logstash-codec-sflow 2.0.2 → 2.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 4de459b447b9a3306526751ae54b98738b3c67f2
-  data.tar.gz: 940fb98e25dc7b06ea9a12e31bc14018dbbb45c6
+SHA256:
+  metadata.gz: ca54b16d12f3edc8d3ef8b37db6558916b571888eb218d9b3ca8388a9f65c97c
+  data.tar.gz: a6bd63dcdbfea7738673a98af680d7e280a195e6f81a4cedd069160d154a803c
 SHA512:
-  metadata.gz: 94639d6675f44e38f417126cf2bd70b8ad558396f2ca40cf83b7b1ddd890e7d0b25ebf2f81d5292c159f62e00b5639270604da5c3eca1931f4fb4442aa4c0b02
-  data.tar.gz: 5f9db4d7ca6820808705857f5afac6764b7a0f07aa93dd5f881c09ee26d7b20d6f754f7d52085986290843773158ed443020105180e1731cb3e4f258287329fb
+  metadata.gz: 513650e06427993a2f0eef196a3f0c9ee4269eac3283e9160846e225b09996c6a9e1e1961f50f99069dc3273e40f7d204ea1c36b1a600fea753b7a2e0c9dd623
+  data.tar.gz: ba89921055f7996383c8bd075ae771c76728cfb744828e58d064c1c19b98bd1b49ce5d1b82130a21d6535ea14d8f13f755fca289b92858e1d61ab4884b4f685e

data/lib/logstash/codecs/sflow.rb

@@ -61,7 +61,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
 
   def snmp_call(event)
     if @snmp_interface
-      if event.include?('source_id_type') and event['source_id_type'].to_s == '0'
+      if event.include?('source_id_type') and event.get('source_id_type').to_s == '0'
         if event.include?('source_id_index')
           event.set('source_id_index_descr', @snmp.get_interface(event.get('agent_ip'), event.get('source_id_index')))
         end
@@ -124,7 +124,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
         sample['sample_data']['records'].each do |record|
           # Ensure that some data exist for the record
           if record['record_data'].to_s.eql? ''
-            @logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
+            @logger.warn("Unknown sample_flow record: entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
             next
           end
 
@@ -152,7 +152,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
         sample['sample_data']['records'].each do |record|
           # Ensure that some data exist for the record
           if record['record_data'].to_s.eql? ''
-            @logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
+            @logger.warn("Unknown counter_flow record: entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
             next
           end
 

data/lib/logstash/codecs/sflow/counter_record.rb

@@ -97,7 +97,6 @@ class Vlan < BinData::Record
   uint32 :discards
 end
 
-
 # noinspection RubyResolve
 class ProcessorInformation < BinData::Record
   endian :big
@@ -108,6 +107,19 @@ class ProcessorInformation < BinData::Record
   uint64 :free_memory
 end
 
+# noinspection RubyResolve
+class OfPort < BinData::Record
+  endian :big
+  uint64 :datapath_id
+  uint32 :port_no
+end
+
+# noinspection RubyResolve
+class PortName < BinData::Record
+  endian :big
+  sflow_string :name
+end
+
 # noinspection RubyResolve
 class HttpCounters < BinData::Record
   endian :big
@@ -149,3 +161,239 @@ class LagPortStats < BinData::Record
   uint32 :dot3adAggPortStatsMarkerPDUsTx
   uint32 :dot3adAggPortStatsMarkerResponsePDUsTx
 end
+
+# noinspection RubyResolve
+class HostDescr < BinData::Record
+  endian :big
+  sflow_string :hostname
+  array :uuid, :type => :uint8, :initial_length => 16
+  uint32 :machine_type
+  uint32 :os_name
+  sflow_string :os_release
+end
+
+# noinspection RubyResolve
+class HostAdapters < BinData::Record
+  endian :big
+  uint32 :adapters_count
+  array :adapters, :initial_length => :adapters_count do
+    uint32 :if_index
+    uint32 :mac_address_count
+    array :mac_addresses, :initial_length => :mac_address_count do
+      sflow_mac_address :mac_address
+      skip :length => 2
+    end
+  end
+end
+
+# noinspection RubyResolve
+class HostParent < BinData::Record
+  endian :big
+  uint32 :container_type
+  uint32 :container_index
+end
+
+# noinspection RubyResolve
+class HostCpu < BinData::Record
+  endian :big
+  float_be :load_one
+  float_be :load_five
+  float_be :load_fifteen
+  uint32 :proc_run
+  uint32 :proc_total
+  uint32 :cpu_num
+  uint32 :cpu_speed
+  uint32 :uptime
+  uint32 :cpu_user
+  uint32 :cpu_nice
+  uint32 :cpu_system
+  uint32 :cpu_idle
+  uint32 :cpu_wio
+  uint32 :cpu_intr
+  uint32 :cpu_sintr
+  uint32 :interrupts
+  uint32 :contexts
+  uint32 :cpu_steal
+  uint32 :cpu_guest
+  uint32 :cpu_guest_nice
+end
+
+# noinspection RubyResolve
+class HostMemory < BinData::Record
+  endian :big
+  uint64 :mem_total
+  uint64 :mem_free
+  uint64 :mem_shared
+  uint64 :mem_buffers
+  uint64 :mem_cached
+  uint64 :swap_total
+  uint64 :swap_free
+  uint32 :page_in
+  uint32 :page_out
+  uint32 :swap_in
+  uint32 :swap_out
+end
+
+# noinspection RubyResolve
+class HostDiskIo < BinData::Record
+  endian :big
+  uint64 :disk_total
+  uint64 :disk_free
+  uint32 :part_max_used_percent
+  uint32 :reads
+  uint64 :bytes_read
+  uint32 :read_time
+  uint32 :writes
+  uint64 :bytes_written
+  uint32 :write_time
+end
+
+# noinspection RubyResolve
+class HostNetIo < BinData::Record
+  endian :big
+  uint64 :bytes_in
+  uint32 :pkts_in
+  uint32 :errs_in
+  uint32 :drops_in
+  uint64 :bytes_out
+  uint32 :packets_out
+  uint32 :errs_out
+  uint32 :drops_out
+end
+
+# noinspection RubyResolve
+class Mib2IpGroup < BinData::Record
+  endian :big
+  uint32 :ip_forwarding
+  uint32 :ip_default_ttl
+  uint32 :ip_in_receives
+  uint32 :ip_in_hdr_errors
+  uint32 :ip_in_addr_errors
+  uint32 :ip_forw_datagrams
+  uint32 :ip_in_unknown_protos
+  uint32 :ip_in_discards
+  uint32 :ip_in_delivers
+  uint32 :ip_out_requests
+  uint32 :ip_out_discards
+  uint32 :ip_out_no_routes
+  uint32 :ip_reasm_timeout
+  uint32 :ip_reasm_reqds
+  uint32 :ip_reasm_oks
+  uint32 :ip_reasm_fails
+  uint32 :ip_frag_oks
+  uint32 :ip_frag_fails
+  uint32 :ip_frag_creates
+end
+
+# noinspection RubyResolve
+class Mib2IcmpGroup < BinData::Record
+  endian :big
+  uint32 :icmp_in_msgs
+  uint32 :icmp_in_errors
+  uint32 :icmp_in_dest_unreachs
+  uint32 :icmp_in_time_excds
+  uint32 :icmp_in_param_probs
+  uint32 :icmp_in_src_quenchs
+  uint32 :icmp_in_redirects
+  uint32 :icmp_in_echos
+  uint32 :icmp_in_echo_reps
+  uint32 :icmp_in_timestamps
+  uint32 :icmp_in_addr_masks
+  uint32 :icmp_in_addr_mask_reps
+  uint32 :icmp_out_msgs
+  uint32 :icmp_out_errors
+  uint32 :icmp_out_dest_unreachs
+  uint32 :icmp_out_time_excds
+  uint32 :icmp_out_param_probs
+  uint32 :icmp_out_src_quenchs
+  uint32 :icmp_out_redirects
+  uint32 :icmp_out_echos
+  uint32 :icmp_out_echo_reps
+  uint32 :icmp_out_timestamps
+  uint32 :icmp_out_timestamp_reps
+  uint32 :icmp_out_addr_masks
+  uint32 :icmp_out_addr_mask_reps
+end
+
+# noinspection RubyResolve
+class Mib2TcpGroup < BinData::Record
+  endian :big
+  uint32 :tcp_rto_algorithm
+  uint32 :tcp_rto_min
+  uint32 :tcp_rto_max
+  uint32 :tcp_max_conn
+  uint32 :tcp_active_opens
+  uint32 :tcp_passive_opens
+  uint32 :tcp_attempt_fails
+  uint32 :tcp_estab_resets
+  uint32 :tcp_curr_estab
+  uint32 :tcp_in_segs
+  uint32 :tcp_out_segs
+  uint32 :tcp_retrans_segs
+  uint32 :tcp_in_errs
+  uint32 :tcp_out_rsts
+  uint32 :tcp_in_csum_errs
+end
+
+# noinspection RubyResolve
+class Mib2UdpGroup < BinData::Record
+  endian :big
+  uint32 :udp_in_datagrams
+  uint32 :udp_no_ports
+  uint32 :udp_in_errors
+  uint32 :udp_out_datagrams
+  uint32 :udp_rcvbuf_errors
+  uint32 :udp_sndbuf_errors
+  uint32 :udp_in_csum_errors
+end
+
+# noinspection RubyResolve
+class VirtNode < BinData::Record
+  endian :big
+  uint32 :mhz
+  uint32 :cpus
+  uint64 :memory
+  uint64 :memory_free
+  uint32 :num_domains
+end
+
+# noinspection RubyResolve
+class VirtCpu < BinData::Record
+  endian :big
+  uint32 :state
+  uint32 :cpu_time
+  uint32 :nr_virt_cpu
+end
+
+# noinspection RubyResolve
+class VirtMemory < BinData::Record
+  endian :big
+  uint64 :memory
+  uint64 :max_memory
+end
+
+# noinspection RubyResolve
+class VirtDiskIo < BinData::Record
+  endian :big
+  uint64 :capacity
+  uint64 :allocation
+  uint64 :physical
+  uint32 :rd_req
+  uint64 :rd_bytes
+  uint32 :wr_req
+  uint64 :wr_bytes
+  uint32 :errs
+end
+
+# noinspection RubyResolve
+class VirtNetIo < BinData::Record
+  endian :big
+  uint64 :rx_bytes
+  uint32 :rx_packets
+  uint32 :rx_errs
+  uint32 :rx_drop
+  uint64 :tx_bytes
+  uint32 :tx_packets
+  uint32 :tx_errs
+  uint32 :tx_drop
+end

data/lib/logstash/codecs/sflow/flow_record.rb

@@ -5,8 +5,9 @@ require 'logstash/codecs/sflow/util'
 require 'logstash/codecs/sflow/packet_header'
 
 # noinspection RubyResolve
-class RawPacketHeader < BinData::Record
+class RawPacketHeader < BinData::Buffer
   mandatory_parameter :record_length
+  default_parameters :length => :record_length
 
   endian :big
   uint32 :protocol
@@ -15,10 +16,10 @@ class RawPacketHeader < BinData::Record
   uint32 :header_size
   choice :sample_header, :selection => :protocol do
     ethernet_header 1, :size_header => lambda { header_size * 8 }
-    ip_header 11, :size_header => lambda { header_size * 8 }
+    ipv4_header 11, :size_header => lambda { header_size * 8 }
+    ipv6_header 12, :size_header => lambda { header_size * 8 }
     skip :default, :length => :header_size
   end
-  bit :padded, :nbits => lambda { (record_length - (header_size + 16)) * 8 } #padded data
 end
 
 # noinspection RubyResolve
@@ -78,3 +79,187 @@ class ExtendedRouterData < BinData::Record
   uint32 :src_mask_len
   uint32 :dst_mask_len
 end
+
+# noinspection RubyResolve
+class ExtendedGatewayData < BinData::Record
+  endian :big
+  uint32 :ip_version
+  choice :ip_address_next_hop_router, :selection => :ip_version do
+    sflow_ip4_addr 1
+    sflow_ip6_addr 2
+  end
+  uint32 :as_number_of_router
+  uint32 :as_number_of_source
+  uint32 :as_number_of_source_peer
+  uint32 :dest_as_path_count
+  array :dest_as_paths, :initial_length => :dest_as_path_count do
+    uint32 :as_path_segment_type
+    uint32 :as_number_count
+    array :as_numbers, :type => :uint32, :initial_length => :as_number_count
+  end
+  uint32 :communities_count
+  array :communities, :type => :uint32, :initial_length => :communities_count
+  uint32 :local_pref
+end
+
+# noinspection RubyResolve
+class ExtendedUserData < BinData::Record
+  endian :big
+  uint32 :source_charset
+  sflow_string :source_user
+  uint32 :destination_charset
+  sflow_string :destination_user
+end
+
+# noinspection RubyResolve
+class ExtendedUrlData < BinData::Record
+  endian :big
+  uint32 :direction
+  sflow_string :url
+  sflow_string :host
+end
+
+# noinspection RubyResolve
+class ExtendedMplsData < BinData::Record
+  endian :big
+  uint32 :ip_version
+  choice :ip_address_next_hop_router, :selection => :ip_version do
+    sflow_ip4_addr 1
+    sflow_ip6_addr 2
+  end
+  uint32 :in_label_stack_count
+  array :in_label_stack, :type => :uint32, :initial_length => :in_label_stack_count
+  uint32 :out_label_stack_count
+  array :out_label_stack, :type => :uint32, :initial_length => :out_label_stack_count
+end
+
+# noinspection RubyResolve
+class ExtendedNatData < BinData::Record
+  endian :big
+  uint32 :src_ip_version
+  choice :src_ip_address, :selection => :src_ip_version do
+    sflow_ip4_addr 1
+    sflow_ip6_addr 2
+  end
+  uint32 :dst_ip_version
+  choice :dst_ip_address, :selection => :dst_ip_version do
+    sflow_ip4_addr 1
+    sflow_ip6_addr 2
+  end
+end
+
+# noinspection RubyResolve
+class ExtendedMplsTunnel < BinData::Record
+  endian :big
+  sflow_string :tunnel_name
+  uint32 :tunnel_id
+  uint32 :tunnel_cos_value
+end
+
+# noinspection RubyResolve
+class ExtendedMplsVc < BinData::Record
+  endian :big
+  sflow_string :vc_instance_name
+  uint32 :vll_vc_id
+  uint32 :vc_label_cos_value
+end
+
+# noinspection RubyResolve
+class ExtendedMplsFtn < BinData::Record
+  endian :big
+  sflow_string :mpls_ftn_descr
+  uint32 :mpls_ftn_mask
+end
+
+# noinspection RubyResolve
+class ExtendedMplsLdpFec < BinData::Record
+  endian :big
+  uint32 :mpls_fec_addr_prefix_length
+end
+
+# noinspection RubyResolve
+class ExtendedVlanTunnel < BinData::Record
+  endian :big
+  uint32 :layers_count
+  array :layers, :type => :uint32, :initial_length => :layers_count
+end
+
+# noinspection RubyResolve
+class ExtendedL2TunnelEgress < BinData::Record
+  endian :big
+  ethernet_frame_data :header
+end
+
+# noinspection RubyResolve
+class ExtendedL2TunnelIngress < BinData::Record
+  endian :big
+  ethernet_frame_data :header
+end
+
+# noinspection RubyResolve
+class ExtendedIpv4TunnelEgress < BinData::Record
+  endian :big
+  ip4_data :header
+end
+
+# noinspection RubyResolve
+class ExtendedIpv4TunnelIngress < BinData::Record
+  endian :big
+  ip4_data :header
+end
+
+# noinspection RubyResolve
+class ExtendedIpv6TunnelEgress < BinData::Record
+  endian :big
+  ip6_data :header
+end
+
+# noinspection RubyResolve
+class ExtendedIpv6TunnelIngress < BinData::Record
+  endian :big
+  ip6_data :header
+end
+
+# noinspection RubyResolve
+class ExtendedDecapsulateEgress < BinData::Record
+  endian :big
+  uint32 :inner_header_offset
+end
+
+# noinspection RubyResolve
+class ExtendedDecapsulateIngress < BinData::Record
+  endian :big
+  uint32 :inner_header_offset
+end
+
+# noinspection RubyResolve
+class ExtendedVniEgress < BinData::Record
+  endian :big
+  uint32 :vni
+end
+
+# noinspection RubyResolve
+class ExtendedVniIngress < BinData::Record
+  endian :big
+  uint32 :vni
+end
+
+# noinspection RubyResolve
+class ExtendedSocketIpv4 < BinData::Record
+  endian :big
+  uint32 :protocol
+  sflow_ip4_addr :local_ip
+  sflow_ip4_addr :remote_ip
+  uint32 :local_port
+  uint32 :remote_port
+end
+
+# noinspection RubyResolve
+class ExtendedSocketIpv6 < BinData::Record
+  endian :big
+  uint32 :protocol
+  sflow_ip6_addr :local_ip
+  sflow_ip6_addr :remote_ip
+  uint32 :local_port
+  uint32 :remote_port
+end

data/lib/logstash/codecs/sflow/packet_header.rb

@@ -36,13 +36,13 @@ class TcpHeader < BinData::Record
   uint16 :tcp_window_size
   uint16 :tcp_checksum
   uint16 :tcp_urgent_pointer
-  array :tcp_options, :initial_length => lambda { (((tcp_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
+  array :tcp_options, :initial_length => lambda { tcp_header_length - 5 }, :onlyif => lambda { is_options?(size_header) } do
     string :tcp_option, :length => 4, :pad_byte => "\0"
   end
-  bit :data, :nbits => lambda { size_header - (tcp_header_length * 4 * 8) }
+  bit :data, :nbits => lambda { size_header - data.rel_offset * 8 }
 
-  def is_options?
-    tcp_header_length.to_i > 5
+  def is_options?(size_header)
+    tcp_header_length.to_i > 5 and size_header >= tcp_header_length * 4 * 8
   end
 end
 
@@ -63,6 +63,7 @@ class IPV4Header < BinData::Record
   mandatory_parameter :size_header
 
   endian :big
+  bit4 :ip_version
   bit4 :ip_header_length # times 4
   bit6 :ip_dscp
   bit2 :ip_ecn
@@ -78,26 +79,47 @@ class IPV4Header < BinData::Record
   array :ip_options, :initial_length => lambda { (((ip_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
     string :ip_option, :length => 4, :pad_byte => "\0"
   end
-  choice :ip_data, :selection => :ip_protocol do
+  choice :ip_data, :selection => :ip_protocol, :onlyif => lambda { has_data?(size_header) } do
     tcp_header 6, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
     udp_header 17, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
     unknown_header :default, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
   end
 
+  def has_data?(size_header)
+    bytes_left = size_header / 8 - ip_header_length * 4
+    case ip_protocol
+    when 6
+      return bytes_left >= 20
+    when 17
+      return bytes_left >= 8
+    else
+      return true
+    end
+  end
+
   def is_options?
     ip_header_length.to_i > 5
   end
 end
 
 # noinspection RubyResolve
-class IPHeader < BinData::Record
+class IPV6Header < BinData::Record
   mandatory_parameter :size_header
 
   endian :big
   bit4 :ip_version
-  choice :ip_header, :selection => :ip_version do
-    ipv4_header 4, :size_header => :size_header
-    unknown_header :default, :size_header => lambda { size_header - 4 }
+  bit6 :ip_dscp
+  bit2 :ip_ecn
+  bit20 :ipv6_flow_label
+  uint16 :ip_payload_length
+  uint8 :ip_protocol
+  uint8 :ipv6_hop_limit
+  sflow_ip6_addr :src_ip
+  sflow_ip6_addr :dst_ip
+  choice :ip_data, :selection => :ip_protocol do
+    tcp_header 6, :size_header => lambda { size_header - 320 }
+    udp_header 17, :size_header => lambda { size_header - 320 }
+    unknown_header :default, :size_header => lambda { size_header - 320 }
   end
 end
 
@@ -111,7 +133,8 @@ class VLANHeader < BinData::Record
   bit12 :vlan_id
   uint16 :vlan_type
   choice :vlan_data, :selection => :vlan_type do
-    ip_header 2048, :size_header => lambda { size_header - (4 * 8) }
+    ipv4_header 2048, :size_header => lambda { size_header - (4 * 8) }
+    ipv6_header 34525, :size_header => lambda { size_header - (4 * 8) }
     unknown_header :default, :size_header => lambda { size_header - (4 * 8) }
   end
 end
@@ -125,8 +148,9 @@ class EthernetHeader < BinData::Record
   sflow_mac_address :eth_src
   uint16 :eth_type
   choice :eth_data, :selection => :eth_type do
-    ip_header 2048, :size_header => lambda { size_header - (14 * 8) }
+    ipv4_header 2048, :size_header => lambda { size_header - (14 * 8) }
     vlan_header 33024, :size_header => lambda { size_header - (14 * 8) }
+    ipv6_header 34525, :size_header => lambda { size_header - (14 * 8) }
     unknown_header :default, :size_header => lambda { size_header - (14 * 8) }
   end
-end
+end

data/lib/logstash/codecs/sflow/sample.rb

@@ -4,6 +4,71 @@ require 'bindata'
 require 'logstash/codecs/sflow/flow_record'
 require 'logstash/codecs/sflow/counter_record'
 
+class FlowSampleRecordData < BinData::Choice
+  mandatory_parameter :record_length
+
+  raw_packet_header '0-1', :record_length => :record_length
+  ethernet_frame_data '0-2'
+  ip4_data '0-3'
+  ip6_data '0-4'
+  extended_switch_data '0-1001'
+  extended_router_data '0-1002'
+  extended_gateway_data '0-1003'
+  extended_user_data '0-1004'
+  extended_url_data '0-1005'
+  extended_mpls_data '0-1006'
+  extended_nat_data '0-1007'
+  extended_mpls_tunnel '0-1008'
+  extended_mpls_vc '0-1009'
+  extended_mpls_ftn '0-1010'
+  extended_mpls_ldp_fec '0-1012'
+  extended_vlan_tunnel '0-1012'
+  extended_l2_tunnel_egress '0-1021'
+  extended_l2_tunnel_ingress '0-1022'
+  extended_ipv4_tunnel_egress '0-1023'
+  extended_ipv4_tunnel_ingress '0-1024'
+  extended_ipv6_tunnel_egress '0-1025'
+  extended_ipv6_tunnel_ingress '0-1026'
+  extended_decapsulate_egress '0-1027'
+  extended_decapsulate_ingress '0-1028'
+  extended_vni_egress '0-1029'
+  extended_vni_ingress '0-1030'
+  extended_socket_ipv4 '0-2100'
+  extended_socket_ipv6 '0-2101'
+  skip :default, :length => :record_length
+end
+
+class CounterSampleRecordData < BinData::Choice
+  mandatory_parameter :record_length
+
+  generic_interface '0-1'
+  ethernet_interfaces '0-2'
+  token_ring '0-3'
+  hundred_base_vg '0-4'
+  vlan '0-5'
+  processor_information '0-1001'
+  of_port '0-1004'
+  port_name '0-1005'
+  host_descr '0-2000'
+  host_adapters '0-2001'
+  host_parent '0-2002'
+  host_cpu '0-2003'
+  host_memory '0-2004'
+  host_disk_io '0-2005'
+  host_net_io '0-2006'
+  mib2_ip_group '0-2007'
+  mib2_icmp_group '0-2008'
+  mib2_tcp_group '0-2009'
+  mib2_udp_group '0-2010'
+  virt_node '0-2100'
+  virt_cpu '0-2101'
+  virt_memory '0-2102'
+  virt_disk_io '0-2103'
+  virt_net_io '0-2104'
+  http_counters '0-2201'
+  skip :default, :length => :record_length
+end
+
 # noinspection RubyResolve
 class FlowSample < BinData::Record
   endian :big
@@ -20,15 +85,9 @@ class FlowSample < BinData::Record
     bit20 :record_entreprise
     bit12 :record_format
     uint32 :record_length
-    choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
-      raw_packet_header '0-1', :record_length => :record_length
-      ethernet_frame_data '0-2'
-      ip4_data '0-3'
-      ip6_data '0-4'
-      extended_switch_data '0-1001'
-      extended_router_data '0-1002'
-      skip :default, :length => :record_length
-    end
+    flow_sample_record_data :record_data,
+                            :selection => lambda { "#{record_entreprise}-#{record_format}" },
+                            :record_length => :record_length
   end
 end
 
@@ -43,16 +102,9 @@ class CounterSample < BinData::Record
     bit20 :record_entreprise
     bit12 :record_format
     uint32 :record_length
-    choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
-      generic_interface '0-1'
-      ethernet_interfaces '0-2'
-      token_ring '0-3'
-      hundred_base_vg '0-4'
-      vlan '0-5'
-      processor_information '0-1001'
-      http_counters '0-2201'
-      skip :default, :length => :record_length
-    end
+    counter_sample_record_data :record_data,
+                               :selection => lambda { "#{record_entreprise}-#{record_format}" },
+                               :record_length => :record_length
     #processor_information :record_data
   end
 end
@@ -75,15 +127,9 @@ class ExpandedFlowSample < BinData::Record
     bit20 :record_entreprise
     bit12 :record_format
     uint32 :record_length
-    choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
-      raw_packet_header '0-1', :record_length => :record_length
-          ethernet_frame_data '0-2'
-      ip4_data '0-3'
-      ip6_data '0-4'
-      extended_switch_data '0-1001'
-      extended_router_data '0-1002'
-      skip :default, :length => :record_length
-    end
+    flow_sample_record_data :record_data,
+                            :selection => lambda { "#{record_entreprise}-#{record_format}" },
+                            :record_length => :record_length
   end
 end
 
@@ -98,17 +144,9 @@ class ExpandedCounterSample < BinData::Record
     bit20 :record_entreprise
     bit12 :record_format
     uint32 :record_length
-    choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
-      generic_interface '0-1'
-      ethernet_interfaces '0-2'
-      token_ring '0-3'
-      hundred_base_vg '0-4'
-      vlan '0-5'
-      lag_port_stats '0-7'
-      processor_information '0-1001'
-      http_counters '0-2201'
-      skip :default, :length => :record_length
-    end
+    counter_sample_record_data :record_data,
+                               :selection => lambda { "#{record_entreprise}-#{record_format}" },
+                               :record_length => :record_length
     #processor_information :record_data
   end
 end

data/lib/logstash/codecs/sflow/util.rb

@@ -54,3 +54,20 @@ class SflowIP6Addr < BinData::Primitive
     }.pack('n8')).to_s
   end
 end
+
+# noinspection RubyResolve
+class SflowString < BinData::Primitive
+  endian :big
+  uint32 :read_length
+  string :data, :read_length => :read_length
+  skip :length => lambda { read_length % 4 }
+
+  def set(val)
+    self.read_length = val.length
+    self.data = val
+  end
+
+  def get
+    self.data
+  end
+end

data/logstash-codec-sflow.gemspec

@@ -1,13 +1,13 @@
 Gem::Specification.new do |s|
 
   s.name = 'logstash-codec-sflow'
-  s.version = '2.0.2'
-  s.licenses = ['Apache License (2.0)']
+  s.version = '2.1.1'
+  s.licenses = ['Apache-2.0']
   s.summary = 'The sflow codec is for decoding SFlow v5 flows.'
   s.description = 'This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program'
-  s.authors = ['Nicolas Fraison']
-  s.email = ''
-  s.homepage = ''
+  s.authors = ['Konrad Zemek', 'Nicolas Fraison']
+  s.email = 'konrad@path.net'
+  s.homepage = 'https://path.net'
   s.require_paths = ['lib']
 
   # Files
@@ -21,9 +21,9 @@ Gem::Specification.new do |s|
 
   # Gem dependencies
   s.add_runtime_dependency 'logstash-core-plugin-api', '>= 1.60', '<= 2.99'
-  s.add_runtime_dependency 'logstash-core', '>= 5.4.0', '<= 6.9.9'
-  s.add_runtime_dependency 'bindata', ['~> 2.3']
+  s.add_runtime_dependency 'logstash-core', '>= 5.4.0', '<= 7.9.9'
+  s.add_runtime_dependency 'bindata', ['~> 2.4']
   s.add_runtime_dependency 'lru_redux', ['~> 1.1']
   s.add_runtime_dependency 'snmp', ['~> 1.2']
-  s.add_development_dependency 'logstash-devutils', '<= 1.3.1'
+  s.add_development_dependency 'logstash-devutils', ['~> 1.3']
 end

data/spec/codecs/sflow/packet_header_spec.rb

@@ -41,41 +41,41 @@ describe TcpHeader do
 end
 
 
-describe IPHeader do
+describe IPV4Header do
   it "should decode ipv4 tcp header" do
     payload = IO.read(File.join(File.dirname(__FILE__), "ipv4_tcp_header.dat"), :mode => "rb")
-    decoded = IPHeader.new(:size_header => payload.bytesize * 8).read(payload)
+    decoded = IPV4Header.new(:size_header => payload.bytesize * 8).read(payload)
 
     decoded["ip_version"].to_s.should eq("4")
-    decoded["ip_header"]["ip_header_length"].to_s.should eq("5")
-    decoded["ip_header"]["ip_dscp"].to_s.should eq("0")
-    decoded["ip_header"]["ip_ecn"].to_s.should eq("0")
-    decoded["ip_header"]["ip_total_length"].to_s.should eq("476")
-    decoded["ip_header"]["ip_identification"].to_s.should eq("30529")
-    decoded["ip_header"]["ip_flags"].to_s.should eq("2")
-    decoded["ip_header"]["ip_fragment_offset"].to_s.should eq("0")
-    decoded["ip_header"]["ip_ttl"].to_s.should eq("62")
-    decoded["ip_header"]["ip_protocol"].to_s.should eq("6")
-    decoded["ip_header"]["ip_checksum"].to_s.should eq("37559")
-    decoded["ip_header"]["src_ip"].to_s.should eq("10.243.27.17")
-    decoded["ip_header"]["dst_ip"].to_s.should eq("10.243.0.45")
-    decoded["ip_header"]["ip_data"]["src_port"].to_s.should eq("5672")
-    decoded["ip_header"]["ip_data"]["dst_port"].to_s.should eq("59451")
-    decoded["ip_header"]["ip_data"]["tcp_seq_number"].to_s.should eq("2671357038")
-    decoded["ip_header"]["ip_data"]["tcp_ack_number"].to_s.should eq("2651945969")
-    (decoded["ip_header"]["ip_data"]["tcp_header_length"].to_i*4).to_s.should eq("32")
-    decoded["ip_header"]["ip_data"]["tcp_is_nonce"].to_s.should eq("0")
-    decoded["ip_header"]["ip_data"]["tcp_is_cwr"].to_s.should eq("0")
-    decoded["ip_header"]["ip_data"]["tcp_is_ecn_echo"].to_s.should eq("0")
-    decoded["ip_header"]["ip_data"]["tcp_is_urgent"].to_s.should eq("0")
-    decoded["ip_header"]["ip_data"]["tcp_is_ack"].to_s.should eq("1")
-    decoded["ip_header"]["ip_data"]["tcp_is_push"].to_s.should eq("1")
-    decoded["ip_header"]["ip_data"]["tcp_is_reset"].to_s.should eq("0")
-    decoded["ip_header"]["ip_data"]["tcp_is_syn"].to_s.should eq("0")
-    decoded["ip_header"]["ip_data"]["tcp_is_fin"].to_s.should eq("0")
-    decoded["ip_header"]["ip_data"]["tcp_window_size"].to_s.should eq("147")
-    decoded["ip_header"]["ip_data"]["tcp_checksum"].to_s.should eq("13042")
-    decoded["ip_header"]["ip_data"]["tcp_urgent_pointer"].to_s.should eq("0")
+    decoded["ip_header_length"].to_s.should eq("5")
+    decoded["ip_dscp"].to_s.should eq("0")
+    decoded["ip_ecn"].to_s.should eq("0")
+    decoded["ip_total_length"].to_s.should eq("476")
+    decoded["ip_identification"].to_s.should eq("30529")
+    decoded["ip_flags"].to_s.should eq("2")
+    decoded["ip_fragment_offset"].to_s.should eq("0")
+    decoded["ip_ttl"].to_s.should eq("62")
+    decoded["ip_protocol"].to_s.should eq("6")
+    decoded["ip_checksum"].to_s.should eq("37559")
+    decoded["src_ip"].to_s.should eq("10.243.27.17")
+    decoded["dst_ip"].to_s.should eq("10.243.0.45")
+    decoded["ip_data"]["src_port"].to_s.should eq("5672")
+    decoded["ip_data"]["dst_port"].to_s.should eq("59451")
+    decoded["ip_data"]["tcp_seq_number"].to_s.should eq("2671357038")
+    decoded["ip_data"]["tcp_ack_number"].to_s.should eq("2651945969")
+    (decoded["ip_data"]["tcp_header_length"].to_i*4).to_s.should eq("32")
+    decoded["ip_data"]["tcp_is_nonce"].to_s.should eq("0")
+    decoded["ip_data"]["tcp_is_cwr"].to_s.should eq("0")
+    decoded["ip_data"]["tcp_is_ecn_echo"].to_s.should eq("0")
+    decoded["ip_data"]["tcp_is_urgent"].to_s.should eq("0")
+    decoded["ip_data"]["tcp_is_ack"].to_s.should eq("1")
+    decoded["ip_data"]["tcp_is_push"].to_s.should eq("1")
+    decoded["ip_data"]["tcp_is_reset"].to_s.should eq("0")
+    decoded["ip_data"]["tcp_is_syn"].to_s.should eq("0")
+    decoded["ip_data"]["tcp_is_fin"].to_s.should eq("0")
+    decoded["ip_data"]["tcp_window_size"].to_s.should eq("147")
+    decoded["ip_data"]["tcp_checksum"].to_s.should eq("13042")
+    decoded["ip_data"]["tcp_urgent_pointer"].to_s.should eq("0")
   end
 end
 

metadata

@@ -1,16 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-sflow
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.1.1
 platform: ruby
 authors:
+- Konrad Zemek
 - Nicolas Fraison
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-09 00:00:00.000000000 Z
+date: 2019-06-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
+  name: logstash-core-plugin-api
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -19,9 +21,8 @@ dependencies:
     - - "<="
       - !ruby/object:Gem::Version
         version: '2.99'
-  name: logstash-core-plugin-api
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -31,6 +32,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.99'
 - !ruby/object:Gem::Dependency
+  name: logstash-core
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -38,10 +40,9 @@ dependencies:
         version: 5.4.0
     - - "<="
       - !ruby/object:Gem::Version
-        version: 6.9.9
-  name: logstash-core
-  prerelease: false
+        version: 7.9.9
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -49,65 +50,67 @@ dependencies:
         version: 5.4.0
     - - "<="
       - !ruby/object:Gem::Version
-        version: 6.9.9
+        version: 7.9.9
 - !ruby/object:Gem::Dependency
+  name: bindata
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
-  name: bindata
-  prerelease: false
+        version: '2.4'
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '2.4'
 - !ruby/object:Gem::Dependency
+  name: lru_redux
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
-  name: lru_redux
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
 - !ruby/object:Gem::Dependency
+  name: snmp
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
-  name: snmp
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
+  name: logstash-devutils
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "<="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.1
-  name: logstash-devutils
-  prerelease: false
+        version: '1.3'
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "<="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.1
-description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
-email: ''
+        version: '1.3'
+description: This gem is a logstash plugin required to be installed on top of the
+  Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not
+  a stand-alone program
+email: konrad@path.net
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -139,13 +142,13 @@ files:
 - spec/codecs/sflow_flow_sample_eth_vlan.dat
 - spec/codecs/sflow_spec.rb
 - spec/codecs/sflow_with_lag_counters.dat
-homepage: ''
+homepage: https://path.net
 licenses:
-- Apache License (2.0)
+- Apache-2.0
 metadata:
   logstash_plugin: 'true'
   logstash_group: codec
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -160,9 +163,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.8
-signing_key:
+rubyforge_project: 
+rubygems_version: 2.7.6.2
+signing_key: 
 specification_version: 4
 summary: The sflow codec is for decoding SFlow v5 flows.
 test_files: