logstash-codec-sflow 2.0.2 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 4de459b447b9a3306526751ae54b98738b3c67f2
4
- data.tar.gz: 940fb98e25dc7b06ea9a12e31bc14018dbbb45c6
2
+ SHA256:
3
+ metadata.gz: ca54b16d12f3edc8d3ef8b37db6558916b571888eb218d9b3ca8388a9f65c97c
4
+ data.tar.gz: a6bd63dcdbfea7738673a98af680d7e280a195e6f81a4cedd069160d154a803c
5
5
  SHA512:
6
- metadata.gz: 94639d6675f44e38f417126cf2bd70b8ad558396f2ca40cf83b7b1ddd890e7d0b25ebf2f81d5292c159f62e00b5639270604da5c3eca1931f4fb4442aa4c0b02
7
- data.tar.gz: 5f9db4d7ca6820808705857f5afac6764b7a0f07aa93dd5f881c09ee26d7b20d6f754f7d52085986290843773158ed443020105180e1731cb3e4f258287329fb
6
+ metadata.gz: 513650e06427993a2f0eef196a3f0c9ee4269eac3283e9160846e225b09996c6a9e1e1961f50f99069dc3273e40f7d204ea1c36b1a600fea753b7a2e0c9dd623
7
+ data.tar.gz: ba89921055f7996383c8bd075ae771c76728cfb744828e58d064c1c19b98bd1b49ce5d1b82130a21d6535ea14d8f13f755fca289b92858e1d61ab4884b4f685e
@@ -61,7 +61,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
61
61
 
62
62
  def snmp_call(event)
63
63
  if @snmp_interface
64
- if event.include?('source_id_type') and event['source_id_type'].to_s == '0'
64
+ if event.include?('source_id_type') and event.get('source_id_type').to_s == '0'
65
65
  if event.include?('source_id_index')
66
66
  event.set('source_id_index_descr', @snmp.get_interface(event.get('agent_ip'), event.get('source_id_index')))
67
67
  end
@@ -124,7 +124,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
124
124
  sample['sample_data']['records'].each do |record|
125
125
  # Ensure that some data exist for the record
126
126
  if record['record_data'].to_s.eql? ''
127
- @logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
127
+ @logger.warn("Unknown sample_flow record: entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
128
128
  next
129
129
  end
130
130
 
@@ -152,7 +152,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
152
152
  sample['sample_data']['records'].each do |record|
153
153
  # Ensure that some data exist for the record
154
154
  if record['record_data'].to_s.eql? ''
155
- @logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
155
+ @logger.warn("Unknown counter_flow record: entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
156
156
  next
157
157
  end
158
158
 
@@ -97,7 +97,6 @@ class Vlan < BinData::Record
97
97
  uint32 :discards
98
98
  end
99
99
 
100
-
101
100
  # noinspection RubyResolve
102
101
  class ProcessorInformation < BinData::Record
103
102
  endian :big
@@ -108,6 +107,19 @@ class ProcessorInformation < BinData::Record
108
107
  uint64 :free_memory
109
108
  end
110
109
 
110
+ # noinspection RubyResolve
111
+ class OfPort < BinData::Record
112
+ endian :big
113
+ uint64 :datapath_id
114
+ uint32 :port_no
115
+ end
116
+
117
+ # noinspection RubyResolve
118
+ class PortName < BinData::Record
119
+ endian :big
120
+ sflow_string :name
121
+ end
122
+
111
123
  # noinspection RubyResolve
112
124
  class HttpCounters < BinData::Record
113
125
  endian :big
@@ -149,3 +161,239 @@ class LagPortStats < BinData::Record
149
161
  uint32 :dot3adAggPortStatsMarkerPDUsTx
150
162
  uint32 :dot3adAggPortStatsMarkerResponsePDUsTx
151
163
  end
164
+
165
+ # noinspection RubyResolve
166
+ class HostDescr < BinData::Record
167
+ endian :big
168
+ sflow_string :hostname
169
+ array :uuid, :type => :uint8, :initial_length => 16
170
+ uint32 :machine_type
171
+ uint32 :os_name
172
+ sflow_string :os_release
173
+ end
174
+
175
+ # noinspection RubyResolve
176
+ class HostAdapters < BinData::Record
177
+ endian :big
178
+ uint32 :adapters_count
179
+ array :adapters, :initial_length => :adapters_count do
180
+ uint32 :if_index
181
+ uint32 :mac_address_count
182
+ array :mac_addresses, :initial_length => :mac_address_count do
183
+ sflow_mac_address :mac_address
184
+ skip :length => 2
185
+ end
186
+ end
187
+ end
188
+
189
+ # noinspection RubyResolve
190
+ class HostParent < BinData::Record
191
+ endian :big
192
+ uint32 :container_type
193
+ uint32 :container_index
194
+ end
195
+
196
+ # noinspection RubyResolve
197
+ class HostCpu < BinData::Record
198
+ endian :big
199
+ float_be :load_one
200
+ float_be :load_five
201
+ float_be :load_fifteen
202
+ uint32 :proc_run
203
+ uint32 :proc_total
204
+ uint32 :cpu_num
205
+ uint32 :cpu_speed
206
+ uint32 :uptime
207
+ uint32 :cpu_user
208
+ uint32 :cpu_nice
209
+ uint32 :cpu_system
210
+ uint32 :cpu_idle
211
+ uint32 :cpu_wio
212
+ uint32 :cpu_intr
213
+ uint32 :cpu_sintr
214
+ uint32 :interrupts
215
+ uint32 :contexts
216
+ uint32 :cpu_steal
217
+ uint32 :cpu_guest
218
+ uint32 :cpu_guest_nice
219
+ end
220
+
221
+ # noinspection RubyResolve
222
+ class HostMemory < BinData::Record
223
+ endian :big
224
+ uint64 :mem_total
225
+ uint64 :mem_free
226
+ uint64 :mem_shared
227
+ uint64 :mem_buffers
228
+ uint64 :mem_cached
229
+ uint64 :swap_total
230
+ uint64 :swap_free
231
+ uint32 :page_in
232
+ uint32 :page_out
233
+ uint32 :swap_in
234
+ uint32 :swap_out
235
+ end
236
+
237
+ # noinspection RubyResolve
238
+ class HostDiskIo < BinData::Record
239
+ endian :big
240
+ uint64 :disk_total
241
+ uint64 :disk_free
242
+ uint32 :part_max_used_percent
243
+ uint32 :reads
244
+ uint64 :bytes_read
245
+ uint32 :read_time
246
+ uint32 :writes
247
+ uint64 :bytes_written
248
+ uint32 :write_time
249
+ end
250
+
251
+ # noinspection RubyResolve
252
+ class HostNetIo < BinData::Record
253
+ endian :big
254
+ uint64 :bytes_in
255
+ uint32 :pkts_in
256
+ uint32 :errs_in
257
+ uint32 :drops_in
258
+ uint64 :bytes_out
259
+ uint32 :packets_out
260
+ uint32 :errs_out
261
+ uint32 :drops_out
262
+ end
263
+
264
+ # noinspection RubyResolve
265
+ class Mib2IpGroup < BinData::Record
266
+ endian :big
267
+ uint32 :ip_forwarding
268
+ uint32 :ip_default_ttl
269
+ uint32 :ip_in_receives
270
+ uint32 :ip_in_hdr_errors
271
+ uint32 :ip_in_addr_errors
272
+ uint32 :ip_forw_datagrams
273
+ uint32 :ip_in_unknown_protos
274
+ uint32 :ip_in_discards
275
+ uint32 :ip_in_delivers
276
+ uint32 :ip_out_requests
277
+ uint32 :ip_out_discards
278
+ uint32 :ip_out_no_routes
279
+ uint32 :ip_reasm_timeout
280
+ uint32 :ip_reasm_reqds
281
+ uint32 :ip_reasm_oks
282
+ uint32 :ip_reasm_fails
283
+ uint32 :ip_frag_oks
284
+ uint32 :ip_frag_fails
285
+ uint32 :ip_frag_creates
286
+ end
287
+
288
+ # noinspection RubyResolve
289
+ class Mib2IcmpGroup < BinData::Record
290
+ endian :big
291
+ uint32 :icmp_in_msgs
292
+ uint32 :icmp_in_errors
293
+ uint32 :icmp_in_dest_unreachs
294
+ uint32 :icmp_in_time_excds
295
+ uint32 :icmp_in_param_probs
296
+ uint32 :icmp_in_src_quenchs
297
+ uint32 :icmp_in_redirects
298
+ uint32 :icmp_in_echos
299
+ uint32 :icmp_in_echo_reps
300
+ uint32 :icmp_in_timestamps
301
+ uint32 :icmp_in_addr_masks
302
+ uint32 :icmp_in_addr_mask_reps
303
+ uint32 :icmp_out_msgs
304
+ uint32 :icmp_out_errors
305
+ uint32 :icmp_out_dest_unreachs
306
+ uint32 :icmp_out_time_excds
307
+ uint32 :icmp_out_param_probs
308
+ uint32 :icmp_out_src_quenchs
309
+ uint32 :icmp_out_redirects
310
+ uint32 :icmp_out_echos
311
+ uint32 :icmp_out_echo_reps
312
+ uint32 :icmp_out_timestamps
313
+ uint32 :icmp_out_timestamp_reps
314
+ uint32 :icmp_out_addr_masks
315
+ uint32 :icmp_out_addr_mask_reps
316
+ end
317
+
318
+ # noinspection RubyResolve
319
+ class Mib2TcpGroup < BinData::Record
320
+ endian :big
321
+ uint32 :tcp_rto_algorithm
322
+ uint32 :tcp_rto_min
323
+ uint32 :tcp_rto_max
324
+ uint32 :tcp_max_conn
325
+ uint32 :tcp_active_opens
326
+ uint32 :tcp_passive_opens
327
+ uint32 :tcp_attempt_fails
328
+ uint32 :tcp_estab_resets
329
+ uint32 :tcp_curr_estab
330
+ uint32 :tcp_in_segs
331
+ uint32 :tcp_out_segs
332
+ uint32 :tcp_retrans_segs
333
+ uint32 :tcp_in_errs
334
+ uint32 :tcp_out_rsts
335
+ uint32 :tcp_in_csum_errs
336
+ end
337
+
338
+ # noinspection RubyResolve
339
+ class Mib2UdpGroup < BinData::Record
340
+ endian :big
341
+ uint32 :udp_in_datagrams
342
+ uint32 :udp_no_ports
343
+ uint32 :udp_in_errors
344
+ uint32 :udp_out_datagrams
345
+ uint32 :udp_rcvbuf_errors
346
+ uint32 :udp_sndbuf_errors
347
+ uint32 :udp_in_csum_errors
348
+ end
349
+
350
+ # noinspection RubyResolve
351
+ class VirtNode < BinData::Record
352
+ endian :big
353
+ uint32 :mhz
354
+ uint32 :cpus
355
+ uint64 :memory
356
+ uint64 :memory_free
357
+ uint32 :num_domains
358
+ end
359
+
360
+ # noinspection RubyResolve
361
+ class VirtCpu < BinData::Record
362
+ endian :big
363
+ uint32 :state
364
+ uint32 :cpu_time
365
+ uint32 :nr_virt_cpu
366
+ end
367
+
368
+ # noinspection RubyResolve
369
+ class VirtMemory < BinData::Record
370
+ endian :big
371
+ uint64 :memory
372
+ uint64 :max_memory
373
+ end
374
+
375
+ # noinspection RubyResolve
376
+ class VirtDiskIo < BinData::Record
377
+ endian :big
378
+ uint64 :capacity
379
+ uint64 :allocation
380
+ uint64 :physical
381
+ uint32 :rd_req
382
+ uint64 :rd_bytes
383
+ uint32 :wr_req
384
+ uint64 :wr_bytes
385
+ uint32 :errs
386
+ end
387
+
388
+ # noinspection RubyResolve
389
+ class VirtNetIo < BinData::Record
390
+ endian :big
391
+ uint64 :rx_bytes
392
+ uint32 :rx_packets
393
+ uint32 :rx_errs
394
+ uint32 :rx_drop
395
+ uint64 :tx_bytes
396
+ uint32 :tx_packets
397
+ uint32 :tx_errs
398
+ uint32 :tx_drop
399
+ end
@@ -5,8 +5,9 @@ require 'logstash/codecs/sflow/util'
5
5
  require 'logstash/codecs/sflow/packet_header'
6
6
 
