From 2bf0a26c4481139fe5e05c93a2330bff42c92745 Mon Sep 17 00:00:00 2001
From: Linus Mellberg <lmellberg@baffinbaynetworks.com>
Date: Wed, 17 Sep 2025 11:40:01 +0200
Subject: [PATCH] fixes parsing bug in sflow packets with ip records

---
 layers/sflow.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/layers/sflow.go b/layers/sflow.go
index bc1c9733b..423c95a8f 100644
--- a/layers/sflow.go
+++ b/layers/sflow.go
@@ -1736,6 +1736,8 @@ type SFlowIpv4Record struct {
 func decodeSFlowIpv4Record(data *[]byte) (SFlowIpv4Record, error) {
 	si := SFlowIpv4Record{}
 
+	// ignore EnterpriseID and Format (4 byte), and flow data length (4 byte)
+	*data = (*data)[8:]
 	*data, si.Length = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
 	*data, si.Protocol = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
 	*data, si.IPSrc = (*data)[4:], net.IP((*data)[:4])
@@ -1792,6 +1794,8 @@ type SFlowIpv6Record struct {
 func decodeSFlowIpv6Record(data *[]byte) (SFlowIpv6Record, error) {
 	si := SFlowIpv6Record{}
 
+	// ignore EnterpriseID and Format (4 byte), and flow data length (4 byte)
+	*data = (*data)[8:]
 	*data, si.Length = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
 	*data, si.Protocol = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
 	*data, si.IPSrc = (*data)[16:], net.IP((*data)[:16])