sflow_5_vg_interface(counter_data_tree, tvb, offset);
2131 break;
2132 case SFLOW_5_VLAN:
2133 offset = dissect_sflow_5_vlan(counter_data_tree, tvb, offset);
2134 break;
2135 case SFLOW_5_LAG:
2136 offset = dissect_sflow_5_lag(counter_data_tree, tvb, offset);
2137 break;
2138 case SFLOW_5_80211_COUNTERS:
2139 offset = dissect_sflow_5_80211_counters(counter_data_tree, tvb, offset);
2140 break;
2141 case SFLOW_5_PROCESSOR:
2142 offset = dissect_sflow_5_processor_information(counter_data_tree, tvb, offset);
2143 break;
2144 case SFLOW_5_RADIO_UTILIZATION:
2145 offset = dissect_sflow_5_radio_utilization(counter_data_tree, tvb, offset);
2146 break;
2147 default:
2148 break;
2149 }
2150 } else { /* unknown enterprise format, what to do?? */
2151 uint32_t length;
2152
2153 counter_data_tree = proto_tree_add_subtree(tree, tvb, offset, -1,
2154 ett_sflow_5_counters_record, &ti, "Unknown enterprise format");
2155 proto_tree_add_uint_format_value(counter_data_tree, hf_sflow_enterprise, tvb, offset, 4,
2156 enterprise, "Non-standard sFlow (%u)", enterprise);
2157 offset += 4;
2158 /* get length */
2159 proto_tree_add_item_ret_uint(counter_data_tree, hf_sflow_enterprise_length, tvb, offset, 4, ENC_BIG_ENDIAN, &length);
2160 offset += 4;
2161 /* show data as bytes */
2162 proto_tree_add_item(counter_data_tree, hf_sflow_enterprise_data, tvb, offset, length, ENC_NA);
2163 offset += length;
2164 /* get the correct offset by adding padding byte count */
2165 if (length % 4)
2166 offset += (4 - length % 4);
2167 }
2168 proto_item_set_end(ti, tvb, offset);
2169
2170 return offset;
2171 }
2172
2173 /* dissect an sflow v5 flow sample */
2174 static void
2175 dissect_sflow_5_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
2176 proto_tree *tree, int offset, proto_item *parent) {
2177
2178 uint32_t sequence_number, sampling_rate,
2179 output, records, i, output_format;
2180 proto_item *ti;
2181 proto_tree *output_interface_tree;
2182
2183 sequence_number = tvb_get_ntohl(tvb, offset);
2184 proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2185 offset += 4;
2186 proto_item_append_text(parent, ", seq %u", sequence_number);
2187
2188 proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_class, tvb, offset, 4, ENC_BIG_ENDIAN);
2189 proto_tree_add_item(tree, hf_sflow_flow_sample_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2190 offset += 4;
2191 sampling_rate = tvb_get_ntohl(tvb, offset);
2192 proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset, 4,
2193 sampling_rate, "1 out of %u packets", sampling_rate);
2194 offset += 4;
2195 proto_tree_add_item(tree, hf_sflow_flow_sample_sample_pool, tvb, offset, 4, ENC_BIG_ENDIAN);
2196 offset += 4;
2197 proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset, 4, ENC_BIG_ENDIAN);
2198 offset += 4;
2199 proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface, tvb, offset, 4, ENC_BIG_ENDIAN);
2200 offset += 4;
2201 ti = proto_tree_add_item_ret_uint(tree, hf_sflow_5_flow_sample_output_interface, tvb, offset, 4, ENC_BIG_ENDIAN, &output);
2202 output_interface_tree = proto_item_add_subtree(ti, ett_sflow_5_output_interface);
2203 output_format = output >> 30;
2204 proto_tree_add_item(output_interface_tree, hf_sflow_5_flow_sample_output_interface_form, tvb, offset, 4, ENC_BIG_ENDIAN);
2205 switch(output_format) {
2206 case SFLOW_5_INT_FORMAT_DISCARD:
2207 proto_tree_add_item(output_interface_tree, hf_sflow_5_flow_sample_output_interface_val_discard, tvb, offset, 4, ENC_BIG_ENDIAN);
2208 break;
2209 case SFLOW_5_INT_FORMAT_MULTIPLE:
2210 ti =proto_tree_add_item(output_interface_tree, hf_sflow_5_flow_sample_output_interface_val, tvb, offset, 4, ENC_BIG_ENDIAN);
2211 if (output == 0x80000000) {
2212 proto_item_append_text(ti, " unknown number of interfaces greater than 1");
2213 }
2214 break;
2215 case SFLOW_5_INT_FORMAT_IFINDEX:
2216 default:
2217 proto_tree_add_item(output_interface_tree, hf_sflow_5_flow_sample_output_interface_val, tvb, offset, 4, ENC_BIG_ENDIAN);
2218 break;
2219 }
2220 offset += 4;
2221 records = tvb_get_ntohl(tvb, offset);
2222 proto_tree_add_item(tree, hf_sflow_flow_sample_flow_record, tvb, offset, 4, ENC_BIG_ENDIAN);
2223 offset += 4;
2224
2225 /* start loop processing flow records */
2226 /* we set an upper records limit to 255 in case corrupted data causes
2227 * huge number of loops! */
2228 for (i = 0; i < (records&0x000000ff); i++) {
2229 offset = dissect_sflow_5_flow_record(tvb, pinfo, tree, offset);
2230 }
2231
2232 }
2233
2234 /* dissect an expanded flow sample */
2235 static void
2236 dissect_sflow_5_expanded_flow_sample(tvbuff_t *tvb, packet_info *pinfo,
2237 proto_tree *tree, int offset, proto_item *parent) {
2238
2239 proto_item *ti;
2240 uint32_t sequence_number, sampling_rate, records, i, output_format, output_value;
2241
2242 sequence_number = tvb_get_ntohl(tvb, offset);
2243 proto_tree_add_item(tree, hf_sflow_flow_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2244 offset += 4;
2245 proto_item_append_text(parent, ", seq %u", sequence_number);
2246 proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2247 offset += 4;
2248 proto_tree_add_item(tree, hf_sflow_flow_sample_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2249 offset += 4;
2250 sampling_rate = tvb_get_ntohl(tvb, offset);
2251 proto_tree_add_uint_format_value(tree, hf_sflow_flow_sample_sampling_rate, tvb, offset, 4,
2252 sampling_rate, "1 out of %u packets", sampling_rate);
2253 offset += 4;
2254 proto_tree_add_item(tree, hf_sflow_flow_sample_sample_pool, tvb, offset, 4, ENC_BIG_ENDIAN);
2255 offset += 4;
2256 proto_tree_add_item(tree, hf_sflow_flow_sample_dropped_packets, tvb, offset, 4, ENC_BIG_ENDIAN);
2257 offset += 4;
2258 proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface_format, tvb, offset, 4, ENC_BIG_ENDIAN);
2259 offset += 4;
2260 proto_tree_add_item(tree, hf_sflow_flow_sample_input_interface_value, tvb, offset, 4, ENC_BIG_ENDIAN);
2261 offset += 4;
2262 proto_tree_add_item_ret_uint(tree, hf_sflow_5_flow_sample_output_interface_expanded_format, tvb, offset, 4, ENC_BIG_ENDIAN, &output_format);
2263 offset += 4;
2264 switch(output_format) {
2265 case SFLOW_5_INT_FORMAT_DISCARD:
2266 proto_tree_add_item(tree, hf_sflow_5_flow_sample_output_interface_expanded_value_discarded, tvb, offset, 4, ENC_BIG_ENDIAN);
2267 break;
2268 case SFLOW_5_INT_FORMAT_MULTIPLE:
2269 ti =proto_tree_add_item_ret_uint(tree, hf_sflow_5_flow_sample_output_interface_expanded_value_number, tvb, offset, 4, ENC_BIG_ENDIAN, &output_value);
2270 if (output_value == 0x0) {
2271 proto_item_append_text(ti, " unknown number of interfaces greater than 1");
2272 }
2273 break;
2274 case SFLOW_5_INT_FORMAT_IFINDEX:
2275 proto_tree_add_item(tree, hf_sflow_5_flow_sample_output_interface_expanded_value_ifindex, tvb, offset, 4, ENC_BIG_ENDIAN);
2276 break;
2277 default:
2278 proto_tree_add_item(tree, hf_sflow_5_flow_sample_output_interface_expanded_value, tvb, offset, 4, ENC_BIG_ENDIAN);
2279 break;
2280 }
2281 offset += 4;
2282 records = tvb_get_ntohl(tvb, offset);
2283 proto_tree_add_item(tree, hf_sflow_flow_sample_flow_record, tvb, offset, 4, ENC_BIG_ENDIAN);
2284 offset += 4;
2285
2286 /* start loop processing flow records
2287 * we limit record count to 255 in case corrupted data may cause huge number of loops */
2288 for (i = 0; i < (records&0x000000ff); i++) {
2289 offset = dissect_sflow_5_flow_record(tvb, pinfo, tree, offset);
2290 }
2291 }
2292
2293 /* dissect an sflow v2/4 counters sample */
2294 static int
2295 dissect_sflow_24_counters_sample(tvbuff_t *tvb, proto_tree *tree, int offset, proto_item *parent) {
2296
2297 uint32_t sequence_number, counters_type;
2298
2299 sequence_number = tvb_get_ntohl(tvb, offset);
2300 proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2301 proto_item_append_text(parent, ", seq %u", sequence_number);
2302
2303 proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_class, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
2304 proto_tree_add_item(tree, hf_sflow_counters_sample_index, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
2305 proto_tree_add_item(tree, hf_sflow_counters_sample_sampling_interval, tvb, offset + 8, 4, ENC_BIG_ENDIAN);
2306 counters_type = tvb_get_ntohl(tvb, offset + 12);
2307 proto_tree_add_item(tree, hf_sflow_counters_sample_counters_type, tvb, offset + 12, 4, ENC_BIG_ENDIAN);
2308
2309 offset += 16;
2310
2311 /* most counters types have the "generic" counters first */
2312 switch (counters_type) {
2313 case SFLOW_245_COUNTERS_GENERIC:
2314 case SFLOW_245_COUNTERS_ETHERNET:
2315 case SFLOW_245_COUNTERS_TOKENRING:
2316 case SFLOW_245_COUNTERS_FDDI:
2317 case SFLOW_245_COUNTERS_VG:
2318 case SFLOW_245_COUNTERS_WAN:
2319 proto_tree_add_item(tree, hf_sflow_245_ifindex, tvb, offset, 4, ENC_BIG_ENDIAN);
2320 proto_item_append_text(parent, ", ifIndex %u", tvb_get_ntohl(tvb, offset));
2321 offset += 4;
2322 proto_tree_add_item(tree, hf_sflow_245_iftype, tvb, offset, 4, ENC_BIG_ENDIAN);
2323 offset += 4;
2324 proto_tree_add_item(tree, hf_sflow_245_ifspeed, tvb, offset, 8, ENC_BIG_ENDIAN);
2325 offset += 8;
2326 proto_tree_add_item(tree, hf_sflow_245_ifdirection, tvb, offset, 4, ENC_BIG_ENDIAN);
2327 offset += 4;
2328 proto_tree_add_item(tree, hf_sflow_245_ifadmin_status, tvb, offset, 4, ENC_BIG_ENDIAN);
2329 proto_tree_add_item(tree, hf_sflow_245_ifoper_status, tvb, offset, 4, ENC_BIG_ENDIAN);
2330 offset += 4;
2331 proto_tree_add_item(tree, hf_sflow_245_ifinoct, tvb, offset, 8, ENC_BIG_ENDIAN);
2332 offset += 8;
2333 proto_tree_add_item(tree, hf_sflow_245_ifinpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
2334 offset += 4;
2335 proto_tree_add_item(tree, hf_sflow_245_ifinmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2336 offset += 4;
2337 proto_tree_add_item(tree, hf_sflow_245_ifinbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2338 offset += 4;
2339 proto_tree_add_item(tree, hf_sflow_245_ifindisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2340 offset += 4;
2341 proto_tree_add_item(tree, hf_sflow_245_ifinerr, tvb, offset, 4, ENC_BIG_ENDIAN);
2342 offset += 4;
2343 proto_tree_add_item(tree, hf_sflow_245_ifinunk, tvb, offset, 4, ENC_BIG_ENDIAN);
2344 offset += 4;
2345 proto_tree_add_item(tree, hf_sflow_245_ifoutoct, tvb, offset, 8, ENC_BIG_ENDIAN);
2346 offset += 8;
2347 proto_tree_add_item(tree, hf_sflow_245_ifoutpkt, tvb, offset, 4, ENC_BIG_ENDIAN);
2348 offset += 4;
2349 proto_tree_add_item(tree, hf_sflow_245_ifoutmcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2350 offset += 4;
2351 proto_tree_add_item(tree, hf_sflow_245_ifoutbcast, tvb, offset, 4, ENC_BIG_ENDIAN);
2352 offset += 4;
2353 proto_tree_add_item(tree, hf_sflow_245_ifoutdisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2354 offset += 4;
2355 proto_tree_add_item(tree, hf_sflow_245_ifouterr, tvb, offset, 4, ENC_BIG_ENDIAN);
2356 offset += 4;
2357 proto_tree_add_item(tree, hf_sflow_245_ifpromisc, tvb, offset, 4, ENC_BIG_ENDIAN);
2358 offset += 4;
2359 break;
2360 }
2361
2362 /* Some counter types have other info to gather */
2363 switch (counters_type) {
2364 case SFLOW_245_COUNTERS_ETHERNET:
2365 offset += (int)sizeof (struct ethernet_counters);
2366 break;
2367 case SFLOW_245_COUNTERS_TOKENRING:
2368 offset = dissect_sflow_5_token_ring(tree, tvb, offset);
2369 break;
2370 case SFLOW_245_COUNTERS_VG:
2371 offset = dissect_sflow_5_vg_interface(tree, tvb, offset);
2372 break;
2373 case SFLOW_245_COUNTERS_VLAN:
2374 offset = dissect_sflow_5_vlan(tree, tvb, offset);
2375 break;
2376 default:
2377 break;
2378 }
2379 return offset;
2380 }
2381
2382 /* dissect an sflow v5 counters sample */
2383 static void
2384 dissect_sflow_5_counters_sample(tvbuff_t *tvb, proto_tree *tree, int offset, proto_item *parent) {
2385 uint32_t sequence_number, records, i;
2386
2387 /* grab the flow header. This will remain in network byte
2388 order, so must convert each item before use */
2389 sequence_number = tvb_get_ntohl(tvb, offset);
2390 proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2391 proto_item_append_text(parent, ", seq %u", sequence_number);
2392 offset += 4;
2393 proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2394 proto_tree_add_item(tree, hf_sflow_counters_sample_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2395 offset += 4;
2396 records = tvb_get_ntohl(tvb, offset);
2397 proto_tree_add_item(tree, hf_sflow_counters_sample_counters_records, tvb, offset, 4, ENC_BIG_ENDIAN);
2398 offset += 4;
2399
2400 /* start loop processing counters records
2401 * limit record count to 255 in case corrupted data may cause huge number of loops */
2402 for (i = 0; i < (records&0x000000ff); i++) {
2403 offset = dissect_sflow_5_counters_record(tvb, tree, offset);
2404 }
2405 }
2406
2407 /* dissect an expanded counters sample */
2408 static void
2409 dissect_sflow_5_expanded_counters_sample(tvbuff_t *tvb, proto_tree *tree, int offset, proto_item *parent) {
2410 uint32_t sequence_number, records, i;
2411
2412 sequence_number = tvb_get_ntohl(tvb, offset);
2413 proto_tree_add_item(tree, hf_sflow_counters_sample_sequence_number, tvb, offset, 4, ENC_BIG_ENDIAN);
2414 proto_item_append_text(parent, ", seq %u", sequence_number);
2415 offset += 4;
2416 proto_tree_add_item(tree, hf_sflow_counters_sample_expanded_source_id_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2417 offset += 4;
2418 proto_tree_add_item(tree, hf_sflow_counters_sample_expanded_source_id_index, tvb, offset, 4, ENC_BIG_ENDIAN);
2419 offset += 4;
2420 records = tvb_get_ntohl(tvb, offset);
2421 proto_tree_add_item(tree, hf_sflow_counters_sample_counters_records, tvb, offset, 4, ENC_BIG_ENDIAN);
2422 offset += 4;
2423
2424 /* start loop processing counters records
2425 * limit record count to 255 in case corrupted data may cause huge number of loops */
2426 for (i = 0; i < (records&0x000000ff); i++) {
2427 offset = dissect_sflow_5_counters_record(tvb, tree, offset);
2428 }
2429 }
2430
2431 static int * const sflow_lag_port_state_flags[] = {
2432 &hf_sflow_lag_port_actoradminstate,
2433 &hf_sflow_lag_port_actoroperstate,
2434 &hf_sflow_lag_port_partneradminstate,
2435 &hf_sflow_lag_port_partneroperstate,
2436 &hf_sflow_lag_port_reserved,
2437 NULL
2438 };
2439
2440 /* dissect an LAG Port Stats ( http://www.sflow.org/sflow_lag.txt ) */
2441 static void
2442 dissect_sflow_5_lag_port_stats(tvbuff_t *tvb, proto_tree *tree, int offset, proto_item *parent _U_) {
2443
2444 proto_tree_add_item(tree, hf_sflow_lag_port_actorsystemid, tvb, offset, 6, ENC_NA);
2445 offset += 6;
2446
2447 proto_tree_add_item(tree, hf_sflow_lag_port_partneropersystemid, tvb, offset, 6, ENC_NA);
2448 offset += 6;
2449
2450 proto_tree_add_item(tree, hf_sflow_lag_port_attachedaggid, tvb, offset, 4, ENC_BIG_ENDIAN);
2451 offset += 4;
2452
2453 proto_tree_add_bitmask(tree, tvb, offset, hf_sflow_lag_port_state, ett_sflow_lag_port_state_flags, sflow_lag_port_state_flags, ENC_BIG_ENDIAN);
2454 offset += 4;
2455
2456 proto_tree_add_item(tree, hf_sflow_lag_port_stats_lacpdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2457 offset += 4;
2458
2459 proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerpdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2460 offset += 4;
2461
2462 proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerresponsepdusrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2463 offset += 4;
2464
2465 proto_tree_add_item(tree, hf_sflow_lag_port_stats_unknownrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2466 offset += 4;
2467
2468 proto_tree_add_item(tree, hf_sflow_lag_port_stats_illegalrx, tvb, offset, 4, ENC_BIG_ENDIAN);
2469 offset += 4;
2470
2471 proto_tree_add_item(tree, hf_sflow_lag_port_stats_lacpdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2472 offset += 4;
2473
2474 proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerpdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2475 offset += 4;
2476
2477 proto_tree_add_item(tree, hf_sflow_lag_port_stats_markerresponsepdustx, tvb, offset, 4, ENC_BIG_ENDIAN);
2478 /*offset += 4;*/
2479 }
2480
2481 /* Code to dissect the sflow v2/4/5 samples */
2482 static int
2483 dissect_sflow_245_samples(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, uint32_t version) {
2484 proto_tree *sflow_245_sample_tree;
2485 proto_item *ti; /* tree item */
2486 uint32_t sample_type, enterprise, format, length;
2487
2488 /* decide what kind of sample it is. */
2489 sample_type = tvb_get_ntohl(tvb, offset);
2490 if (version == 5) {
2491 enterprise = sample_type >> 12;
2492 format = sample_type & 0x00000fff;
2493
2494 if (enterprise == ENTERPRISE_DEFAULT) { /* only accept default enterprise 0 (InMon sFlow) */
2495 sflow_245_sample_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_245_sample, &ti,
2496 val_to_str_const(format, sflow_245_sampletype, "Unknown sample format"));
2497
2498 proto_tree_add_uint_format_value(sflow_245_sample_tree, hf_sflow_enterprise, tvb, offset, 4, enterprise, "standard sFlow (%u)", enterprise);
2499 proto_tree_add_item(sflow_245_sample_tree, hf_sflow_245_sampletype12, tvb, offset, 4, ENC_BIG_ENDIAN);
2500 offset += 4;
2501
2502 length = tvb_get_ntohl(tvb, offset);
2503 proto_tree_add_item(sflow_245_sample_tree, hf_sflow_5_sample_length, tvb, offset, 4, ENC_BIG_ENDIAN);
2504 offset += 4;
2505
2506 switch (format) {
2507 case FLOWSAMPLE:
2508 dissect_sflow_5_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2509 break;
2510 case COUNTERSSAMPLE:
2511 dissect_sflow_5_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2512 break;
2513 case EXPANDED_FLOWSAMPLE:
2514 dissect_sflow_5_expanded_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2515 break;
2516 case EXPANDED_COUNTERSSAMPLE:
2517 dissect_sflow_5_expanded_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2518 break;
2519 case LAG_PORT_STATS:
2520 dissect_sflow_5_lag_port_stats(tvb, sflow_245_sample_tree, offset, ti);
2521 break;
2522 default:
2523 break;
2524 }
2525 /* Make sure the length doesn't run past the end of the packet */
2526 tvb_ensure_bytes_exist(tvb, offset, length);
2527 /* current offset points to sample length field, which is 4 bytes from the beginning of the packet*/
2528 offset += length;
2529 } else { /* unknown enterprise format, what to do?? */
2530 sflow_245_sample_tree = proto_tree_add_subtree(tree, tvb, offset, -1,
2531 ett_sflow_245_sample, &ti, "Unknown enterprise format");
2532 proto_tree_add_uint_format_value(sflow_245_sample_tree, hf_sflow_enterprise, tvb, offset, 4,
2533 enterprise, "Non-standard sFlow (%u)", enterprise);
2534 offset = tvb_captured_length(tvb);
2535 }
2536
2537 } else { /* version 2 or 4 */
2538 sflow_245_sample_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_sflow_245_sample, &ti,
2539 val_to_str_const(sample_type, sflow_245_sampletype, "Unknown sample type"));
2540
2541 proto_tree_add_item(sflow_245_sample_tree, hf_sflow_245_sampletype, tvb, offset, 4, ENC_BIG_ENDIAN);
2542 offset += 4;
2543
2544 switch (sample_type) {
2545 case FLOWSAMPLE:
2546 offset = dissect_sflow_24_flow_sample(tvb, pinfo, sflow_245_sample_tree, offset, ti);
2547 break;
2548 case COUNTERSSAMPLE:
2549 offset = dissect_sflow_24_counters_sample(tvb, sflow_245_sample_tree, offset, ti);
2550 break;
2551 default:
2552 break;
2553 }
2554 }
2555 proto_item_set_end(ti, tvb, offset);
2556
2557 return offset;
2558 }
2559
2560 /* Code to actually dissect the packets */
2561 static int
2562 dissect_sflow_245(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2563 {
2564 /* Set up structures needed to add the protocol subtree and manage it */
2565 proto_item *ti;
2566 proto_tree *sflow_245_tree;
2567 uint32_t version, sub_agent_id, seqnum;
2568 address addr_details;
2569 int sflow_addr_type;
2570 struct sflow_address_type addr_type;
2571 uint32_t uptime;
2572
2573 uint32_t numsamples;
2574 unsigned offset = 0;
2575 unsigned i = 0;
2576
2577 addr_type.hf_addr_v4 = hf_sflow_agent_address_v4;
2578 addr_type.hf_addr_v6 = hf_sflow_agent_address_v6;
2579
2580 /*
2581 * We fetch the version and address type so that we can determine,
2582 * ahead of time, whether this is an sFlow packet or not, before
2583 * we do *anything* to the columns or the protocol tree.
2584 *
2585 * XXX - we might want to deem this "not sFlow" if we don't have at
2586 * least 8 bytes worth of data.
2587 */
2588 version = tvb_get_ntohl(tvb, offset);
2589 if (version != 2 && version != 4 && version != 5) {
2590 /* Unknown version; assume it's not an sFlow packet. */
2591 return 0;
2592 }
2593
2594 sflow_addr_type = tvb_get_ntohl(tvb, offset + 4);
2595 switch (sflow_addr_type) {
2596 case ADDR_TYPE_UNKNOWN:
2597 case ADDR_TYPE_IPV4:
2598 case ADDR_TYPE_IPV6:
2599 break;
2600
2601 default:
2602 /*
2603 * Address type we don't know about; assume it's not an sFlow
2604 * packet.
2605 */
2606 return 0;
2607 }
2608 /* Make entries in Protocol column and Info column on summary display */
2609 col_set_str(pinfo->cinfo, COL_PROTOCOL, "sFlow");
2610
2611 /* create display subtree for the protocol */
2612 ti = proto_tree_add_item(tree, proto_sflow, tvb, 0, -1, ENC_NA);
2613
2614 sflow_245_tree = proto_item_add_subtree(ti, ett_sflow_245);
2615
2616 col_add_fstr(pinfo->cinfo, COL_INFO, "V%u", version);
2617 proto_tree_add_item(sflow_245_tree, hf_sflow_version, tvb, offset, 4, ENC_BIG_ENDIAN);
2618 offset += 4;
2619
2620 proto_tree_add_item(sflow_245_tree, hf_sflow_agent_address_type, tvb, offset, 4, ENC_BIG_ENDIAN);
2621 offset = dissect_sflow_245_address_type(tvb, pinfo, sflow_245_tree, offset,
2622 &addr_type, &addr_details);
2623 switch (sflow_addr_type) {
2624 case ADDR_TYPE_UNKNOWN:
2625 break;
2626 case ADDR_TYPE_IPV4:
2627 case ADDR_TYPE_IPV6:
2628 col_append_fstr(pinfo->cinfo, COL_INFO, ", agent %s", address_to_str(pinfo->pool, &addr_details));
2629 break;
2630 }
2631
2632 if (version == 5) {
2633 sub_agent_id = tvb_get_ntohl(tvb, offset);
2634 col_append_fstr(pinfo->cinfo, COL_INFO, ", sub-agent ID %u", sub_agent_id);
2635 proto_tree_add_uint(sflow_245_tree, hf_sflow_5_sub_agent_id, tvb, offset, 4, sub_agent_id);
2636 offset += 4;
2637 }
2638 seqnum = tvb_get_ntohl(tvb, offset);
2639 col_append_fstr(pinfo->cinfo, COL_INFO, ", seq %u", seqnum);
2640 proto_tree_add_uint(sflow_245_tree, hf_sflow_245_seqnum, tvb, offset, 4, seqnum);
2641 offset += 4;
2642 uptime = tvb_get_ntohl(tvb, offset);
2643 proto_tree_add_uint_format_value(sflow_245_tree, hf_sflow_245_sysuptime, tvb, offset, 4, uptime, "%s (%ums)",
2644 unsigned_time_secs_to_str(pinfo->pool, uptime / 1000), uptime);
2645 offset += 4;
2646 numsamples = tvb_get_ntohl(tvb, offset);
2647 col_append_fstr(pinfo->cinfo, COL_INFO, ", %u samples", numsamples);
2648 proto_tree_add_uint(sflow_245_tree, hf_sflow_245_numsamples, tvb, offset, 4, numsamples);
2649 offset += 4;
2650
2651 /* Ok, we're now at the end of the sflow_245 datagram header;
2652 * everything from here out should be samples. Loop over
2653 * the expected number of samples, and pass them to the appropriate
2654 * dissectors.
2655 */
2656
2657 /* limit number of samples to 255 to avoid huge number of loops
2658 * caused by corrupted data */
2659 for (i = 0; i < (numsamples & 0x000000ff); i++) {
2660 offset = dissect_sflow_245_samples(tvb, pinfo, sflow_245_tree, offset, version);
2661 }
2662
2663 return tvb_captured_length(tvb);
2664 }
2665
2666 /* Register the protocol with Wireshark */
2667
2668 void
2669 proto_register_sflow(void) {
2670
2671 module_t *sflow_245_module;
2672
2673 /* Setup list of header fields See Section 1.6.1 for details*/
2674 static hf_register_info hf[] = {
2675 { &hf_sflow_version,
2676 { "Datagram version", "sflow_245.version",
2677 FT_UINT32, BASE_DEC, NULL, 0x0,
2678 "sFlow datagram version", HFILL}},
2679 { &hf_sflow_agent_address_type,
2680 { "Agent address type", "sflow_245.agenttype",
2681 FT_UINT32, BASE_DEC, VALS(sflow_agent_address_types), 0x0,
2682 "sFlow agent address type", HFILL}},
2683 { &hf_sflow_agent_address_v4,
2684 { "Agent address", "sflow_245.agent",
2685 FT_IPv4, BASE_NONE, NULL, 0x0,
2686 "sFlow Agent IP address", HFILL}},
2687 { &hf_sflow_agent_address_v6,
2688 { "Agent address", "sflow_245.agent.v6",
2689 FT_IPv6, BASE_NONE, NULL, 0x0,
2690 "sFlow Agent IPv6 address", HFILL}},
2691 { &hf_sflow_5_sub_agent_id,
2692 { "Sub-agent ID", "sflow_245.sub_agent_id",
2693 FT_UINT32, BASE_DEC, NULL, 0x0,
2694 "sFlow sub-agent ID", HFILL}},
2695 { &hf_sflow_5_sample_length,
2696 { "Sample length (byte)", "sflow_5.sample_length",
2697 FT_UINT32, BASE_DEC, NULL, 0x0,
2698 "sFlow sample length", HFILL}},
2699 { &hf_sflow_5_flow_data_length,
2700 { "Flow data length (byte)", "sflow_5.flow_data_length",
2701 FT_UINT32, BASE_DEC, NULL, 0x0,
2702 "sFlow flow data length", HFILL}},
2703 #if 0
2704 { &hf_sflow_5_counters_data_length,
2705 { "Counters data length (byte)", "sflow_5.counter_data_length",
2706 FT_UINT32, BASE_DEC, NULL, 0x0,
2707 "sFlow counters data length", HFILL}},
2708 #endif
2709 { &hf_sflow_245_seqnum,
2710 { "Sequence number", "sflow_245.sequence_number",
2711 FT_UINT32, BASE_DEC, NULL, 0x0,
2712 "sFlow datagram sequence number", HFILL}},
2713 { &hf_sflow_245_sysuptime,
2714 { "SysUptime", "sflow_245.sysuptime",
2715 FT_UINT32, BASE_DEC, NULL, 0x0,
2716 "System Uptime", HFILL}},
2717 { &hf_sflow_245_numsamples,
2718 { "NumSamples", "sflow_245.numsamples",
2719 FT_UINT32, BASE_DEC, NULL, 0x0,
2720 "Number of samples in sFlow datagram", HFILL}},
2721 { &hf_sflow_245_sampletype,
2722 { "sFlow sample type", "sflow_245.sampletype",
2723 FT_UINT32, BASE_DEC, VALS(sflow_245_sampletype), 0x0,
2724 "Type of sFlow sample", HFILL}},
2725 { &hf_sflow_245_sampletype12,
2726 { "sFlow sample type", "sflow_245.sampletype",
2727 FT_UINT32, BASE_DEC, VALS(sflow_245_sampletype), 0x00000FFF,
2728 "Type of sFlow sample", HFILL}},
2729 #if 0
2730 { &hf_sflow_5_ieee80211_version,
2731 { "Version", "sflow_245.ieee80211_version",
2732 FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
2733 "IEEE 802.11 Version", HFILL}},
2734 #endif
2735 { &hf_sflow_245_ipv4_precedence_type,
2736 { "Precedence", "sflow_245.ipv4_precedence_type",
2737 FT_UINT32, BASE_DEC, VALS(sflow_245_ipv4_precedence_types), 0xE0,
2738 "IPv4 Precedence Type", HFILL}},
2739 { &hf_sflow_5_flow_record_format,
2740 { "Format", "sflow_245.flow_record_format",
2741 FT_UINT32, BASE_DEC | BASE_EXT_STRING, &sflow_5_flow_record_type_ext, 0x00000FFF,
2742 "Format of sFlow flow record", HFILL}},
2743 { &hf_sflow_5_counters_record_format,
2744 { "Format", "sflow_245.counters_record_format",
2745 FT_UINT32, BASE_DEC, VALS(sflow_5_counters_record_type), 0x00000FFF,
2746 "Format of sFlow counters record", HFILL}},
2747 { &hf_sflow_245_header_protocol,
2748 { "Header protocol", "sflow_245.header_protocol",
2749 FT_UINT32, BASE_DEC | BASE_EXT_STRING, &sflow_245_header_protocol_ext, 0x0,
2750 "Protocol of sampled header", HFILL}},
2751 { &hf_sflow_245_header,
2752 { "Header of sampled packet", "sflow_245.header",
2753 FT_BYTES, BASE_NONE, NULL, 0x0,
2754 "Data from sampled header", HFILL}},
2755 { &hf_sflow_245_packet_information_type,
2756 { "Sample type", "sflow_245.packet_information_type",
2757 FT_UINT32, BASE_DEC, VALS(sflow_245_packet_information_type), 0x0,
2758 "Type of sampled information", HFILL}},
2759 { &hf_sflow_245_extended_information_type,
2760 { "Extended information type", "sflow_245.extended_information_type",
2761 FT_UINT32, BASE_DEC, VALS(sflow_245_extended_data_types), 0x0,
2762 "Type of extended information", HFILL}},
2763 { &hf_sflow_245_vlan_in,
2764 { "Incoming 802.1Q VLAN", "sflow_245.vlan.in",
2765 FT_UINT32, BASE_DEC, NULL, 0x0,
2766 "Incoming VLAN ID", HFILL}},
2767 { &hf_sflow_245_vlan_out,
2768 { "Outgoing 802.1Q VLAN", "sflow_245.vlan.out",
2769 FT_UINT32, BASE_DEC, NULL, 0x0,
2770 "Outgoing VLAN ID", HFILL}},
2771 { &hf_sflow_245_pri_in,
2772 { "Incoming 802.1p priority", "sflow_245.pri.in",
2773 FT_UINT32, BASE_DEC, NULL, 0x0,
2774 NULL, HFILL}},
2775 { &hf_sflow_245_pri_out,
2776 { "Outgoing 802.1p priority", "sflow_245.pri.out",
2777 FT_UINT32, BASE_DEC, NULL, 0x0,
2778 NULL, HFILL}},
2779 { &hf_sflow_245_nexthop_v4,
2780 { "Next hop", "sflow_245.nexthop",
2781 FT_IPv4, BASE_NONE, NULL, 0x0,
2782 "Next hop address", HFILL}},
2783 { &hf_sflow_245_ipv4_src,
2784 { "Source IP address", "sflow_245.ipv4_src",
2785 FT_IPv4, BASE_NONE, NULL, 0x0,
2786 "Source IPv4 address", HFILL}},
2787 { &hf_sflow_245_ipv4_dst,
2788 { "Destination IP address", "sflow_245.ipv4_dst",
2789 FT_IPv4, BASE_NONE, NULL, 0x0,
2790 "Destination IPv4 address", HFILL}},
2791 { &hf_sflow_245_nexthop_v6,
2792 { "Next hop", "sflow_245.nexthop.v6",
2793 FT_IPv6, BASE_NONE, NULL, 0x0,
2794 "Next hop address", HFILL}},
2795 { &hf_sflow_245_ipv6_src,
2796 { "Source IP address", "sflow_245.ipv6_src",
2797 FT_IPv6, BASE_NONE, NULL, 0x0,
2798 "Source IPv6 address", HFILL}},
2799 { &hf_sflow_245_ipv6_dst,
2800 { "Destination IP address", "sflow_245.ipv6_dst",
2801 FT_IPv6, BASE_NONE, NULL, 0x0,
2802 "Destination IPv6 address", HFILL}},
2803 { &hf_sflow_245_nexthop_src_mask,
2804 { "Next hop source mask", "sflow_245.nexthop.src_mask",
2805 FT_UINT32, BASE_DEC, NULL, 0x0,
2806 "Next hop source mask bits", HFILL}},
2807 { &hf_sflow_245_nexthop_dst_mask,
2808 { "Next hop destination mask", "sflow_245.nexthop.dst_mask",
2809 FT_UINT32, BASE_DEC, NULL, 0x0,
2810 "Next hop destination mask bits", HFILL}},
2811 { &hf_sflow_245_ifindex,
2812 { "Interface index", "sflow_245.ifindex",
2813 FT_UINT32, BASE_DEC, NULL, 0x0,
2814 NULL, HFILL}},
2815 { &hf_sflow_245_as,
2816 { "AS Router", "sflow_245.as",
2817 FT_UINT32, BASE_DEC, NULL, 0x0,
2818 "Autonomous System of Router", HFILL}},
2819 { &hf_sflow_245_src_as,
2820 { "AS Source", "sflow_245.srcAS",
2821 FT_UINT32, BASE_DEC, NULL, 0x0,
2822 "Autonomous System of Source", HFILL}},
2823 { &hf_sflow_245_src_peer_as,
2824 { "AS Peer", "sflow_245.peerAS",
2825 FT_UINT32, BASE_DEC, NULL, 0x0,
2826 "Autonomous System of Peer", HFILL}},
2827 { &hf_sflow_245_dst_as_entries,
2828 { "AS Destinations", "sflow_245.dstASentries",
2829 FT_UINT32, BASE_DEC, NULL, 0x0,
2830 "Autonomous System destinations", HFILL}},
2831 { &hf_sflow_245_dst_as,
2832 { "AS Destination", "sflow_245.dstAS",
2833 FT_UINT32, BASE_DEC, NULL, 0x0,
2834 "Autonomous System destination", HFILL}},
2835 /* Needed for sFlow >= 4. If I had a capture to test... */
2836 { &hf_sflow_245_community_entries,
2837 { "Gateway Communities", "sflow_245.communityEntries",
2838 FT_UINT32, BASE_DEC, NULL, 0x0,
2839 NULL, HFILL}},
2840 #if 0
2841 { &hf_sflow_245_community,
2842 { "Gateway Community", "sflow_245.community",
2843 FT_UINT32, BASE_DEC, NULL, 0x0,
2844 "Gateway Communities", HFILL}},
2845 #endif
2846 { &hf_sflow_245_localpref,
2847 { "localpref", "sflow_245.localpref",
2848 FT_UINT32, BASE_DEC, NULL, 0x0,
2849 "Local preferences of AS route", HFILL}},
2850 /**/
2851 { &hf_sflow_245_iftype,
2852 { "Interface Type", "sflow_245.iftype",
2853 FT_UINT32, BASE_DEC, NULL, 0x0,
2854 NULL, HFILL}},
2855 { &hf_sflow_245_ifspeed,
2856 { "Interface Speed", "sflow_245.ifspeed",
2857 FT_UINT64, BASE_DEC, NULL, 0x0,
2858 NULL, HFILL}},
2859 { &hf_sflow_245_ifdirection,
2860 { "Interface Direction", "sflow_245.ifdirection",
2861 FT_UINT32, BASE_DEC, VALS(sflow_ifdirection_vals), 0x0,
2862 NULL, HFILL}},
2863 { &hf_sflow_245_ifadmin_status,
2864 { "IfAdminStatus", "sflow_245.ifadmin_status",
2865 FT_BOOLEAN, 32, TFS(&tfs_up_down), 0x00000001,
2866 NULL, HFILL}},
2867 { &hf_sflow_245_ifoper_status,
2868 { "IfOperStatus", "sflow_245.ifoper_status",
2869 FT_BOOLEAN, 32, TFS(&tfs_up_down), 0x00000002,
2870 NULL, HFILL}},
2871 { &hf_sflow_245_ifinoct,
2872 { "Input Octets", "sflow_245.ifinoct",
2873 FT_UINT64, BASE_DEC, NULL, 0x0,
2874 NULL, HFILL}},
2875 { &hf_sflow_245_ifinpkt,
2876 { "Input Packets", "sflow_245.ifinpkt",
2877 FT_UINT32, BASE_DEC, NULL, 0x0,
2878 NULL, HFILL}},
2879 { &hf_sflow_245_ifinmcast,
2880 { "Input Multicast Packets", "sflow_245.ifinmcast",
2881 FT_UINT32, BASE_DEC, NULL, 0x0,
2882 NULL, HFILL}},
2883 { &hf_sflow_245_ifinbcast,
2884 { "Input Broadcast Packets", "sflow_245.ifinbcast",
2885 FT_UINT32, BASE_DEC, NULL, 0x0,
2886 NULL, HFILL}},
2887 { &hf_sflow_245_ifindisc,
2888 { "Input Discarded Packets", "sflow_245.ifindisc",
2889 FT_UINT32, BASE_DEC, NULL, 0x0,
2890 NULL, HFILL}},
2891 { &hf_sflow_245_ifinerr,
2892 { "Input Errors", "sflow_245.ifinerr",
2893 FT_UINT32, BASE_DEC, NULL, 0x0,
2894 NULL, HFILL}},
2895 { &hf_sflow_245_ifinunk,
2896 { "Input Unknown Protocol Packets", "sflow_245.ifinunk",
2897 FT_UINT32, BASE_DEC, NULL, 0x0,
2898 NULL, HFILL}},
2899 { &hf_sflow_245_ifoutoct,
2900 { "Output Octets", "sflow_245.ifoutoct",
2901 FT_UINT64, BASE_DEC, NULL, 0x0,
2902 NULL, HFILL}},
2903 { &hf_sflow_245_ifoutpkt,
2904 { "Output Packets", "sflow_245.ifoutpkt",
2905 FT_UINT32, BASE_DEC, NULL, 0x0,
2906 NULL, HFILL}},
2907 { &hf_sflow_245_ifoutmcast,
2908 { "Output Multicast Packets", "sflow_245.ifoutmcast",
2909 FT_UINT32, BASE_DEC, NULL, 0x0,
2910 NULL, HFILL}},
2911 { &hf_sflow_245_ifoutbcast,
2912 { "Output Broadcast Packets", "sflow_245.ifoutbcast",
2913 FT_UINT32, BASE_DEC, NULL, 0x0,
2914 NULL, HFILL}},
2915 { &hf_sflow_245_ifoutdisc,
2916 { "Output Discarded Packets", "sflow_245.ifoutdisc",
2917 FT_UINT32, BASE_DEC, NULL, 0x0,
2918 NULL, HFILL}},
2919 { &hf_sflow_245_ifouterr,
2920 { "Output Errors", "sflow_245.ifouterr",
2921 FT_UINT32, BASE_DEC, NULL, 0x0,
2922 NULL, HFILL}},
2923 { &hf_sflow_245_ifpromisc,
2924 { "Promiscuous Mode", "sflow_245.ifpromisc",
2925 FT_UINT32, BASE_DEC, NULL, 0x0,
2926 NULL, HFILL}},
2927 { &hf_sflow_245_dot3StatsAlignmentErrors,
2928 { "Alignment Errors", "sflow_245.dot3StatsAlignmentErrors",
2929 FT_UINT32, BASE_DEC, NULL, 0x0,
2930 "dot3 Stats Alignment Errors", HFILL}},
2931 { &hf_sflow_245_dot3StatsFCSErrors,
2932 { "FCS Errors", "sflow_245.dot3StatsFCSErrors",
2933 FT_UINT32, BASE_DEC, NULL, 0x0,
2934 "dot3 Stats FCS Errors", HFILL}},
2935 { &hf_sflow_245_dot3StatsSingleCollisionFrames,
2936 { "Single Collision Frames", "sflow_245.dot3StatsSingleCollisionFrames",
2937 FT_UINT32, BASE_DEC, NULL, 0x0,
2938 "dot3 Stats Single Collision Frames", HFILL}},
2939 { &hf_sflow_245_dot3StatsMultipleCollisionFrames,
2940 { "Multiple Collision Frames", "sflow_245.dot3StatsMultipleCollisionFrames",
2941 FT_UINT32, BASE_DEC, NULL, 0x0,
2942 "dot3 Stats Multiple Collision Frames", HFILL}},
2943 { &hf_sflow_245_dot3StatsSQETestErrors,
2944 { "SQE Test Errors", "sflow_245.dot3StatsSQETestErrors",
2945 FT_UINT32, BASE_DEC, NULL, 0x0,
2946 "dot3 Stats SQE Test Errors", HFILL}},
2947 { &hf_sflow_245_dot3StatsDeferredTransmissions,
2948 { "Deferred Transmissions", "sflow_245.dot3StatsDeferredTransmissions",
2949 FT_UINT32, BASE_DEC, NULL, 0x0,
2950 "dot3 Stats Deferred Transmissions", HFILL}},
2951 { &hf_sflow_245_dot3StatsLateCollisions,
2952 { "Late Collisions", "sflow_245.dot3StatsLateCollisions",
2953 FT_UINT32, BASE_DEC, NULL, 0x0,
2954 "dot3 Stats Late Collisions", HFILL}},
2955 { &hf_sflow_245_dot3StatsExcessiveCollisions,
2956 { "Excessive Collisions", "sflow_245.dot3StatsExcessiveCollisions",
2957 FT_UINT32, BASE_DEC, NULL, 0x0,
2958 "dot3 Stats Excessive Collisions", HFILL}},
2959 { &hf_sflow_245_dot3StatsInternalMacTransmitErrors,
2960 { "Internal Mac Transmit Errors", "sflow_245.dot3StatsInternalMacTransmitErrors",
2961 FT_UINT32, BASE_DEC, NULL, 0x0,
2962 "dot3 Stats Internal Mac Transmit Errors", HFILL}},
2963 { &hf_sflow_245_dot3StatsCarrierSenseErrors,
2964 { "Carrier Sense Errors", "sflow_245.dot3StatsCarrierSenseErrors",
2965 FT_UINT32, BASE_DEC, NULL, 0x0,
2966 "dot3 Stats Carrier Sense Errors", HFILL}},
2967 { &hf_sflow_245_dot3StatsFrameTooLongs,
2968 { "Frame Too Longs", "sflow_245.dot3StatsFrameTooLongs",
2969 FT_UINT32, BASE_DEC, NULL, 0x0,
2970 "dot3 Stats Frame Too Longs", HFILL}},
2971 { &hf_sflow_245_dot3StatsInternalMacReceiveErrors,
2972 { "Internal Mac Receive Errors", "sflow_245.dot3StatsInternalMacReceiveErrors",
2973 FT_UINT32, BASE_DEC, NULL, 0x0,
2974 "dot3 Stats Internal Mac Receive Errors", HFILL}},
2975 { &hf_sflow_245_dot3StatsSymbolErrors,
2976 { "Symbol Errors", "sflow_245.dot3StatsSymbolErrors",
2977 FT_UINT32, BASE_DEC, NULL, 0x0,
2978 "dot3 Stats Symbol Errors", HFILL}},
2979 { &hf_sflow_245_dot5StatsLineErrors,
2980 { "Line Errors", "sflow_245.dot5StatsLineErrors",
2981 FT_UINT32, BASE_DEC, NULL, 0x0,
2982 "dot5 Stats Line Errors", HFILL}},
2983 { &hf_sflow_245_dot5StatsBurstErrors,
2984 { "Burst Errors", "sflow_245.dot5StatsBurstErrors",
2985 FT_UINT32, BASE_DEC, NULL, 0x0,
2986 "dot5 Stats Burst Errors", HFILL}},
2987 { &hf_sflow_245_dot5StatsACErrors,
2988 { "AC Errors", "sflow_245.dot5StatsACErrors",
2989 FT_UINT32, BASE_DEC, NULL, 0x0,
2990 "dot5 Stats AC Errors", HFILL}},
2991 { &hf_sflow_245_dot5StatsAbortTransErrors,
2992 { "Abort Trans Errors", "sflow_245.dot5StatsAbortTransErrors",
2993 FT_UINT32, BASE_DEC, NULL, 0x0,
2994 "dot5 Stats Abort Trans Errors", HFILL}},
2995 { &hf_sflow_245_dot5StatsInternalErrors,
2996 { "Internal Errors", "sflow_245.dot5StatsInternalErrors",
2997 FT_UINT32, BASE_DEC, NULL, 0x0,
2998 "dot5 Stats Internal Errors", HFILL}},
2999 { &hf_sflow_245_dot5StatsLostFrameErrors,
3000 { "Lost Frame Errors", "sflow_245.dot5StatsLostFrameErrors",
3001 FT_UINT32, BASE_DEC, NULL, 0x0,
3002 "dot5 Stats Lost Frame Errors", HFILL}},
3003 { &hf_sflow_245_dot5StatsReceiveCongestions,
3004 { "Receive Congestions", "sflow_245.dot5StatsReceiveCongestions",
3005 FT_UINT32, BASE_DEC, NULL, 0x0,
3006 "dot5 Stats Receive Congestions", HFILL}},
3007 { &hf_sflow_245_dot5StatsFrameCopiedErrors,
3008 { "Frame Copied Errors", "sflow_245.dot5StatsFrameCopiedErrors",
3009 FT_UINT32, BASE_DEC, NULL, 0x0,
3010 "dot5 Stats Frame Copied Errors", HFILL}},
3011 { &hf_sflow_245_dot5StatsTokenErrors,
3012 { "Token Errors", "sflow_245.dot5StatsTokenErrors",
3013 FT_UINT32, BASE_DEC, NULL, 0x0,
3014 "dot5 Stats Token Errors", HFILL}},
3015 { &hf_sflow_245_dot5StatsSoftErrors,
3016 { "Soft Errors", "sflow_245.dot5StatsSoftErrors",
3017 FT_UINT32, BASE_DEC, NULL, 0x0,
3018 "dot5 Stats Soft Errors", HFILL}},
3019 { &hf_sflow_245_dot5StatsHardErrors,
3020 { "Hard Errors", "sflow_245.dot5StatsHardErrors",
3021 FT_UINT32, BASE_DEC, NULL, 0x0,
3022 "dot5 Stats Hard Errors", HFILL}},
3023 { &hf_sflow_245_dot5StatsSignalLoss,
3024 { "Signal Loss", "sflow_245.dot5StatsSignalLoss",
3025 FT_UINT32, BASE_DEC, NULL, 0x0,
3026 "dot5 Stats Signal Loss", HFILL}},
3027 { &hf_sflow_245_dot5StatsTransmitBeacons,
3028 { "Transmit Beacons", "sflow_245.dot5StatsTransmitBeacons",
3029 FT_UINT32, BASE_DEC, NULL, 0x0,
3030 "dot5 Stats Transmit Beacons", HFILL}},
3031 { &hf_sflow_245_dot5StatsRecoveries,
3032 { "Recoveries", "sflow_245.dot5StatsRecoveries",
3033 FT_UINT32, BASE_DEC, NULL, 0x0,
3034 "dot5 Stats Recoveries", HFILL}},
3035 { &hf_sflow_245_dot5StatsLobeWires,
3036 { "Lobe Wires", "sflow_245.dot5StatsLobeWires",
3037 FT_UINT32, BASE_DEC, NULL, 0x0,
3038 "dot5 Stats Lobe Wires", HFILL}},
3039 { &hf_sflow_245_dot5StatsRemoves,
3040 { "Removes", "sflow_245.dot5StatsRemoves",
3041 FT_UINT32, BASE_DEC, NULL, 0x0,
3042 "dot5 Stats Removes", HFILL}},
3043 { &hf_sflow_245_dot5StatsSingles,
3044 { "Singles", "sflow_245.dot5StatsSingles",
3045 FT_UINT32, BASE_DEC, NULL, 0x0,
3046 "dot5 Stats Singles", HFILL}},
3047 { &hf_sflow_245_dot5StatsFreqErrors,
3048 { "Freq Errors", "sflow_245.dot5StatsFreqErrors",
3049 FT_UINT32, BASE_DEC, NULL, 0x0,
3050 "dot5 Stats Freq Errors", HFILL}},
3051 { &hf_sflow_245_dot12InHighPriorityFrames,
3052 { "In High Priority Frames", "sflow_245.dot12InHighPriorityFrames",
3053 FT_UINT32, BASE_DEC, NULL, 0x0,
3054 "dot12 Input High Priority Frames", HFILL}},
3055 { &hf_sflow_245_dot12InHighPriorityOctets,
3056 { "In High Priority Octets", "sflow_245.dot12InHighPriorityOctets",
3057 FT_UINT64, BASE_DEC, NULL, 0x0,
3058 "dot12 Input High Priority Octets", HFILL}},
3059 { &hf_sflow_245_dot12InNormPriorityFrames,
3060 { "In Normal Priority Frames", "sflow_245.dot12InNormPriorityFrames",
3061 FT_UINT32, BASE_DEC, NULL, 0x0,
3062 "dot12 Input Normal Priority Frames", HFILL}},
3063 { &hf_sflow_245_dot12InNormPriorityOctets,
3064 { "In Normal Priority Octets", "sflow_245.dot12InNormPriorityOctets",
3065 FT_UINT64, BASE_DEC, NULL, 0x0,
3066 "dot12 Input Normal Priority Octets", HFILL}},
3067 { &hf_sflow_245_dot12InIPMErrors,
3068 { "In IPM Errors", "sflow_245.dot12InIPMErrors",
3069 FT_UINT32, BASE_DEC, NULL, 0x0,
3070 "dot12 Input IPM Errors", HFILL}},
3071 { &hf_sflow_245_dot12InOversizeFrameErrors,
3072 { "In Oversize Frame Errors", "sflow_245.dot12InOversizeFrameErrors",
3073 FT_UINT32, BASE_DEC, NULL, 0x0,
3074 "dot12 Input Oversize Frame Errors", HFILL}},
3075 { &hf_sflow_245_dot12InDataErrors,
3076 { "In Data Errors", "sflow_245.dot12InDataErrors",
3077 FT_UINT32, BASE_DEC, NULL, 0x0,
3078 "dot12 Input Data Errors", HFILL}},
3079 { &hf_sflow_245_dot12InNullAddressedFrames,
3080 { "In Null Addressed Frames", "sflow_245.dot12InNullAddressedFrames",
3081 FT_UINT32, BASE_DEC, NULL, 0x0,
3082 "dot12 Input Null Addressed Frames", HFILL}},
3083 { &hf_sflow_245_dot12OutHighPriorityFrames,
3084 { "Out High Priority Frames", "sflow_245.dot12OutHighPriorityFrames",
3085 FT_UINT32, BASE_DEC, NULL, 0x0,
3086 "dot12 Output High Priority Frames", HFILL}},
3087 { &hf_sflow_245_dot12OutHighPriorityOctets,
3088 { "Out High Priority Octets", "sflow_245.dot12OutHighPriorityOctets",
3089 FT_UINT64, BASE_DEC, NULL, 0x0,
3090 "dot12 Out High Priority Octets", HFILL}},
3091 { &hf_sflow_245_dot12TransitionIntoTrainings,
3092 { "Transition Into Trainings", "sflow_245.dot12TransitionIntoTrainings",
3093 FT_UINT32, BASE_DEC, NULL, 0x0,
3094 "dot12 Transition Into Trainings", HFILL}},
3095 { &hf_sflow_245_dot12HCInHighPriorityOctets,
3096 { "HC In High Priority Octets", "sflow_245.dot12HCInHighPriorityOctets",
3097 FT_UINT64, BASE_DEC, NULL, 0x0,
3098 "dot12 HC Input High Priority Octets", HFILL}},
3099 { &hf_sflow_245_dot12HCInNormPriorityOctets,
3100 { "HC In Normal Priority Octets", "sflow_245.dot12HCInNormPriorityOctets",
3101 FT_UINT64, BASE_DEC, NULL, 0x0,
3102 "dot12 HC Input Normal Priority Octets", HFILL}},
3103 { &hf_sflow_245_dot12HCOutHighPriorityOctets,
3104 { "HC Out High Priority Octets", "sflow_245.dot12HCOutHighPriorityOctets",
3105 FT_UINT64, BASE_DEC, NULL, 0x0,
3106 "dot12 HC Output High Priority Octets", HFILL}},
3107 { &hf_sflow_245_vlan_id,
3108 { "VLAN ID", "sflow_245.vlan_id",
3109 FT_UINT32, BASE_DEC, NULL, 0x0,
3110 NULL, HFILL}},
3111 { &hf_sflow_245_octets,
3112 { "Octets", "sflow_245.octets",
3113 FT_UINT64, BASE_DEC, NULL, 0x0,
3114 NULL, HFILL}},
3115 { &hf_sflow_245_ucastPkts,
3116 { "Unicast Packets", "sflow_245.ucastPkts",
3117 FT_UINT32, BASE_DEC, NULL, 0x0,
3118 NULL, HFILL}},
3119 { &hf_sflow_245_multicastPkts,
3120 { "Multicast Packets", "sflow_245.multicastPkts",
3121 FT_UINT32, BASE_DEC, NULL, 0x0,
3122 NULL, HFILL}},
3123 { &hf_sflow_245_broadcastPkts,
3124 { "Broadcast Packets", "sflow_245.broadcastPkts",
3125 FT_UINT32, BASE_DEC, NULL, 0x0,
3126 NULL, HFILL}},
3127 { &hf_sflow_245_discards,
3128 { "Discards", "sflow_245.discards",
3129 FT_UINT32, BASE_DEC, NULL, 0x0,
3130 NULL, HFILL}},
3131 { &hf_sflow_5_dot11TransmittedFragmentCount,
3132 { "Transmitted Fragment Count", "sflow_5.dot11TransmittedFragmentCount",
3133 FT_UINT32, BASE_DEC, NULL, 0x0,
3134 NULL, HFILL}},
3135 { &hf_sflow_5_dot11MulticastTransmittedFrameCount,
3136 { "Multicast Transmitted Frame Count", "sflow_5.dot11MulticastTransmittedFrameCount",
3137 FT_UINT32, BASE_DEC, NULL, 0x0,
3138 NULL, HFILL}},
3139 { &hf_sflow_5_dot11FailedCount,
3140 { "Failed Count", "sflow_5.dot11FailedCount",
3141 FT_UINT32, BASE_DEC, NULL, 0x0,
3142 NULL, HFILL}},
3143 { &hf_sflow_5_dot11RetryCount,
3144 { "Retry Count", "sflow_5.dot11RetryCount",
3145 FT_UINT32, BASE_DEC, NULL, 0x0,
3146 NULL, HFILL}},
3147 { &hf_sflow_5_dot11MultipleRetryCount,
3148 { "Multiple Retry Count", "sflow_5.dot11MultipleRetryCount",
3149 FT_UINT32, BASE_DEC, NULL, 0x0,
3150 NULL, HFILL}},
3151 { &hf_sflow_5_dot11FrameDuplicateCount,
3152 { "Frame Duplicate Count", "sflow_5.dot11FrameDuplicateCount",
3153 FT_UINT32, BASE_DEC, NULL, 0x0,
3154 NULL, HFILL}},
3155 { &hf_sflow_5_dot11RTSSuccessCount,
3156 { "RTS Success Count", "sflow_5.dot11RTSSuccessCount",
3157 FT_UINT32, BASE_DEC, NULL, 0x0,
3158 NULL, HFILL}},
3159 { &hf_sflow_5_dot11RTSFailureCount,
3160 { "Failure Count", "sflow_5.dot11RTSFailureCount",
3161 FT_UINT32, BASE_DEC, NULL, 0x0,
3162 NULL, HFILL}},
3163 { &hf_sflow_5_dot11ACKFailureCount,
3164 { "ACK Failure Count", "sflow_5.dot11ACKFailureCount",
3165 FT_UINT32, BASE_DEC, NULL, 0x0,
3166 NULL, HFILL}},
3167 { &hf_sflow_5_dot11ReceivedFragmentCount,
3168 { "Received Fragment Count", "sflow_5.dot11ReceivedFragmentCount",
3169 FT_UINT32, BASE_DEC, NULL, 0x0,
3170 NULL, HFILL}},
3171 { &hf_sflow_5_dot11MulticastReceivedFrameCount,
3172 { "Multicast Received Frame Count", "sflow_5.dot11MulticastReceivedFrameCount",
3173 FT_UINT32, BASE_DEC, NULL, 0x0,
3174 NULL, HFILL}},
3175 { &hf_sflow_5_dot11FCSErrorCount,
3176 { "FCS Error Count", "sflow_5.dot11FCSErrorCount",
3177 FT_UINT32, BASE_DEC, NULL, 0x0,
3178 NULL, HFILL}},
3179 { &hf_sflow_5_dot11TransmittedFrameCount,
3180 { "Transmitted Frame Count", "sflow_5.dot11TransmittedFrameCount",
3181 FT_UINT32, BASE_DEC, NULL, 0x0,
3182 NULL, HFILL}},
3183 { &hf_sflow_5_dot11WEPUndecryptableCount,
3184 { "WEP Undecryptable Count", "sflow_5.dot11WEPUndecryptableCount",
3185 FT_UINT32, BASE_DEC, NULL, 0x0,
3186 NULL, HFILL}},
3187 { &hf_sflow_5_dot11QoSDiscardedFragmentCount,
3188 { "QoS Discarded Fragment Count", "sflow_5.dot11QoSDiscardedFragmentCount",
3189 FT_UINT32, BASE_DEC, NULL, 0x0,
3190 NULL, HFILL}},
3191 { &hf_sflow_5_dot11AssociatedStationCount,
3192 { "Associated Station Count", "sflow_5.dot11AssociatedStationCount",
3193 FT_UINT32, BASE_DEC, NULL, 0x0,
3194 NULL, HFILL}},
3195 { &hf_sflow_5_dot11QoSCFPollsReceivedCount,
3196 { "QoS CF Polls Received Count", "sflow_5.dot11QoSCFPollsReceivedCount",
3197 FT_UINT32, BASE_DEC, NULL, 0x0,
3198 NULL, HFILL}},
3199 { &hf_sflow_5_dot11QoSCFPollsUnusedCount,
3200 { "QoS CF Polls Unused Count", "sflow_5.dot11QoSCFPollsUnusedCount",
3201 FT_UINT32, BASE_DEC, NULL, 0x0,
3202 NULL, HFILL}},
3203 { &hf_sflow_5_dot11QoSCFPollsUnusableCount,
3204 { "QoS CF Polls Unusable Count", "sflow_5.dot11QoSCFPollsUnusableCount",
3205 FT_UINT32, BASE_DEC, NULL, 0x0,
3206 NULL, HFILL}},
3207 { &hf_sflow_5_dot11QoSCFPollsLostCount,
3208 { "QoS CF Polls Lost Count", "sflow_5.dot11QoSCFPollsLostCount",
3209 FT_UINT32, BASE_DEC, NULL, 0x0,
3210 NULL, HFILL}},
3211 { &hf_sflow_5_cpu_5s,
3212 { "5s CPU Load (100 = 1%)", "sflow_5.cpu_5s",
3213 FT_UINT32, BASE_DEC, NULL, 0x0,
3214 "Average CPU Load Over 5 Seconds (100 = 1%)", HFILL}},
3215 { &hf_sflow_5_cpu_1m,
3216 { "1m CPU Load (100 = 1%)", "sflow_5.cpu_1m",
3217 FT_UINT32, BASE_DEC, NULL, 0x0,
3218 "Average CPU Load Over 1 Minute (100 = 1%)", HFILL}},
3219 { &hf_sflow_5_cpu_5m,
3220 { "5m CPU Load (100 = 1%)", "sflow_5.cpu_5m",
3221 FT_UINT32, BASE_DEC, NULL, 0x0,
3222 "Average CPU Load Over 5 Minutes (100 = 1%)", HFILL}},
3223 { &hf_sflow_5_total_memory,
3224 { "Total Memory", "sflow_5.total_memory",
3225 FT_UINT64, BASE_DEC, NULL, 0x0,
3226 NULL, HFILL}},
3227 { &hf_sflow_5_free_memory,
3228 { "Free Memory", "sflow_5.free_memory",
3229 FT_UINT64, BASE_DEC, NULL, 0x0,
3230 NULL, HFILL}},
3231 { &hf_sflow_5_elapsed_time,
3232 { "Elapsed Time (ms)", "sflow_5.elapsed_time",
3233 FT_UINT32, BASE_DEC, NULL, 0x0,
3234 "Elapsed Time in ms", HFILL}},
3235 { &hf_sflow_5_on_channel_time,
3236 { "On Channel (ms)", "sflow_5.on_channel_time",
3237 FT_UINT32, BASE_DEC, NULL, 0x0,
3238 "Time in ms Spent on Channel", HFILL}},
3239 { &hf_sflow_5_on_channel_busy_time,
3240 { "On Channel Busy (ms)", "sflow_5.channel_busy_time",
3241 FT_UINT32, BASE_DEC, NULL, 0x0,
3242 "Time in ms Spent on Channel and Busy", HFILL}},
3243
3244 /* Generated from convert_proto_tree_add_text.pl */
3245 { &hf_sflow_245_header_frame_length,
3246 { "Frame Length", "sflow_245.header.frame_length",
3247 FT_UINT32, BASE_DEC, NULL, 0x0,
3248 NULL, HFILL }
3249 },
3250 { &hf_sflow_245_header_payload_stripped,
3251 { "Payload stripped", "sflow_245.header.payload_stripped",
3252 FT_UINT32, BASE_DEC, NULL, 0x0,
3253 NULL, HFILL }
3254 },
3255 { &hf_sflow_245_sampled_header_length,
3256 { "Sampled header length", "sflow_245.header.sampled_header_length",
3257 FT_UINT32, BASE_DEC, NULL, 0x0,
3258 NULL, HFILL }
3259 },
3260 { &hf_sflow_245_extended_mpls_in_label_stack_entries,
3261 { "In Label Stack Entries", "sflow_245.extended_mpls.in_label_stack_entries",
3262 FT_UINT32, BASE_DEC, NULL, 0x0,
3263 NULL, HFILL }
3264 },
3265 { &hf_sflow_245_extended_mpls_in_label,
3266 { "Label", "sflow_245.extended_mpls.in_label",
3267 FT_UINT32, BASE_DEC, NULL, 0x0,
3268 NULL, HFILL }
3269 },
3270 { &hf_sflow_245_extended_mpls_out_label_stack_entries,
3271 { "Out Label Stack Entries", "sflow_245.extended_mpls.out_label_stack_entries",
3272 FT_UINT32, BASE_DEC, NULL, 0x0,
3273 NULL, HFILL }
3274 },
3275 { &hf_sflow_245_extended_mpls_out_label,
3276 { "Label", "sflow_245.extended_mpls.out_label",
3277 FT_UINT32, BASE_DEC, NULL, 0x0,
3278 NULL, HFILL }
3279 },
3280 { &hf_sflow_245_ethernet_length_of_mac_packet,
3281 { "Length of MAC Packet", "sflow_245.ethernet.length",
3282 FT_UINT32, BASE_DEC, NULL, 0x0,
3283 NULL, HFILL }
3284 },
3285 { &hf_sflow_245_ethernet_source_mac_address,
3286 { "Source MAC Address", "sflow_245.ethernet.source_mac_address",
3287 FT_ETHER, BASE_NONE, NULL, 0x0,
3288 NULL, HFILL }
3289 },
3290 { &hf_sflow_245_ethernet_destination_mac_address,
3291 { "Destination MAC Address", "sflow_245.ethernet.destination_mac_address",
3292 FT_ETHER, BASE_NONE, NULL, 0x0,
3293 NULL, HFILL }
3294 },
3295 { &hf_sflow_245_ethernet_packet_type,
3296 { "Ethernet Packet Type", "sflow_245.ethernet.packet_type",
3297 FT_UINT32, BASE_DEC, NULL, 0x0,
3298 NULL, HFILL }
3299 },
3300 { &hf_sflow_245_length_of_ip_packet,
3301 { "Length of IP Packet", "sflow_245.ip.length",
3302 FT_UINT32, BASE_DEC, NULL, 0x0,
3303 NULL, HFILL }
3304 },
3305 { &hf_sflow_245_ip_source_port,
3306 { "Source Port", "sflow_245.ip.source_port",
3307 FT_UINT32, BASE_DEC, NULL, 0x0,
3308 NULL, HFILL }
3309 },
3310 { &hf_sflow_245_ip_destination_port,
3311 { "Destination Port", "sflow.ip.destination_port",
3312 FT_UINT32, BASE_DEC, NULL, 0x0,
3313 NULL, HFILL }
3314 },
3315 { &hf_sflow_245_ip_tcp_flag_cwr,
3316 { "TCP Flag (CWR)", "sflow_245.ip.tcp_flag.cwr",
3317 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000080,
3318 NULL, HFILL }
3319 },
3320 { &hf_sflow_245_ip_tcp_flag_ece,
3321 { "TCP Flag (ECE)", "sflow_245.ip.tcp_flag.ece",
3322 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000040,
3323 NULL, HFILL }
3324 },
3325 { &hf_sflow_245_ip_tcp_flag_urg,
3326 { "TCP Flag (URG)", "sflow_245.ip.tcp_flag.urg",
3327 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000020,
3328 NULL, HFILL }
3329 },
3330 { &hf_sflow_245_ip_tcp_flag_ack,
3331 { "TCP Flag (ACK)", "sflow_245.ip.tcp_flag.ack",
3332 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000010,
3333 NULL, HFILL }
3334 },
3335 { &hf_sflow_245_ip_tcp_flag_psh,
3336 { "TCP Flag (PSH)", "sflow_245.ip.tcp_flag.psh",
3337 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000008,
3338 NULL, HFILL }
3339 },
3340 { &hf_sflow_245_ip_tcp_flag_rst,
3341 { "TCP Flag (RST)", "sflow_245.ip.tcp_flag.rst",
3342 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000004,
3343 NULL, HFILL }
3344 },
3345 { &hf_sflow_245_ip_tcp_flag_syn,
3346 { "TCP Flag (SYN)", "sflow_245.ip.tcp_flag.syn",
3347 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000002,
3348 NULL, HFILL }
3349 },
3350 { &hf_sflow_245_ip_tcp_flag_fin,
3351 { "TCP Flag (FIN)", "sflow_245.ip.tcp_flag.fin",
3352 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00000001,
3353 NULL, HFILL }
3354 },
3355 { &hf_sflow_245_ipv4_delay,
3356 { "Delay", "sflow_245.ipv4_delay",
3357 FT_BOOLEAN, 32, TFS(&tfs_low_normal), 0x00000010,
3358 NULL, HFILL }
3359 },
3360 { &hf_sflow_245_ipv4_throughput,
3361 { "Throughput", "sflow_245.ipv4_throughput",
3362 FT_BOOLEAN, 32, TFS(&tfs_high_normal), 0x00000008,
3363 NULL, HFILL }
3364 },
3365 { &hf_sflow_245_ipv4_reliability,
3366 { "Reliability", "sflow_245.ipv4_reliability",
3367 FT_BOOLEAN, 32, TFS(&tfs_high_normal), 0x00000004,
3368 NULL, HFILL }
3369 },
3370 { &hf_sflow_245_ipv4_cost,
3371 { "Cost (RFC1349)", "sflow_245.ipv4_cost",
3372 FT_BOOLEAN, 32, TFS(&tfs_minimize_monetary_normal), 0x00000002,
3373 NULL, HFILL }
3374 },
3375 { &hf_sflow_245_ipv6_priority,
3376 { "Priority", "sflow_245.ipv6_priority",
3377 FT_UINT32, BASE_DEC, NULL, 0x0,
3378 NULL, HFILL }
3379 },
3380 { &hf_sflow_5_extended_user_source_character_set,
3381 { "Source Character Set", "sflow_5.extended_user.source_character_set",
3382 FT_UINT32, BASE_DEC, NULL, 0x0,
3383 NULL, HFILL }
3384 },
3385 { &hf_sflow_5_extended_user_source_user_string_length,
3386 { "Source User String Length (bytes)", "sflow_5.extended_user.source_user_string_length",
3387 FT_UINT32, BASE_DEC, NULL, 0x0,
3388 NULL, HFILL }
3389 },
3390 { &hf_sflow_5_extended_user_destination_character_set,
3391 { "Destination Character Set", "sflow_5.extended_user.destination_character_set",
3392 FT_UINT32, BASE_DEC, NULL, 0x0,
3393 NULL, HFILL }
3394 },
3395 { &hf_sflow_5_extended_user_destination_user_string_length,
3396 { "Destination User String Length (bytes)", "sflow_5.extended_user.destination_user_string_length",
3397 FT_UINT32, BASE_DEC, NULL, 0x0,
3398 NULL, HFILL }
3399 },
3400 { &hf_sflow_5_extended_url_url_length,
3401 { "URL Length (bytes)", "sflow_5.extended_url.url_length",
3402 FT_UINT32, BASE_DEC, NULL, 0x0,
3403 NULL, HFILL }
3404 },
3405 { &hf_sflow_5_extended_url_host_length,
3406 { "Host Length (bytes)", "sflow_5.extended_url.host_length",
3407 FT_UINT32, BASE_DEC, NULL, 0x0,
3408 NULL, HFILL }
3409 },
3410 { &hf_sflow_5_extended_mpls_tunnel_name_length,
3411 { "Tunnel Name Length (bytes)", "sflow_5.extended_mpls_tunnel.name_length",
3412 FT_UINT32, BASE_DEC, NULL, 0x0,
3413 NULL, HFILL }
3414 },
3415 { &hf_sflow_5_extended_mpls_tunnel_id,
3416 { "Tunnel ID", "sflow_5.extended_mpls_tunnel.id",
3417 FT_UINT32, BASE_DEC, NULL, 0x0,
3418 NULL, HFILL }
3419 },
3420 { &hf_sflow_5_extended_mpls_tunnel_cos_value,
3421 { "Tunnel COS Value", "sflow_5.extended_mpls_tunnel.cos_value",
3422 FT_UINT32, BASE_DEC, NULL, 0x0,
3423 NULL, HFILL }
3424 },
3425 { &hf_sflow_5_extended_mpls_vc_instance_name_length,
3426 { "VC Instance Name Length (bytes)", "sflow_5.extended_mpls_vc.instance_name_length",
3427 FT_UINT32, BASE_DEC, NULL, 0x0,
3428 NULL, HFILL }
3429 },
3430 { &hf_sflow_5_extended_mpls_vc_id,
3431 { "VLL/VC ID", "sflow_5.extended_mpls_vc.id",
3432 FT_UINT32, BASE_DEC, NULL, 0x0,
3433 NULL, HFILL }
3434 },
3435 { &hf_sflow_5_extended_mpls_vc_label_cos_value,
3436 { "VC Label COS Value", "sflow_5.extended_mpls_vc.label_cos_value",
3437 FT_UINT32, BASE_DEC, NULL, 0x0,
3438 NULL, HFILL }
3439 },
3440 { &hf_sflow_5_extended_mpls_ftn_description_length,
3441 { "MPLS FTN Description Length (bytes)", "sflow_5.extended_mpls.ftn_description_length",
3442 FT_UINT32, BASE_DEC, NULL, 0x0,
3443 NULL, HFILL }
3444 },
3445 { &hf_sflow_5_extended_mpls_ftn_mask,
3446 { "MPLS FTN Mask", "sflow_5.extended_mpls.ftn_mask",
3447 FT_UINT32, BASE_DEC, NULL, 0x0,
3448 NULL, HFILL }
3449 },
3450 { &hf_sflow_5_extended_mpls_fec_address_prefix_length,
3451 { "MPLS FEC Address Prefix Length (bytes)", "sflow_5.extended_mpls.fec_address_prefix_length",
3452 FT_UINT32, BASE_DEC, NULL, 0x0,
3453 NULL, HFILL }
3454 },
3455 { &hf_sflow_5_extended_vlan_tunnel_number_of_layers,
3456 { "Number of Layers", "sflow_5.extended_vlan_tunnel.number_of_layers",
3457 FT_UINT32, BASE_DEC, NULL, 0x0,
3458 NULL, HFILL }
3459 },
3460 { &hf_sflow_5_extended_vlan_tunnel_tpid_tci_pair,
3461 { "TPID/TCI Pair as Integer", "sflow_5.extended_vlan_tunnel.tpid_tci_pair",
3462 FT_UINT32, BASE_DEC, NULL, 0x0,
3463 NULL, HFILL }
3464 },
3465 { &hf_sflow_5_extended_80211_oui,
3466 { "OUI", "sflow_5.extended_80211.oui",
3467 FT_UINT24, BASE_HEX, NULL, 0x0,
3468 NULL, HFILL }
3469 },
3470 { &hf_sflow_5_extended_80211_suite_type,
3471 { "Suite Type", "sflow_5.extended_80211.suite_type",
3472 FT_UINT8, BASE_DEC, VALS(extended_80211_suite_type_vals), 0x0,
3473 NULL, HFILL }
3474 },
3475 { &hf_sflow_5_extended_80211_payload_length,
3476 { "Payload Length", "sflow_5.extended_80211.payload_length",
3477 FT_UINT32, BASE_DEC, NULL, 0x0,
3478 NULL, HFILL }
3479 },
3480 { &hf_sflow_5_extended_80211_rx_bssid,
3481 { "BSSID", "sflow_5.extended_80211.rx.bssid",
3482 FT_ETHER, BASE_NONE, NULL, 0x0,
3483 NULL, HFILL }
3484 },
3485 { &hf_sflow_5_extended_80211_rx_version,
3486 { "Version", "sflow_5.extended_80211.rx.version",
3487 FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
3488 NULL, HFILL }
3489 },
3490 { &hf_sflow_5_extended_80211_rx_channel,
3491 { "Channel", "sflow_5.extended_80211.rx.channel",
3492 FT_UINT32, BASE_DEC, NULL, 0x0,
3493 NULL, HFILL }
3494 },
3495 { &hf_sflow_5_extended_80211_rx_speed,
3496 { "Speed", "sflow_5.extended_80211.rx.speed",
3497 FT_UINT64, BASE_DEC, NULL, 0x0,
3498 NULL, HFILL }
3499 },
3500 { &hf_sflow_5_extended_80211_rx_rsni,
3501 { "RSNI", "sflow_5.extended_80211.rx.rsni",
3502 FT_UINT32, BASE_DEC, NULL, 0x0,
3503 NULL, HFILL }
3504 },
3505 { &hf_sflow_5_extended_80211_rx_rcpi,
3506 { "RCPI", "sflow_5.extended_80211.rx.rcpi",
3507 FT_UINT32, BASE_DEC, NULL, 0x0,
3508 NULL, HFILL }
3509 },
3510 { &hf_sflow_5_extended_80211_rx_packet_duration,
3511 { "Packet Duration (ms)", "sflow_5.extended_80211.rx.packet_duration",
3512 FT_UINT32, BASE_DEC, NULL, 0x0,
3513 NULL, HFILL }
3514 },
3515 { &hf_sflow_5_extended_80211_tx_bssid,
3516 { "BSSID", "sflow_5.extended_80211.tx.bssid",
3517 FT_ETHER, BASE_NONE, NULL, 0x0,
3518 NULL, HFILL }
3519 },
3520 { &hf_sflow_5_extended_80211_tx_version,
3521 { "Version", "sflow_5.extended_80211.tx.version",
3522 FT_UINT32, BASE_DEC, VALS(sflow_5_ieee80211_versions), 0x0,
3523 NULL, HFILL }
3524 },
3525 { &hf_sflow_5_extended_80211_tx_retransmissions,
3526 { "Retransmissions", "sflow_5.extended_80211.tx.retransmissions",
3527 FT_UINT32, BASE_DEC, NULL, 0x0,
3528 NULL, HFILL }
3529 },
3530 { &hf_sflow_5_extended_80211_tx_packet_duration,
3531 { "Packet Duration (ms)", "sflow_5.extended_80211.tx.packet_duration",
3532 FT_UINT32, BASE_DEC, NULL, 0x0,
3533 NULL, HFILL }
3534 },
3535 { &hf_sflow_5_extended_80211_tx_retransmission_duration,
3536 { "Retransmission Duration (ms)", "sflow_5.extended_80211.tx.retransmission_duration",
3537 FT_UINT32, BASE_DEC, NULL, 0x0,
3538 NULL, HFILL }
3539 },
3540 { &hf_sflow_5_extended_80211_tx_channel,
3541 { "Channel", "sflow_5.extended_80211.tx.channel",
3542 FT_UINT32, BASE_DEC, NULL, 0x0,
3543 NULL, HFILL }
3544 },
3545 { &hf_sflow_5_extended_80211_tx_speed,
3546 { "Speed", "sflow_5.extended_80211.tx.speed",
3547 FT_UINT64, BASE_DEC, NULL, 0x0,
3548 NULL, HFILL }
3549 },
3550 { &hf_sflow_5_extended_80211_tx_power,
3551 { "Power", "sflow_5.extended_80211.tx.power",
3552 FT_UINT32, BASE_DEC, NULL, 0x0,
3553 NULL, HFILL }
3554 },
3555 { &hf_sflow_flow_sample_sequence_number,
3556 { "Sequence number", "sflow.flow_sample.sequence_number",
3557 FT_UINT32, BASE_DEC, NULL, 0x0,
3558 NULL, HFILL }
3559 },
3560 { &hf_sflow_flow_sample_source_id_class,
3561 { "Source ID class", "sflow.flow_sample.source_id_class",
3562 FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3563 NULL, HFILL }
3564 },
3565 { &hf_sflow_flow_sample_sampling_rate,
3566 { "Sampling rate", "sflow.flow_sample.sampling_rate",
3567 FT_UINT32, BASE_DEC, NULL, 0x0,
3568 NULL, HFILL }
3569 },
3570 { &hf_sflow_flow_sample_sample_pool,
3571 { "Sample pool", "sflow.flow_sample.sample_pool",
3572 FT_UINT32, BASE_DEC|BASE_UNIT_STRING, UNS(&units_total_packets), 0x0,
3573 NULL, HFILL }
3574 },
3575 { &hf_sflow_flow_sample_dropped_packets,
3576 { "Dropped packets", "sflow.flow_sample.dropped_packets",
3577 FT_UINT32, BASE_DEC, NULL, 0x0,
3578 NULL, HFILL }
3579 },
3580 { &hf_sflow_flow_sample_input_interface,
3581 { "Input interface (ifIndex)", "sflow.flow_sample.input_interface",
3582 FT_UINT32, BASE_DEC, NULL, 0x0,
3583 NULL, HFILL }
3584 },
3585 { &hf_sflow_24_flow_sample_multiple_outputs,
3586 { "Multiple outputs", "sflow.flow_sample.multiple_outputs",
3587 FT_UINT32, BASE_DEC, NULL, 0x0,
3588 NULL, HFILL }
3589 },
3590 { &hf_sflow_5_flow_sample_output_interface_expanded_format,
3591 { "Output interface expanded format", "sflow.flow_sample.output_interface.expanded.format",
3592 FT_UINT32, BASE_DEC, VALS(interface_format), 0x0,
3593 NULL, HFILL }
3594 },
3595 { &hf_sflow_24_flow_sample_output_interface,
3596 { "Output interface (ifIndex)", "sflow.flow_sample.output_interface",
3597 FT_UINT32, BASE_DEC, NULL, 0x7fffffff,
3598 NULL, HFILL }
3599 },
3600 { &hf_sflow_5_flow_sample_output_interface,
3601 { "Output interface", "sflow.flow_sample.output_interface",
3602 FT_UINT32, BASE_HEX, NULL, 0x0,
3603 NULL, HFILL }
3604 },
3605 { &hf_sflow_5_flow_sample_output_interface_form,
3606 { "Output interface format", "sflow.flow_sample.output_interface_format",
3607 FT_UINT32, BASE_DEC, VALS(interface_format), SFLOW_5_INT_FORMAT,
3608 NULL, HFILL }
3609 },
3610 { &hf_sflow_5_flow_sample_output_interface_val,
3611 { "Output interface value", "sflow.flow_sample.output_interface_value",
3612 FT_UINT32, BASE_DEC, NULL, SFLOW_5_INT_VALUE,
3613 NULL, HFILL }
3614 },
3615 { &hf_sflow_5_flow_sample_output_interface_val_discard,
3616 { "Output interface value", "sflow.flow_sample.output_interface_value",
3617 FT_UINT32, BASE_DEC, VALS(interface_discard), SFLOW_5_INT_VALUE,
3618 NULL, HFILL }
3619 },
3620 { &hf_sflow_enterprise,
3621 { "Enterprise", "sflow.enterprise",
3622 FT_UINT32, BASE_DEC, NULL, 0xFFFFF000,
3623 NULL, HFILL }
3624 },
3625 { &hf_sflow_enterprise_length,
3626 { "Length", "sflow.enterprise.length",
3627 FT_UINT32, BASE_DEC, NULL, 0x0,
3628 NULL, HFILL }
3629 },
3630 { &hf_sflow_enterprise_data,
3631 { "Data", "sflow.enterprise.data",
3632 FT_BYTES, BASE_NONE, NULL, 0x0,
3633 NULL, HFILL }
3634 },
3635 { &hf_sflow_flow_sample_flow_record,
3636 { "Flow record", "sflow.flow_sample.flow_record",
3637 FT_UINT32, BASE_DEC, NULL, 0x0,
3638 NULL, HFILL }
3639 },
3640 { &hf_sflow_flow_sample_source_id_type,
3641 { "Source ID type", "sflow.flow_sample.source_id_type",
3642 FT_UINT32, BASE_DEC, NULL, 0x0,
3643 NULL, HFILL }
3644 },
3645 { &hf_sflow_flow_sample_source_id_index,
3646 { "Source ID index", "sflow.flow_sample.source_id_index",
3647 FT_UINT32, BASE_DEC, NULL, 0x0,
3648 NULL, HFILL }
3649 },
3650 { &hf_sflow_flow_sample_input_interface_format,
3651 { "Input interface format", "sflow.flow_sample.input_interface_format",
3652 FT_UINT32, BASE_DEC, NULL, 0x0,
3653 NULL, HFILL }
3654 },
3655 { &hf_sflow_flow_sample_input_interface_value,
3656 { "Input interface value", "sflow.flow_sample.input_interface_value",
3657 FT_UINT32, BASE_DEC, NULL, 0x0,
3658 NULL, HFILL }
3659 },
3660 { &hf_sflow_24_flow_sample_output_interface_value,
3661 { "Output interface value", "sflow.flow_sample.output_interface_value",
3662 FT_UINT32, BASE_DEC, NULL, 0x0,
3663 NULL, HFILL }
3664 },
3665 { &hf_sflow_5_flow_sample_output_interface_expanded_value,
3666 { "Output interface expanded value", "sflow.flow_sample.output_interface_expanded.value",
3667 FT_UINT32, BASE_DEC, NULL, 0x0,
3668 NULL, HFILL }
3669 },
3670 { &hf_sflow_5_flow_sample_output_interface_expanded_value_discarded,
3671 { "Output interface packet discarded", "sflow.flow_sample.output_interface_expanded.value_discarded",
3672 FT_UINT32, BASE_DEC, VALS(interface_discard), 0x0,
3673 NULL, HFILL }
3674 },
3675 { &hf_sflow_5_flow_sample_output_interface_expanded_value_number,
3676 { "Output inferface number of interfaces", "sflow.flow_sample.output_interface_expanded.number",
3677 FT_UINT32, BASE_DEC, NULL, 0x0,
3678 NULL, HFILL }
3679 },
3680 { &hf_sflow_5_flow_sample_output_interface_expanded_value_ifindex,
3681 { "Output interface ifIndex", "sflow.flow_sample.output_interface_expanded.ifindex",
3682 FT_UINT32, BASE_DEC, NULL, 0x0,
3683 NULL, HFILL }
3684 },
3685 { &hf_sflow_counters_sample_sequence_number,
3686 { "Sequence number", "sflow.counters_sample.sequence_number",
3687 FT_UINT32, BASE_DEC, NULL, 0x0,
3688 NULL, HFILL }
3689 },
3690 { &hf_sflow_counters_sample_source_id_class,
3691 { "Source ID class", "sflow.counters_sample.source_id_class",
3692 FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3693 NULL, HFILL }
3694 },
3695 { &hf_sflow_counters_sample_sampling_interval,
3696 { "Sampling Interval", "sflow.counters_sample.sampling_interval",
3697 FT_UINT32, BASE_DEC, NULL, 0x0,
3698 NULL, HFILL }
3699 },
3700 { &hf_sflow_counters_sample_counters_type,
3701 { "Counters type", "sflow.counters_sample.counters_type",
3702 FT_UINT32, BASE_DEC, VALS(sflow_245_counterstype), 0x0,
3703 NULL, HFILL }
3704 },
3705 { &hf_sflow_counters_sample_source_id_type,
3706 { "Source ID type", "sflow.counters_sample.source_id_type",
3707 FT_UINT32, BASE_DEC, NULL, 0xFF000000,
3708 NULL, HFILL }
3709 },
3710 { &hf_sflow_counters_sample_source_id_index,
3711 { "Source ID index", "sflow.counters_sample.source_id_index",
3712 FT_UINT32, BASE_DEC, NULL, 0x00FFFFFF,
3713 NULL, HFILL }
3714 },
3715 { &hf_sflow_counters_sample_counters_records,
3716 { "Counters records", "sflow.counters_sample.counters_records",
3717 FT_UINT32, BASE_DEC, NULL, 0x0,
3718 NULL, HFILL }
3719 },
3720 { &hf_sflow_counters_sample_expanded_source_id_type,
3721 { "Source ID type", "sflow.counters_sample.source_id_type",
3722 FT_UINT32, BASE_DEC, NULL, 0x0,
3723 NULL, HFILL }
3724 },
3725 { &hf_sflow_counters_sample_expanded_source_id_index,
3726 { "Source ID index", "sflow.counters_sample.source_id_index",
3727 FT_UINT32, BASE_DEC, NULL, 0x0,
3728 NULL, HFILL }
3729 },
3730 { &hf_sflow_lag_port_padding,
3731 { "Padding", "sflow.lag_port.padding",
3732 FT_BYTES, BASE_NONE, NULL, 0x0,
3733 NULL, HFILL }
3734 },
3735 { &hf_sflow_lag_port_actorsystemid,
3736 { "Actor System ID", "sflow.lag_port.actor_system_id",
3737 FT_ETHER, BASE_NONE, NULL, 0x0,
3738 NULL, HFILL }
3739 },
3740 { &hf_sflow_lag_port_partneropersystemid,
3741 { "Partner Oper System ID", "sflow.lag_port.partner_oper_system_id",
3742 FT_ETHER, BASE_NONE, NULL, 0x0,
3743 NULL, HFILL }
3744 },
3745 { &hf_sflow_lag_port_attachedaggid,
3746 { "Port Attached Agg ID", "sflow.lag_port.attached_agg_id",
3747 FT_UINT32, BASE_DEC, NULL, 0x0,
3748 NULL, HFILL }
3749 },
3750 { &hf_sflow_lag_port_state,
3751 { "State", "sflow.lag_port.state",
3752 FT_UINT32, BASE_HEX, NULL, 0x0,
3753 NULL, HFILL }
3754 },
3755 { &hf_sflow_lag_port_actoradminstate,
3756 { "Actor Admin State", "sflow.lag_port.actor_admin_state",
3757 FT_BOOLEAN, 32, NULL, 0x00000001,
3758 NULL, HFILL }
3759 },
3760 { &hf_sflow_lag_port_actoroperstate,
3761 { "Actor Oper State", "sflow.lag_port.actor_oper_state",
3762 FT_BOOLEAN, 32, NULL, 0x00000002,
3763 NULL, HFILL }
3764 },
3765 { &hf_sflow_lag_port_partneradminstate,
3766 { "Partner Admin State", "sflow.lag_port.partner_admin_state",
3767 FT_BOOLEAN, 32, NULL, 0x00000004,
3768 NULL, HFILL }
3769 },
3770 { &hf_sflow_lag_port_partneroperstate,
3771 { "Partner Oper State", "sflow.lag_port.partner_oper_state",
3772 FT_BOOLEAN, 32, NULL, 0x00000008,
3773 NULL, HFILL }
3774 },
3775 { &hf_sflow_lag_port_reserved,
3776 { "Reserved", "sflow.lag_port.reserved",
3777 FT_UINT32, BASE_HEX, NULL, 0xFFFFFFF0,
3778 NULL, HFILL }
3779 },
3780 { &hf_sflow_5_lag_port_actoradminstate,
3781 { "Actor Admin State", "sflow.lag_port.actor_admin_state",
3782 FT_BOOLEAN, 32, NULL, 0x000000FF,
3783 NULL, HFILL }
3784 },
3785 { &hf_sflow_5_lag_port_actoroperstate,
3786 { "Actor Oper State", "sflow.lag_port.actor_oper_state",
3787 FT_BOOLEAN, 32, NULL, 0x0000FF00,
3788 NULL, HFILL }
3789 },
3790 { &hf_sflow_5_lag_port_partneradminstate,
3791 { "Partner Admin State", "sflow.lag_port.partner_admin_state",
3792 FT_BOOLEAN, 32, NULL, 0x00FF0000,
3793 NULL, HFILL }
3794 },
3795 { &hf_sflow_5_lag_port_partneroperstate,
3796 { "Partner Oper State", "sflow.lag_port.partner_oper_state",
3797 FT_BOOLEAN, 32, NULL, 0xFF000000,
3798 NULL, HFILL }
3799 },
3800 { &hf_sflow_lag_port_stats_lacpdusrx,
3801 { "LACPDUs Rx", "sflow.lag_port.lacpdus.rx",
3802 FT_UINT32, BASE_DEC, NULL, 0x0,
3803 NULL, HFILL }
3804 },
3805 { &hf_sflow_lag_port_stats_markerpdusrx,
3806 { "Marker PDUs Rx", "sflow.lag_port.marker_pdus.rx",
3807 FT_UINT32, BASE_DEC, NULL, 0x0,
3808 NULL, HFILL }
3809 },
3810 { &hf_sflow_lag_port_stats_markerresponsepdusrx,
3811 { "Marker Response PDUs Rx", "sflow.lag_port.marker_response_pdus.rx",
3812 FT_UINT32, BASE_DEC, NULL, 0x0,
3813 NULL, HFILL }
3814 },
3815 { &hf_sflow_lag_port_stats_unknownrx,
3816 { "Unknown Rx", "sflow.lag_port.unknown.rx",
3817 FT_UINT32, BASE_DEC, NULL, 0x0,
3818 NULL, HFILL }
3819 },
3820 { &hf_sflow_lag_port_stats_illegalrx,
3821 { "Illegal Rx", "sflow.lag_port.illegal.rx",
3822 FT_UINT32, BASE_DEC, NULL, 0x0,
3823 NULL, HFILL }
3824 },
3825 { &hf_sflow_lag_port_stats_lacpdustx,
3826 { "LACPDUs Tx", "sflow.lag_port.lacpdus.tx",
3827 FT_UINT32, BASE_DEC, NULL, 0x0,
3828 NULL, HFILL }
3829 },
3830 { &hf_sflow_lag_port_stats_markerpdustx,
3831 { "Marker PDUs Tx", "sflow.lag_port.marker_pdus.tx",
3832 FT_UINT32, BASE_DEC, NULL, 0x0,
3833 NULL, HFILL }
3834 },
3835 { &hf_sflow_lag_port_stats_markerresponsepdustx,
3836 { "Marker Response PDUs Tx", "sflow.lag_port.marker_response_pdus.tx",
3837 FT_UINT32, BASE_DEC, NULL, 0x0,
3838 NULL, HFILL }
3839 },
3840
3841 { &hf_sflow_245_as_type,
3842 { "AS Type", "sflow.as_type",
3843 FT_UINT32, BASE_DEC, VALS(sflow_245_as_types), 0x0,
3844 NULL, HFILL }
3845 },
3846 { &hf_sflow_245_ip_protocol,
3847 { "IP Protocol", "sflow.ip_protocol",
3848 FT_UINT32, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
3849 NULL, HFILL }
3850 },
3851 { &hf_sflow_5_extended_user_source_user,
3852 { "Source User", "sflow_5.extended_user.source_user",
3853 FT_STRING, BASE_NONE, NULL, 0x0,
3854 NULL, HFILL }
3855 },
3856 { &hf_sflow_5_extended_user_destination_user,
3857 { "Destination User", "sflow_5.extended_user.destination_user",
3858 FT_STRING, BASE_NONE, NULL, 0x0,
3859 NULL, HFILL }
3860 },
3861 { &hf_sflow_5_extended_url_direction,
3862 { "Direction", "sflow_5.extended_url.direction",
3863 FT_UINT32, BASE_DEC, NULL, 0x0,
3864 NULL, HFILL }
3865 },
3866 { &hf_sflow_5_extended_url_url,
3867 { "URL", "sflow_5.extended_url.url",
3868 FT_STRING, BASE_NONE, NULL, 0x0,
3869 NULL, HFILL }
3870 },
3871 { &hf_sflow_5_extended_url_host,
3872 { "Host", "sflow_5.extended_url.host",
3873 FT_STRING, BASE_NONE, NULL, 0x0,
3874 NULL, HFILL }
3875 },
3876 { &hf_sflow_5_extended_mpls_tunnel_name,
3877 { "Tunnel Name", "sflow_5.extended_mpls_tunnel.tunnel_name",
3878 FT_STRING, BASE_NONE, NULL, 0x0,
3879 NULL, HFILL }
3880 },
3881 { &hf_sflow_5_extended_mpls_vc_instance_name,
3882 { "VC Instance Name", "sflow_5.extended_mpls_vc.vc_instance_name",
3883 FT_STRING, BASE_NONE, NULL, 0x0,
3884 NULL, HFILL }
3885 },
3886 { &hf_sflow_5_extended_mpls_ftn_description,
3887 { "MPLS FTN Description", "sflow_5.extended_mpls.ftn_description",
3888 FT_STRING, BASE_NONE, NULL, 0x0,
3889 NULL, HFILL }
3890 },
3891 { &hf_sflow_5_extended_80211_payload,
3892 { "Payload", "sflow_5.extended_80211.payload",
3893 FT_BYTES, BASE_NONE, NULL, 0x0,
3894 NULL, HFILL }
3895 },
3896 { &hf_sflow_5_extended_80211_rx_ssid,
3897 { "SSID", "sflow_5.extended_80211.rx.ssid",
3898 FT_STRING, BASE_NONE, NULL, 0x0,
3899 NULL, HFILL }
3900 },
3901 { &hf_sflow_5_extended_80211_tx_ssid,
3902 { "SSID", "sflow_5.extended_80211.tx.ssid",
3903 FT_STRING, BASE_NONE, NULL, 0x0,
3904 NULL, HFILL }
3905 },
3906 { &hf_sflow_flow_sample_index,
3907 { "Index", "sflow.flow_sample.index",
3908 FT_UINT32, BASE_DEC, NULL, 0x00FFFFFF,
3909 NULL, HFILL }
3910 },
3911 { &hf_sflow_counters_sample_index,
3912 { "Index", "sflow.counters_sample.index",
3913 FT_UINT32, BASE_DEC, NULL, 0x0,
3914 NULL, HFILL }
3915 },
3916 };
3917
3918 /* Setup protocol subtree array */
3919 static int * ett[] = {
3920 &ett_sflow_245,
3921 &ett_sflow_245_sample,
3922 &ett_sflow_5_flow_record,
3923 &ett_sflow_5_counters_record,
3924 &ett_sflow_5_mpls_in_label_stack,
3925 &ett_sflow_5_mpls_out_label_stack,
3926 &ett_sflow_245_extended_data,
3927 &ett_sflow_245_gw_as_dst,
3928 &ett_sflow_245_gw_as_dst_seg,
3929 &ett_sflow_245_gw_community,
3930 &ett_sflow_245_sampled_header,
3931 &ett_sflow_lag_port_state_flags,
3932 &ett_sflow_5_output_interface,
3933 };
3934
3935 static ei_register_info ei[] = {
3936 { &ei_sflow_invalid_address_type, { "sflow.invalid_address_type", PI_MALFORMED, PI_ERROR, "Unknown/invalid address type", EXPFILL }},
3937 };
3938
3939 expert_module_t* expert_sflow;
3940
3941 /* Register the protocol name and description */
3942 proto_sflow = proto_register_protocol("InMon sFlow", "sFlow", "sflow");
3943
3944 /* Required function calls to register the header fields and subtrees used */
3945 proto_register_field_array(proto_sflow, hf, array_length(hf));
3946 proto_register_subtree_array(ett, array_length(ett));
3947 expert_sflow = expert_register_protocol(proto_sflow);
3948 expert_register_field_array(expert_sflow, ei, array_length(ei));
3949
3950 header_subdissector_table = register_dissector_table("sflow_245.header_protocol", "SFLOW header protocol", proto_sflow, FT_UINT32, BASE_DEC);
3951
3952 /* Register our dissector handle */
3953 sflow_handle = register_dissector("sflow", dissect_sflow_245, proto_sflow);
3954
3955 /* Register our configuration options for sFlow */
3956 sflow_245_module = prefs_register_protocol(proto_sflow, NULL);
3957
3958 /*
3959 If I use a filter like "ip.src == 10.1.1.1" this will, in
3960 addition to the usual suspects, find every sFlow packet
3961 where *any* of the payload headers contain 10.1.1.1 as a
3962 src addr. I think this may not be the desired behavior.
3963 It can certainly be confusing since the ip.src being found
3964 is buried about 3 subtrees deep and the subtrees might be
3965 under any one of the sampled (payload) header trees. It is
3966 certainly not quickly obvious why the filter matched.
3967 */
3968 prefs_register_bool_preference(sflow_245_module, "enable_dissection",
3969 "Dissect data in sampled headers",
3970 "Enabling dissection makes it easy to view protocol details in each of the sampled headers."
3971 " Disabling dissection may reduce noise caused when display filters match the contents of"
3972 " any sampled header(s).",
3973 &global_dissect_samp_headers);
3974 /*
3975 It is not clear to me that it *ever* makes sense to enable
3976 this option. However, it was previously the default
3977 behavior so I'll leave it as an option if someone thinks
3978 they have a use for it.
3979 */
3980 prefs_register_bool_preference(sflow_245_module, "enable_analysis",
3981 "Analyze data in sampled IP headers",
3982 "This option only makes sense if dissection of sampled headers is enabled and probably not even then.",
3983 &global_analyze_samp_ip_headers);
3984 }
3985
3986 void
3987 proto_reg_handoff_sflow_245(void) {
3988
3989 dissector_add_uint_range_with_preference("udp.port", SFLOW_UDP_PORTS, sflow_handle);
3990 }
3991
3992 /*
3993 * Editor modelines - https://www.wireshark.org/tools/modelines.html
3994 *
3995 * Local variables:
3996 * c-basic-offset: 4
3997 * tab-width: 8
3998 * indent-tabs-mode: nil
3999 * End:
4000 *
4001 * vi: set shiftwidth=4 tabstop=8 expandtab:
4002 * :indentSize=4:tabSize=8:noTabs=true:
4003 */
Metzes wireshark repo