logstash-codec-netflow 3.8.0 → 3.8.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/RFC_COMPLIANCE_IPFIX.md +48 -47
  4. data/RFC_COMPLIANCE_NETFLOW_v9.md +41 -41
  5. data/docs/index.asciidoc +2 -0
  6. data/lib/logstash/codecs/netflow/netflow.yaml +3 -0
  7. data/lib/logstash/codecs/netflow.rb +26 -18
  8. data/logstash-codec-netflow.gemspec +1 -1
  9. data/spec/codecs/netflow9_test_paloalto_panos_data.dat +0 -0
  10. data/spec/codecs/netflow9_test_paloalto_panos_tpl.dat +0 -0
  11. data/spec/codecs/netflow_spec.rb +54 -0
  12. data/spec/codecs/netflow_stress.py +30 -0
  13. metadata +93 -85
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0d51a96934f6215fa848ef5826f1da03ee4bf555
4
- data.tar.gz: 01285e9dad3666666178a98dd50af9275fedb43b
3
+ metadata.gz: 5b85cd8c1849c1914c49727e17a1775257aee259
4
+ data.tar.gz: fb97641f2b79c06cc380c27eba5933f40dfc8c87
5
5
  SHA512:
6
- metadata.gz: a9e15da9958d4435051ba14da84768bd3db6b96ce0c8d7c80de3848ac2bfbcc5205f8d0cfd0415668447f3481fdedae3b5cea15bd9747124ac4aecbd648cc692
7
- data.tar.gz: 1064815fd03ec5d7439f2fd3df9a9f50421742b8af83d002e62a3553005eb8cb1fa00ad1a43a8b19754fc2dd019bd963c35bb200a7b37ef6dbd8eea8a579c43f
6
+ metadata.gz: 2ee8918200546ef2e9d454eadf84bce73abab9fc24c268ce2c90808ddc1c4dba70d8503bad0213b774e71385df5a00a986c738e0abea1105afa9f842e5ed66ce
7
+ data.tar.gz: 578e1d35533e5053a4b43189bc2581a3e511ae0d152974fa4f3d8bb7aa80c35bc2f6dad837b433b905a7de8c7d644bfb9d81e6efd39b760713bcb82683aaf882
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## 3.8.1
2
+
3
+ - Prevent Netflow and IPFIX templates from being modified concurrently
4
+ - Improved Palo Alto support and added rspec test
5
+
1
6
  ## 3.8.0
2
7
 
3
8
  - Added initial YAF support with applabel and silk (but without DPI plugins because of complex data types)
data/RFC_COMPLIANCE_IPFIX.md CHANGED
@@ -71,53 +71,6 @@ Summary of collector-relevant requirements implemented versus the total collecto
71
71
  | subTemplateList | No | |
72
72
  | subTemplateMultiList | No | |
73
73
 
74
- ## RFC7012 Information Elements support details
75
-
76
- IE 1-433 are supported
77
-
78
- These are not yet supported:
79
-
80
- |id | name | data type
81
- |---|---------------------|-------------------------
82
- |434|mibObjectValueInteger|signed32
83
- |435|mibObjectValueOctetString|octetArray
84
- |436|mibObjectValueOID|octetArray
85
- |437|mibObjectValueBits|octetArray
86
- |438|mibObjectValueIPAddress|ipv4Address
87
- |439|mibObjectValueCounter|unsigned64
88
- |440|mibObjectValueGauge|unsigned32
89
- |441|mibObjectValueTimeTicks|unsigned32
90
- |442|mibObjectValueUnsigned|unsigned32
91
- |443|mibObjectValueTable|subTemplateList
92
- |444|mibObjectValueRow|subTemplateList
93
- |445|mibObjectIdentifier|octetArray
94
- |446|mibSubIdentifier|unsigned32
95
- |447|mibIndexIndicator|unsigned64
96
- |448|mibCaptureTimeSemantics|unsigned8
97
- |449|mibContextEngineID|octetArray
98
- |450|mibContextName|string
99
- |451|mibObjectName|string
100
- |452|mibObjectDescription|string
101
- |453|mibObjectSyntax|string
102
- |454|mibModuleName|string
103
- |455|mobileIMSI|string
104
- |456|mobileMSISDN|string
105
- |457|httpStatusCode|unsigned16
106
- |458|sourceTransportPortsLimit|unsigned16
107
- |459|httpRequestMethod|string
108
- |460|httpRequestHost|string
109
- |461|httpRequestTarget|string
110
- |462|httpMessageVersion|string
111
- |463|natInstanceID|unsigned32
112
- |464|internalAddressRealm|octetArray
113
- |465|externalAddressRealm|octetArray
114
- |466|natQuotaExceededEvent|unsigned32
115
- |467|natThresholdEvent|unsigned32
116
- |468|httpUserAgent|string
117
- |469|httpContentType|string
118
- |470|httpReasonPhrase|string
119
-
120
-
121
74
  ## RFC 7011 collector compliance details
122
75
 
123
76
  The tables below detail the collector-relevant requirements, and whether or not they are implemented:
@@ -228,3 +181,51 @@ The tables below detail the collector-relevant requirements, and whether or not
228
181
  | 11.7 As IPFIX uses length-prefix encodings, Collector implementors should take care to ensure the detection of inconsistent values that could impact IPFIX Message decoding, and proper operation in the presence of such inconsistent values. | | | YES |
229
182
  | 11.7 Specifically, IPFIX Message, Set, and variable-length Information Element lengths must be checked for consistency to avoid buffer-sizing vulnerabilities. | | | YES |
230
183
 
184
+
185
+ ## RFC7012 Information Elements support details
186
+
187
+ IE 1-433 are supported
188
+
189
+ These are not yet supported:
190
+
191
+ |id | name | data type
192
+ |---|---------------------|-------------------------
193
+ |434|mibObjectValueInteger|signed32
194
+ |435|mibObjectValueOctetString|octetArray
195
+ |436|mibObjectValueOID|octetArray
196
+ |437|mibObjectValueBits|octetArray
197
+ |438|mibObjectValueIPAddress|ipv4Address
198
+ |439|mibObjectValueCounter|unsigned64
199
+ |440|mibObjectValueGauge|unsigned32
200
+ |441|mibObjectValueTimeTicks|unsigned32
201
+ |442|mibObjectValueUnsigned|unsigned32
202
+ |443|mibObjectValueTable|subTemplateList
203
+ |444|mibObjectValueRow|subTemplateList
204
+ |445|mibObjectIdentifier|octetArray
205
+ |446|mibSubIdentifier|unsigned32
206
+ |447|mibIndexIndicator|unsigned64
207
+ |448|mibCaptureTimeSemantics|unsigned8
208
+ |449|mibContextEngineID|octetArray
209
+ |450|mibContextName|string
210
+ |451|mibObjectName|string
211
+ |452|mibObjectDescription|string
212
+ |453|mibObjectSyntax|string
213
+ |454|mibModuleName|string
214
+ |455|mobileIMSI|string
215
+ |456|mobileMSISDN|string
216
+ |457|httpStatusCode|unsigned16
217
+ |458|sourceTransportPortsLimit|unsigned16
218
+ |459|httpRequestMethod|string
219
+ |460|httpRequestHost|string
220
+ |461|httpRequestTarget|string
221
+ |462|httpMessageVersion|string
222
+ |463|natInstanceID|unsigned32
223
+ |464|internalAddressRealm|octetArray
224
+ |465|externalAddressRealm|octetArray
225
+ |466|natQuotaExceededEvent|unsigned32
226
+ |467|natThresholdEvent|unsigned32
227
+ |468|httpUserAgent|string
228
+ |469|httpContentType|string
229
+ |470|httpReasonPhrase|string
230
+
231
+
data/RFC_COMPLIANCE_NETFLOW_v9.md CHANGED
@@ -26,6 +26,47 @@ Summary of collector-relevant requirements implemented versus the total collecto
26
26
  | 9. The collector side | 5/5 | 0/3 | |
27
27
  | 10. Security considerations | | | |
28
28
 
29
+ ## RFC 3954 collector compliance details
30
+
31
+ The tables below detail the collector-relevant requirements, and whether or not they are implemented:
32
+
33
+ ### 5. Export packet format
34
+
35
+ | Requirement |MUST |SHOULD| MAY|
36
+ |---------------------------------------|-----|-----|-----|
37
+ | 5.1 Incremental sequence counter of all Export Packets sent from the current Observation Domain by the Exporter. This value MUST be cumulative, and SHOULD be used by the Collector to identify whether any Export Packets have been missed. | | NO | |
38
+ | 5.1 NetFlow Collectors SHOULD use the combination of the source IP address and the Source ID field to separate different export streams originating from the same Exporter. | | NO | |
39
+ | 5.3 The Collector MUST use the FlowSet ID to find the corresponding Template Record and decode the Flow Records from the FlowSet. | YES | | |
40
+
41
+ ### 6. Options
42
+
43
+ | Requirement |MUST |SHOULD| MAY|
44
+ |---------------------------------------|-----|-----|-----|
45
+ | 6.2 The Collector MUST use the FlowSet ID to map the appropriate type and length to any field values that follow. | YES | | |
46
+
47
+ ### 7. Template management
48
+
49
+ | Requirement |MUST |SHOULD| MAY|
50
+ |---------------------------------------|-----|-----|-----|
51
+ | 7. the NetFlow Collector MUST store the Template Record to interpret the corresponding Flow Data Records that are received in subsequent data packets. | YES | | |
52
+ | 7. A NetFlow Collector that receives Export Packets from several Observation Domains from the same Exporter MUST be aware that the uniqueness of the Template ID is not guaranteed across Observation Domains. | YES | | |
53
+ | 7. If a Collector should receive a new definition for an already existing Template ID, it MUST discard the previous template definition and use the new one. | YES | | |
54
+
55
+ ### 9. The collector side
56
+
57
+ | Requirement |MUST |SHOULD| MAY|
58
+ |---------------------------------------|-----|-----|-----|
59
+ | 9. If the Template Records have not been received at the time Flow Data Records (or Options Data Records) are received, the Collector SHOULD store the Flow Data Records (or Options Data Records) and decode them after the Template Records are received. | | NO | |
60
+ | 9. A Collector device MUST NOT assume that the Data FlowSet and the associated Template FlowSet (or Options Template FlowSet) are exported in the same Export Packet. | YES | | |
61
+ | 9. The Collector MUST NOT assume that one and only one Template FlowSet is present in an Export Packet. | YES | | |
62
+ | 9. The Collector MUST NOT attempt to decode the Flow or Options Data Records with an expired Template. | YES | | |
63
+ | 9. At any given time the Collector SHOULD maintain the following for all the current Template Records and Options Template Records: Exporter, Observation Domain, Template ID, Template Definition, Last Received. | | NO | |
64
+ | 9. In the event of a clock configuration change on the Exporter, the Collector SHOULD discard all Template Records and Options Template Records associated with that Exporter, in order for Collector to learn the new set of fields: Exporter, Observation Domain, Template ID, Template Definition, Last Received. | | NO | |
65
+ | 9. If the Collector receives a new Template Record (for example, in the case of an Exporter restart) it MUST immediately override the existing Template Record. | YES | | |
66
+ | 9. Finally, note that the Collector MUST accept padding in the Data FlowSet and Options Template FlowSet, which means for the Flow Data Records, the Options Data Records and the Template Records. | YES | | |
67
+
68
+
69
+
29
70
  ## RFC 3954 Information Elements support details
30
71
 
31
72
  From the IEs 1-127, these are not yet supported:
@@ -244,7 +285,6 @@ From the IEs 128-, these are not yet supported:
244
285
  |343|informationElementRangeEnd|unsigned64
245
286
  |344|informationElementSemantics|unsigned8
246
287
  |345|informationElementUnits|unsigned16
247
- |346|privateEnterpriseNumber|unsigned32
248
288
  |347|virtualStationInterfaceId|octetArray
249
289
  |348|virtualStationInterfaceName|string
250
290
  |349|virtualStationUUID|octetArray
@@ -365,43 +405,3 @@ From the IEs 128-, these are not yet supported:
365
405
  |469|httpContentType|string
366
406
  |470|httpReasonPhrase|string
367
407
 
368
- ## RFC 3954 collector compliance details
369
-
370
- The tables below detail the collector-relevant requirements, and whether or not they are implemented:
371
-
372
- ### 5. Export packet format
373
-
374
- | Requirement |MUST |SHOULD| MAY|
375
- |---------------------------------------|-----|-----|-----|
376
- | 5.1 Incremental sequence counter of all Export Packets sent from the current Observation Domain by the Exporter. This value MUST be cumulative, and SHOULD be used by the Collector to identify whether any Export Packets have been missed. | | NO | |
377
- | 5.1 NetFlow Collectors SHOULD use the combination of the source IP address and the Source ID field to separate different export streams originating from the same Exporter. | | NO | |
378
- | 5.3 The Collector MUST use the FlowSet ID to find the corresponding Template Record and decode the Flow Records from the FlowSet. | YES | | |
379
-
380
- ### 6. Options
381
-
382
- | Requirement |MUST |SHOULD| MAY|
383
- |---------------------------------------|-----|-----|-----|
384
- | 6.2 The Collector MUST use the FlowSet ID to map the appropriate type and length to any field values that follow. | YES | | |
385
-
386
- ### 7. Template management
387
-
388
- | Requirement |MUST |SHOULD| MAY|
389
- |---------------------------------------|-----|-----|-----|
390
- | 7. the NetFlow Collector MUST store the Template Record to interpret the corresponding Flow Data Records that are received in subsequent data packets. | YES | | |
391
- | 7. A NetFlow Collector that receives Export Packets from several Observation Domains from the same Exporter MUST be aware that the uniqueness of the Template ID is not guaranteed across Observation Domains. | YES | | |
392
- | 7. If a Collector should receive a new definition for an already existing Template ID, it MUST discard the previous template definition and use the new one. | YES | | |
393
-
394
- ### 9. The collector side
395
-
396
- | Requirement |MUST |SHOULD| MAY|
397
- |---------------------------------------|-----|-----|-----|
398
- | 9. If the Template Records have not been received at the time Flow Data Records (or Options Data Records) are received, the Collector SHOULD store the Flow Data Records (or Options Data Records) and decode them after the Template Records are received. | | NO | |
399
- | 9. A Collector device MUST NOT assume that the Data FlowSet and the associated Template FlowSet (or Options Template FlowSet) are exported in the same Export Packet. | YES | | |
400
- | 9. The Collector MUST NOT assume that one and only one Template FlowSet is present in an Export Packet. | YES | | |
401
- | 9. The Collector MUST NOT attempt to decode the Flow or Options Data Records with an expired Template. | YES | | |
402
- | 9. At any given time the Collector SHOULD maintain the following for all the current Template Records and Options Template Records: Exporter, Observation Domain, Template ID, Template Definition, Last Received. | | NO | |
403
- | 9. In the event of a clock configuration change on the Exporter, the Collector SHOULD discard all Template Records and Options Template Records associated with that Exporter, in order for Collector to learn the new set of fields: Exporter, Observation Domain, Template ID, Template Definition, Last Received. | | NO | |
404
- | 9. If the Collector receives a new Template Record (for example, in the case of an Exporter restart) it MUST immediately override the existing Template Record. | YES | | |
405
- | 9. Finally, note that the Collector MUST accept padding in the Data FlowSet and Options Template FlowSet, which means for the Flow Data Records, the Options Data Records and the Template Records. | YES | | |
406
-
407
-
data/docs/index.asciidoc CHANGED
@@ -51,8 +51,10 @@ The following Netflow/IPFIX exporters are known to work with the most recent ver
51
51
  |OpenBSD pflow | y | n | y | http://man.openbsd.org/OpenBSD-current/man4/pflow.4
52
52
  |Softflowd | y | y | y | IPFIX supported in https://github.com/djmdjm/softflowd
53
53
  |Streamcore Streamgroomer | | y | |
54
+ |Palo Alto PAN-OS | | y | |
54
55
  |Ubiquiti Edgerouter X | | y | | With MPLS labels
55
56
  |VMware VDS | | | y | Still some unknown fields
57
+ |YAF | | | y | With silk and applabel, but no DPI plugin support
56
58
  |===========================================================================================
57
59
 
58
60
  ==== Usage
data/lib/logstash/codecs/netflow/netflow.yaml CHANGED
@@ -331,6 +331,9 @@
331
331
  323:
332
332
  - 8
333
333
  - :event_time_msec
334
+ 346:
335
+ - :uint32
336
+ - :privateEnterpriseNumber
334
337
  361:
335
338
  - :uint16
336
339
  - :postNATPortBlockStart
data/lib/logstash/codecs/netflow.rb CHANGED
@@ -51,7 +51,9 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
51
51
 
52
52
  def initialize(params = {})
53
53
  super(params)
54
- @threadsafe = false
54
+ @threadsafe = true
55
+ @decode_mutex_netflow = Mutex.new
56
+ @decode_mutex_ipfix = Mutex.new
55
57
  end
56
58
 
57
59
  def register
@@ -212,17 +214,20 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
212
214
  else
213
215
  key = "#{flowset.source_id}|#{template.template_id}"
214
216
  end
215
- @netflow_templates[key, @cache_ttl] = BinData::Struct.new(:endian => :big, :fields => fields)
216
- @logger.debug("Received template #{template.template_id} with fields #{fields.inspect}")
217
- @logger.debug("Received template #{template.template_id} of size #{template_length} bytes. Representing in #{@netflow_templates[key].num_bytes} BinData bytes")
218
- if template_length != @netflow_templates[key].num_bytes
219
- @logger.warn("Received template #{template.template_id} of size #{template_length} bytes doesn't match BinData representation we built (#{@netflow_templates[key].num_bytes} bytes)")
220
- end
221
- # Purge any expired templates
222
- @netflow_templates.cleanup!
223
- if @cache_save_path
224
- @netflow_templates_cache[key] = fields
225
- save_templates_cache(@netflow_templates_cache, "#{@cache_save_path}/netflow_templates.cache")
217
+ # Prevent netflow_templates array from being concurrently modified
218
+ @decode_mutex_netflow.synchronize do
219
+ @netflow_templates[key, @cache_ttl] = BinData::Struct.new(:endian => :big, :fields => fields)
220
+ @logger.debug("Received template #{template.template_id} with fields #{fields.inspect}")
221
+ @logger.debug("Received template #{template.template_id} of size #{template_length} bytes. Representing in #{@netflow_templates[key].num_bytes} BinData bytes")
222
+ if template_length != @netflow_templates[key].num_bytes
223
+ @logger.warn("Received template #{template.template_id} of size #{template_length} bytes doesn't match BinData representation we built (#{@netflow_templates[key].num_bytes} bytes)")
224
+ end
225
+ # Purge any expired templates
226
+ @netflow_templates.cleanup!
227
+ if @cache_save_path
228
+ @netflow_templates_cache[key] = fields
229
+ save_templates_cache(@netflow_templates_cache, "#{@cache_save_path}/netflow_templates.cache")
230
+ end
226
231
  end
227
232
  end
228
233
  end
@@ -316,12 +321,15 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
316
321
  end
317
322
  # FIXME Source IP address required in key
318
323
  key = "#{flowset.observation_domain_id}|#{template.template_id}"
319
- @ipfix_templates[key, @cache_ttl] = BinData::Struct.new(:endian => :big, :fields => fields)
320
- # Purge any expired templates
321
- @ipfix_templates.cleanup!
322
- if @cache_save_path
323
- @ipfix_templates_cache[key] = fields
324
- save_templates_cache(@ipfix_templates_cache, "#{@cache_save_path}/ipfix_templates.cache")
324
+ # Prevent ipfix_templates array from being concurrently modified
325
+ @decode_mutex_ipfix.synchronize do
326
+ @ipfix_templates[key, @cache_ttl] = BinData::Struct.new(:endian => :big, :fields => fields)
327
+ # Purge any expired templates
328
+ @ipfix_templates.cleanup!
329
+ if @cache_save_path
330
+ @ipfix_templates_cache[key] = fields
331
+ save_templates_cache(@ipfix_templates_cache, "#{@cache_save_path}/ipfix_templates.cache")
332
+ end
325
333
  end
326
334
  end
327
335
  end
data/logstash-codec-netflow.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-codec-netflow'
4
- s.version = '3.8.0'
4
+ s.version = '3.8.1'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Reads Netflow v5 and Netflow v9 data"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
data/spec/codecs/netflow_spec.rb CHANGED
@@ -1967,6 +1967,60 @@ describe LogStash::Codecs::Netflow do
1967
1967
  end
1968
1968
  end
1969
1969
 
1970
+ context "Netflow 9 Palo Alto PAN-OS with app-id" do
1971
+ let(:data) do
1972
+ packets = []
1973
+ packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_paloalto_panos_tpl.dat"), :mode => "rb")
1974
+ packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_paloalto_panos_data.dat"), :mode => "rb")
1975
+ end
1976
+
1977
+ let(:json_events) do
1978
+ events = []
1979
+ events << <<-END
1980
+ {
1981
+ "netflow": {
1982
+ "output_snmp": 23,
1983
+ "icmp_type": 0,
1984
+ "in_pkts": 1,
1985
+ "src_tos": 0,
1986
+ "ipv4_dst_addr": "162.115.24.30",
1987
+ "first_switched": "2017-11-13T14:33:53.000Z",
1988
+ "flowset_id": 257,
1989
+ "l4_src_port": 39702,
1990
+ "fw_event": 5,
1991
+ "version": 9,
1992
+ "flow_seq_num": 207392627,
1993
+ "ipv4_src_addr": "10.32.105.103",
1994
+ "in_bytes": 111,
1995
+ "protocol": 6,
1996
+ "tcp_flags": 26,
1997
+ "input_snmp": 24,
1998
+ "last_switched": "2017-11-13T14:39:32.000Z",
1999
+ "user_id": "",
2000
+ "conn_id": 415347,
2001
+ "privateEnterpriseNumber": 25461,
2002
+ "l4_dst_port": 443,
2003
+ "app_id": "ssl",
2004
+ "direction": 0
2005
+ },
2006
+ "@version": "1",
2007
+ "@timestamp": "2017-11-13T14:39:31.000Z"
2008
+ }
2009
+ END
2010
+ events.map{|event| event.gsub(/\s+/, "")}
2011
+ end
2012
+
2013
+ it "should decode raw data" do
2014
+ expect(decode.size).to eq(8)
2015
+ expect(decode[7].get("[netflow][app_id]")).to eq("incomplete")
2016
+ end
2017
+
2018
+ it "should serialize to json" do
2019
+ expect(JSON.parse(decode[1].to_json)).to eq(JSON.parse(json_events[0]))
2020
+ end
2021
+ end
2022
+
2023
+
1970
2024
  context "IPFIX Barracuda firewall" do
1971
2025
  let(:data) do
1972
2026
  packets = []
data/spec/codecs/netflow_stress.py ADDED
@@ -0,0 +1,30 @@
1
+ import socket
2
+ import sys
3
+ import time
4
+ import random
5
+
6
+ ## Standalone Netflow v9 stressor
7
+ ## Used to reproduce issue 91 https://github.com/logstash-plugins/logstash-codec-netflow/issues/91
8
+
9
+ host = 'host02'
10
+ port = 2055
11
+
12
+ tpl = '\x00\t\x00\x01e\x9c\xc0_XF\x8eU\x01u\xc7\x03\x00\x00\x08\x81\x00\x00\x00d\x01\x04\x00\x17\x00\x02\x00\x04\x00\x01\x00\x04\x00\x08\x00\x04\x00\x0c\x00\x04\x00\n\x00\x04\x00\x0e\x00\x04\x00\x15\x00\x04\x00\x16\x00\x04\x00\x07\x00\x02\x00\x0b\x00\x02\x00\x10\x00\x04\x00\x11\x00\x04\x00\x12\x00\x04\x00\t\x00\x01\x00\r\x00\x01\x00\x04\x00\x01\x00\x06\x00\x01\x00\x05\x00\x01\x00=\x00\x01\x00Y\x00\x01\x000\x00\x02\x00\xea\x00\x04\x00\xeb\x00\x04'
13
+
14
+ # 21 flows:
15
+ data = '\x00\t\x00\x15e\x9c\xbcqXF\x8eT\x01u\xc6\xa1\x00\x00\x08\x81\x01\x04\x05\\\x00\x00\x00\x01\x00\x00\x00(\n\x00\t\x92\n\x00\x1fQ\x00\x00\x00n\x00\x00\x00\x9ee\x9cG\x05e\x9cG\x05\xd3\x01\x01\xbb\x00\x00\x00\x00\x00\x00\xfb\xf0\n\x00\x0e!\x10\x14\x06\x10\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00h\n\x00\x11*\n\x00#\x04\x00\x00\x00W\x00\x00\x00\x9ee\x9cI\x88e\x9cG\x07\x8e\x84\x01\xbb\x00\x00\x00\x00\x00\x00\xfb\xf0\n\x00\x0e!\x15\x10\x06\x10\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x01\x00\x00\x004\n\x00\x16o\n\x00"\x8d\x00\x00\x00h\x00\x00\x00\x9ee\x9cG\ne\x9cG\nA\xae\x01\xbb\x00\x00\x00\x00\x00\x00\xfb\xf0\n\x00\x0e!\x18\x10\x06\x11\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x01\x00\x00\x01\xb3\n\x00\x17;\n\x00$\xaa\x00\x00\x00V\x00\x00\x00\x9ee\x9cG\x0ce\x9cG\x0c\x005\xfd,\x00\x00\x00\x00\x00\x00\xfb\xf1\n\x00\x0e\x1f\x19\x13\x11\x00\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x01\x00\x00\x03\xc9\n\x00"G\n\x00\x14\xf2\x00\x00\x00\x9e\x00\x00\x00je\x9cG\re\x9cG\r\x01\xbb\x07\xdd\x00\x00\xfb\xf0\x00\x00\xff\xa2\n\x00\x12\x05\x10\x15\x06\x18\x00\x00@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00h\n\x00\n\x85\n\x00\x1ef\x00\x00\x00n\x00\x00\x00\x9ee\x9cG\re\x9cF\xba\x89\xc9\x00P\x00\x00\x00\x00\x00\x00\xfb\xf0\n\x00\x0e!\x10\x10\x06\x10\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x01\x00\x00\x004\n\x00%\x1d\n\x00\x06\x18\x00\x00\x00f\x00\x00\x00\xa2e\x9cG\x10e\x9cG\x10\x00P\xdd\xc3\x00\x00;\x1d\x00\x00\xff\x97\n\x00\x00\xf2\x18\x10\x06\x10 \x00@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x01\x00\x00\x02f\n\x00 \xb0\n\x00\x0bq\x00\x00\x00\x9e\x00\x00\x00.e\x9cG\x10e\x9cG\x10\x01\xbb\xdd\xfe\x00\x00\xfb\xf0\x00\x00\xff\x98\n\x00\x12i\x14\x10\x06\x18\x00\x00@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x03\x00\x00\x10\xfe\n\x00\x0c\x15\n\x00\x0f&\x00\x00\x00W\x00\x00\x00\x9ee\x9cG\x11e\x9c1\xe7\x01\xbb\x9c\x8e\x00\x00\x80\xa6\x00\x00\xfb\xf2\n\x00\x0e\x1b\x18\x18\x06\x10\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x02\x00\x00\x02\x15\n\x00\x04\xd4\n\x00\x03n\x00\x00\x00\xa2\x00\x00\x00fe\x9cT\x07e\x9cG\x12\xc6\x03\x01\xbb\x00\x00\xff\x97\x00\x00\x00F\n\x00\x10e\x10\x11\x06\x18\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x01E\x00\x005\\\n\x00!z\n\x00\x01\x88\x00\x00\x00\x9e\x00\x00\x00he\x9co\xd0e\x9c"\x1a\xe5\xbe\x00P\x00\x00\xfb\xf1\x00\x00\x00\x00\x00\x00\x00\x00\x15\x1b\x06\x10\x00\x00@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00Y\n\x00\x14\xf2\n\x00"G\x00\x00\x00j\x00\x00\x00\x9ee\x9cG\x14e\x9cG\x14\x07\xdd\x01\xbb\x00\x00\xff\xa2\x00\x00\xfb\xf0\n\x00\x0e!\x15\x10\x06\x18`\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x01\x00\x00\x03A\n\x00\r\x19\n\x00\x0f&\x00\x00\x00W\x00\x00\x00\x9ee\x9cG\x16e\x9cG\x16\x01\xbb\xc9\xa5\x00\x00\x80\xa6\x00\x00\xfb\xf2\n\x00\x0e\x1b\x18\x18\x06\x18\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x02\x00\x00\x06Y\n\x00\x19;\n\x00\x02\x12\x00\x00\x00\x9e\x00\x00\x00ne\x9cG\x18e\x9cF\xbf\x01\xbb\xf4\x00\x00\x00\xfb\xf0\x00\x00\xff\x9d\n\x00\x12~\x10\x10\x06\x18\x00\x00@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00a\x00\x02+h\n\x00\x07I\n\x00\x1b\xa8\x00\x00\x00V\x00\x00\x00\x9ee\x9cu\xabe\x9c1\xfe\xeb\x98\x01\xd1\x00\x00\xff\x9c\x00\x00\xfb\xf0\n\x00\x0e!\x10\x10\x06\x18\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00:\x00\x00\x0b\xc8\n\x00\x132\n\x00\x1b\xa9\x00\x00\x00j\x00\x00\x00\x9ee\x9cO\xcbe\x9cE:\x86\x94\x03\xe3\x00\x00\xff\xb7\x00\x00\xfb\xf0\n\x00\x0e!\x12\x10\x06\x10\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x15\x00\x00{\x0c\n\x00\x1c\x96\n\x00\x18\r\x00\x00\x00\x9e\x00\x00\x00he\x9cHYe\x9cF\xf0\x01\xbb\xc2\xfd\x00\x00\xfb\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x10\x19\x06\x10\x00\x00@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x03\x00\x00\x0bg\n\x00\x1a\xbc\n\x00\x15\xc8\x00\x00\x00\x9e\x00\x00\x00We\x9cGfe\x9cE\xec\x03\xe1\xc4N\x00\x00\xfb\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x10\x19\x06\x18\x00\x00@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x05\x00\x00\x11\xa2\n\x00\x1d"\n\x00\x0f&\x00\x00\x00K\x00\x00\x00\x9ee\x9cm`e\x9cA\xfe\x01\xbb\x8c\x8f\x00\x00;A\x00\x00\xfb\xf2\n\x00\x0e\x1b\x18\x18\x06\x18\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x01\x00\x00\x01F\n\x00\x08\xc8\n\x00\x05\xe0\x00\x00\x00f\x00\x00\x00\xa2e\x9cG\x1de\x9cG\x1dZX\xc9\xd7\x00\x00\x03\x15\x00\x00\xff\x97\n\x00\x00\xf2\x10\x10\x06\x18\x00\x00@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00p\n\x00\x1d.\n\x00\x0f&\x00\x00\x00K\x00\x00\x00\x9ee\x9cG\x1de\x9c@\xea\x01\xbb\xcc\x8c\x00\x00;A\x00\x00\xfb\xf2\n\x00\x0e\x1b\x18\x18\x06\x12\x00\x01@\x00\x01`\x00\x00\x00`\x00\x00\x00\x00\x00\x00'
16
+
17
+
18
+ sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
19
+
20
+ print("NETFLOW v9: sending 1 template 1 data packet in an infinite loop")
21
+
22
+ duration = 0.0
23
+ while True:
24
+ for i in range(0,400):
25
+ sock.sendto(tpl, (host, port))
26
+ sock.sendto(data, (host, port))
27
+ sys.stdout.write('.')
28
+ sys.stdout.flush()
29
+ time.sleep(random.random())
30
+ print
metadata CHANGED
@@ -1,16 +1,17 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-codec-netflow
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.0
4
+ version: 3.8.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-11-11 00:00:00.000000000 Z
11
+ date: 2017-11-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
+ name: logstash-core-plugin-api
14
15
  requirement: !ruby/object:Gem::Requirement
15
16
  requirements:
16
17
  - - '>='
@@ -19,9 +20,8 @@ dependencies:
19
20
  - - <=
20
21
  - !ruby/object:Gem::Version
21
22
  version: '2.99'
22
- name: logstash-core-plugin-api
23
- prerelease: false
24
23
  type: :runtime
24
+ prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
26
26
  requirements:
27
27
  - - '>='
@@ -31,86 +31,81 @@ dependencies:
31
31
  - !ruby/object:Gem::Version
32
32
  version: '2.99'
33
33
  - !ruby/object:Gem::Dependency
34
+ name: bindata
34
35
  requirement: !ruby/object:Gem::Requirement
35
36
  requirements:
36
37
  - - '>='
37
38
  - !ruby/object:Gem::Version
38
39
  version: 1.5.0
39
- name: bindata
40
- prerelease: false
41
40
  type: :runtime
41
+ prerelease: false
42
42
  version_requirements: !ruby/object:Gem::Requirement
43
43
  requirements:
44
44
  - - '>='
45
45
  - !ruby/object:Gem::Version
46
46
  version: 1.5.0
47
47
  - !ruby/object:Gem::Dependency
48
+ name: logstash-devutils
48
49
  requirement: !ruby/object:Gem::Requirement
49
50
  requirements:
50
51
  - - '>='
51
52
  - !ruby/object:Gem::Version
52
53
  version: 1.0.0
53
- name: logstash-devutils
54
- prerelease: false
55
54
  type: :development
55
+ prerelease: false
56
56
  version_requirements: !ruby/object:Gem::Requirement
57
57
  requirements:
58
58
  - - '>='
59
59
  - !ruby/object:Gem::Version
60
60
  version: 1.0.0
61
- description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
61
+ description: This gem is a Logstash plugin required to be installed on top of the
62
+ Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
63
+ gem is not a stand-alone program
62
64
  email: info@elastic.co
63
65
  executables: []
64
66
  extensions: []
65
67
  extra_rdoc_files: []
66
68
  files:
67
- - CHANGELOG.md
68
- - CONTRIBUTORS
69
- - Gemfile
70
- - LICENSE
71
- - NOTICE.TXT
72
- - README.md
73
- - RFC_COMPLIANCE_IPFIX.md
74
- - RFC_COMPLIANCE_NETFLOW_v9.md
75
- - docs/index.asciidoc
76
- - lib/logstash/codecs/netflow.rb
77
69
  - lib/logstash/codecs/netflow/iana2yaml.rb
78
70
  - lib/logstash/codecs/netflow/ipfix.yaml
79
71
  - lib/logstash/codecs/netflow/netflow.yaml
80
72
  - lib/logstash/codecs/netflow/util.rb
81
- - logstash-codec-netflow.gemspec
73
+ - lib/logstash/codecs/netflow.rb
82
74
  - spec/codecs/ipfix.dat
83
- - spec/codecs/ipfix_test_barracuda_data256.dat
84
- - spec/codecs/ipfix_test_barracuda_tpl.dat
85
- - spec/codecs/ipfix_test_mikrotik_data258.dat
86
- - spec/codecs/ipfix_test_mikrotik_data259.dat
87
- - spec/codecs/ipfix_test_mikrotik_tpl.dat
88
- - spec/codecs/ipfix_test_netscaler_data.dat
89
- - spec/codecs/ipfix_test_netscaler_tpl.dat
90
75
  - spec/codecs/ipfix_test_openbsd_pflow_data.dat
91
76
  - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
92
- - spec/codecs/ipfix_test_vmware_vds_data264.dat
93
- - spec/codecs/ipfix_test_vmware_vds_data266.dat
94
- - spec/codecs/ipfix_test_vmware_vds_data266_267.dat
95
- - spec/codecs/ipfix_test_vmware_vds_tpl.dat
96
- - spec/codecs/ipfix_test_yaf_data45841.dat
97
- - spec/codecs/ipfix_test_yaf_data45873.dat
98
- - spec/codecs/ipfix_test_yaf_data53248.dat
99
- - spec/codecs/ipfix_test_yaf_tpl45841.dat
100
- - spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
101
77
  - spec/codecs/netflow5.dat
102
78
  - spec/codecs/netflow5_test_invalid01.dat
103
79
  - spec/codecs/netflow5_test_invalid02.dat
104
80
  - spec/codecs/netflow5_test_juniper_mx80.dat
105
81
  - spec/codecs/netflow5_test_microtik.dat
106
- - spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
107
- - spec/codecs/netflow9_test_0length_fields_tpl_data.dat
108
- - spec/codecs/netflow9_test_cisco_1941K9.dat
109
82
  - spec/codecs/netflow9_test_cisco_asa_1_data.dat
110
83
  - spec/codecs/netflow9_test_cisco_asa_1_tpl.dat
111
84
  - spec/codecs/netflow9_test_cisco_asa_2_data.dat
112
85
  - spec/codecs/netflow9_test_cisco_asa_2_tpl_26x.dat
113
86
  - spec/codecs/netflow9_test_cisco_asa_2_tpl_27x.dat
87
+ - spec/codecs/netflow9_test_invalid01.dat
88
+ - spec/codecs/netflow9_test_macaddr_data.dat
89
+ - spec/codecs/netflow9_test_macaddr_tpl.dat
90
+ - spec/codecs/netflow9_test_nprobe_data.dat
91
+ - spec/codecs/netflow9_test_nprobe_tpl.dat
92
+ - spec/codecs/netflow9_test_softflowd_tpl_data.dat
93
+ - spec/codecs/netflow9_test_valid01.dat
94
+ - spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
95
+ - spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
96
+ - spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
97
+ - spec/codecs/ipfix_test_netscaler_data.dat
98
+ - spec/codecs/ipfix_test_netscaler_tpl.dat
99
+ - spec/codecs/ipfix_test_vmware_vds_data264.dat
100
+ - spec/codecs/ipfix_test_vmware_vds_data266.dat
101
+ - spec/codecs/ipfix_test_vmware_vds_data266_267.dat
102
+ - spec/codecs/ipfix_test_vmware_vds_tpl.dat
103
+ - spec/codecs/ipfix_test_barracuda_data256.dat
104
+ - spec/codecs/ipfix_test_barracuda_tpl.dat
105
+ - spec/codecs/ipfix_test_mikrotik_data258.dat
106
+ - spec/codecs/ipfix_test_mikrotik_data259.dat
107
+ - spec/codecs/ipfix_test_mikrotik_tpl.dat
108
+ - spec/codecs/netflow9_test_0length_fields_tpl_data.dat
114
109
  - spec/codecs/netflow9_test_cisco_asr9k_data256.dat
115
110
  - spec/codecs/netflow9_test_cisco_asr9k_data260.dat
116
111
  - spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
@@ -121,34 +116,44 @@ files:
121
116
  - spec/codecs/netflow9_test_cisco_nbar_data262.dat
122
117
  - spec/codecs/netflow9_test_cisco_nbar_opttpl260.dat
123
118
  - spec/codecs/netflow9_test_cisco_nbar_tpl262.dat
124
- - spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
125
119
  - spec/codecs/netflow9_test_cisco_wlc_data261.dat
126
120
  - spec/codecs/netflow9_test_cisco_wlc_tpl.dat
127
121
  - spec/codecs/netflow9_test_fortigate_fortios_521_data256.dat
128
122
  - spec/codecs/netflow9_test_fortigate_fortios_521_data257.dat
129
123
  - spec/codecs/netflow9_test_fortigate_fortios_521_tpl.dat
130
- - spec/codecs/netflow9_test_invalid01.dat
131
124
  - spec/codecs/netflow9_test_juniper_srx_tplopt.dat
132
- - spec/codecs/netflow9_test_macaddr_data.dat
133
- - spec/codecs/netflow9_test_macaddr_tpl.dat
134
- - spec/codecs/netflow9_test_nprobe_data.dat
135
125
  - spec/codecs/netflow9_test_nprobe_dpi.dat
136
- - spec/codecs/netflow9_test_nprobe_tpl.dat
137
- - spec/codecs/netflow9_test_softflowd_tpl_data.dat
138
126
  - spec/codecs/netflow9_test_streamcore_tpl_data256.dat
139
127
  - spec/codecs/netflow9_test_streamcore_tpl_data260.dat
140
- - spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
141
- - spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
142
- - spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
143
- - spec/codecs/netflow9_test_valid01.dat
128
+ - spec/codecs/ipfix_test_yaf_data45841.dat
129
+ - spec/codecs/ipfix_test_yaf_data45873.dat
130
+ - spec/codecs/ipfix_test_yaf_data53248.dat
131
+ - spec/codecs/ipfix_test_yaf_tpl45841.dat
132
+ - spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
133
+ - spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
134
+ - spec/codecs/netflow9_test_cisco_1941K9.dat
135
+ - spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
136
+ - spec/codecs/netflow9_test_paloalto_panos_data.dat
137
+ - spec/codecs/netflow9_test_paloalto_panos_tpl.dat
144
138
  - spec/codecs/netflow_spec.rb
139
+ - spec/codecs/netflow_stress.py
140
+ - logstash-codec-netflow.gemspec
141
+ - RFC_COMPLIANCE_NETFLOW_v9.md
142
+ - README.md
143
+ - RFC_COMPLIANCE_IPFIX.md
144
+ - CHANGELOG.md
145
+ - CONTRIBUTORS
146
+ - Gemfile
147
+ - LICENSE
148
+ - NOTICE.TXT
149
+ - docs/index.asciidoc
145
150
  homepage: http://www.elastic.co/guide/en/logstash/current/index.html
146
151
  licenses:
147
152
  - Apache License (2.0)
148
153
  metadata:
149
154
  logstash_plugin: 'true'
150
155
  logstash_group: codec
151
- post_install_message:
156
+ post_install_message:
152
157
  rdoc_options: []
153
158
  require_paths:
154
159
  - lib
@@ -163,44 +168,47 @@ required_rubygems_version: !ruby/object:Gem::Requirement
163
168
  - !ruby/object:Gem::Version
164
169
  version: '0'
165
170
  requirements: []
166
- rubyforge_project:
167
- rubygems_version: 2.4.8
168
- signing_key:
171
+ rubyforge_project:
172
+ rubygems_version: 2.0.14.1
173
+ signing_key:
169
174
  specification_version: 4
170
175
  summary: Reads Netflow v5 and Netflow v9 data
171
176
  test_files:
172
177
  - spec/codecs/ipfix.dat
173
- - spec/codecs/ipfix_test_barracuda_data256.dat
174
- - spec/codecs/ipfix_test_barracuda_tpl.dat
175
- - spec/codecs/ipfix_test_mikrotik_data258.dat
176
- - spec/codecs/ipfix_test_mikrotik_data259.dat
177
- - spec/codecs/ipfix_test_mikrotik_tpl.dat
178
- - spec/codecs/ipfix_test_netscaler_data.dat
179
- - spec/codecs/ipfix_test_netscaler_tpl.dat
180
178
  - spec/codecs/ipfix_test_openbsd_pflow_data.dat
181
179
  - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
182
- - spec/codecs/ipfix_test_vmware_vds_data264.dat
183
- - spec/codecs/ipfix_test_vmware_vds_data266.dat
184
- - spec/codecs/ipfix_test_vmware_vds_data266_267.dat
185
- - spec/codecs/ipfix_test_vmware_vds_tpl.dat
186
- - spec/codecs/ipfix_test_yaf_data45841.dat
187
- - spec/codecs/ipfix_test_yaf_data45873.dat
188
- - spec/codecs/ipfix_test_yaf_data53248.dat
189
- - spec/codecs/ipfix_test_yaf_tpl45841.dat
190
- - spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
191
180
  - spec/codecs/netflow5.dat
192
181
  - spec/codecs/netflow5_test_invalid01.dat
193
182
  - spec/codecs/netflow5_test_invalid02.dat
194
183
  - spec/codecs/netflow5_test_juniper_mx80.dat
195
184
  - spec/codecs/netflow5_test_microtik.dat
196
- - spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
197
- - spec/codecs/netflow9_test_0length_fields_tpl_data.dat
198
- - spec/codecs/netflow9_test_cisco_1941K9.dat
199
185
  - spec/codecs/netflow9_test_cisco_asa_1_data.dat
200
186
  - spec/codecs/netflow9_test_cisco_asa_1_tpl.dat
201
187
  - spec/codecs/netflow9_test_cisco_asa_2_data.dat
202
188
  - spec/codecs/netflow9_test_cisco_asa_2_tpl_26x.dat
203
189
  - spec/codecs/netflow9_test_cisco_asa_2_tpl_27x.dat
190
+ - spec/codecs/netflow9_test_invalid01.dat
191
+ - spec/codecs/netflow9_test_macaddr_data.dat
192
+ - spec/codecs/netflow9_test_macaddr_tpl.dat
193
+ - spec/codecs/netflow9_test_nprobe_data.dat
194
+ - spec/codecs/netflow9_test_nprobe_tpl.dat
195
+ - spec/codecs/netflow9_test_softflowd_tpl_data.dat
196
+ - spec/codecs/netflow9_test_valid01.dat
197
+ - spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
198
+ - spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
199
+ - spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
200
+ - spec/codecs/ipfix_test_netscaler_data.dat
201
+ - spec/codecs/ipfix_test_netscaler_tpl.dat
202
+ - spec/codecs/ipfix_test_vmware_vds_data264.dat
203
+ - spec/codecs/ipfix_test_vmware_vds_data266.dat
204
+ - spec/codecs/ipfix_test_vmware_vds_data266_267.dat
205
+ - spec/codecs/ipfix_test_vmware_vds_tpl.dat
206
+ - spec/codecs/ipfix_test_barracuda_data256.dat
207
+ - spec/codecs/ipfix_test_barracuda_tpl.dat
208
+ - spec/codecs/ipfix_test_mikrotik_data258.dat
209
+ - spec/codecs/ipfix_test_mikrotik_data259.dat
210
+ - spec/codecs/ipfix_test_mikrotik_tpl.dat
211
+ - spec/codecs/netflow9_test_0length_fields_tpl_data.dat
204
212
  - spec/codecs/netflow9_test_cisco_asr9k_data256.dat
205
213
  - spec/codecs/netflow9_test_cisco_asr9k_data260.dat
206
214
  - spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
@@ -211,24 +219,24 @@ test_files:
211
219
  - spec/codecs/netflow9_test_cisco_nbar_data262.dat
212
220
  - spec/codecs/netflow9_test_cisco_nbar_opttpl260.dat
213
221
  - spec/codecs/netflow9_test_cisco_nbar_tpl262.dat
214
- - spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
215
222
  - spec/codecs/netflow9_test_cisco_wlc_data261.dat
216
223
  - spec/codecs/netflow9_test_cisco_wlc_tpl.dat
217
224
  - spec/codecs/netflow9_test_fortigate_fortios_521_data256.dat
218
225
  - spec/codecs/netflow9_test_fortigate_fortios_521_data257.dat
219
226
  - spec/codecs/netflow9_test_fortigate_fortios_521_tpl.dat
220
- - spec/codecs/netflow9_test_invalid01.dat
221
227
  - spec/codecs/netflow9_test_juniper_srx_tplopt.dat
222
- - spec/codecs/netflow9_test_macaddr_data.dat
223
- - spec/codecs/netflow9_test_macaddr_tpl.dat
224
- - spec/codecs/netflow9_test_nprobe_data.dat
225
228
  - spec/codecs/netflow9_test_nprobe_dpi.dat
226
- - spec/codecs/netflow9_test_nprobe_tpl.dat
227
- - spec/codecs/netflow9_test_softflowd_tpl_data.dat
228
229
  - spec/codecs/netflow9_test_streamcore_tpl_data256.dat
229
230
  - spec/codecs/netflow9_test_streamcore_tpl_data260.dat
230
- - spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
231
- - spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
232
- - spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
233
- - spec/codecs/netflow9_test_valid01.dat
231
+ - spec/codecs/ipfix_test_yaf_data45841.dat
232
+ - spec/codecs/ipfix_test_yaf_data45873.dat
233
+ - spec/codecs/ipfix_test_yaf_data53248.dat
234
+ - spec/codecs/ipfix_test_yaf_tpl45841.dat
235
+ - spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
236
+ - spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
237
+ - spec/codecs/netflow9_test_cisco_1941K9.dat
238
+ - spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
239
+ - spec/codecs/netflow9_test_paloalto_panos_data.dat
240
+ - spec/codecs/netflow9_test_paloalto_panos_tpl.dat
234
241
  - spec/codecs/netflow_spec.rb
242
+ - spec/codecs/netflow_stress.py