7
7
  # noinspection RubyResolve
8
- class RawPacketHeader < BinData::Record
8
+ class RawPacketHeader < BinData::Buffer
9
9
  mandatory_parameter :record_length
10
+ default_parameters :length => :record_length
10
11
 
11
12
  endian :big
12
13
  uint32 :protocol
@@ -15,10 +16,10 @@ class RawPacketHeader < BinData::Record
15
16
  uint32 :header_size
16
17
  choice :sample_header, :selection => :protocol do
17
18
  ethernet_header 1, :size_header => lambda { header_size * 8 }
18
- ip_header 11, :size_header => lambda { header_size * 8 }
19
+ ipv4_header 11, :size_header => lambda { header_size * 8 }
20
+ ipv6_header 12, :size_header => lambda { header_size * 8 }
19
21
  skip :default, :length => :header_size
20
22
  end
21
- bit :padded, :nbits => lambda { (record_length - (header_size + 16)) * 8 } #padded data
22
23
  end
23
24
 
24
25
  # noinspection RubyResolve
@@ -78,3 +79,187 @@ class ExtendedRouterData < BinData::Record
78
79
  uint32 :src_mask_len
79
80
  uint32 :dst_mask_len
80
81
  end
82
+
83
+ # noinspection RubyResolve
84
+ class ExtendedGatewayData < BinData::Record
85
+ endian :big
86
+ uint32 :ip_version
87
+ choice :ip_address_next_hop_router, :selection => :ip_version do
88
+ sflow_ip4_addr 1
89
+ sflow_ip6_addr 2
90
+ end
91
+ uint32 :as_number_of_router
92
+ uint32 :as_number_of_source
93
+ uint32 :as_number_of_source_peer
94
+ uint32 :dest_as_path_count
95
+ array :dest_as_paths, :initial_length => :dest_as_path_count do
96
+ uint32 :as_path_segment_type
97
+ uint32 :as_number_count
98
+ array :as_numbers, :type => :uint32, :initial_length => :as_number_count
99
+ end
100
+ uint32 :communities_count
101
+ array :communities, :type => :uint32, :initial_length => :communities_count
102
+ uint32 :local_pref
103
+ end
104
+
105
+ # noinspection RubyResolve
106
+ class ExtendedUserData < BinData::Record
107
+ endian :big
108
+ uint32 :source_charset
109
+ sflow_string :source_user
110
+ uint32 :destination_charset
111
+ sflow_string :destination_user
112
+ end
113
+
114
+ # noinspection RubyResolve
115
+ class ExtendedUrlData < BinData::Record
116
+ endian :big
117
+ uint32 :direction
118
+ sflow_string :url
119
+ sflow_string :host
120
+ end
121
+
122
+ # noinspection RubyResolve
123
+ class ExtendedMplsData < BinData::Record
124
+ endian :big
125
+ uint32 :ip_version
126
+ choice :ip_address_next_hop_router, :selection => :ip_version do
127
+ sflow_ip4_addr 1
128
+ sflow_ip6_addr 2
129
+ end
130
+ uint32 :in_label_stack_count
131
+ array :in_label_stack, :type => :uint32, :initial_length => :in_label_stack_count
132
+ uint32 :out_label_stack_count
133
+ array :out_label_stack, :type => :uint32, :initial_length => :out_label_stack_count
134
+ end
135
+
136
+ # noinspection RubyResolve
137
+ class ExtendedNatData < BinData::Record
138
+ endian :big
139
+ uint32 :src_ip_version
140
+ choice :src_ip_address, :selection => :src_ip_version do
141
+ sflow_ip4_addr 1
142
+ sflow_ip6_addr 2
143
+ end
144
+ uint32 :dst_ip_version
145
+ choice :dst_ip_address, :selection => :dst_ip_version do
146
+ sflow_ip4_addr 1
147
+ sflow_ip6_addr 2
148
+ end
149
+ end
150
+
151
+ # noinspection RubyResolve
152
+ class ExtendedMplsTunnel < BinData::Record
153
+ endian :big
154
+ sflow_string :tunnel_name
155
+ uint32 :tunnel_id
156
+ uint32 :tunnel_cos_value
157
+ end
158
+
159
+ # noinspection RubyResolve
160
+ class ExtendedMplsVc < BinData::Record
161
+ endian :big
162
+ sflow_string :vc_instance_name
163
+ uint32 :vll_vc_id
164
+ uint32 :vc_label_cos_value
165
+ end
166
+
167
+ # noinspection RubyResolve
168
+ class ExtendedMplsFtn < BinData::Record
169
+ endian :big
170
+ sflow_string :mpls_ftn_descr
171
+ uint32 :mpls_ftn_mask
172
+ end
173
+
174
+ # noinspection RubyResolve
175
+ class ExtendedMplsLdpFec < BinData::Record
176
+ endian :big
177
+ uint32 :mpls_fec_addr_prefix_length
178
+ end
179
+
180
+ # noinspection RubyResolve
181
+ class ExtendedVlanTunnel < BinData::Record
182
+ endian :big
183
+ uint32 :layers_count
184
+ array :layers, :type => :uint32, :initial_length => :layers_count
185
+ end
186
+
187
+ # noinspection RubyResolve
188
+ class ExtendedL2TunnelEgress < BinData::Record
189
+ endian :big
190
+ ethernet_frame_data :header
191
+ end
192
+
193
+ # noinspection RubyResolve
194
+ class ExtendedL2TunnelIngress < BinData::Record
195
+ endian :big
196
+ ethernet_frame_data :header
197
+ end
198
+
199
+ # noinspection RubyResolve
200
+ class ExtendedIpv4TunnelEgress < BinData::Record
201
+ endian :big
202
+ ip4_data :header
203
+ end
204
+
205
+ # noinspection RubyResolve
206
+ class ExtendedIpv4TunnelIngress < BinData::Record
207
+ endian :big
208
+ ip4_data :header
209
+ end
210
+
211
+ # noinspection RubyResolve
212
+ class ExtendedIpv6TunnelEgress < BinData::Record
213
+ endian :big
214
+ ip6_data :header
215
+ end
216
+
217
+ # noinspection RubyResolve
218
+ class ExtendedIpv6TunnelIngress < BinData::Record
219
+ endian :big
220
+ ip6_data :header
221
+ end
222
+
223
+ # noinspection RubyResolve
224
+ class ExtendedDecapsulateEgress < BinData::Record
225
+ endian :big
226
+ uint32 :inner_header_offset
227
+ end
228
+
229
+ # noinspection RubyResolve
230
+ class ExtendedDecapsulateIngress < BinData::Record
231
+ endian :big
232
+ uint32 :inner_header_offset
233
+ end
234
+
235
+ # noinspection RubyResolve
236
+ class ExtendedVniEgress < BinData::Record
237
+ endian :big
238
+ uint32 :vni
239
+ end
240
+
241
+ # noinspection RubyResolve
242
+ class ExtendedVniIngress < BinData::Record
243
+ endian :big
244
+ uint32 :vni
245
+ end
246
+
247
+ # noinspection RubyResolve
248
+ class ExtendedSocketIpv4 < BinData::Record
249
+ endian :big
250
+ uint32 :protocol
251
+ sflow_ip4_addr :local_ip
252
+ sflow_ip4_addr :remote_ip
253
+ uint32 :local_port
254
+ uint32 :remote_port
255
+ end
256
+
257
+ # noinspection RubyResolve
258
+ class ExtendedSocketIpv6 < BinData::Record
259
+ endian :big
260
+ uint32 :protocol
261
+ sflow_ip6_addr :local_ip
262
+ sflow_ip6_addr :remote_ip
263
+ uint32 :local_port
264
+ uint32 :remote_port
265
+ end
@@ -36,13 +36,13 @@ class TcpHeader < BinData::Record
36
36
  uint16 :tcp_window_size
37
37
  uint16 :tcp_checksum
38
38
  uint16 :tcp_urgent_pointer
39
- array :tcp_options, :initial_length => lambda { (((tcp_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
39
+ array :tcp_options, :initial_length => lambda { tcp_header_length - 5 }, :onlyif => lambda { is_options?(size_header) } do
40
40
  string :tcp_option, :length => 4, :pad_byte => "\0"
41
41
  end
42
- bit :data, :nbits => lambda { size_header - (tcp_header_length * 4 * 8) }
42
+ bit :data, :nbits => lambda { size_header - data.rel_offset * 8 }
43
43
 
44
- def is_options?
45
- tcp_header_length.to_i > 5
44
+ def is_options?(size_header)
45
+ tcp_header_length.to_i > 5 and size_header >= tcp_header_length * 4 * 8
46
46
  end
47
47
  end
48
48
 
@@ -63,6 +63,7 @@ class IPV4Header < BinData::Record
63
63
  mandatory_parameter :size_header
64
64
 
65
65
  endian :big
66
+ bit4 :ip_version
66
67
  bit4 :ip_header_length # times 4
67
68
  bit6 :ip_dscp
68
69
  bit2 :ip_ecn
@@ -78,26 +79,47 @@ class IPV4Header < BinData::Record
78
79
  array :ip_options, :initial_length => lambda { (((ip_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
79
80
  string :ip_option, :length => 4, :pad_byte => "\0"
80
81
  end
81
- choice :ip_data, :selection => :ip_protocol do
82
+ choice :ip_data, :selection => :ip_protocol, :onlyif => lambda { has_data?(size_header) } do
82
83
  tcp_header 6, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
83
84
  udp_header 17, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
84
85
  unknown_header :default, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
85
86
  end
86
87
 
88
+ def has_data?(size_header)
89
+ bytes_left = size_header / 8 - ip_header_length * 4
90
+ case ip_protocol
91
+ when 6
92
+ return bytes_left >= 20
93
+ when 17
94
+ return bytes_left >= 8
95
+ else
96
+ return true
97
+ end
98
+ end
99
+
87
100
  def is_options?
88
101
  ip_header_length.to_i > 5
89
102
  end
90
103
  end
91
104
 
92
105
  # noinspection RubyResolve
93
- class IPHeader < BinData::Record
106
+ class IPV6Header < BinData::Record
94
107
  mandatory_parameter :size_header
95
108
 
96
109
  endian :big
97
110
  bit4 :ip_version
98
- choice :ip_header, :selection => :ip_version do
99
- ipv4_header 4, :size_header => :size_header
100
- unknown_header :default, :size_header => lambda { size_header - 4 }
111
+ bit6 :ip_dscp
112
+ bit2 :ip_ecn
113
+ bit20 :ipv6_flow_label
114
+ uint16 :ip_payload_length
115
+ uint8 :ip_protocol
116
+ uint8 :ipv6_hop_limit
117
+ sflow_ip6_addr :src_ip
118
+ sflow_ip6_addr :dst_ip
119
+ choice :ip_data, :selection => :ip_protocol do
120
+ tcp_header 6, :size_header => lambda { size_header - 320 }
121
+ udp_header 17, :size_header => lambda { size_header - 320 }
122
+ unknown_header :default, :size_header => lambda { size_header - 320 }
101
123
  end
102
124
  end
103
125
 
@@ -111,7 +133,8 @@ class VLANHeader < BinData::Record
111
133
  bit12 :vlan_id
112
134
  uint16 :vlan_type
113
135
  choice :vlan_data, :selection => :vlan_type do
114
- ip_header 2048, :size_header => lambda { size_header - (4 * 8) }
136
+ ipv4_header 2048, :size_header => lambda { size_header - (4 * 8) }
137
+ ipv6_header 34525, :size_header => lambda { size_header - (4 * 8) }
115
138
  unknown_header :default, :size_header => lambda { size_header - (4 * 8) }
116
139
  end
117
140
  end
@@ -125,8 +148,9 @@ class EthernetHeader < BinData::Record
125
148
  sflow_mac_address :eth_src
126
149
  uint16 :eth_type
127
150
  choice :eth_data, :selection => :eth_type do
128
- ip_header 2048, :size_header => lambda { size_header - (14 * 8) }
151
+ ipv4_header 2048, :size_header => lambda { size_header - (14 * 8) }
129
152
  vlan_header 33024, :size_header => lambda { size_header - (14 * 8) }
153
+ ipv6_header 34525, :size_header => lambda { size_header - (14 * 8) }
130
154
  unknown_header :default, :size_header => lambda { size_header - (14 * 8) }
131
155
  end
132
- end
156
+ end
@@ -4,6 +4,71 @@ require 'bindata'
4
4
  require 'logstash/codecs/sflow/flow_record'
5
5
  require 'logstash/codecs/sflow/counter_record'
6
6
 
7
+ class FlowSampleRecordData < BinData::Choice
8
+ mandatory_parameter :record_length
9
+
10
+ raw_packet_header '0-1', :record_length => :record_length
11
+ ethernet_frame_data '0-2'
12
+ ip4_data '0-3'
13
+ ip6_data '0-4'
14
+ extended_switch_data '0-1001'
15
+ extended_router_data '0-1002'
16
+ extended_gateway_data '0-1003'
17
+ extended_user_data '0-1004'
18
+ extended_url_data '0-1005'
19
+ extended_mpls_data '0-1006'
20
+ extended_nat_data '0-1007'
21
+ extended_mpls_tunnel '0-1008'
22
+ extended_mpls_vc '0-1009'
23
+ extended_mpls_ftn '0-1010'
24
+ extended_mpls_ldp_fec '0-1012'
25
+ extended_vlan_tunnel '0-1012'
26
+ extended_l2_tunnel_egress '0-1021'
27
+ extended_l2_tunnel_ingress '0-1022'
28
+ extended_ipv4_tunnel_egress '0-1023'
29
+ extended_ipv4_tunnel_ingress '0-1024'
30
+ extended_ipv6_tunnel_egress '0-1025'
31
+ extended_ipv6_tunnel_ingress '0-1026'
32
+ extended_decapsulate_egress '0-1027'
33
+ extended_decapsulate_ingress '0-1028'
34
+ extended_vni_egress '0-1029'
35
+ extended_vni_ingress '0-1030'
36
+ extended_socket_ipv4 '0-2100'
37
+ extended_socket_ipv6 '0-2101'
38
+ skip :default, :length => :record_length
39
+ end
40
+
41
+ class CounterSampleRecordData < BinData::Choice
42
+ mandatory_parameter :record_length
43
+
44
+ generic_interface '0-1'
45
+ ethernet_interfaces '0-2'
46
+ token_ring '0-3'
47
+ hundred_base_vg '0-4'
48
+ vlan '0-5'
49
+ processor_information '0-1001'
50
+ of_port '0-1004'
51
+ port_name '0-1005'
52
+ host_descr '0-2000'
53
+ host_adapters '0-2001'
54
+ host_parent '0-2002'
55
+ host_cpu '0-2003'
56
+ host_memory '0-2004'
57
+ host_disk_io '0-2005'
58
+ host_net_io '0-2006'
59
+ mib2_ip_group '0-2007'
60
+ mib2_icmp_group '0-2008'
61
+ mib2_tcp_group '0-2009'
62
+ mib2_udp_group '0-2010'
63
+ virt_node '0-2100'
64
+ virt_cpu '0-2101'
65
+ virt_memory '0-2102'
66
+ virt_disk_io '0-2103'
67
+ virt_net_io '0-2104'
68
+ http_counters '0-2201'
69
+ skip :default, :length => :record_length
70
+ end
71
+
7
72
  # noinspection RubyResolve
8
73
  class FlowSample < BinData::Record
9
74
  endian :big
@@ -20,15 +85,9 @@ class FlowSample < BinData::Record
20
85
  bit20 :record_entreprise
21
86
  bit12 :record_format
22
87
  uint32 :record_length
23
- choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
24
- raw_packet_header '0-1', :record_length => :record_length
25
- ethernet_frame_data '0-2'
26
- ip4_data '0-3'
27
- ip6_data '0-4'
28
- extended_switch_data '0-1001'
29
- extended_router_data '0-1002'
30
- skip :default, :length => :record_length
31
- end
88
+ flow_sample_record_data :record_data,
89
+ :selection => lambda { "#{record_entreprise}-#{record_format}" },
90
+ :record_length => :record_length
32
91
  end
33
92
  end
34
93
 
@@ -43,16 +102,9 @@ class CounterSample < BinData::Record
43
102
  bit20 :record_entreprise
44
103
  bit12 :record_format
45
104
  uint32 :record_length
46
- choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
47
- generic_interface '0-1'
48
- ethernet_interfaces '0-2'
49
- token_ring '0-3'
50
- hundred_base_vg '0-4'
51
- vlan '0-5'
52
- processor_information '0-1001'
53
- http_counters '0-2201'
54
- skip :default, :length => :record_length
55
- end
105
+ counter_sample_record_data :record_data,
106
+ :selection => lambda { "#{record_entreprise}-#{record_format}" },
107
+ :record_length => :record_length
56
108
  #processor_information :record_data
57
109
  end
58
110
  end
@@ -75,15 +127,9 @@ class ExpandedFlowSample < BinData::Record
75
127
  bit20 :record_entreprise
76
128
  bit12 :record_format
77
129
  uint32 :record_length
78
- choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
79
- raw_packet_header '0-1', :record_length => :record_length
80
- ethernet_frame_data '0-2'
81
- ip4_data '0-3'
82
- ip6_data '0-4'
83
- extended_switch_data '0-1001'
84
- extended_router_data '0-1002'
85
- skip :default, :length => :record_length
86
- end
130
+ flow_sample_record_data :record_data,
131
+ :selection => lambda { "#{record_entreprise}-#{record_format}" },
132
+ :record_length => :record_length
87
133
  end
88
134
  end
89
135
 
@@ -98,17 +144,9 @@ class ExpandedCounterSample < BinData::Record
98
144
  bit20 :record_entreprise
99
145
  bit12 :record_format
100
146
  uint32 :record_length
101
- choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
102
- generic_interface '0-1'
103
- ethernet_interfaces '0-2'
104
- token_ring '0-3'
105
- hundred_base_vg '0-4'
106
- vlan '0-5'
107
- lag_port_stats '0-7'
108
- processor_information '0-1001'
109
- http_counters '0-2201'
110
- skip :default, :length => :record_length
111
- end
147
+ counter_sample_record_data :record_data,
148
+ :selection => lambda { "#{record_entreprise}-#{record_format}" },
149
+ :record_length => :record_length
112
150
  #processor_information :record_data
113
151
  end
114
152
  end
@@ -54,3 +54,20 @@ class SflowIP6Addr < BinData::Primitive
54
54
  }.pack('n8')).to_s
55
55
  end
56
56
  end
57
+
58
+ # noinspection RubyResolve
59
+ class SflowString < BinData::Primitive
60
+ endian :big
61
+ uint32 :read_length
62
+ string :data, :read_length => :read_length
63
+ skip :length => lambda { read_length % 4 }
64
+
65
+ def set(val)
66
+ self.read_length = val.length
67
+ self.data = val
68
+ end
69
+
70
+ def get
71
+ self.data
72
+ end
73
+ end
@@ -1,13 +1,13 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-codec-sflow'
4
- s.version = '2.0.2'
5
- s.licenses = ['Apache License (2.0)']
4
+ s.version = '2.1.1'
5
+ s.licenses = ['Apache-2.0']
6
6
  s.summary = 'The sflow codec is for decoding SFlow v5 flows.'
7
7
  s.description = 'This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program'
8
- s.authors = ['Nicolas Fraison']
9
- s.email = ''
10
- s.homepage = ''
8
+ s.authors = ['Konrad Zemek', 'Nicolas Fraison']
9
+ s.email = 'konrad@path.net'
10
+ s.homepage = 'https://path.net'
11
11
  s.require_paths = ['lib']
12
12
 
13
13
  # Files
@@ -21,9 +21,9 @@ Gem::Specification.new do |s|
21
21
 
22
22
  # Gem dependencies
23
23
  s.add_runtime_dependency 'logstash-core-plugin-api', '>= 1.60', '<= 2.99'
24
- s.add_runtime_dependency 'logstash-core', '>= 5.4.0', '<= 6.9.9'
25
- s.add_runtime_dependency 'bindata', ['~> 2.3']
24
+ s.add_runtime_dependency 'logstash-core', '>= 5.4.0', '<= 7.9.9'
25
+ s.add_runtime_dependency 'bindata', ['~> 2.4']
26
26
  s.add_runtime_dependency 'lru_redux', ['~> 1.1']
27
27
  s.add_runtime_dependency 'snmp', ['~> 1.2']
28
- s.add_development_dependency 'logstash-devutils', '<= 1.3.1'
28
+ s.add_development_dependency 'logstash-devutils', ['~> 1.3']
29
29
  end
@@ -41,41 +41,41 @@ describe TcpHeader do
41
41
  end
42
42
 
43
43
 
44
- describe IPHeader do
44
+ describe IPV4Header do
45
45
  it "should decode ipv4 tcp header" do
46
46
  payload = IO.read(File.join(File.dirname(__FILE__), "ipv4_tcp_header.dat"), :mode => "rb")
47
- decoded = IPHeader.new(:size_header => payload.bytesize * 8).read(payload)
47
+ decoded = IPV4Header.new(:size_header => payload.bytesize * 8).read(payload)
48
48
 
49
49
  decoded["ip_version"].to_s.should eq("4")
50
- decoded["ip_header"]["ip_header_length"].to_s.should eq("5")
51
- decoded["ip_header"]["ip_dscp"].to_s.should eq("0")
52
- decoded["ip_header"]["ip_ecn"].to_s.should eq("0")
53
- decoded["ip_header"]["ip_total_length"].to_s.should eq("476")
54
- decoded["ip_header"]["ip_identification"].to_s.should eq("30529")
55
- decoded["ip_header"]["ip_flags"].to_s.should eq("2")
56
- decoded["ip_header"]["ip_fragment_offset"].to_s.should eq("0")
57
- decoded["ip_header"]["ip_ttl"].to_s.should eq("62")
58
- decoded["ip_header"]["ip_protocol"].to_s.should eq("6")
59
- decoded["ip_header"]["ip_checksum"].to_s.should eq("37559")
60
- decoded["ip_header"]["src_ip"].to_s.should eq("10.243.27.17")
61
- decoded["ip_header"]["dst_ip"].to_s.should eq("10.243.0.45")
62
- decoded["ip_header"]["ip_data"]["src_port"].to_s.should eq("5672")
63
- decoded["ip_header"]["ip_data"]["dst_port"].to_s.should eq("59451")
64
- decoded["ip_header"]["ip_data"]["tcp_seq_number"].to_s.should eq("2671357038")
65
- decoded["ip_header"]["ip_data"]["tcp_ack_number"].to_s.should eq("2651945969")
66
- (decoded["ip_header"]["ip_data"]["tcp_header_length"].to_i*4).to_s.should eq("32")
67
- decoded["ip_header"]["ip_data"]["tcp_is_nonce"].to_s.should eq("0")
68
- decoded["ip_header"]["ip_data"]["tcp_is_cwr"].to_s.should eq("0")
69
- decoded["ip_header"]["ip_data"]["tcp_is_ecn_echo"].to_s.should eq("0")
70
- decoded["ip_header"]["ip_data"]["tcp_is_urgent"].to_s.should eq("0")
71
- decoded["ip_header"]["ip_data"]["tcp_is_ack"].to_s.should eq("1")
72
- decoded["ip_header"]["ip_data"]["tcp_is_push"].to_s.should eq("1")
73
- decoded["ip_header"]["ip_data"]["tcp_is_reset"].to_s.should eq("0")
74
- decoded["ip_header"]["ip_data"]["tcp_is_syn"].to_s.should eq("0")
75
- decoded["ip_header"]["ip_data"]["tcp_is_fin"].to_s.should eq("0")
76
- decoded["ip_header"]["ip_data"]["tcp_window_size"].to_s.should eq("147")
77
- decoded["ip_header"]["ip_data"]["tcp_checksum"].to_s.should eq("13042")
78
- decoded["ip_header"]["ip_data"]["tcp_urgent_pointer"].to_s.should eq("0")
50
+ decoded["ip_header_length"].to_s.should eq("5")
51
+ decoded["ip_dscp"].to_s.should eq("0")
52
+ decoded["ip_ecn"].to_s.should eq("0")
53
+ decoded["ip_total_length"].to_s.should eq("476")
54
+ decoded["ip_identification"].to_s.should eq("30529")
55
+ decoded["ip_flags"].to_s.should eq("2")
56
+ decoded["ip_fragment_offset"].to_s.should eq("0")
57
+ decoded["ip_ttl"].to_s.should eq("62")
58
+ decoded["ip_protocol"].to_s.should eq("6")
59
+ decoded["ip_checksum"].to_s.should eq("37559")
60
+ decoded["src_ip"].to_s.should eq("10.243.27.17")
61
+ decoded["dst_ip"].to_s.should eq("10.243.0.45")
62
+ decoded["ip_data"]["src_port"].to_s.should eq("5672")
63
+ decoded["ip_data"]["dst_port"].to_s.should eq("59451")
64
+ decoded["ip_data"]["tcp_seq_number"].to_s.should eq("2671357038")
65
+ decoded["ip_data"]["tcp_ack_number"].to_s.should eq("2651945969")
66
+ (decoded["ip_data"]["tcp_header_length"].to_i*4).to_s.should eq("32")
67
+ decoded["ip_data"]["tcp_is_nonce"].to_s.should eq("0")
68
+ decoded["ip_data"]["tcp_is_cwr"].to_s.should eq("0")
69
+ decoded["ip_data"]["tcp_is_ecn_echo"].to_s.should eq("0")
70
+ decoded["ip_data"]["tcp_is_urgent"].to_s.should eq("0")
71
+ decoded["ip_data"]["tcp_is_ack"].to_s.should eq("1")
72
+ decoded["ip_data"]["tcp_is_push"].to_s.should eq("1")
73
+ decoded["ip_data"]["tcp_is_reset"].to_s.should eq("0")
74
+ decoded["ip_data"]["tcp_is_syn"].to_s.should eq("0")
75
+ decoded["ip_data"]["tcp_is_fin"].to_s.should eq("0")
76
+ decoded["ip_data"]["tcp_window_size"].to_s.should eq("147")
77
+ decoded["ip_data"]["tcp_checksum"].to_s.should eq("13042")
78
+ decoded["ip_data"]["tcp_urgent_pointer"].to_s.should eq("0")
79
79
  end
80
80
  end
81
81
 
metadata CHANGED
@@ -1,16 +1,18 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-codec-sflow
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.2
4
+ version: 2.1.1
5
5
  platform: ruby
6
6
  authors:
7
+ - Konrad Zemek
7
8
  - Nicolas Fraison
8
- autorequire:
9
+ autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2018-02-09 00:00:00.000000000 Z
12
+ date: 2019-06-26 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
15
+ name: logstash-core-plugin-api
14
16
  requirement: !ruby/object:Gem::Requirement
15
17
  requirements:
16
18
  - - ">="
@@ -19,9 +21,8 @@ dependencies:
19
21
  - - "<="
20
22
  - !ruby/object:Gem::Version
21
23
  version: '2.99'
22
- name: logstash-core-plugin-api
23
- prerelease: false
24
24
  type: :runtime
25
+ prerelease: false
25
26
  version_requirements: !ruby/object:Gem::Requirement
26
27
  requirements:
27
28
  - - ">="
@@ -31,6 +32,7 @@ dependencies:
31
32
  - !ruby/object:Gem::Version
32
33
  version: '2.99'
33
34
  - !ruby/object:Gem::Dependency
35
+ name: logstash-core
34
36
  requirement: !ruby/object:Gem::Requirement
35
37
  requirements:
36
38
  - - ">="
@@ -38,10 +40,9 @@ dependencies:
38
40
  version: 5.4.0
39
41
  - - "<="
40
42
  - !ruby/object:Gem::Version
41
- version: 6.9.9
42
- name: logstash-core
43
- prerelease: false
43
+ version: 7.9.9
44
44
  type: :runtime
45
+ prerelease: false
45
46
  version_requirements: !ruby/object:Gem::Requirement
46
47
  requirements:
47
48
  - - ">="
@@ -49,65 +50,67 @@ dependencies:
49
50
  version: 5.4.0
50
51
  - - "<="
51
52
  - !ruby/object:Gem::Version
52
- version: 6.9.9
53
+ version: 7.9.9
53
54
  - !ruby/object:Gem::Dependency
55
+ name: bindata
54
56
  requirement: !ruby/object:Gem::Requirement
55
57
  requirements:
56
58
  - - "~>"
57
59
  - !ruby/object:Gem::Version
58
- version: '2.3'
59
- name: bindata
60
- prerelease: false
60
+ version: '2.4'
61
61
  type: :runtime
62
+ prerelease: false
62
63
  version_requirements: !ruby/object:Gem::Requirement
63
64
  requirements:
64
65
  - - "~>"
65
66
  - !ruby/object:Gem::Version
66
- version: '2.3'
67
+ version: '2.4'
67
68
  - !ruby/object:Gem::Dependency
69
+ name: lru_redux
68
70
  requirement: !ruby/object:Gem::Requirement
69
71
  requirements:
70
72
  - - "~>"
71
73
  - !ruby/object:Gem::Version
72
74
  version: '1.1'
73
- name: lru_redux
74
- prerelease: false
75
75
  type: :runtime
76
+ prerelease: false
76
77
  version_requirements: !ruby/object:Gem::Requirement
77
78
  requirements:
78
79
  - - "~>"
79
80
  - !ruby/object:Gem::Version
80
81
  version: '1.1'
81
82
  - !ruby/object:Gem::Dependency
83
+ name: snmp
82
84
  requirement: !ruby/object:Gem::Requirement
83
85
  requirements:
84
86
  - - "~>"
85
87
  - !ruby/object:Gem::Version
86
88
  version: '1.2'
87
- name: snmp
88
- prerelease: false
89
89
  type: :runtime
90
+ prerelease: false
90
91
  version_requirements: !ruby/object:Gem::Requirement
91
92
  requirements:
92
93
  - - "~>"
93
94
  - !ruby/object:Gem::Version
94
95
  version: '1.2'
95
96
  - !ruby/object:Gem::Dependency
97
+ name: logstash-devutils
96
98
  requirement: !ruby/object:Gem::Requirement
97
99
  requirements:
98
- - - "<="
100
+ - - "~>"
99
101
  - !ruby/object:Gem::Version
100
- version: 1.3.1
101
- name: logstash-devutils
102
- prerelease: false
102
+ version: '1.3'
103
103
  type: :development
104
+ prerelease: false
104
105
  version_requirements: !ruby/object:Gem::Requirement
105
106
  requirements:
106
- - - "<="
107
+ - - "~>"
107
108
  - !ruby/object:Gem::Version
108
- version: 1.3.1
109
- description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
110
- email: ''
109
+ version: '1.3'
110
+ description: This gem is a logstash plugin required to be installed on top of the
111
+ Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not
112
+ a stand-alone program
113
+ email: konrad@path.net
111
114
  executables: []
112
115
  extensions: []
113
116
  extra_rdoc_files: []
@@ -139,13 +142,13 @@ files:
139
142
  - spec/codecs/sflow_flow_sample_eth_vlan.dat
140
143
  - spec/codecs/sflow_spec.rb
141
144
  - spec/codecs/sflow_with_lag_counters.dat
142
- homepage: ''
145
+ homepage: https://path.net
143
146
  licenses:
144
- - Apache License (2.0)
147
+ - Apache-2.0
145
148
  metadata:
146
149
  logstash_plugin: 'true'
147
150
  logstash_group: codec
148
- post_install_message:
151
+ post_install_message:
149
152
  rdoc_options: []
150
153
  require_paths:
151
154
  - lib
@@ -160,9 +163,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
160
163
  - !ruby/object:Gem::Version
161
164
  version: '0'
162
165
  requirements: []
163
- rubyforge_project:
164
- rubygems_version: 2.6.8
165
- signing_key:
166
+ rubyforge_project:
167
+ rubygems_version: 2.7.6.2
168
+ signing_key:
166
169
  specification_version: 4
167
170
  summary: The sflow codec is for decoding SFlow v5 flows.
168
171
  test_files: