/* Flow Data types

   A flow_sample must contain packet header information. The
   prefered format for reporting packet header information is
   the sampled_header. */
    

/* Packet header data */

enum header_protocol {
   ETHERNET-ISO8023     = 1,
   ISO88024-TOKENBUS    = 2,
   ISO88025-TOKENRING   = 3,
   FDDI                 = 4,
   FRAME-RELAY          = 5,
   X25                  = 6,
   PPP                  = 7,
   SMDS                 = 8,                
   AAL5                 = 9,
   AAL5-IP              = 10, /* e.g. Cisco AAL5 mux */
   IPv4                 = 11,
   IPv6                 = 12,
   MPLS                 = 13
}   

/* Raw packet header
     enterprise = inmon(4300)
     format = 1 */

struct sampled_header {
   header_protocol protocol;       /* Format of sampled header */
   unsigned int frame_length;      /* Original length of packet before
                                      sampling */
   opaque header<>;                /* Header bytes */
}

/* Ethernet frame data
     enterprise = inmon(4300)
     format = 2 */

struct sampled_ethernet {
     unsigned int length;   /* The length of the MAC packet excluding 
                               lower layer encapsulations */
     mac src_mac;           /* Source MAC address */
     mac dst_mac;           /* Destination MAC address */
     unsigned int type;     /* Ethernet packet type */
}

/* Packet IP version 4 data
     enterprise = inmon(4300)
     format = 3 */

struct sampled_ipv4 {
   unsigned int length;     /* The length of the IP packet excluding 
                               lower layer encapsulations */
   unsigned int protocol;   /* IP Protocol type
                               (for example, TCP = 6, UDP = 17) */
   ip_v4 src_ip;            /* Source IP Address */
   ip_v4 dst_ip;            /* Destination IP Address */
   unsigned int src_port;   /* TCP/UDP source port number or equivalent */
   unsigned int dst_port;   /* TCP/UDP destination port number or equivalent */
   unsigned int tcp_flags;  /* TCP flags */
   unsigned int tos;        /* IP type of service */
}

/* Packet IP version 6 data
     enterprise = inmon(4300)
     format = 4 */

struct sampled_ipv6 {
   unsigned int length;     /* The length of the IP packet excluding
                               lower layer encapsulations */
   unsigned int protocol;   /* IP next header
                               (for example, TCP = 6, UDP = 17) */
   ip_v6 src_ip;            /* Source IP Address */
   ip_v6 dst_ip;            /* Destination IP Address */
   unsigned int src_port;   /* TCP/UDP source port number or equivalent */
   unsigned int dst_port;   /* TCP/UDP destination port number or equivalent */
   unsigned int tcp_flags;  /* TCP flags */
   unsigned int priority;   /* IP priority */
}


/* Extended data types 

   Extended data types provide supplimentary information about the
   sampled packet. All applicable extended flow records should be 
   included with each flow sample. */

/* Extended switch data
     enterprise = inmon(4300)
     format = 1001 */

struct extended_switch {
   unsigned int src_vlan;     /* The 802.1Q VLAN id of incoming frame */
   unsigned int src_priority; /* The 802.1p priority of incoming frame */
   unsigned int dst_vlan;     /* The 802.1Q VLAN id of outgoing frame */
   unsigned int dst_priority; /* The 802.1p priority of outgoing frame */
}

/* Extended router data
     enterprise = inmon(4300)
     format = 1002 */

struct extended_router {
   address nexthop;         /* IP address of next hop router */
   unsigned int src_mask;   /* Source address prefix mask bits */
   unsigned int dst_mask;   /* Destination address prefix mask bits */
}

enum as_path_segment_type {
   AS_SET      = 1,            /* Unordered set of ASs */
   AS_SEQUENCE = 2             /* Ordered set of ASs */
}

union as_path_type (as_path_segment_type) {
   case AS_SET:
      unsigned int as_set<>;
   case AS_SEQUENCE:
      unsigned int as_sequence<>;
}

/* Extended gateway data
     enterprise = inmon(4300) 
     format = 1003 */

struct extended_gateway {
   unsigned int as;            /* Autonomous system number of router */
   unsigned int src_as;        /* Autonomous system number of source */
   unsigned int src_peer_as;   /* Autonomous system number of source peer */
   as_path_type dst_as_path<>; /* Autonomous system path to the destination */
   unsigned int communities<>; /* Communities associated with this route */
   unsigned int localpref;     /* LocalPref associated with this route */
}

/* Extended user data
     enterprise = inmon(4300)
     format = 1004 */

struct extended_user {
   string src_user<>;          /* User ID associated with packet source */
   string dst_user<>;          /* User ID associated with packet destination */
}

enum url_direction {
   src    = 1,                 /* Source address is HTTP server */
   dst    = 2                  /* Destination address is HTTP server */
}

/* Extended URL data
     enterprise = inmon(4300)
     format = 1005 */

struct extended_url {
   url_direction direction;    /* Direction of HTTP connection */
   string url<>;               /* URL associated with the packet flow */
   string host<>;              /* The host field from the HTTP header */
}

/* Extended MPLS data
     enterprise = inmon(4300)
     format = 1006 */

struct extended_mpls { 
   address mplsNextHop;              /* Address of the next hop */ 
   unsigned int mplsInLabel;         /* Top label of received mpls packet 
                                        (See RFC 3032 for label encoding) */ 
   unsigned int mplsOutLabelStack<>; /* Label stack for transmitted mpls packet 
                                        Note: First entry is top of stack. */ 
}

/* Extended NAT data
   Packet header records report addresses as seen at the sFlowDataSource.
   The extended_nat structure reports on translated source and/or destination
   addesses for this packet. If an address was not translated it should 
   be equal to that reported for the header. */
     enterprise = inmon(4300)
     format = 1007 */

struct extended_nat {
     address src_address;            /* Source address */
     address dst_address;            /* Destination address */
}

/* Counter types 

   Wherever possible, the if_counters block should be included. Media
   specific counters can be included as well. */

/* Generic interface counters - see RFC 2233
     enterprise = inmon(4300)
     format = 1 */

struct if_counters {
   unsigned int ifIndex;
   unsigned int ifType;
   unsigned hyper ifSpeed;
   unsigned int ifDirection;    /* derived from MAU MIB (RFC 2668)
                                   0 = unkown, 1=full-duplex, 2=half-duplex,
                                   3 = in, 4=out */
   unsigned int ifStatus;       /* bit field with the following bits assigned
                                   bit 0 = ifAdminStatus (0 = down, 1 = up)
                                   bit 1 = ifOperStatus (0 = down, 1 = up) */
   unsigned hyper ifInOctets;
   unsigned int ifInUcastPkts;
   unsigned int ifInMulticastPkts;
   unsigned int ifInBroadcastPkts;
   unsigned int ifInDiscards;
   unsigned int ifInErrors;
   unsigned int ifInUnknownProtos;
   unsigned hyper ifOutOctets;
   unsigned int ifOutUcastPkts;
   unsigned int ifOutMulticastPkts;
   unsigned int ifOutBroadcastPkts;
   unsigned int ifOutDiscards;
   unsigned int ifOutErrors;
   unsigned int ifPromiscuousMode;
}

/* Ethernet interface counters - see RFC 2358 
     enterprise = inmon(4300)
     format = 2 */

struct ethernet_counters {
   unsigned int dot3StatsAlignmentErrors;
   unsigned int dot3StatsFCSErrors;
   unsigned int dot3StatsSingleCollisionFrames;
   unsigned int dot3StatsMultipleCollisionFrames;
   unsigned int dot3StatsSQETestErrors;
   unsigned int dot3StatsDeferredTransmissions;
   unsigned int dot3StatsLateCollisions;
   unsigned int dot3StatsExcessiveCollisions;
   unsigned int dot3StatsInternalMacTransmitErrors;
   unsigned int dot3StatsCarrierSenseErrors;
   unsigned int dot3StatsFrameTooLongs;
   unsigned int dot3StatsInternalMacReceiveErrors;
   unsigned int dot3StatsSymbolErrors;
}

/* Token ring counters - see RFC 1748 
     enterprise = inmon(4300)
     format = 3 */

struct tokenring_counters {
  unsigned int dot5StatsLineErrors;
  unsigned int dot5StatsBurstErrors;
  unsigned int dot5StatsACErrors;
  unsigned int dot5StatsAbortTransErrors;
  unsigned int dot5StatsInternalErrors;
  unsigned int dot5StatsLostFrameErrors;
  unsigned int dot5StatsReceiveCongestions;
  unsigned int dot5StatsFrameCopiedErrors;
  unsigned int dot5StatsTokenErrors;
  unsigned int dot5StatsSoftErrors;
  unsigned int dot5StatsHardErrors;
  unsigned int dot5StatsSignalLoss;
  unsigned int dot5StatsTransmitBeacons;
  unsigned int dot5StatsRecoverys;
  unsigned int dot5StatsLobeWires;
  unsigned int dot5StatsRemoves;
  unsigned int dot5StatsSingles;
  unsigned int dot5StatsFreqErrors;
}

/* 100 BaseVG interface counters - see RFC 2020
     enterprise = inmon(4300)
     format = 4 */

struct vg_counters {
  unsigned int dot12InHighPriorityFrames;
  unsigned hyper dot12InHighPriorityOctets;
  unsigned int dot12InNormPriorityFrames;
  unsigned hyper dot12InNormPriorityOctets;
  unsigned int dot12InIPMErrors;
  unsigned int dot12InOversizeFrameErrors;
  unsigned int dot12InDataErrors;
  unsigned int dot12InNullAddressedFrames;
  unsigned int dot12OutHighPriorityFrames;
  unsigned hyper dot12OutHighPriorityOctets;
  unsigned int dot12TransitionIntoTrainings;
  unsigned hyper dot12HCInHighPriorityOctets;
  unsigned hyper dot12HCInNormPriorityOctets;
  unsigned hyper dot12HCOutHighPriorityOctets;
}

/* VLAN counters 
     enterprise = inmon(4300)
     format = 5 */

struct vlan_counters {
  unsigned int vlan_id;
  unsigned hyper octets;
  unsigned int ucastPkts;
  unsigned int multicastPkts;
  unsigned int broadcastPkts;
  unsigned int discards;
}