logstash-codec-sflow 2.0.2 → 2.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 4de459b447b9a3306526751ae54b98738b3c67f2
4
- data.tar.gz: 940fb98e25dc7b06ea9a12e31bc14018dbbb45c6
2
+ SHA256:
3
+ metadata.gz: ca54b16d12f3edc8d3ef8b37db6558916b571888eb218d9b3ca8388a9f65c97c
4
+ data.tar.gz: a6bd63dcdbfea7738673a98af680d7e280a195e6f81a4cedd069160d154a803c
5
5
  SHA512:
6
- metadata.gz: 94639d6675f44e38f417126cf2bd70b8ad558396f2ca40cf83b7b1ddd890e7d0b25ebf2f81d5292c159f62e00b5639270604da5c3eca1931f4fb4442aa4c0b02
7
- data.tar.gz: 5f9db4d7ca6820808705857f5afac6764b7a0f07aa93dd5f881c09ee26d7b20d6f754f7d52085986290843773158ed443020105180e1731cb3e4f258287329fb
6
+ metadata.gz: 513650e06427993a2f0eef196a3f0c9ee4269eac3283e9160846e225b09996c6a9e1e1961f50f99069dc3273e40f7d204ea1c36b1a600fea753b7a2e0c9dd623
7
+ data.tar.gz: ba89921055f7996383c8bd075ae771c76728cfb744828e58d064c1c19b98bd1b49ce5d1b82130a21d6535ea14d8f13f755fca289b92858e1d61ab4884b4f685e
@@ -61,7 +61,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
61
61
 
62
62
  def snmp_call(event)
63
63
  if @snmp_interface
64
- if event.include?('source_id_type') and event['source_id_type'].to_s == '0'
64
+ if event.include?('source_id_type') and event.get('source_id_type').to_s == '0'
65
65
  if event.include?('source_id_index')
66
66
  event.set('source_id_index_descr', @snmp.get_interface(event.get('agent_ip'), event.get('source_id_index')))
67
67
  end
@@ -124,7 +124,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
124
124
  sample['sample_data']['records'].each do |record|
125
125
  # Ensure that some data exist for the record
126
126
  if record['record_data'].to_s.eql? ''
127
- @logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
127
+ @logger.warn("Unknown sample_flow record: entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
128
128
  next
129
129
  end
130
130
 
@@ -152,7 +152,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
152
152
  sample['sample_data']['records'].each do |record|
153
153
  # Ensure that some data exist for the record
154
154
  if record['record_data'].to_s.eql? ''
155
- @logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
155
+ @logger.warn("Unknown counter_flow record: entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
156
156
  next
157
157
  end
158
158
 
@@ -97,7 +97,6 @@ class Vlan < BinData::Record
97
97
  uint32 :discards
98
98
  end
99
99
 
100
-
101
100
  # noinspection RubyResolve
102
101
  class ProcessorInformation < BinData::Record
103
102
  endian :big
@@ -108,6 +107,19 @@ class ProcessorInformation < BinData::Record
108
107
  uint64 :free_memory
109
108
  end
110
109
 
110
+ # noinspection RubyResolve
111
+ class OfPort < BinData::Record
112
+ endian :big
113
+ uint64 :datapath_id
114
+ uint32 :port_no
115
+ end
116
+
117
+ # noinspection RubyResolve
118
+ class PortName < BinData::Record
119
+ endian :big
120
+ sflow_string :name
121
+ end
122
+
111
123
  # noinspection RubyResolve
112
124
  class HttpCounters < BinData::Record
113
125
  endian :big
@@ -149,3 +161,239 @@ class LagPortStats < BinData::Record
149
161
  uint32 :dot3adAggPortStatsMarkerPDUsTx
150
162
  uint32 :dot3adAggPortStatsMarkerResponsePDUsTx
151
163
  end
164
+
165
+ # noinspection RubyResolve
166
+ class HostDescr < BinData::Record
167
+ endian :big
168
+ sflow_string :hostname
169
+ array :uuid, :type => :uint8, :initial_length => 16
170
+ uint32 :machine_type
171
+ uint32 :os_name
172
+ sflow_string :os_release
173
+ end
174
+
175
+ # noinspection RubyResolve
176
+ class HostAdapters < BinData::Record
177
+ endian :big
178
+ uint32 :adapters_count
179
+ array :adapters, :initial_length => :adapters_count do
180
+ uint32 :if_index
181
+ uint32 :mac_address_count
182
+ array :mac_addresses, :initial_length => :mac_address_count do
183
+ sflow_mac_address :mac_address
184
+ skip :length => 2
185
+ end
186
+ end
187
+ end
188
+
189
+ # noinspection RubyResolve
190
+ class HostParent < BinData::Record
191
+ endian :big
192
+ uint32 :container_type
193
+ uint32 :container_index
194
+ end
195
+
196
+ # noinspection RubyResolve
197
+ class HostCpu < BinData::Record
198
+ endian :big
199
+ float_be :load_one
200
+ float_be :load_five
201
+ float_be :load_fifteen
202
+ uint32 :proc_run
203
+ uint32 :proc_total
204
+ uint32 :cpu_num
205
+ uint32 :cpu_speed
206
+ uint32 :uptime
207
+ uint32 :cpu_user
208
+ uint32 :cpu_nice
209
+ uint32 :cpu_system
210
+ uint32 :cpu_idle
211
+ uint32 :cpu_wio
212
+ uint32 :cpu_intr
213
+ uint32 :cpu_sintr
214
+ uint32 :interrupts
215
+ uint32 :contexts
216
+ uint32 :cpu_steal
217
+ uint32 :cpu_guest
218
+ uint32 :cpu_guest_nice
219
+ end
220
+
221
+ # noinspection RubyResolve
222
+ class HostMemory < BinData::Record
223
+ endian :big
224
+ uint64 :mem_total
225
+ uint64 :mem_free
226
+ uint64 :mem_shared
227
+ uint64 :mem_buffers
228
+ uint64 :mem_cached
229
+ uint64 :swap_total
230
+ uint64 :swap_free
231
+ uint32 :page_in
232
+ uint32 :page_out
233
+ uint32 :swap_in
234
+ uint32 :swap_out
235
+ end
236
+
237
+ # noinspection RubyResolve
238
+ class HostDiskIo < BinData::Record
239
+ endian :big
240
+ uint64 :disk_total
241
+ uint64 :disk_free
242
+ uint32 :part_max_used_percent
243
+ uint32 :reads
244
+ uint64 :bytes_read
245
+ uint32 :read_time
246
+ uint32 :writes
247
+ uint64 :bytes_written
248
+ uint32 :write_time
249
+ end
250
+
251
+ # noinspection RubyResolve
252
+ class HostNetIo < BinData::Record
253
+ endian :big
254
+ uint64 :bytes_in
255
+ uint32 :pkts_in
256
+ uint32 :errs_in
257
+ uint32 :drops_in
258
+ uint64 :bytes_out
259
+ uint32 :packets_out
260
+ uint32 :errs_out
261
+ uint32 :drops_out
262
+ end
263
+
264
+ # noinspection RubyResolve
265
+ class Mib2IpGroup < BinData::Record
266
+ endian :big
267
+ uint32 :ip_forwarding
268
+ uint32 :ip_default_ttl
269
+ uint32 :ip_in_receives
270
+ uint32 :ip_in_hdr_errors
271
+ uint32 :ip_in_addr_errors
272
+ uint32 :ip_forw_datagrams
273
+ uint32 :ip_in_unknown_protos
274
+ uint32 :ip_in_discards
275
+ uint32 :ip_in_delivers
276
+ uint32 :ip_out_requests
277
+ uint32 :ip_out_discards
278
+ uint32 :ip_out_no_routes
279
+ uint32 :ip_reasm_timeout
280
+ uint32 :ip_reasm_reqds
281
+ uint32 :ip_reasm_oks
282
+ uint32 :ip_reasm_fails
283
+ uint32 :ip_frag_oks
284
+ uint32 :ip_frag_fails
285
+ uint32 :ip_frag_creates
286
+ end
287
+
288
+ # noinspection RubyResolve
289
+ class Mib2IcmpGroup < BinData::Record
290
+ endian :big
291
+ uint32 :icmp_in_msgs
292
+ uint32 :icmp_in_errors
293
+ uint32 :icmp_in_dest_unreachs
294
+ uint32 :icmp_in_time_excds
295
+ uint32 :icmp_in_param_probs
296
+ uint32 :icmp_in_src_quenchs
297
+ uint32 :icmp_in_redirects
298
+ uint32 :icmp_in_echos
299
+ uint32 :icmp_in_echo_reps
300
+ uint32 :icmp_in_timestamps
301
+ uint32 :icmp_in_addr_masks
302
+ uint32 :icmp_in_addr_mask_reps
303
+ uint32 :icmp_out_msgs
304
+ uint32 :icmp_out_errors
305
+ uint32 :icmp_out_dest_unreachs
306
+ uint32 :icmp_out_time_excds
307
+ uint32 :icmp_out_param_probs
308
+ uint32 :icmp_out_src_quenchs
309
+ uint32 :icmp_out_redirects
310
+ uint32 :icmp_out_echos
311
+ uint32 :icmp_out_echo_reps
312
+ uint32 :icmp_out_timestamps
313
+ uint32 :icmp_out_timestamp_reps
314
+ uint32 :icmp_out_addr_masks
315
+ uint32 :icmp_out_addr_mask_reps
316
+ end
317
+
318
+ # noinspection RubyResolve
319
+ class Mib2TcpGroup < BinData::Record
320
+ endian :big
321
+ uint32 :tcp_rto_algorithm
322
+ uint32 :tcp_rto_min
323
+ uint32 :tcp_rto_max
324
+ uint32 :tcp_max_conn
325
+ uint32 :tcp_active_opens
326
+ uint32 :tcp_passive_opens
327
+ uint32 :tcp_attempt_fails
328
+ uint32 :tcp_estab_resets
329
+ uint32 :tcp_curr_estab
330
+ uint32 :tcp_in_segs
331
+ uint32 :tcp_out_segs
332
+ uint32 :tcp_retrans_segs
333
+ uint32 :tcp_in_errs
334
+ uint32 :tcp_out_rsts
335
+ uint32 :tcp_in_csum_errs
336
+ end
337
+
338
+ # noinspection RubyResolve
339
+ class Mib2UdpGroup < BinData::Record
340
+ endian :big
341
+ uint32 :udp_in_datagrams
342
+ uint32 :udp_no_ports
343
+ uint32 :udp_in_errors
344
+ uint32 :udp_out_datagrams
345
+ uint32 :udp_rcvbuf_errors
346
+ uint32 :udp_sndbuf_errors
347
+ uint32 :udp_in_csum_errors
348
+ end
349
+
350
+ # noinspection RubyResolve
351
+ class VirtNode < BinData::Record
352
+ endian :big
353
+ uint32 :mhz
354
+ uint32 :cpus
355
+ uint64 :memory
356
+ uint64 :memory_free
357
+ uint32 :num_domains
358
+ end
359
+
360
+ # noinspection RubyResolve
361
+ class VirtCpu < BinData::Record
362
+ endian :big
363
+ uint32 :state
364
+ uint32 :cpu_time
365
+ uint32 :nr_virt_cpu
366
+ end
367
+
368
+ # noinspection RubyResolve
369
+ class VirtMemory < BinData::Record
370
+ endian :big
371
+ uint64 :memory
372
+ uint64 :max_memory
373
+ end
374
+
375
+ # noinspection RubyResolve
376
+ class VirtDiskIo < BinData::Record
377
+ endian :big
378
+ uint64 :capacity
379
+ uint64 :allocation
380
+ uint64 :physical
381
+ uint32 :rd_req
382
+ uint64 :rd_bytes
383
+ uint32 :wr_req
384
+ uint64 :wr_bytes
385
+ uint32 :errs
386
+ end
387
+
388
+ # noinspection RubyResolve
389
+ class VirtNetIo < BinData::Record
390
+ endian :big
391
+ uint64 :rx_bytes
392
+ uint32 :rx_packets
393
+ uint32 :rx_errs
394
+ uint32 :rx_drop
395
+ uint64 :tx_bytes
396
+ uint32 :tx_packets
397
+ uint32 :tx_errs
398
+ uint32 :tx_drop
399
+ end
@@ -5,8 +5,9 @@ require 'logstash/codecs/sflow/util'
5
5
  require 'logstash/codecs/sflow/packet_header'
6
6
 
7
7
  # noinspection RubyResolve
8
- class RawPacketHeader < BinData::Record
8
+ class RawPacketHeader < BinData::Buffer
9
9
  mandatory_parameter :record_length
10
+ default_parameters :length => :record_length
10
11
 
11
12
  endian :big
12
13
  uint32 :protocol
@@ -15,10 +16,10 @@ class RawPacketHeader < BinData::Record
15
16
  uint32 :header_size
16
17
  choice :sample_header, :selection => :protocol do
17
18
  ethernet_header 1, :size_header => lambda { header_size * 8 }
18
- ip_header 11, :size_header => lambda { header_size * 8 }
19
+ ipv4_header 11, :size_header => lambda { header_size * 8 }
20
+ ipv6_header 12, :size_header => lambda { header_size * 8 }
19
21
  skip :default, :length => :header_size
20
22
  end
21
- bit :padded, :nbits => lambda { (record_length - (header_size + 16)) * 8 } #padded data
22
23
  end
23
24
 
24
25
  # noinspection RubyResolve
@@ -78,3 +79,187 @@ class ExtendedRouterData < BinData::Record
78
79
  uint32 :src_mask_len
79
80
  uint32 :dst_mask_len
80
81
  end
82
+
83
+ # noinspection RubyResolve
84
+ class ExtendedGatewayData < BinData::Record
85
+ endian :big
86
+ uint32 :ip_version
87
+ choice :ip_address_next_hop_router, :selection => :ip_version do
88
+ sflow_ip4_addr 1
89
+ sflow_ip6_addr 2
90
+ end
91
+ uint32 :as_number_of_router
92
+ uint32 :as_number_of_source
93
+ uint32 :as_number_of_source_peer
94
+ uint32 :dest_as_path_count
95
+ array :dest_as_paths, :initial_length => :dest_as_path_count do
96
+ uint32 :as_path_segment_type
97
+ uint32 :as_number_count
98
+ array :as_numbers, :type => :uint32, :initial_length => :as_number_count
99
+ end
100
+ uint32 :communities_count
101
+ array :communities, :type => :uint32, :initial_length => :communities_count
102
+ uint32 :local_pref
103
+ end
104
+
105
+ # noinspection RubyResolve
106
+ class ExtendedUserData < BinData::Record
107
+ endian :big
108
+ uint32 :source_charset
109
+ sflow_string :source_user
110
+ uint32 :destination_charset
111
+ sflow_string :destination_user
112
+ end
113
+
114
+ # noinspection RubyResolve
115
+ class ExtendedUrlData < BinData::Record
116
+ endian :big
117
+ uint32 :direction
118
+ sflow_string :url
119
+ sflow_string :host
120
+ end
121
+
122
+ # noinspection RubyResolve
123
+ class ExtendedMplsData < BinData::Record
124
+ endian :big
125
+ uint32 :ip_version
126
+ choice :ip_address_next_hop_router, :selection => :ip_version do
127
+ sflow_ip4_addr 1
128
+ sflow_ip6_addr 2
129
+ end
130
+ uint32 :in_label_stack_count
131
+ array :in_label_stack, :type => :uint32, :initial_length => :in_label_stack_count
132
+ uint32 :out_label_stack_count
133
+ array :out_label_stack, :type => :uint32, :initial_length => :out_label_stack_count
134
+ end
135
+
136
+ # noinspection RubyResolve
137
+ class ExtendedNatData < BinData::Record
138
+ endian :big
139
+ uint32 :src_ip_version
140
+ choice :src_ip_address, :selection => :src_ip_version do
141
+ sflow_ip4_addr 1
142
+ sflow_ip6_addr 2
143
+ end
144
+ uint32 :dst_ip_version
145
+ choice :dst_ip_address, :selection => :dst_ip_version do
146
+ sflow_ip4_addr 1
147
+ sflow_ip6_addr 2
148
+ end
149
+ end
150
+
151
+ # noinspection RubyResolve
152
+ class ExtendedMplsTunnel < BinData::Record
153
+ endian :big
154
+ sflow_string :tunnel_name
155
+ uint32 :tunnel_id
156
+ uint32 :tunnel_cos_value
157
+ end
158
+
159
+ # noinspection RubyResolve
160
+ class ExtendedMplsVc < BinData::Record
161
+ endian :big
162
+ sflow_string :vc_instance_name
163
+ uint32 :vll_vc_id
164
+ uint32 :vc_label_cos_value
165
+ end
166
+
167
+ # noinspection RubyResolve
168
+ class ExtendedMplsFtn < BinData::Record
169
+ endian :big
170
+ sflow_string :mpls_ftn_descr
171
+ uint32 :mpls_ftn_mask
172
+ end
173
+
174
+ # noinspection RubyResolve
175
+ class ExtendedMplsLdpFec < BinData::Record
176
+ endian :big
177
+ uint32 :mpls_fec_addr_prefix_length
178
+ end
179
+
180
+ # noinspection RubyResolve
181
+ class ExtendedVlanTunnel < BinData::Record
182
+ endian :big
183
+ uint32 :layers_count
184
+ array :layers, :type => :uint32, :initial_length => :layers_count
185
+ end
186
+
187
+ # noinspection RubyResolve
188
+ class ExtendedL2TunnelEgress < BinData::Record
189
+ endian :big
190
+ ethernet_frame_data :header
191
+ end
192
+
193
+ # noinspection RubyResolve
194
+ class ExtendedL2TunnelIngress < BinData::Record
195
+ endian :big
196
+ ethernet_frame_data :header
197
+ end
198
+
199
+ # noinspection RubyResolve
200
+ class ExtendedIpv4TunnelEgress < BinData::Record
201
+ endian :big
202
+ ip4_data :header
203
+ end
204
+
205
+ # noinspection RubyResolve
206
+ class ExtendedIpv4TunnelIngress < BinData::Record
207
+ endian :big
208
+ ip4_data :header
209
+ end
210
+
211
+ # noinspection RubyResolve
212
+ class ExtendedIpv6TunnelEgress < BinData::Record
213
+ endian :big
214
+ ip6_data :header
215
+ end
216
+
217
+ # noinspection RubyResolve
218
+ class ExtendedIpv6TunnelIngress < BinData::Record
219
+ endian :big
220
+ ip6_data :header
221
+ end
222
+
223
+ # noinspection RubyResolve
224
+ class ExtendedDecapsulateEgress < BinData::Record
225
+ endian :big
226
+ uint32 :inner_header_offset
227
+ end
228
+
229
+ # noinspection RubyResolve
230
+ class ExtendedDecapsulateIngress < BinData::Record
231
+ endian :big
232
+ uint32 :inner_header_offset
233
+ end
234
+
235
+ # noinspection RubyResolve
236
+ class ExtendedVniEgress < BinData::Record
237
+ endian :big
238
+ uint32 :vni
239
+ end
240
+
241
+ # noinspection RubyResolve
242
+ class ExtendedVniIngress < BinData::Record
243
+ endian :big
244
+ uint32 :vni
245
+ end
246
+
247
+ # noinspection RubyResolve
248
+ class ExtendedSocketIpv4 < BinData::Record
249
+ endian :big
250
+ uint32 :protocol
251
+ sflow_ip4_addr :local_ip
252
+ sflow_ip4_addr :remote_ip
253
+ uint32 :local_port
254
+ uint32 :remote_port
255
+ end
256
+
257
+ # noinspection RubyResolve
258
+ class ExtendedSocketIpv6 < BinData::Record
259
+ endian :big
260
+ uint32 :protocol
261
+ sflow_ip6_addr :local_ip
262
+ sflow_ip6_addr :remote_ip
263
+ uint32 :local_port
264
+ uint32 :remote_port
265
+ end
@@ -36,13 +36,13 @@ class TcpHeader < BinData::Record
36
36
  uint16 :tcp_window_size
37
37
  uint16 :tcp_checksum
38
38
  uint16 :tcp_urgent_pointer
39
- array :tcp_options, :initial_length => lambda { (((tcp_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
39
+ array :tcp_options, :initial_length => lambda { tcp_header_length - 5 }, :onlyif => lambda { is_options?(size_header) } do
40
40
  string :tcp_option, :length => 4, :pad_byte => "\0"
41
41
  end
42
- bit :data, :nbits => lambda { size_header - (tcp_header_length * 4 * 8) }
42
+ bit :data, :nbits => lambda { size_header - data.rel_offset * 8 }
43
43
 
44
- def is_options?
45
- tcp_header_length.to_i > 5
44
+ def is_options?(size_header)
45
+ tcp_header_length.to_i > 5 and size_header >= tcp_header_length * 4 * 8
46
46
  end
47
47
  end
48
48
 
@@ -63,6 +63,7 @@ class IPV4Header < BinData::Record
63
63
  mandatory_parameter :size_header
64
64
 
65
65
  endian :big
66
+ bit4 :ip_version
66
67
  bit4 :ip_header_length # times 4
67
68
  bit6 :ip_dscp
68
69
  bit2 :ip_ecn
@@ -78,26 +79,47 @@ class IPV4Header < BinData::Record
78
79
  array :ip_options, :initial_length => lambda { (((ip_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
79
80
  string :ip_option, :length => 4, :pad_byte => "\0"
80
81
  end
81
- choice :ip_data, :selection => :ip_protocol do
82
+ choice :ip_data, :selection => :ip_protocol, :onlyif => lambda { has_data?(size_header) } do
82
83
  tcp_header 6, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
83
84
  udp_header 17, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
84
85
  unknown_header :default, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
85
86
  end
86
87
 
88
+ def has_data?(size_header)
89
+ bytes_left = size_header / 8 - ip_header_length * 4
90
+ case ip_protocol
91
+ when 6
92
+ return bytes_left >= 20
93
+ when 17
94
+ return bytes_left >= 8
95
+ else
96
+ return true
97
+ end
98
+ end
99
+
87
100
  def is_options?
88
101
  ip_header_length.to_i > 5
89
102
  end
90
103
  end
91
104
 
92
105
  # noinspection RubyResolve
93
- class IPHeader < BinData::Record
106
+ class IPV6Header < BinData::Record
94
107
  mandatory_parameter :size_header
95
108
 
96
109
  endian :big
97
110
  bit4 :ip_version
98
- choice :ip_header, :selection => :ip_version do
99
- ipv4_header 4, :size_header => :size_header
100
- unknown_header :default, :size_header => lambda { size_header - 4 }
111
+ bit6 :ip_dscp
112
+ bit2 :ip_ecn
113
+ bit20 :ipv6_flow_label
114
+ uint16 :ip_payload_length
115
+ uint8 :ip_protocol
116
+ uint8 :ipv6_hop_limit
117
+ sflow_ip6_addr :src_ip
118
+ sflow_ip6_addr :dst_ip
119
+ choice :ip_data, :selection => :ip_protocol do
120
+ tcp_header 6, :size_header => lambda { size_header - 320 }
121
+ udp_header 17, :size_header => lambda { size_header - 320 }
122
+ unknown_header :default, :size_header => lambda { size_header - 320 }
101
123
  end
102
124
  end
103
125
 
@@ -111,7 +133,8 @@ class VLANHeader < BinData::Record
111
133
  bit12 :vlan_id
112
134
  uint16 :vlan_type
113
135
  choice :vlan_data, :selection => :vlan_type do
114
- ip_header 2048, :size_header => lambda { size_header - (4 * 8) }
136
+ ipv4_header 2048, :size_header => lambda { size_header - (4 * 8) }
137
+ ipv6_header 34525, :size_header => lambda { size_header - (4 * 8) }
115
138
  unknown_header :default, :size_header => lambda { size_header - (4 * 8) }
116
139
  end
117
140
  end
@@ -125,8 +148,9 @@ class EthernetHeader < BinData::Record
125
148
  sflow_mac_address :eth_src
126
149
  uint16 :eth_type
127
150
  choice :eth_data, :selection => :eth_type do
128
- ip_header 2048, :size_header => lambda { size_header - (14 * 8) }
151
+ ipv4_header 2048, :size_header => lambda { size_header - (14 * 8) }
129
152
  vlan_header 33024, :size_header => lambda { size_header - (14 * 8) }
153
+ ipv6_header 34525, :size_header => lambda { size_header - (14 * 8) }
130
154
  unknown_header :default, :size_header => lambda { size_header - (14 * 8) }
131
155
  end
132
- end
156
+ end
@@ -4,6 +4,71 @@ require 'bindata'
4
4
  require 'logstash/codecs/sflow/flow_record'
5
5
  require 'logstash/codecs/sflow/counter_record'
6
6
 
7
+ class FlowSampleRecordData < BinData::Choice
8
+ mandatory_parameter :record_length
9
+
10
+ raw_packet_header '0-1', :record_length => :record_length
11
+ ethernet_frame_data '0-2'
12
+ ip4_data '0-3'
13
+ ip6_data '0-4'
14
+ extended_switch_data '0-1001'
15
+ extended_router_data '0-1002'
16
+ extended_gateway_data '0-1003'
17
+ extended_user_data '0-1004'
18
+ extended_url_data '0-1005'
19
+ extended_mpls_data '0-1006'
20
+ extended_nat_data '0-1007'
21
+ extended_mpls_tunnel '0-1008'
22
+ extended_mpls_vc '0-1009'
23
+ extended_mpls_ftn '0-1010'
24
+ extended_mpls_ldp_fec '0-1012'
25
+ extended_vlan_tunnel '0-1012'
26
+ extended_l2_tunnel_egress '0-1021'
27
+ extended_l2_tunnel_ingress '0-1022'
28
+ extended_ipv4_tunnel_egress '0-1023'
29
+ extended_ipv4_tunnel_ingress '0-1024'
30
+ extended_ipv6_tunnel_egress '0-1025'
31
+ extended_ipv6_tunnel_ingress '0-1026'
32
+ extended_decapsulate_egress '0-1027'
33
+ extended_decapsulate_ingress '0-1028'
34
+ extended_vni_egress '0-1029'
35
+ extended_vni_ingress '0-1030'
36
+ extended_socket_ipv4 '0-2100'
37
+ extended_socket_ipv6 '0-2101'
38
+ skip :default, :length => :record_length
39
+ end
40
+
41
+ class CounterSampleRecordData < BinData::Choice
42
+ mandatory_parameter :record_length
43
+
44
+ generic_interface '0-1'
45
+ ethernet_interfaces '0-2'
46
+ token_ring '0-3'
47
+ hundred_base_vg '0-4'
48
+ vlan '0-5'
49
+ processor_information '0-1001'
50
+ of_port '0-1004'
51
+ port_name '0-1005'
52
+ host_descr '0-2000'
53
+ host_adapters '0-2001'
54
+ host_parent '0-2002'
55
+ host_cpu '0-2003'
56
+ host_memory '0-2004'
57
+ host_disk_io '0-2005'
58
+ host_net_io '0-2006'
59
+ mib2_ip_group '0-2007'
60
+ mib2_icmp_group '0-2008'
61
+ mib2_tcp_group '0-2009'
62
+ mib2_udp_group '0-2010'
63
+ virt_node '0-2100'
64
+ virt_cpu '0-2101'
65
+ virt_memory '0-2102'
66
+ virt_disk_io '0-2103'
67
+ virt_net_io '0-2104'
68
+ http_counters '0-2201'
69
+ skip :default, :length => :record_length
70
+ end
71
+
7
72
  # noinspection RubyResolve
8
73
  class FlowSample < BinData::Record
9
74
  endian :big
@@ -20,15 +85,9 @@ class FlowSample < BinData::Record
20
85
  bit20 :record_entreprise
21
86
  bit12 :record_format
22
87
  uint32 :record_length
23
- choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
24
- raw_packet_header '0-1', :record_length => :record_length
25
- ethernet_frame_data '0-2'
26
- ip4_data '0-3'
27
- ip6_data '0-4'
28
- extended_switch_data '0-1001'
29
- extended_router_data '0-1002'
30
- skip :default, :length => :record_length
31
- end
88
+ flow_sample_record_data :record_data,
89
+ :selection => lambda { "#{record_entreprise}-#{record_format}" },
90
+ :record_length => :record_length
32
91
  end
33
92
  end
34
93
 
@@ -43,16 +102,9 @@ class CounterSample < BinData::Record
43
102
  bit20 :record_entreprise
44
103
  bit12 :record_format
45
104
  uint32 :record_length
46
- choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
47
- generic_interface '0-1'
48
- ethernet_interfaces '0-2'
49
- token_ring '0-3'
50
- hundred_base_vg '0-4'
51
- vlan '0-5'
52
- processor_information '0-1001'
53
- http_counters '0-2201'
54
- skip :default, :length => :record_length
55
- end
105
+ counter_sample_record_data :record_data,
106
+ :selection => lambda { "#{record_entreprise}-#{record_format}" },
107
+ :record_length => :record_length
56
108
  #processor_information :record_data
57
109
  end
58
110
  end
@@ -75,15 +127,9 @@ class ExpandedFlowSample < BinData::Record
75
127
  bit20 :record_entreprise
76
128
  bit12 :record_format
77
129
  uint32 :record_length
78
- choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
79
- raw_packet_header '0-1', :record_length => :record_length
80
- ethernet_frame_data '0-2'
81
- ip4_data '0-3'
82
- ip6_data '0-4'
83
- extended_switch_data '0-1001'
84
- extended_router_data '0-1002'
85
- skip :default, :length => :record_length
86
- end
130
+ flow_sample_record_data :record_data,
131
+ :selection => lambda { "#{record_entreprise}-#{record_format}" },
132
+ :record_length => :record_length
87
133
  end
88
134
  end
89
135
 
@@ -98,17 +144,9 @@ class ExpandedCounterSample < BinData::Record
98
144
  bit20 :record_entreprise
99
145
  bit12 :record_format
100
146
  uint32 :record_length
101
- choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
102
- generic_interface '0-1'
103
- ethernet_interfaces '0-2'
104
- token_ring '0-3'
105
- hundred_base_vg '0-4'
106
- vlan '0-5'
107
- lag_port_stats '0-7'
108
- processor_information '0-1001'
109
- http_counters '0-2201'
110
- skip :default, :length => :record_length
111
- end
147
+ counter_sample_record_data :record_data,
148
+ :selection => lambda { "#{record_entreprise}-#{record_format}" },
149
+ :record_length => :record_length
112
150
  #processor_information :record_data
113
151
  end
114
152
  end
@@ -54,3 +54,20 @@ class SflowIP6Addr < BinData::Primitive
54
54
  }.pack('n8')).to_s
55
55
  end
56
56
  end
57
+
58
+ # noinspection RubyResolve
59
+ class SflowString < BinData::Primitive
60
+ endian :big
61
+ uint32 :read_length
62
+ string :data, :read_length => :read_length
63
+ skip :length => lambda { read_length % 4 }
64
+
65
+ def set(val)
66
+ self.read_length = val.length
67
+ self.data = val
68
+ end
69
+
70
+ def get
71
+ self.data
72
+ end
73
+ end
@@ -1,13 +1,13 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-codec-sflow'
4
- s.version = '2.0.2'
5
- s.licenses = ['Apache License (2.0)']
4
+ s.version = '2.1.1'
5
+ s.licenses = ['Apache-2.0']
6
6
  s.summary = 'The sflow codec is for decoding SFlow v5 flows.'
7
7
  s.description = 'This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program'
8
- s.authors = ['Nicolas Fraison']
9
- s.email = ''
10
- s.homepage = ''
8
+ s.authors = ['Konrad Zemek', 'Nicolas Fraison']
9
+ s.email = 'konrad@path.net'
10
+ s.homepage = 'https://path.net'
11
11
  s.require_paths = ['lib']
12
12
 
13
13
  # Files
@@ -21,9 +21,9 @@ Gem::Specification.new do |s|
21
21
 
22
22
  # Gem dependencies
23
23
  s.add_runtime_dependency 'logstash-core-plugin-api', '>= 1.60', '<= 2.99'
24
- s.add_runtime_dependency 'logstash-core', '>= 5.4.0', '<= 6.9.9'
25
- s.add_runtime_dependency 'bindata', ['~> 2.3']
24
+ s.add_runtime_dependency 'logstash-core', '>= 5.4.0', '<= 7.9.9'
25
+ s.add_runtime_dependency 'bindata', ['~> 2.4']
26
26
  s.add_runtime_dependency 'lru_redux', ['~> 1.1']
27
27
  s.add_runtime_dependency 'snmp', ['~> 1.2']
28
- s.add_development_dependency 'logstash-devutils', '<= 1.3.1'
28
+ s.add_development_dependency 'logstash-devutils', ['~> 1.3']
29
29
  end
@@ -41,41 +41,41 @@ describe TcpHeader do
41
41
  end
42
42
 
43
43
 
44
- describe IPHeader do
44
+ describe IPV4Header do
45
45
  it "should decode ipv4 tcp header" do
46
46
  payload = IO.read(File.join(File.dirname(__FILE__), "ipv4_tcp_header.dat"), :mode => "rb")
47
- decoded = IPHeader.new(:size_header => payload.bytesize * 8).read(payload)
47
+ decoded = IPV4Header.new(:size_header => payload.bytesize * 8).read(payload)
48
48
 
49
49
  decoded["ip_version"].to_s.should eq("4")
50
- decoded["ip_header"]["ip_header_length"].to_s.should eq("5")
51
- decoded["ip_header"]["ip_dscp"].to_s.should eq("0")
52
- decoded["ip_header"]["ip_ecn"].to_s.should eq("0")
53
- decoded["ip_header"]["ip_total_length"].to_s.should eq("476")
54
- decoded["ip_header"]["ip_identification"].to_s.should eq("30529")
55
- decoded["ip_header"]["ip_flags"].to_s.should eq("2")
56
- decoded["ip_header"]["ip_fragment_offset"].to_s.should eq("0")
57
- decoded["ip_header"]["ip_ttl"].to_s.should eq("62")
58
- decoded["ip_header"]["ip_protocol"].to_s.should eq("6")
59
- decoded["ip_header"]["ip_checksum"].to_s.should eq("37559")
60
- decoded["ip_header"]["src_ip"].to_s.should eq("10.243.27.17")
61
- decoded["ip_header"]["dst_ip"].to_s.should eq("10.243.0.45")
62
- decoded["ip_header"]["ip_data"]["src_port"].to_s.should eq("5672")
63
- decoded["ip_header"]["ip_data"]["dst_port"].to_s.should eq("59451")
64
- decoded["ip_header"]["ip_data"]["tcp_seq_number"].to_s.should eq("2671357038")
65
- decoded["ip_header"]["ip_data"]["tcp_ack_number"].to_s.should eq("2651945969")
66
- (decoded["ip_header"]["ip_data"]["tcp_header_length"].to_i*4).to_s.should eq("32")
67
- decoded["ip_header"]["ip_data"]["tcp_is_nonce"].to_s.should eq("0")
68
- decoded["ip_header"]["ip_data"]["tcp_is_cwr"].to_s.should eq("0")
69
- decoded["ip_header"]["ip_data"]["tcp_is_ecn_echo"].to_s.should eq("0")
70
- decoded["ip_header"]["ip_data"]["tcp_is_urgent"].to_s.should eq("0")
71
- decoded["ip_header"]["ip_data"]["tcp_is_ack"].to_s.should eq("1")
72
- decoded["ip_header"]["ip_data"]["tcp_is_push"].to_s.should eq("1")
73
- decoded["ip_header"]["ip_data"]["tcp_is_reset"].to_s.should eq("0")
74
- decoded["ip_header"]["ip_data"]["tcp_is_syn"].to_s.should eq("0")
75
- decoded["ip_header"]["ip_data"]["tcp_is_fin"].to_s.should eq("0")
76
- decoded["ip_header"]["ip_data"]["tcp_window_size"].to_s.should eq("147")
77
- decoded["ip_header"]["ip_data"]["tcp_checksum"].to_s.should eq("13042")
78
- decoded["ip_header"]["ip_data"]["tcp_urgent_pointer"].to_s.should eq("0")
50
+ decoded["ip_header_length"].to_s.should eq("5")
51
+ decoded["ip_dscp"].to_s.should eq("0")
52
+ decoded["ip_ecn"].to_s.should eq("0")
53
+ decoded["ip_total_length"].to_s.should eq("476")
54
+ decoded["ip_identification"].to_s.should eq("30529")
55
+ decoded["ip_flags"].to_s.should eq("2")
56
+ decoded["ip_fragment_offset"].to_s.should eq("0")
57
+ decoded["ip_ttl"].to_s.should eq("62")
58
+ decoded["ip_protocol"].to_s.should eq("6")
59
+ decoded["ip_checksum"].to_s.should eq("37559")
60
+ decoded["src_ip"].to_s.should eq("10.243.27.17")
61
+ decoded["dst_ip"].to_s.should eq("10.243.0.45")
62
+ decoded["ip_data"]["src_port"].to_s.should eq("5672")
63
+ decoded["ip_data"]["dst_port"].to_s.should eq("59451")
64
+ decoded["ip_data"]["tcp_seq_number"].to_s.should eq("2671357038")
65
+ decoded["ip_data"]["tcp_ack_number"].to_s.should eq("2651945969")
66
+ (decoded["ip_data"]["tcp_header_length"].to_i*4).to_s.should eq("32")
67
+ decoded["ip_data"]["tcp_is_nonce"].to_s.should eq("0")
68
+ decoded["ip_data"]["tcp_is_cwr"].to_s.should eq("0")
69
+ decoded["ip_data"]["tcp_is_ecn_echo"].to_s.should eq("0")
70
+ decoded["ip_data"]["tcp_is_urgent"].to_s.should eq("0")
71
+ decoded["ip_data"]["tcp_is_ack"].to_s.should eq("1")
72
+ decoded["ip_data"]["tcp_is_push"].to_s.should eq("1")
73
+ decoded["ip_data"]["tcp_is_reset"].to_s.should eq("0")
74
+ decoded["ip_data"]["tcp_is_syn"].to_s.should eq("0")
75
+ decoded["ip_data"]["tcp_is_fin"].to_s.should eq("0")
76
+ decoded["ip_data"]["tcp_window_size"].to_s.should eq("147")
77
+ decoded["ip_data"]["tcp_checksum"].to_s.should eq("13042")
78
+ decoded["ip_data"]["tcp_urgent_pointer"].to_s.should eq("0")
79
79
  end
80
80
  end
81
81
 
metadata CHANGED
@@ -1,16 +1,18 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-codec-sflow
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.2
4
+ version: 2.1.1
5
5
  platform: ruby
6
6
  authors:
7
+ - Konrad Zemek
7
8
  - Nicolas Fraison
8
- autorequire:
9
+ autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2018-02-09 00:00:00.000000000 Z
12
+ date: 2019-06-26 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
15
+ name: logstash-core-plugin-api
14
16
  requirement: !ruby/object:Gem::Requirement
15
17
  requirements:
16
18
  - - ">="
@@ -19,9 +21,8 @@ dependencies:
19
21
  - - "<="
20
22
  - !ruby/object:Gem::Version
21
23
  version: '2.99'
22
- name: logstash-core-plugin-api
23
- prerelease: false
24
24
  type: :runtime
25
+ prerelease: false
25
26
  version_requirements: !ruby/object:Gem::Requirement
26
27
  requirements:
27
28
  - - ">="
@@ -31,6 +32,7 @@ dependencies:
31
32
  - !ruby/object:Gem::Version
32
33
  version: '2.99'
33
34
  - !ruby/object:Gem::Dependency
35
+ name: logstash-core
34
36
  requirement: !ruby/object:Gem::Requirement
35
37
  requirements:
36
38
  - - ">="
@@ -38,10 +40,9 @@ dependencies:
38
40
  version: 5.4.0
39
41
  - - "<="
40
42
  - !ruby/object:Gem::Version
41
- version: 6.9.9
42
- name: logstash-core
43
- prerelease: false
43
+ version: 7.9.9
44
44
  type: :runtime
45
+ prerelease: false
45
46
  version_requirements: !ruby/object:Gem::Requirement
46
47
  requirements:
47
48
  - - ">="
@@ -49,65 +50,67 @@ dependencies:
49
50
  version: 5.4.0
50
51
  - - "<="
51
52
  - !ruby/object:Gem::Version
52
- version: 6.9.9
53
+ version: 7.9.9
53
54
  - !ruby/object:Gem::Dependency
55
+ name: bindata
54
56
  requirement: !ruby/object:Gem::Requirement
55
57
  requirements:
56
58
  - - "~>"
57
59
  - !ruby/object:Gem::Version
58
- version: '2.3'
59
- name: bindata
60
- prerelease: false
60
+ version: '2.4'
61
61
  type: :runtime
62
+ prerelease: false
62
63
  version_requirements: !ruby/object:Gem::Requirement
63
64
  requirements:
64
65
  - - "~>"
65
66
  - !ruby/object:Gem::Version
66
- version: '2.3'
67
+ version: '2.4'
67
68
  - !ruby/object:Gem::Dependency
69
+ name: lru_redux
68
70
  requirement: !ruby/object:Gem::Requirement
69
71
  requirements:
70
72
  - - "~>"
71
73
  - !ruby/object:Gem::Version
72
74
  version: '1.1'
73
- name: lru_redux
74
- prerelease: false
75
75
  type: :runtime
76
+ prerelease: false
76
77
  version_requirements: !ruby/object:Gem::Requirement
77
78
  requirements:
78
79
  - - "~>"
79
80
  - !ruby/object:Gem::Version
80
81
  version: '1.1'
81
82
  - !ruby/object:Gem::Dependency
83
+ name: snmp
82
84
  requirement: !ruby/object:Gem::Requirement
83
85
  requirements:
84
86
  - - "~>"
85
87
  - !ruby/object:Gem::Version
86
88
  version: '1.2'
87
- name: snmp
88
- prerelease: false
89
89
  type: :runtime
90
+ prerelease: false
90
91
  version_requirements: !ruby/object:Gem::Requirement
91
92
  requirements:
92
93
  - - "~>"
93
94
  - !ruby/object:Gem::Version
94
95
  version: '1.2'
95
96
  - !ruby/object:Gem::Dependency
97
+ name: logstash-devutils
96
98
  requirement: !ruby/object:Gem::Requirement
97
99
  requirements:
98
- - - "<="
100
+ - - "~>"
99
101
  - !ruby/object:Gem::Version
100
- version: 1.3.1
101
- name: logstash-devutils
102
- prerelease: false
102
+ version: '1.3'
103
103
  type: :development
104
+ prerelease: false
104
105
  version_requirements: !ruby/object:Gem::Requirement
105
106
  requirements:
106
- - - "<="
107
+ - - "~>"
107
108
  - !ruby/object:Gem::Version
108
- version: 1.3.1
109
- description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
110
- email: ''
109
+ version: '1.3'
110
+ description: This gem is a logstash plugin required to be installed on top of the
111
+ Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not
112
+ a stand-alone program
113
+ email: konrad@path.net
111
114
  executables: []
112
115
  extensions: []
113
116
  extra_rdoc_files: []
@@ -139,13 +142,13 @@ files:
139
142
  - spec/codecs/sflow_flow_sample_eth_vlan.dat
140
143
  - spec/codecs/sflow_spec.rb
141
144
  - spec/codecs/sflow_with_lag_counters.dat
142
- homepage: ''
145
+ homepage: https://path.net
143
146
  licenses:
144
- - Apache License (2.0)
147
+ - Apache-2.0
145
148
  metadata:
146
149
  logstash_plugin: 'true'
147
150
  logstash_group: codec
148
- post_install_message:
151
+ post_install_message:
149
152
  rdoc_options: []
150
153
  require_paths:
151
154
  - lib
@@ -160,9 +163,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
160
163
  - !ruby/object:Gem::Version
161
164
  version: '0'
162
165
  requirements: []
163
- rubyforge_project:
164
- rubygems_version: 2.6.8
165
- signing_key:
166
+ rubyforge_project:
167
+ rubygems_version: 2.7.6.2
168
+ signing_key:
166
169
  specification_version: 4
167
170
  summary: The sflow codec is for decoding SFlow v5 flows.
168
171
  test_files: