Fix unit tests

[govpp.git] / vendor / github.com / google / gopacket / layers / sflow.go

// Copyright 2014 Google, Inc. All rights reserved.
//
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file in the root of the source
// tree.

/*
This layer decodes SFlow version 5 datagrams.

The specification can be found here: http://sflow.org/sflow_version_5.txt

Additional developer information about sflow can be found at:
http://sflow.org/developers/specifications.php

And SFlow in general:
http://sflow.org/index.php

Two forms of sample data are defined: compact and expanded. The
Specification has this to say:

    Compact and expand forms of counter and flow samples are defined.
    An agent must not mix compact/expanded encodings.  If an agent
    will never use ifIndex numbers >= 2^24 then it must use compact
    encodings for all interfaces.  Otherwise the expanded formats must
    be used for all interfaces.

This decoder only supports the compact form, because that is the only
one for which data was avaialble.

The datagram is composed of one or more samples of type flow or counter,
and each sample is composed of one or more records describing the sample.
A sample is a single instance of sampled inforamtion, and each record in
the sample gives additional / supplimentary information about the sample.

The following sample record types are supported:

        Raw Packet Header
        opaque = flow_data; enterprise = 0; format = 1

        Extended Switch Data
        opaque = flow_data; enterprise = 0; format = 1001

        Extended Router Data
        opaque = flow_data; enterprise = 0; format = 1002

        Extended Gateway Data
        opaque = flow_data; enterprise = 0; format = 1003

        Extended User Data
        opaque = flow_data; enterprise = 0; format = 1004

        Extended URL Data
        opaque = flow_data; enterprise = 0; format = 1005

The following types of counter records are supported:

        Generic Interface Counters - see RFC 2233
        opaque = counter_data; enterprise = 0; format = 1

        Ethernet Interface Counters - see RFC 2358
        opaque = counter_data; enterprise = 0; format = 2

SFlow is encoded using XDR (RFC4506). There are a few places
where the standard 4-byte fields are partitioned into two
bitfields of different lengths. I'm not sure why the designers
chose to pack together two values like this in some places, and
in others they use the entire 4-byte value to store a number that
will never be more than a few bits. In any case, there are a couple
of types defined to handle the decoding of these bitfields, and
that's why they're there. */

package layers

import (
        "encoding/binary"
        "errors"
        "fmt"
        "net"

        "github.com/google/gopacket"
)

// SFlowRecord holds both flow sample records and counter sample records.
// A Record is the structure that actually holds the sampled data
// and / or counters.
type SFlowRecord interface {
}

// SFlowDataSource encodes a 2-bit SFlowSourceFormat in its most significant
// 2 bits, and an SFlowSourceValue in its least significant 30 bits.
// These types and values define the meaning of the inteface information
// presented in the sample metadata.
type SFlowDataSource int32

func (sdc SFlowDataSource) decode() (SFlowSourceFormat, SFlowSourceValue) {
        leftField := sdc >> 30
        rightField := uint32(0x3FFFFFFF) & uint32(sdc)
        return SFlowSourceFormat(leftField), SFlowSourceValue(rightField)
}

type SFlowDataSourceExpanded struct {
        SourceIDClass SFlowSourceFormat
        SourceIDIndex SFlowSourceValue
}

func (sdce SFlowDataSourceExpanded) decode() (SFlowSourceFormat, SFlowSourceValue) {
        leftField := sdce.SourceIDClass >> 30
        rightField := uint32(0x3FFFFFFF) & uint32(sdce.SourceIDIndex)
        return SFlowSourceFormat(leftField), SFlowSourceValue(rightField)
}

type SFlowSourceFormat uint32

type SFlowSourceValue uint32

const (
        SFlowTypeSingleInterface      SFlowSourceFormat = 0
        SFlowTypePacketDiscarded      SFlowSourceFormat = 1
        SFlowTypeMultipleDestinations SFlowSourceFormat = 2
)

func (sdf SFlowSourceFormat) String() string {
        switch sdf {
        case SFlowTypeSingleInterface:
                return "Single Interface"
        case SFlowTypePacketDiscarded:
                return "Packet Discarded"
        case SFlowTypeMultipleDestinations:
                return "Multiple Destinations"
        default:
                return "UNKNOWN"
        }
}

func decodeSFlow(data []byte, p gopacket.PacketBuilder) error {
        s := &SFlowDatagram{}
        err := s.DecodeFromBytes(data, p)
        if err != nil {
                return err
        }
        p.AddLayer(s)
        p.SetApplicationLayer(s)
        return nil
}

// SFlowDatagram is the outermost container which holds some basic information
// about the reporting agent, and holds at least one sample record
type SFlowDatagram struct {
        BaseLayer

        DatagramVersion uint32
        AgentAddress    net.IP
        SubAgentID      uint32
        SequenceNumber  uint32
        AgentUptime     uint32
        SampleCount     uint32
        FlowSamples     []SFlowFlowSample
        CounterSamples  []SFlowCounterSample
}

// An SFlow  datagram's outer container has the following
// structure:

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |           int sFlow version (2|4|5)           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |   int IP version of the Agent (1=v4|2=v6)     |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /    Agent IP address (v4=4byte|v6=16byte)      /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |               int sub agent id                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |         int datagram sequence number          |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |            int switch uptime in ms            |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |          int n samples in datagram            |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /                  n samples                    /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

// SFlowDataFormat encodes the EnterpriseID in the most
// significant 12 bits, and the SampleType in the least significant
// 20 bits.
type SFlowDataFormat uint32

func (sdf SFlowDataFormat) decode() (SFlowEnterpriseID, SFlowSampleType) {
        leftField := sdf >> 12
        rightField := uint32(0xFFF) & uint32(sdf)
        return SFlowEnterpriseID(leftField), SFlowSampleType(rightField)
}

// SFlowEnterpriseID is used to differentiate between the
// official SFlow standard, and other, vendor-specific
// types of flow data. (Similiar to SNMP's enterprise MIB
// OIDs) Only the office SFlow Enterprise ID is decoded
// here.
type SFlowEnterpriseID uint32

const (
        SFlowStandard SFlowEnterpriseID = 0
)

func (eid SFlowEnterpriseID) String() string {
        switch eid {
        case SFlowStandard:
                return "Standard SFlow"
        default:
                return ""
        }
}

func (eid SFlowEnterpriseID) GetType() SFlowEnterpriseID {
        return SFlowStandard
}

// SFlowSampleType specifies the type of sample. Only flow samples
// and counter samples are supported
type SFlowSampleType uint32

const (
        SFlowTypeFlowSample            SFlowSampleType = 1
        SFlowTypeCounterSample         SFlowSampleType = 2
        SFlowTypeExpandedFlowSample    SFlowSampleType = 3
        SFlowTypeExpandedCounterSample SFlowSampleType = 4
)

func (st SFlowSampleType) GetType() SFlowSampleType {
        switch st {
        case SFlowTypeFlowSample:
                return SFlowTypeFlowSample
        case SFlowTypeCounterSample:
                return SFlowTypeCounterSample
        case SFlowTypeExpandedFlowSample:
                return SFlowTypeExpandedFlowSample
        case SFlowTypeExpandedCounterSample:
                return SFlowTypeExpandedCounterSample
        default:
                panic("Invalid Sample Type")
        }
}

func (st SFlowSampleType) String() string {
        switch st {
        case SFlowTypeFlowSample:
                return "Flow Sample"
        case SFlowTypeCounterSample:
                return "Counter Sample"
        case SFlowTypeExpandedFlowSample:
                return "Expanded Flow Sample"
        case SFlowTypeExpandedCounterSample:
                return "Expanded Counter Sample"
        default:
                return ""
        }
}

func (s *SFlowDatagram) LayerType() gopacket.LayerType { return LayerTypeSFlow }

func (d *SFlowDatagram) Payload() []byte { return nil }

func (d *SFlowDatagram) CanDecode() gopacket.LayerClass { return LayerTypeSFlow }

func (d *SFlowDatagram) NextLayerType() gopacket.LayerType { return gopacket.LayerTypePayload }

// SFlowIPType determines what form the IP address being decoded will
// take. This is an XDR union type allowing for both IPv4 and IPv6
type SFlowIPType uint32

const (
        SFlowIPv4 SFlowIPType = 1
        SFlowIPv6 SFlowIPType = 2
)

func (s SFlowIPType) String() string {
        switch s {
        case SFlowIPv4:
                return "IPv4"
        case SFlowIPv6:
                return "IPv6"
        default:
                return ""
        }
}

func (s SFlowIPType) Length() int {
        switch s {
        case SFlowIPv4:
                return 4
        case SFlowIPv6:
                return 16
        default:
                return 0
        }
}

func (s *SFlowDatagram) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error {
        var agentAddressType SFlowIPType

        data, s.DatagramVersion = data[4:], binary.BigEndian.Uint32(data[:4])
        data, agentAddressType = data[4:], SFlowIPType(binary.BigEndian.Uint32(data[:4]))
        data, s.AgentAddress = data[agentAddressType.Length():], data[:agentAddressType.Length()]
        data, s.SubAgentID = data[4:], binary.BigEndian.Uint32(data[:4])
        data, s.SequenceNumber = data[4:], binary.BigEndian.Uint32(data[:4])
        data, s.AgentUptime = data[4:], binary.BigEndian.Uint32(data[:4])
        data, s.SampleCount = data[4:], binary.BigEndian.Uint32(data[:4])

        if s.SampleCount < 1 {
                return fmt.Errorf("SFlow Datagram has invalid sample length: %d", s.SampleCount)
        }
        for i := uint32(0); i < s.SampleCount; i++ {
                sdf := SFlowDataFormat(binary.BigEndian.Uint32(data[:4]))
                _, sampleType := sdf.decode()
                switch sampleType {
                case SFlowTypeFlowSample:
                        if flowSample, err := decodeFlowSample(&data, false); err == nil {
                                s.FlowSamples = append(s.FlowSamples, flowSample)
                        } else {
                                return err
                        }
                case SFlowTypeCounterSample:
                        if counterSample, err := decodeCounterSample(&data, false); err == nil {
                                s.CounterSamples = append(s.CounterSamples, counterSample)
                        } else {
                                return err
                        }
                case SFlowTypeExpandedFlowSample:
                        if flowSample, err := decodeFlowSample(&data, true); err == nil {
                                s.FlowSamples = append(s.FlowSamples, flowSample)
                        } else {
                                return err
                        }
                case SFlowTypeExpandedCounterSample:
                        if counterSample, err := decodeCounterSample(&data, true); err == nil {
                                s.CounterSamples = append(s.CounterSamples, counterSample)
                        } else {
                                return err
                        }

                default:
                        return fmt.Errorf("Unsupported SFlow sample type %d", sampleType)
                }
        }
        return nil
}

// SFlowFlowSample represents a sampled packet and contains
// one or more records describing the packet
type SFlowFlowSample struct {
        EnterpriseID          SFlowEnterpriseID
        Format                SFlowSampleType
        SampleLength          uint32
        SequenceNumber        uint32
        SourceIDClass         SFlowSourceFormat
        SourceIDIndex         SFlowSourceValue
        SamplingRate          uint32
        SamplePool            uint32
        Dropped               uint32
        InputInterfaceFormat  uint32
        InputInterface        uint32
        OutputInterfaceFormat uint32
        OutputInterface       uint32
        RecordCount           uint32
        Records               []SFlowRecord
}

// Flow samples have the following structure. Note
// the bit fields to encode the Enterprise ID and the
// Flow record format: type 1

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  sample length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |          int sample sequence number           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |id type |       src id index value             |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |               int sampling rate               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                int sample pool                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    int drops                  |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                 int input ifIndex             |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                int output ifIndex             |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |               int number of records           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /                   flow records                /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

// Flow samples have the following structure.
// Flow record format: type 3

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  sample length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |          int sample sequence number           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |               int src id type                 |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |             int src id index value            |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |               int sampling rate               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                int sample pool                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    int drops                  |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |           int input interface format          |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |           int input interface value           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |           int output interface format         |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |           int output interface value          |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |               int number of records           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /                   flow records                /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

type SFlowFlowDataFormat uint32

func (fdf SFlowFlowDataFormat) decode() (SFlowEnterpriseID, SFlowFlowRecordType) {
        leftField := fdf >> 12
        rightField := uint32(0xFFF) & uint32(fdf)
        return SFlowEnterpriseID(leftField), SFlowFlowRecordType(rightField)
}

func (fs SFlowFlowSample) GetRecords() []SFlowRecord {
        return fs.Records
}

func (fs SFlowFlowSample) GetType() SFlowSampleType {
        return SFlowTypeFlowSample
}

func skipRecord(data *[]byte) {
        recordLength := int(binary.BigEndian.Uint32((*data)[4:]))
        *data = (*data)[(recordLength+((4-recordLength)%4))+8:]
}

func decodeFlowSample(data *[]byte, expanded bool) (SFlowFlowSample, error) {
        s := SFlowFlowSample{}
        var sdf SFlowDataFormat
        *data, sdf = (*data)[4:], SFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        var sdc SFlowDataSource

        s.EnterpriseID, s.Format = sdf.decode()
        *data, s.SampleLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, s.SequenceNumber = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        if expanded {
                *data, s.SourceIDClass = (*data)[4:], SFlowSourceFormat(binary.BigEndian.Uint32((*data)[:4]))
                *data, s.SourceIDIndex = (*data)[4:], SFlowSourceValue(binary.BigEndian.Uint32((*data)[:4]))
        } else {
                *data, sdc = (*data)[4:], SFlowDataSource(binary.BigEndian.Uint32((*data)[:4]))
                s.SourceIDClass, s.SourceIDIndex = sdc.decode()
        }
        *data, s.SamplingRate = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, s.SamplePool = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, s.Dropped = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])

        if expanded {
                *data, s.InputInterfaceFormat = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
                *data, s.InputInterface = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
                *data, s.OutputInterfaceFormat = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
                *data, s.OutputInterface = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        } else {
                *data, s.InputInterface = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
                *data, s.OutputInterface = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        }
        *data, s.RecordCount = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])

        for i := uint32(0); i < s.RecordCount; i++ {
                rdf := SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
                _, flowRecordType := rdf.decode()

                switch flowRecordType {
                case SFlowTypeRawPacketFlow:
                        if record, err := decodeRawPacketFlowRecord(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedUserFlow:
                        if record, err := decodeExtendedUserFlow(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedUrlFlow:
                        if record, err := decodeExtendedURLRecord(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedSwitchFlow:
                        if record, err := decodeExtendedSwitchFlowRecord(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedRouterFlow:
                        if record, err := decodeExtendedRouterFlowRecord(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedGatewayFlow:
                        if record, err := decodeExtendedGatewayFlowRecord(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeEthernetFrameFlow:
                        // TODO
                        skipRecord(data)
                        return s, errors.New("skipping TypeEthernetFrameFlow")
                case SFlowTypeIpv4Flow:
                        if record, err := decodeSFlowIpv4Record(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeIpv6Flow:
                        if record, err := decodeSFlowIpv6Record(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedMlpsFlow:
                        // TODO
                        skipRecord(data)
                        return s, errors.New("skipping TypeExtendedMlpsFlow")
                case SFlowTypeExtendedNatFlow:
                        // TODO
                        skipRecord(data)
                        return s, errors.New("skipping TypeExtendedNatFlow")
                case SFlowTypeExtendedMlpsTunnelFlow:
                        // TODO
                        skipRecord(data)
                        return s, errors.New("skipping TypeExtendedMlpsTunnelFlow")
                case SFlowTypeExtendedMlpsVcFlow:
                        // TODO
                        skipRecord(data)
                        return s, errors.New("skipping TypeExtendedMlpsVcFlow")
                case SFlowTypeExtendedMlpsFecFlow:
                        // TODO
                        skipRecord(data)
                        return s, errors.New("skipping TypeExtendedMlpsFecFlow")
                case SFlowTypeExtendedMlpsLvpFecFlow:
                        // TODO
                        skipRecord(data)
                        return s, errors.New("skipping TypeExtendedMlpsLvpFecFlow")
                case SFlowTypeExtendedVlanFlow:
                        // TODO
                        skipRecord(data)
                        return s, errors.New("skipping TypeExtendedVlanFlow")
                case SFlowTypeExtendedIpv4TunnelEgressFlow:
                        if record, err := decodeExtendedIpv4TunnelEgress(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedIpv4TunnelIngressFlow:
                        if record, err := decodeExtendedIpv4TunnelIngress(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedIpv6TunnelEgressFlow:
                        if record, err := decodeExtendedIpv6TunnelEgress(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedIpv6TunnelIngressFlow:
                        if record, err := decodeExtendedIpv6TunnelIngress(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedDecapsulateEgressFlow:
                        if record, err := decodeExtendedDecapsulateEgress(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedDecapsulateIngressFlow:
                        if record, err := decodeExtendedDecapsulateIngress(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedVniEgressFlow:
                        if record, err := decodeExtendedVniEgress(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeExtendedVniIngressFlow:
                        if record, err := decodeExtendedVniIngress(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                default:
                        return s, fmt.Errorf("Unsupported flow record type: %d", flowRecordType)
                }
        }
        return s, nil
}

// Counter samples report information about various counter
// objects. Typically these are items like IfInOctets, or
// CPU / Memory stats, etc. SFlow will report these at regular
// intervals as configured on the agent. If one were sufficiently
// industrious, this could be used to replace the typical
// SNMP polling used for such things.
type SFlowCounterSample struct {
        EnterpriseID   SFlowEnterpriseID
        Format         SFlowSampleType
        SampleLength   uint32
        SequenceNumber uint32
        SourceIDClass  SFlowSourceFormat
        SourceIDIndex  SFlowSourceValue
        RecordCount    uint32
        Records        []SFlowRecord
}

// Counter samples have the following structure:

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |          int sample sequence number           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |id type |       src id index value             |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |               int number of records           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /                counter records                /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

type SFlowCounterDataFormat uint32

func (cdf SFlowCounterDataFormat) decode() (SFlowEnterpriseID, SFlowCounterRecordType) {
        leftField := cdf >> 12
        rightField := uint32(0xFFF) & uint32(cdf)
        return SFlowEnterpriseID(leftField), SFlowCounterRecordType(rightField)
}

// GetRecords will return a slice of interface types
// representing records. A type switch can be used to
// get at the underlying SFlowCounterRecordType.
func (cs SFlowCounterSample) GetRecords() []SFlowRecord {
        return cs.Records
}

// GetType will report the type of sample. Only the
// compact form of counter samples is supported
func (cs SFlowCounterSample) GetType() SFlowSampleType {
        return SFlowTypeCounterSample
}

type SFlowCounterRecordType uint32

const (
        SFlowTypeGenericInterfaceCounters   SFlowCounterRecordType = 1
        SFlowTypeEthernetInterfaceCounters  SFlowCounterRecordType = 2
        SFlowTypeTokenRingInterfaceCounters SFlowCounterRecordType = 3
        SFlowType100BaseVGInterfaceCounters SFlowCounterRecordType = 4
        SFlowTypeVLANCounters               SFlowCounterRecordType = 5
        SFlowTypeProcessorCounters          SFlowCounterRecordType = 1001
)

func (cr SFlowCounterRecordType) String() string {
        switch cr {
        case SFlowTypeGenericInterfaceCounters:
                return "Generic Interface Counters"
        case SFlowTypeEthernetInterfaceCounters:
                return "Ethernet Interface Counters"
        case SFlowTypeTokenRingInterfaceCounters:
                return "Token Ring Interface Counters"
        case SFlowType100BaseVGInterfaceCounters:
                return "100BaseVG Interface Counters"
        case SFlowTypeVLANCounters:
                return "VLAN Counters"
        case SFlowTypeProcessorCounters:
                return "Processor Counters"
        default:
                return ""

        }
}

func decodeCounterSample(data *[]byte, expanded bool) (SFlowCounterSample, error) {
        s := SFlowCounterSample{}
        var sdc SFlowDataSource
        var sdce SFlowDataSourceExpanded
        var sdf SFlowDataFormat

        *data, sdf = (*data)[4:], SFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        s.EnterpriseID, s.Format = sdf.decode()
        *data, s.SampleLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, s.SequenceNumber = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        if expanded {
                *data, sdce = (*data)[8:], SFlowDataSourceExpanded{SFlowSourceFormat(binary.BigEndian.Uint32((*data)[:4])), SFlowSourceValue(binary.BigEndian.Uint32((*data)[4:8]))}
                s.SourceIDClass, s.SourceIDIndex = sdce.decode()
        } else {
                *data, sdc = (*data)[4:], SFlowDataSource(binary.BigEndian.Uint32((*data)[:4]))
                s.SourceIDClass, s.SourceIDIndex = sdc.decode()
        }
        *data, s.RecordCount = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])

        for i := uint32(0); i < s.RecordCount; i++ {
                cdf := SFlowCounterDataFormat(binary.BigEndian.Uint32((*data)[:4]))
                _, counterRecordType := cdf.decode()
                switch counterRecordType {
                case SFlowTypeGenericInterfaceCounters:
                        if record, err := decodeGenericInterfaceCounters(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeEthernetInterfaceCounters:
                        if record, err := decodeEthernetCounters(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                case SFlowTypeTokenRingInterfaceCounters:
                        skipRecord(data)
                        return s, errors.New("skipping TypeTokenRingInterfaceCounters")
                case SFlowType100BaseVGInterfaceCounters:
                        skipRecord(data)
                        return s, errors.New("skipping Type100BaseVGInterfaceCounters")
                case SFlowTypeVLANCounters:
                        skipRecord(data)
                        return s, errors.New("skipping TypeVLANCounters")
                case SFlowTypeProcessorCounters:
                        if record, err := decodeProcessorCounters(data); err == nil {
                                s.Records = append(s.Records, record)
                        } else {
                                return s, err
                        }
                default:
                        return s, fmt.Errorf("Invalid counter record type: %d", counterRecordType)
                }
        }
        return s, nil
}

// SFlowBaseFlowRecord holds the fields common to all records
// of type SFlowFlowRecordType
type SFlowBaseFlowRecord struct {
        EnterpriseID   SFlowEnterpriseID
        Format         SFlowFlowRecordType
        FlowDataLength uint32
}

func (bfr SFlowBaseFlowRecord) GetType() SFlowFlowRecordType {
        return bfr.Format
}

// SFlowFlowRecordType denotes what kind of Flow Record is
// represented. See RFC 3176
type SFlowFlowRecordType uint32

const (
        SFlowTypeRawPacketFlow                  SFlowFlowRecordType = 1
        SFlowTypeEthernetFrameFlow              SFlowFlowRecordType = 2
        SFlowTypeIpv4Flow                       SFlowFlowRecordType = 3
        SFlowTypeIpv6Flow                       SFlowFlowRecordType = 4
        SFlowTypeExtendedSwitchFlow             SFlowFlowRecordType = 1001
        SFlowTypeExtendedRouterFlow             SFlowFlowRecordType = 1002
        SFlowTypeExtendedGatewayFlow            SFlowFlowRecordType = 1003
        SFlowTypeExtendedUserFlow               SFlowFlowRecordType = 1004
        SFlowTypeExtendedUrlFlow                SFlowFlowRecordType = 1005
        SFlowTypeExtendedMlpsFlow               SFlowFlowRecordType = 1006
        SFlowTypeExtendedNatFlow                SFlowFlowRecordType = 1007
        SFlowTypeExtendedMlpsTunnelFlow         SFlowFlowRecordType = 1008
        SFlowTypeExtendedMlpsVcFlow             SFlowFlowRecordType = 1009
        SFlowTypeExtendedMlpsFecFlow            SFlowFlowRecordType = 1010
        SFlowTypeExtendedMlpsLvpFecFlow         SFlowFlowRecordType = 1011
        SFlowTypeExtendedVlanFlow               SFlowFlowRecordType = 1012
        SFlowTypeExtendedIpv4TunnelEgressFlow   SFlowFlowRecordType = 1023
        SFlowTypeExtendedIpv4TunnelIngressFlow  SFlowFlowRecordType = 1024
        SFlowTypeExtendedIpv6TunnelEgressFlow   SFlowFlowRecordType = 1025
        SFlowTypeExtendedIpv6TunnelIngressFlow  SFlowFlowRecordType = 1026
        SFlowTypeExtendedDecapsulateEgressFlow  SFlowFlowRecordType = 1027
        SFlowTypeExtendedDecapsulateIngressFlow SFlowFlowRecordType = 1028
        SFlowTypeExtendedVniEgressFlow          SFlowFlowRecordType = 1029
        SFlowTypeExtendedVniIngressFlow         SFlowFlowRecordType = 1030
)

func (rt SFlowFlowRecordType) String() string {
        switch rt {
        case SFlowTypeRawPacketFlow:
                return "Raw Packet Flow Record"
        case SFlowTypeEthernetFrameFlow:
                return "Ethernet Frame Flow Record"
        case SFlowTypeIpv4Flow:
                return "IPv4 Flow Record"
        case SFlowTypeIpv6Flow:
                return "IPv6 Flow Record"
        case SFlowTypeExtendedSwitchFlow:
                return "Extended Switch Flow Record"
        case SFlowTypeExtendedRouterFlow:
                return "Extended Router Flow Record"
        case SFlowTypeExtendedGatewayFlow:
                return "Extended Gateway Flow Record"
        case SFlowTypeExtendedUserFlow:
                return "Extended User Flow Record"
        case SFlowTypeExtendedUrlFlow:
                return "Extended URL Flow Record"
        case SFlowTypeExtendedMlpsFlow:
                return "Extended MPLS Flow Record"
        case SFlowTypeExtendedNatFlow:
                return "Extended NAT Flow Record"
        case SFlowTypeExtendedMlpsTunnelFlow:
                return "Extended MPLS Tunnel Flow Record"
        case SFlowTypeExtendedMlpsVcFlow:
                return "Extended MPLS VC Flow Record"
        case SFlowTypeExtendedMlpsFecFlow:
                return "Extended MPLS FEC Flow Record"
        case SFlowTypeExtendedMlpsLvpFecFlow:
                return "Extended MPLS LVP FEC Flow Record"
        case SFlowTypeExtendedVlanFlow:
                return "Extended VLAN Flow Record"
        case SFlowTypeExtendedIpv4TunnelEgressFlow:
                return "Extended IPv4 Tunnel Egress Record"
        case SFlowTypeExtendedIpv4TunnelIngressFlow:
                return "Extended IPv4 Tunnel Ingress Record"
        case SFlowTypeExtendedIpv6TunnelEgressFlow:
                return "Extended IPv6 Tunnel Egress Record"
        case SFlowTypeExtendedIpv6TunnelIngressFlow:
                return "Extended IPv6 Tunnel Ingress Record"
        case SFlowTypeExtendedDecapsulateEgressFlow:
                return "Extended Decapsulate Egress Record"
        case SFlowTypeExtendedDecapsulateIngressFlow:
                return "Extended Decapsulate Ingress Record"
        case SFlowTypeExtendedVniEgressFlow:
                return "Extended VNI Ingress Record"
        case SFlowTypeExtendedVniIngressFlow:
                return "Extended VNI Ingress Record"
        default:
                return ""
        }
}

// SFlowRawPacketFlowRecords hold information about a sampled
// packet grabbed as it transited the agent. This is
// perhaps the most useful and interesting record type,
// as it holds the headers of the sampled packet and
// can be used to build up a complete picture of the
// traffic patterns on a network.
//
// The raw packet header is sent back into gopacket for
// decoding, and the resulting gopackt.Packet is stored
// in the Header member
type SFlowRawPacketFlowRecord struct {
        SFlowBaseFlowRecord
        HeaderProtocol SFlowRawHeaderProtocol
        FrameLength    uint32
        PayloadRemoved uint32
        HeaderLength   uint32
        Header         gopacket.Packet
}

// Raw packet record types have the following structure:

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                 Header Protocol               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                 Frame Length                  |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                 Payload Removed               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                 Header Length                 |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  \                     Header                    \
//  \                                               \
//  \                                               \
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

type SFlowRawHeaderProtocol uint32

const (
        SFlowProtoEthernet   SFlowRawHeaderProtocol = 1
        SFlowProtoISO88024   SFlowRawHeaderProtocol = 2
        SFlowProtoISO88025   SFlowRawHeaderProtocol = 3
        SFlowProtoFDDI       SFlowRawHeaderProtocol = 4
        SFlowProtoFrameRelay SFlowRawHeaderProtocol = 5
        SFlowProtoX25        SFlowRawHeaderProtocol = 6
        SFlowProtoPPP        SFlowRawHeaderProtocol = 7
        SFlowProtoSMDS       SFlowRawHeaderProtocol = 8
        SFlowProtoAAL5       SFlowRawHeaderProtocol = 9
        SFlowProtoAAL5_IP    SFlowRawHeaderProtocol = 10 /* e.g. Cisco AAL5 mux */
        SFlowProtoIPv4       SFlowRawHeaderProtocol = 11
        SFlowProtoIPv6       SFlowRawHeaderProtocol = 12
        SFlowProtoMPLS       SFlowRawHeaderProtocol = 13
        SFlowProtoPOS        SFlowRawHeaderProtocol = 14 /* RFC 1662, 2615 */
)

func (sfhp SFlowRawHeaderProtocol) String() string {
        switch sfhp {
        case SFlowProtoEthernet:
                return "ETHERNET-ISO88023"
        case SFlowProtoISO88024:
                return "ISO88024-TOKENBUS"
        case SFlowProtoISO88025:
                return "ISO88025-TOKENRING"
        case SFlowProtoFDDI:
                return "FDDI"
        case SFlowProtoFrameRelay:
                return "FRAME-RELAY"
        case SFlowProtoX25:
                return "X25"
        case SFlowProtoPPP:
                return "PPP"
        case SFlowProtoSMDS:
                return "SMDS"
        case SFlowProtoAAL5:
                return "AAL5"
        case SFlowProtoAAL5_IP:
                return "AAL5-IP"
        case SFlowProtoIPv4:
                return "IPv4"
        case SFlowProtoIPv6:
                return "IPv6"
        case SFlowProtoMPLS:
                return "MPLS"
        case SFlowProtoPOS:
                return "POS"
        }
        return "UNKNOWN"
}

func decodeRawPacketFlowRecord(data *[]byte) (SFlowRawPacketFlowRecord, error) {
        rec := SFlowRawPacketFlowRecord{}
        header := []byte{}
        var fdf SFlowFlowDataFormat

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        rec.EnterpriseID, rec.Format = fdf.decode()
        *data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, rec.HeaderProtocol = (*data)[4:], SFlowRawHeaderProtocol(binary.BigEndian.Uint32((*data)[:4]))
        *data, rec.FrameLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, rec.PayloadRemoved = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, rec.HeaderLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        headerLenWithPadding := int(rec.HeaderLength + ((4 - rec.HeaderLength) % 4))
        *data, header = (*data)[headerLenWithPadding:], (*data)[:headerLenWithPadding]
        rec.Header = gopacket.NewPacket(header, LayerTypeEthernet, gopacket.Default)
        return rec, nil
}

// SFlowExtendedSwitchFlowRecord give additional information
// about the sampled packet if it's available. It's mainly
// useful for getting at the incoming and outgoing VLANs
// An agent may or may not provide this information.
type SFlowExtendedSwitchFlowRecord struct {
        SFlowBaseFlowRecord
        IncomingVLAN         uint32
        IncomingVLANPriority uint32
        OutgoingVLAN         uint32
        OutgoingVLANPriority uint32
}

// Extended switch records have the following structure:

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   Incoming VLAN               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                Incoming VLAN Priority         |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   Outgoing VLAN               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                Outgoing VLAN Priority         |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func decodeExtendedSwitchFlowRecord(data *[]byte) (SFlowExtendedSwitchFlowRecord, error) {
        es := SFlowExtendedSwitchFlowRecord{}
        var fdf SFlowFlowDataFormat

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        es.EnterpriseID, es.Format = fdf.decode()
        *data, es.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, es.IncomingVLAN = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, es.IncomingVLANPriority = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, es.OutgoingVLAN = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, es.OutgoingVLANPriority = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        return es, nil
}

// SFlowExtendedRouterFlowRecord gives additional information
// about the layer 3 routing information used to forward
// the packet
type SFlowExtendedRouterFlowRecord struct {
        SFlowBaseFlowRecord
        NextHop                net.IP
        NextHopSourceMask      uint32
        NextHopDestinationMask uint32
}

// Extended router records have the following structure:

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |   IP version of next hop router (1=v4|2=v6)   |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /     Next Hop address (v4=4byte|v6=16byte)     /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |              Next Hop Source Mask             |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |              Next Hop Destination Mask        |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func decodeExtendedRouterFlowRecord(data *[]byte) (SFlowExtendedRouterFlowRecord, error) {
        er := SFlowExtendedRouterFlowRecord{}
        var fdf SFlowFlowDataFormat
        var extendedRouterAddressType SFlowIPType

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        er.EnterpriseID, er.Format = fdf.decode()
        *data, er.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, extendedRouterAddressType = (*data)[4:], SFlowIPType(binary.BigEndian.Uint32((*data)[:4]))
        *data, er.NextHop = (*data)[extendedRouterAddressType.Length():], (*data)[:extendedRouterAddressType.Length()]
        *data, er.NextHopSourceMask = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, er.NextHopDestinationMask = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        return er, nil
}

// SFlowExtendedGatewayFlowRecord describes information treasured by
// nework engineers everywhere: AS path information listing which
// BGP peer sent the packet, and various other BGP related info.
// This information is vital because it gives a picture of how much
// traffic is being sent from / received by various BGP peers.

// Extended gateway records have the following structure:

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |   IP version of next hop router (1=v4|2=v6)   |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /     Next Hop address (v4=4byte|v6=16byte)     /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                       AS                      |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  Source AS                    |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    Peer AS                    |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  AS Path Count                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /                AS Path / Sequence             /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /                   Communities                 /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    Local Pref                 |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

// AS Path / Sequence:

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |     AS Source Type (Path=1 / Sequence=2)      |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |              Path / Sequence length           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /              Path / Sequence Members          /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

// Communities:

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                communitiy length              |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /              communitiy Members               /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

type SFlowExtendedGatewayFlowRecord struct {
        SFlowBaseFlowRecord
        NextHop     net.IP
        AS          uint32
        SourceAS    uint32
        PeerAS      uint32
        ASPathCount uint32
        ASPath      []SFlowASDestination
        Communities []uint32
        LocalPref   uint32
}

type SFlowASPathType uint32

const (
        SFlowASSet      SFlowASPathType = 1
        SFlowASSequence SFlowASPathType = 2
)

func (apt SFlowASPathType) String() string {
        switch apt {
        case SFlowASSet:
                return "AS Set"
        case SFlowASSequence:
                return "AS Sequence"
        default:
                return ""
        }
}

type SFlowASDestination struct {
        Type    SFlowASPathType
        Count   uint32
        Members []uint32
}

func (asd SFlowASDestination) String() string {
        switch asd.Type {
        case SFlowASSet:
                return fmt.Sprint("AS Set:", asd.Members)
        case SFlowASSequence:
                return fmt.Sprint("AS Sequence:", asd.Members)
        default:
                return ""
        }
}

func (ad *SFlowASDestination) decodePath(data *[]byte) {
        *data, ad.Type = (*data)[4:], SFlowASPathType(binary.BigEndian.Uint32((*data)[:4]))
        *data, ad.Count = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        ad.Members = make([]uint32, ad.Count)
        for i := uint32(0); i < ad.Count; i++ {
                var member uint32
                *data, member = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
                ad.Members[i] = member
        }
}

func decodeExtendedGatewayFlowRecord(data *[]byte) (SFlowExtendedGatewayFlowRecord, error) {
        eg := SFlowExtendedGatewayFlowRecord{}
        var fdf SFlowFlowDataFormat
        var extendedGatewayAddressType SFlowIPType
        var communitiesLength uint32
        var community uint32

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        eg.EnterpriseID, eg.Format = fdf.decode()
        *data, eg.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, extendedGatewayAddressType = (*data)[4:], SFlowIPType(binary.BigEndian.Uint32((*data)[:4]))
        *data, eg.NextHop = (*data)[extendedGatewayAddressType.Length():], (*data)[:extendedGatewayAddressType.Length()]
        *data, eg.AS = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, eg.SourceAS = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, eg.PeerAS = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, eg.ASPathCount = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        for i := uint32(0); i < eg.ASPathCount; i++ {
                asPath := SFlowASDestination{}
                asPath.decodePath(data)
                eg.ASPath = append(eg.ASPath, asPath)
        }
        *data, communitiesLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        eg.Communities = make([]uint32, communitiesLength)
        for j := uint32(0); j < communitiesLength; j++ {
                *data, community = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
                eg.Communities[j] = community
        }
        *data, eg.LocalPref = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        return eg, nil
}

// **************************************************
//  Extended URL Flow Record
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   direction                   |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                      URL                      |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                      Host                     |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

type SFlowURLDirection uint32

const (
        SFlowURLsrc SFlowURLDirection = 1
        SFlowURLdst SFlowURLDirection = 2
)

func (urld SFlowURLDirection) String() string {
        switch urld {
        case SFlowURLsrc:
                return "Source address is the server"
        case SFlowURLdst:
                return "Destination address is the server"
        default:
                return ""
        }
}

type SFlowExtendedURLRecord struct {
        SFlowBaseFlowRecord
        Direction SFlowURLDirection
        URL       string
        Host      string
}

func decodeExtendedURLRecord(data *[]byte) (SFlowExtendedURLRecord, error) {
        eur := SFlowExtendedURLRecord{}
        var fdf SFlowFlowDataFormat
        var urlLen uint32
        var urlLenWithPad int
        var hostLen uint32
        var hostLenWithPad int
        var urlBytes []byte
        var hostBytes []byte

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        eur.EnterpriseID, eur.Format = fdf.decode()
        *data, eur.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, eur.Direction = (*data)[4:], SFlowURLDirection(binary.BigEndian.Uint32((*data)[:4]))
        *data, urlLen = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        urlLenWithPad = int(urlLen + ((4 - urlLen) % 4))
        *data, urlBytes = (*data)[urlLenWithPad:], (*data)[:urlLenWithPad]
        eur.URL = string(urlBytes[:urlLen])
        *data, hostLen = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        hostLenWithPad = int(hostLen + ((4 - hostLen) % 4))
        *data, hostBytes = (*data)[hostLenWithPad:], (*data)[:hostLenWithPad]
        eur.Host = string(hostBytes[:hostLen])
        return eur, nil
}

// **************************************************
//  Extended User Flow Record
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                Source Character Set           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                 Source User Id                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |              Destination Character Set        |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |               Destination User ID             |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

type SFlowExtendedUserFlow struct {
        SFlowBaseFlowRecord
        SourceCharSet      SFlowCharSet
        SourceUserID       string
        DestinationCharSet SFlowCharSet
        DestinationUserID  string
}

type SFlowCharSet uint32

const (
        SFlowCSunknown                 SFlowCharSet = 2
        SFlowCSASCII                   SFlowCharSet = 3
        SFlowCSISOLatin1               SFlowCharSet = 4
        SFlowCSISOLatin2               SFlowCharSet = 5
        SFlowCSISOLatin3               SFlowCharSet = 6
        SFlowCSISOLatin4               SFlowCharSet = 7
        SFlowCSISOLatinCyrillic        SFlowCharSet = 8
        SFlowCSISOLatinArabic          SFlowCharSet = 9
        SFlowCSISOLatinGreek           SFlowCharSet = 10
        SFlowCSISOLatinHebrew          SFlowCharSet = 11
        SFlowCSISOLatin5               SFlowCharSet = 12
        SFlowCSISOLatin6               SFlowCharSet = 13
        SFlowCSISOTextComm             SFlowCharSet = 14
        SFlowCSHalfWidthKatakana       SFlowCharSet = 15
        SFlowCSJISEncoding             SFlowCharSet = 16
        SFlowCSShiftJIS                SFlowCharSet = 17
        SFlowCSEUCPkdFmtJapanese       SFlowCharSet = 18
        SFlowCSEUCFixWidJapanese       SFlowCharSet = 19
        SFlowCSISO4UnitedKingdom       SFlowCharSet = 20
        SFlowCSISO11SwedishForNames    SFlowCharSet = 21
        SFlowCSISO15Italian            SFlowCharSet = 22
        SFlowCSISO17Spanish            SFlowCharSet = 23
        SFlowCSISO21German             SFlowCharSet = 24
        SFlowCSISO60DanishNorwegian    SFlowCharSet = 25
        SFlowCSISO69French             SFlowCharSet = 26
        SFlowCSISO10646UTF1            SFlowCharSet = 27
        SFlowCSISO646basic1983         SFlowCharSet = 28
        SFlowCSINVARIANT               SFlowCharSet = 29
        SFlowCSISO2IntlRefVersion      SFlowCharSet = 30
        SFlowCSNATSSEFI                SFlowCharSet = 31
        SFlowCSNATSSEFIADD             SFlowCharSet = 32
        SFlowCSNATSDANO                SFlowCharSet = 33
        SFlowCSNATSDANOADD             SFlowCharSet = 34
        SFlowCSISO10Swedish            SFlowCharSet = 35
        SFlowCSKSC56011987             SFlowCharSet = 36
        SFlowCSISO2022KR               SFlowCharSet = 37
        SFlowCSEUCKR                   SFlowCharSet = 38
        SFlowCSISO2022JP               SFlowCharSet = 39
        SFlowCSISO2022JP2              SFlowCharSet = 40
        SFlowCSISO13JISC6220jp         SFlowCharSet = 41
        SFlowCSISO14JISC6220ro         SFlowCharSet = 42
        SFlowCSISO16Portuguese         SFlowCharSet = 43
        SFlowCSISO18Greek7Old          SFlowCharSet = 44
        SFlowCSISO19LatinGreek         SFlowCharSet = 45
        SFlowCSISO25French             SFlowCharSet = 46
        SFlowCSISO27LatinGreek1        SFlowCharSet = 47
        SFlowCSISO5427Cyrillic         SFlowCharSet = 48
        SFlowCSISO42JISC62261978       SFlowCharSet = 49
        SFlowCSISO47BSViewdata         SFlowCharSet = 50
        SFlowCSISO49INIS               SFlowCharSet = 51
        SFlowCSISO50INIS8              SFlowCharSet = 52
        SFlowCSISO51INISCyrillic       SFlowCharSet = 53
        SFlowCSISO54271981             SFlowCharSet = 54
        SFlowCSISO5428Greek            SFlowCharSet = 55
        SFlowCSISO57GB1988             SFlowCharSet = 56
        SFlowCSISO58GB231280           SFlowCharSet = 57
        SFlowCSISO61Norwegian2         SFlowCharSet = 58
        SFlowCSISO70VideotexSupp1      SFlowCharSet = 59
        SFlowCSISO84Portuguese2        SFlowCharSet = 60
        SFlowCSISO85Spanish2           SFlowCharSet = 61
        SFlowCSISO86Hungarian          SFlowCharSet = 62
        SFlowCSISO87JISX0208           SFlowCharSet = 63
        SFlowCSISO88Greek7             SFlowCharSet = 64
        SFlowCSISO89ASMO449            SFlowCharSet = 65
        SFlowCSISO90                   SFlowCharSet = 66
        SFlowCSISO91JISC62291984a      SFlowCharSet = 67
        SFlowCSISO92JISC62991984b      SFlowCharSet = 68
        SFlowCSISO93JIS62291984badd    SFlowCharSet = 69
        SFlowCSISO94JIS62291984hand    SFlowCharSet = 70
        SFlowCSISO95JIS62291984handadd SFlowCharSet = 71
        SFlowCSISO96JISC62291984kana   SFlowCharSet = 72
        SFlowCSISO2033                 SFlowCharSet = 73
        SFlowCSISO99NAPLPS             SFlowCharSet = 74
        SFlowCSISO102T617bit           SFlowCharSet = 75
        SFlowCSISO103T618bit           SFlowCharSet = 76
        SFlowCSISO111ECMACyrillic      SFlowCharSet = 77
        SFlowCSa71                     SFlowCharSet = 78
        SFlowCSa72                     SFlowCharSet = 79
        SFlowCSISO123CSAZ24341985gr    SFlowCharSet = 80
        SFlowCSISO88596E               SFlowCharSet = 81
        SFlowCSISO88596I               SFlowCharSet = 82
        SFlowCSISO128T101G2            SFlowCharSet = 83
        SFlowCSISO88598E               SFlowCharSet = 84
        SFlowCSISO88598I               SFlowCharSet = 85
        SFlowCSISO139CSN369103         SFlowCharSet = 86
        SFlowCSISO141JUSIB1002         SFlowCharSet = 87
        SFlowCSISO143IECP271           SFlowCharSet = 88
        SFlowCSISO146Serbian           SFlowCharSet = 89
        SFlowCSISO147Macedonian        SFlowCharSet = 90
        SFlowCSISO150                  SFlowCharSet = 91
        SFlowCSISO151Cuba              SFlowCharSet = 92
        SFlowCSISO6937Add              SFlowCharSet = 93
        SFlowCSISO153GOST1976874       SFlowCharSet = 94
        SFlowCSISO8859Supp             SFlowCharSet = 95
        SFlowCSISO10367Box             SFlowCharSet = 96
        SFlowCSISO158Lap               SFlowCharSet = 97
        SFlowCSISO159JISX02121990      SFlowCharSet = 98
        SFlowCSISO646Danish            SFlowCharSet = 99
        SFlowCSUSDK                    SFlowCharSet = 100
        SFlowCSDKUS                    SFlowCharSet = 101
        SFlowCSKSC5636                 SFlowCharSet = 102
        SFlowCSUnicode11UTF7           SFlowCharSet = 103
        SFlowCSISO2022CN               SFlowCharSet = 104
        SFlowCSISO2022CNEXT            SFlowCharSet = 105
        SFlowCSUTF8                    SFlowCharSet = 106
        SFlowCSISO885913               SFlowCharSet = 109
        SFlowCSISO885914               SFlowCharSet = 110
        SFlowCSISO885915               SFlowCharSet = 111
        SFlowCSISO885916               SFlowCharSet = 112
        SFlowCSGBK                     SFlowCharSet = 113
        SFlowCSGB18030                 SFlowCharSet = 114
        SFlowCSOSDEBCDICDF0415         SFlowCharSet = 115
        SFlowCSOSDEBCDICDF03IRV        SFlowCharSet = 116
        SFlowCSOSDEBCDICDF041          SFlowCharSet = 117
        SFlowCSISO115481               SFlowCharSet = 118
        SFlowCSKZ1048                  SFlowCharSet = 119
        SFlowCSUnicode                 SFlowCharSet = 1000
        SFlowCSUCS4                    SFlowCharSet = 1001
        SFlowCSUnicodeASCII            SFlowCharSet = 1002
        SFlowCSUnicodeLatin1           SFlowCharSet = 1003
        SFlowCSUnicodeJapanese         SFlowCharSet = 1004
        SFlowCSUnicodeIBM1261          SFlowCharSet = 1005
        SFlowCSUnicodeIBM1268          SFlowCharSet = 1006
        SFlowCSUnicodeIBM1276          SFlowCharSet = 1007
        SFlowCSUnicodeIBM1264          SFlowCharSet = 1008
        SFlowCSUnicodeIBM1265          SFlowCharSet = 1009
        SFlowCSUnicode11               SFlowCharSet = 1010
        SFlowCSSCSU                    SFlowCharSet = 1011
        SFlowCSUTF7                    SFlowCharSet = 1012
        SFlowCSUTF16BE                 SFlowCharSet = 1013
        SFlowCSUTF16LE                 SFlowCharSet = 1014
        SFlowCSUTF16                   SFlowCharSet = 1015
        SFlowCSCESU8                   SFlowCharSet = 1016
        SFlowCSUTF32                   SFlowCharSet = 1017
        SFlowCSUTF32BE                 SFlowCharSet = 1018
        SFlowCSUTF32LE                 SFlowCharSet = 1019
        SFlowCSBOCU1                   SFlowCharSet = 1020
        SFlowCSWindows30Latin1         SFlowCharSet = 2000
        SFlowCSWindows31Latin1         SFlowCharSet = 2001
        SFlowCSWindows31Latin2         SFlowCharSet = 2002
        SFlowCSWindows31Latin5         SFlowCharSet = 2003
        SFlowCSHPRoman8                SFlowCharSet = 2004
        SFlowCSAdobeStandardEncoding   SFlowCharSet = 2005
        SFlowCSVenturaUS               SFlowCharSet = 2006
        SFlowCSVenturaInternational    SFlowCharSet = 2007
        SFlowCSDECMCS                  SFlowCharSet = 2008
        SFlowCSPC850Multilingual       SFlowCharSet = 2009
        SFlowCSPCp852                  SFlowCharSet = 2010
        SFlowCSPC8CodePage437          SFlowCharSet = 2011
        SFlowCSPC8DanishNorwegian      SFlowCharSet = 2012
        SFlowCSPC862LatinHebrew        SFlowCharSet = 2013
        SFlowCSPC8Turkish              SFlowCharSet = 2014
        SFlowCSIBMSymbols              SFlowCharSet = 2015
        SFlowCSIBMThai                 SFlowCharSet = 2016
        SFlowCSHPLegal                 SFlowCharSet = 2017
        SFlowCSHPPiFont                SFlowCharSet = 2018
        SFlowCSHPMath8                 SFlowCharSet = 2019
        SFlowCSHPPSMath                SFlowCharSet = 2020
        SFlowCSHPDesktop               SFlowCharSet = 2021
        SFlowCSVenturaMath             SFlowCharSet = 2022
        SFlowCSMicrosoftPublishing     SFlowCharSet = 2023
        SFlowCSWindows31J              SFlowCharSet = 2024
        SFlowCSGB2312                  SFlowCharSet = 2025
        SFlowCSBig5                    SFlowCharSet = 2026
        SFlowCSMacintosh               SFlowCharSet = 2027
        SFlowCSIBM037                  SFlowCharSet = 2028
        SFlowCSIBM038                  SFlowCharSet = 2029
        SFlowCSIBM273                  SFlowCharSet = 2030
        SFlowCSIBM274                  SFlowCharSet = 2031
        SFlowCSIBM275                  SFlowCharSet = 2032
        SFlowCSIBM277                  SFlowCharSet = 2033
        SFlowCSIBM278                  SFlowCharSet = 2034
        SFlowCSIBM280                  SFlowCharSet = 2035
        SFlowCSIBM281                  SFlowCharSet = 2036
        SFlowCSIBM284                  SFlowCharSet = 2037
        SFlowCSIBM285                  SFlowCharSet = 2038
        SFlowCSIBM290                  SFlowCharSet = 2039
        SFlowCSIBM297                  SFlowCharSet = 2040
        SFlowCSIBM420                  SFlowCharSet = 2041
        SFlowCSIBM423                  SFlowCharSet = 2042
        SFlowCSIBM424                  SFlowCharSet = 2043
        SFlowCSIBM500                  SFlowCharSet = 2044
        SFlowCSIBM851                  SFlowCharSet = 2045
        SFlowCSIBM855                  SFlowCharSet = 2046
        SFlowCSIBM857                  SFlowCharSet = 2047
        SFlowCSIBM860                  SFlowCharSet = 2048
        SFlowCSIBM861                  SFlowCharSet = 2049
        SFlowCSIBM863                  SFlowCharSet = 2050
        SFlowCSIBM864                  SFlowCharSet = 2051
        SFlowCSIBM865                  SFlowCharSet = 2052
        SFlowCSIBM868                  SFlowCharSet = 2053
        SFlowCSIBM869                  SFlowCharSet = 2054
        SFlowCSIBM870                  SFlowCharSet = 2055
        SFlowCSIBM871                  SFlowCharSet = 2056
        SFlowCSIBM880                  SFlowCharSet = 2057
        SFlowCSIBM891                  SFlowCharSet = 2058
        SFlowCSIBM903                  SFlowCharSet = 2059
        SFlowCSIBBM904                 SFlowCharSet = 2060
        SFlowCSIBM905                  SFlowCharSet = 2061
        SFlowCSIBM918                  SFlowCharSet = 2062
        SFlowCSIBM1026                 SFlowCharSet = 2063
        SFlowCSIBMEBCDICATDE           SFlowCharSet = 2064
        SFlowCSEBCDICATDEA             SFlowCharSet = 2065
        SFlowCSEBCDICCAFR              SFlowCharSet = 2066
        SFlowCSEBCDICDKNO              SFlowCharSet = 2067
        SFlowCSEBCDICDKNOA             SFlowCharSet = 2068
        SFlowCSEBCDICFISE              SFlowCharSet = 2069
        SFlowCSEBCDICFISEA             SFlowCharSet = 2070
        SFlowCSEBCDICFR                SFlowCharSet = 2071
        SFlowCSEBCDICIT                SFlowCharSet = 2072
        SFlowCSEBCDICPT                SFlowCharSet = 2073
        SFlowCSEBCDICES                SFlowCharSet = 2074
        SFlowCSEBCDICESA               SFlowCharSet = 2075
        SFlowCSEBCDICESS               SFlowCharSet = 2076
        SFlowCSEBCDICUK                SFlowCharSet = 2077
        SFlowCSEBCDICUS                SFlowCharSet = 2078
        SFlowCSUnknown8BiT             SFlowCharSet = 2079
        SFlowCSMnemonic                SFlowCharSet = 2080
        SFlowCSMnem                    SFlowCharSet = 2081
        SFlowCSVISCII                  SFlowCharSet = 2082
        SFlowCSVIQR                    SFlowCharSet = 2083
        SFlowCSKOI8R                   SFlowCharSet = 2084
        SFlowCSHZGB2312                SFlowCharSet = 2085
        SFlowCSIBM866                  SFlowCharSet = 2086
        SFlowCSPC775Baltic             SFlowCharSet = 2087
        SFlowCSKOI8U                   SFlowCharSet = 2088
        SFlowCSIBM00858                SFlowCharSet = 2089
        SFlowCSIBM00924                SFlowCharSet = 2090
        SFlowCSIBM01140                SFlowCharSet = 2091
        SFlowCSIBM01141                SFlowCharSet = 2092
        SFlowCSIBM01142                SFlowCharSet = 2093
        SFlowCSIBM01143                SFlowCharSet = 2094
        SFlowCSIBM01144                SFlowCharSet = 2095
        SFlowCSIBM01145                SFlowCharSet = 2096
        SFlowCSIBM01146                SFlowCharSet = 2097
        SFlowCSIBM01147                SFlowCharSet = 2098
        SFlowCSIBM01148                SFlowCharSet = 2099
        SFlowCSIBM01149                SFlowCharSet = 2100
        SFlowCSBig5HKSCS               SFlowCharSet = 2101
        SFlowCSIBM1047                 SFlowCharSet = 2102
        SFlowCSPTCP154                 SFlowCharSet = 2103
        SFlowCSAmiga1251               SFlowCharSet = 2104
        SFlowCSKOI7switched            SFlowCharSet = 2105
        SFlowCSBRF                     SFlowCharSet = 2106
        SFlowCSTSCII                   SFlowCharSet = 2107
        SFlowCSCP51932                 SFlowCharSet = 2108
        SFlowCSWindows874              SFlowCharSet = 2109
        SFlowCSWindows1250             SFlowCharSet = 2250
        SFlowCSWindows1251             SFlowCharSet = 2251
        SFlowCSWindows1252             SFlowCharSet = 2252
        SFlowCSWindows1253             SFlowCharSet = 2253
        SFlowCSWindows1254             SFlowCharSet = 2254
        SFlowCSWindows1255             SFlowCharSet = 2255
        SFlowCSWindows1256             SFlowCharSet = 2256
        SFlowCSWindows1257             SFlowCharSet = 2257
        SFlowCSWindows1258             SFlowCharSet = 2258
        SFlowCSTIS620                  SFlowCharSet = 2259
        SFlowCS50220                   SFlowCharSet = 2260
        SFlowCSreserved                SFlowCharSet = 3000
)

func decodeExtendedUserFlow(data *[]byte) (SFlowExtendedUserFlow, error) {
        eu := SFlowExtendedUserFlow{}
        var fdf SFlowFlowDataFormat
        var srcUserLen uint32
        var srcUserLenWithPad int
        var srcUserBytes []byte
        var dstUserLen uint32
        var dstUserLenWithPad int
        var dstUserBytes []byte

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        eu.EnterpriseID, eu.Format = fdf.decode()
        *data, eu.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, eu.SourceCharSet = (*data)[4:], SFlowCharSet(binary.BigEndian.Uint32((*data)[:4]))
        *data, srcUserLen = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        srcUserLenWithPad = int(srcUserLen + ((4 - srcUserLen) % 4))
        *data, srcUserBytes = (*data)[srcUserLenWithPad:], (*data)[:srcUserLenWithPad]
        eu.SourceUserID = string(srcUserBytes[:srcUserLen])
        *data, eu.DestinationCharSet = (*data)[4:], SFlowCharSet(binary.BigEndian.Uint32((*data)[:4]))
        *data, dstUserLen = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        dstUserLenWithPad = int(dstUserLen + ((4 - dstUserLen) % 4))
        *data, dstUserBytes = (*data)[dstUserLenWithPad:], (*data)[:dstUserLenWithPad]
        eu.DestinationUserID = string(dstUserBytes[:dstUserLen])
        return eu, nil
}

// **************************************************
//  Packet IP version 4 Record
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                     Length                    |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    Protocol                   |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  Source IPv4                  |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                Destination IPv4               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   Source Port                 |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                Destionation Port              |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   TCP Flags                   |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                      TOS                      |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowIpv4Record struct {
        // The length of the IP packet excluding ower layer encapsulations
        Length uint32
        // IP Protocol type (for example, TCP = 6, UDP = 17)
        Protocol uint32
        // Source IP Address
        IPSrc net.IP
        // Destination IP Address
        IPDst net.IP
        // TCP/UDP source port number or equivalent
        PortSrc uint32
        // TCP/UDP destination port number or equivalent
        PortDst uint32
        // TCP flags
        TCPFlags uint32
        // IP type of service
        TOS uint32
}

func decodeSFlowIpv4Record(data *[]byte) (SFlowIpv4Record, error) {
        si := SFlowIpv4Record{}

        *data, si.Length = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, si.Protocol = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, si.IPSrc = (*data)[4:], net.IP((*data)[:4])
        *data, si.IPDst = (*data)[4:], net.IP((*data)[:4])
        *data, si.PortSrc = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, si.PortDst = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, si.TCPFlags = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, si.TOS = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])

        return si, nil
}

// **************************************************
//  Packet IP version 6 Record
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                     Length                    |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    Protocol                   |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  Source IPv4                  |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                Destination IPv4               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   Source Port                 |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                Destionation Port              |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   TCP Flags                   |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    Priority                   |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowIpv6Record struct {
        // The length of the IP packet excluding ower layer encapsulations
        Length uint32
        // IP Protocol type (for example, TCP = 6, UDP = 17)
        Protocol uint32
        // Source IP Address
        IPSrc net.IP
        // Destination IP Address
        IPDst net.IP
        // TCP/UDP source port number or equivalent
        PortSrc uint32
        // TCP/UDP destination port number or equivalent
        PortDst uint32
        // TCP flags
        TCPFlags uint32
        // IP priority
        Priority uint32
}

func decodeSFlowIpv6Record(data *[]byte) (SFlowIpv6Record, error) {
        si := SFlowIpv6Record{}

        *data, si.Length = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, si.Protocol = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, si.IPSrc = (*data)[16:], net.IP((*data)[:16])
        *data, si.IPDst = (*data)[16:], net.IP((*data)[:16])
        *data, si.PortSrc = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, si.PortDst = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, si.TCPFlags = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, si.Priority = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])

        return si, nil
}

// **************************************************
//  Extended IPv4 Tunnel Egress
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /           Packet IP version 4 Record          /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedIpv4TunnelEgressRecord struct {
        SFlowBaseFlowRecord
        SFlowIpv4Record SFlowIpv4Record
}

func decodeExtendedIpv4TunnelEgress(data *[]byte) (SFlowExtendedIpv4TunnelEgressRecord, error) {
        rec := SFlowExtendedIpv4TunnelEgressRecord{}
        var fdf SFlowFlowDataFormat

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        rec.EnterpriseID, rec.Format = fdf.decode()
        *data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        rec.SFlowIpv4Record, _ = decodeSFlowIpv4Record(data)

        return rec, nil
}

// **************************************************
//  Extended IPv4 Tunnel Ingress
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /           Packet IP version 4 Record          /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedIpv4TunnelIngressRecord struct {
        SFlowBaseFlowRecord
        SFlowIpv4Record SFlowIpv4Record
}

func decodeExtendedIpv4TunnelIngress(data *[]byte) (SFlowExtendedIpv4TunnelIngressRecord, error) {
        rec := SFlowExtendedIpv4TunnelIngressRecord{}
        var fdf SFlowFlowDataFormat

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        rec.EnterpriseID, rec.Format = fdf.decode()
        *data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        rec.SFlowIpv4Record, _ = decodeSFlowIpv4Record(data)

        return rec, nil
}

// **************************************************
//  Extended IPv6 Tunnel Egress
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /           Packet IP version 6 Record          /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedIpv6TunnelEgressRecord struct {
        SFlowBaseFlowRecord
        SFlowIpv6Record
}

func decodeExtendedIpv6TunnelEgress(data *[]byte) (SFlowExtendedIpv6TunnelEgressRecord, error) {
        rec := SFlowExtendedIpv6TunnelEgressRecord{}
        var fdf SFlowFlowDataFormat

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        rec.EnterpriseID, rec.Format = fdf.decode()
        *data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        rec.SFlowIpv6Record, _ = decodeSFlowIpv6Record(data)

        return rec, nil
}

// **************************************************
//  Extended IPv6 Tunnel Ingress
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /           Packet IP version 6 Record          /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedIpv6TunnelIngressRecord struct {
        SFlowBaseFlowRecord
        SFlowIpv6Record
}

func decodeExtendedIpv6TunnelIngress(data *[]byte) (SFlowExtendedIpv6TunnelIngressRecord, error) {
        rec := SFlowExtendedIpv6TunnelIngressRecord{}
        var fdf SFlowFlowDataFormat

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        rec.EnterpriseID, rec.Format = fdf.decode()
        *data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        rec.SFlowIpv6Record, _ = decodeSFlowIpv6Record(data)

        return rec, nil
}

// **************************************************
//  Extended Decapsulate Egress
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |               Inner Header Offset             |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedDecapsulateEgressRecord struct {
        SFlowBaseFlowRecord
        InnerHeaderOffset uint32
}

func decodeExtendedDecapsulateEgress(data *[]byte) (SFlowExtendedDecapsulateEgressRecord, error) {
        rec := SFlowExtendedDecapsulateEgressRecord{}
        var fdf SFlowFlowDataFormat

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        rec.EnterpriseID, rec.Format = fdf.decode()
        *data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, rec.InnerHeaderOffset = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])

        return rec, nil
}

// **************************************************
//  Extended Decapsulate Ingress
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |               Inner Header Offset             |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedDecapsulateIngressRecord struct {
        SFlowBaseFlowRecord
        InnerHeaderOffset uint32
}

func decodeExtendedDecapsulateIngress(data *[]byte) (SFlowExtendedDecapsulateIngressRecord, error) {
        rec := SFlowExtendedDecapsulateIngressRecord{}
        var fdf SFlowFlowDataFormat

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        rec.EnterpriseID, rec.Format = fdf.decode()
        *data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, rec.InnerHeaderOffset = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])

        return rec, nil
}

// **************************************************
//  Extended VNI Egress
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                       VNI                     |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedVniEgressRecord struct {
        SFlowBaseFlowRecord
        VNI uint32
}

func decodeExtendedVniEgress(data *[]byte) (SFlowExtendedVniEgressRecord, error) {
        rec := SFlowExtendedVniEgressRecord{}
        var fdf SFlowFlowDataFormat

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        rec.EnterpriseID, rec.Format = fdf.decode()
        *data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, rec.VNI = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])

        return rec, nil
}

// **************************************************
//  Extended VNI Ingress
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  record length                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                       VNI                     |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedVniIngressRecord struct {
        SFlowBaseFlowRecord
        VNI uint32
}

func decodeExtendedVniIngress(data *[]byte) (SFlowExtendedVniIngressRecord, error) {
        rec := SFlowExtendedVniIngressRecord{}
        var fdf SFlowFlowDataFormat

        *data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        rec.EnterpriseID, rec.Format = fdf.decode()
        *data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, rec.VNI = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])

        return rec, nil
}

// **************************************************
//  Counter Record
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  counter length               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /                   counter data                /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

type SFlowBaseCounterRecord struct {
        EnterpriseID   SFlowEnterpriseID
        Format         SFlowCounterRecordType
        FlowDataLength uint32
}

func (bcr SFlowBaseCounterRecord) GetType() SFlowCounterRecordType {
        switch bcr.Format {
        case SFlowTypeGenericInterfaceCounters:
                return SFlowTypeGenericInterfaceCounters
        case SFlowTypeEthernetInterfaceCounters:
                return SFlowTypeEthernetInterfaceCounters
        case SFlowTypeTokenRingInterfaceCounters:
                return SFlowTypeTokenRingInterfaceCounters
        case SFlowType100BaseVGInterfaceCounters:
                return SFlowType100BaseVGInterfaceCounters
        case SFlowTypeVLANCounters:
                return SFlowTypeVLANCounters
        case SFlowTypeProcessorCounters:
                return SFlowTypeProcessorCounters

        }
        unrecognized := fmt.Sprint("Unrecognized counter record type:", bcr.Format)
        panic(unrecognized)
}

// **************************************************
//  Counter Record
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  counter length               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    IfIndex                    |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    IfType                     |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   IfSpeed                     |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   IfDirection                 |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    IfStatus                   |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   IFInOctets                  |
//  |                                               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   IfInUcastPkts               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  IfInMulticastPkts            |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  IfInBroadcastPkts            |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    IfInDiscards               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    InInErrors                 |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  IfInUnknownProtos            |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   IfOutOctets                 |
//  |                                               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   IfOutUcastPkts              |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  IfOutMulticastPkts           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  IfOutBroadcastPkts           |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   IfOutDiscards               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    IfOUtErrors                |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                 IfPromiscouousMode            |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

type SFlowGenericInterfaceCounters struct {
        SFlowBaseCounterRecord
        IfIndex            uint32
        IfType             uint32
        IfSpeed            uint64
        IfDirection        uint32
        IfStatus           uint32
        IfInOctets         uint64
        IfInUcastPkts      uint32
        IfInMulticastPkts  uint32
        IfInBroadcastPkts  uint32
        IfInDiscards       uint32
        IfInErrors         uint32
        IfInUnknownProtos  uint32
        IfOutOctets        uint64
        IfOutUcastPkts     uint32
        IfOutMulticastPkts uint32
        IfOutBroadcastPkts uint32
        IfOutDiscards      uint32
        IfOutErrors        uint32
        IfPromiscuousMode  uint32
}

func decodeGenericInterfaceCounters(data *[]byte) (SFlowGenericInterfaceCounters, error) {
        gic := SFlowGenericInterfaceCounters{}
        var cdf SFlowCounterDataFormat

        *data, cdf = (*data)[4:], SFlowCounterDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        gic.EnterpriseID, gic.Format = cdf.decode()
        *data, gic.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfIndex = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfType = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfSpeed = (*data)[8:], binary.BigEndian.Uint64((*data)[:8])
        *data, gic.IfDirection = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfStatus = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfInOctets = (*data)[8:], binary.BigEndian.Uint64((*data)[:8])
        *data, gic.IfInUcastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfInMulticastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfInBroadcastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfInDiscards = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfInErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfInUnknownProtos = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfOutOctets = (*data)[8:], binary.BigEndian.Uint64((*data)[:8])
        *data, gic.IfOutUcastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfOutMulticastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfOutBroadcastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfOutDiscards = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfOutErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, gic.IfPromiscuousMode = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        return gic, nil
}

// **************************************************
//  Counter Record
// **************************************************

//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  counter length               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  /                   counter data                /
//  /                                               /
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

type SFlowEthernetCounters struct {
        SFlowBaseCounterRecord
        AlignmentErrors           uint32
        FCSErrors                 uint32
        SingleCollisionFrames     uint32
        MultipleCollisionFrames   uint32
        SQETestErrors             uint32
        DeferredTransmissions     uint32
        LateCollisions            uint32
        ExcessiveCollisions       uint32
        InternalMacTransmitErrors uint32
        CarrierSenseErrors        uint32
        FrameTooLongs             uint32
        InternalMacReceiveErrors  uint32
        SymbolErrors              uint32
}

func decodeEthernetCounters(data *[]byte) (SFlowEthernetCounters, error) {
        ec := SFlowEthernetCounters{}
        var cdf SFlowCounterDataFormat

        *data, cdf = (*data)[4:], SFlowCounterDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        ec.EnterpriseID, ec.Format = cdf.decode()
        *data, ec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.AlignmentErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.FCSErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.SingleCollisionFrames = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.MultipleCollisionFrames = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.SQETestErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.DeferredTransmissions = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.LateCollisions = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.ExcessiveCollisions = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.InternalMacTransmitErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.CarrierSenseErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.FrameTooLongs = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.InternalMacReceiveErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, ec.SymbolErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        return ec, nil
}

// **************************************************
//  Processor Counter Record
// **************************************************
//  0                      15                      31
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |      20 bit Interprise (0)     |12 bit format |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                  counter length               |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    FiveSecCpu                 |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    OneMinCpu                  |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    GiveMinCpu                 |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                   TotalMemory                 |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
//  |                    FreeMemory                 |
//  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

type SFlowProcessorCounters struct {
        SFlowBaseCounterRecord
        FiveSecCpu  uint32 // 5 second average CPU utilization
        OneMinCpu   uint32 // 1 minute average CPU utilization
        FiveMinCpu  uint32 // 5 minute average CPU utilization
        TotalMemory uint64 // total memory (in bytes)
        FreeMemory  uint64 // free memory (in bytes)
}

func decodeProcessorCounters(data *[]byte) (SFlowProcessorCounters, error) {
        pc := SFlowProcessorCounters{}
        var cdf SFlowCounterDataFormat
        var high32, low32 uint32

        *data, cdf = (*data)[4:], SFlowCounterDataFormat(binary.BigEndian.Uint32((*data)[:4]))
        pc.EnterpriseID, pc.Format = cdf.decode()
        *data, pc.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])

        *data, pc.FiveSecCpu = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, pc.OneMinCpu = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, pc.FiveMinCpu = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, high32 = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, low32 = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        pc.TotalMemory = (uint64(high32) << 32) + uint64(low32)
        *data, high32 = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        *data, low32 = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
        pc.FreeMemory = (uint64(high32)) + uint64(low32)

        return pc, nil
}