logstash-input-tcp 5.0.10-java → 5.1.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -3
- data/docs/index.asciidoc +16 -17
- data/lib/logstash/inputs/tcp.rb +8 -8
- data/lib/logstash/inputs/tcp/decoder_impl.rb +8 -1
- data/spec/inputs/tcp_spec.rb +22 -49
- data/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/{5.0.10/logstash-input-tcp-5.0.10.jar → 5.1.0/logstash-input-tcp-5.1.0.jar} +0 -0
- data/version +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4bdc4fa864025d5a16b2df9fa53895cede35c8ec8dbea33d9860abed4f69c8ff
|
4
|
+
data.tar.gz: 81f17ce76abfb8461e4c5ac8f6d844912cb718794daf46b37c1ad3d5db699583
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7042bdc571be68b767a0c8968b2e58f3a3e680b75df7f545286e3510739b427e462cd4faf2202daf52bfee18f4a92ec5bad3aec475cb23f5d255fb2a754f489a
|
7
|
+
data.tar.gz: 5d97f02d553595cf493fc704c091e870653d5179017dfa677ec68223e56d7d7fd29e5912040df4e4274ace070e6f1aece3bb4c9904a7d5d310e675446fd9cae3
|
data/CHANGELOG.md
CHANGED
@@ -1,9 +1,9 @@
|
|
1
|
-
## 5.0
|
2
|
-
|
1
|
+
## 5.1.0
|
2
|
+
- Added new configuration option `dns_reverse_lookup_enabled` to allow users to disable costly DNS reverse lookups [#100](https://github.com/logstash-plugins/logstash-input-tcp/issues/100)
|
3
3
|
|
4
4
|
## 5.0.9
|
5
5
|
- New configuration option to set TCP keep-alive [#16](https://github.com/logstash-plugins/logstash-input-tcp/pull/116)
|
6
|
-
|
6
|
+
|
7
7
|
## 5.0.8
|
8
8
|
- Reorder shut down of the two event loops to prevent RejectedExecutionException
|
9
9
|
|
data/docs/index.asciidoc
CHANGED
@@ -83,13 +83,13 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
83
83
|
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
|
84
84
|
| <<plugins-{type}s-{plugin}-proxy_protocol>> |<<boolean,boolean>>|No
|
85
85
|
| <<plugins-{type}s-{plugin}-ssl_cert>> |a valid filesystem path|No
|
86
|
-
| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
|
87
86
|
| <<plugins-{type}s-{plugin}-ssl_enable>> |<<boolean,boolean>>|No
|
88
87
|
| <<plugins-{type}s-{plugin}-ssl_extra_chain_certs>> |<<array,array>>|No
|
89
88
|
| <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
|
90
89
|
| <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
|
91
90
|
| <<plugins-{type}s-{plugin}-ssl_verify>> |<<boolean,boolean>>|No
|
92
91
|
| <<plugins-{type}s-{plugin}-tcp_keep_alive>> |<<boolean,boolean>>|No
|
92
|
+
| <<plugins-{type}s-{plugin}-dns_reverse_lookup_enabled>> |<<boolean,boolean>>|No
|
93
93
|
|=======================================================================
|
94
94
|
|
95
95
|
Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
|
@@ -140,17 +140,7 @@ http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
|
|
140
140
|
* Value type is <<path,path>>
|
141
141
|
* There is no default value for this setting.
|
142
142
|
|
143
|
-
|
144
|
-
to the connecting clients.
|
145
|
-
|
146
|
-
[id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
|
147
|
-
===== `ssl_extra_chain_certs`
|
148
|
-
|
149
|
-
* Value type is <<array,array>>
|
150
|
-
* Default value is `[]`
|
151
|
-
|
152
|
-
Validate client certificate or certificate chain against these authorities.
|
153
|
-
You can define multiple files or paths. All the certificates will be read and added to the trust store.
|
143
|
+
SSL certificate path
|
154
144
|
|
155
145
|
[id="plugins-{type}s-{plugin}-ssl_enable"]
|
156
146
|
===== `ssl_enable`
|
@@ -166,9 +156,8 @@ Enable SSL (must be set for other `ssl_` options to take effect).
|
|
166
156
|
* Value type is <<array,array>>
|
167
157
|
* Default value is `[]`
|
168
158
|
|
169
|
-
An Array of
|
170
|
-
|
171
|
-
presented to the client.
|
159
|
+
An Array of extra X509 certificates to be added to the certificate chain.
|
160
|
+
Useful when the CA chain is not necessary in the system store.
|
172
161
|
|
173
162
|
[id="plugins-{type}s-{plugin}-ssl_key"]
|
174
163
|
===== `ssl_key`
|
@@ -176,7 +165,7 @@ presented to the client.
|
|
176
165
|
* Value type is <<path,path>>
|
177
166
|
* There is no default value for this setting.
|
178
167
|
|
179
|
-
|
168
|
+
SSL key path
|
180
169
|
|
181
170
|
[id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
|
182
171
|
===== `ssl_key_passphrase`
|
@@ -184,7 +173,7 @@ The path to the private key corresponding to the specified certificate (PEM form
|
|
184
173
|
* Value type is <<password,password>>
|
185
174
|
* Default value is `nil`
|
186
175
|
|
187
|
-
SSL key passphrase
|
176
|
+
SSL key passphrase
|
188
177
|
|
189
178
|
[id="plugins-{type}s-{plugin}-ssl_verify"]
|
190
179
|
===== `ssl_verify`
|
@@ -203,6 +192,16 @@ For input, sets the field `sslsubject` to that of the client certificate.
|
|
203
192
|
|
204
193
|
Instruct the socket to use TCP keep alives. Uses OS defaults for keep alive settings.
|
205
194
|
|
195
|
+
[id="plugins-{type}s-{plugin}-dns_reverse_lookup_enabled"]
|
196
|
+
===== `dns_reverse_lookup_enabled`
|
197
|
+
|
198
|
+
* Value type is <<boolean,boolean>>
|
199
|
+
* Default value is `true`
|
200
|
+
|
201
|
+
It is possible to avoid DNS reverse-lookups by disabling this setting. If disabled,
|
202
|
+
the address metadata that is added to events will contain the source address as-specified
|
203
|
+
at the TCP layer and IPs will not be resolved to hostnames.
|
204
|
+
|
206
205
|
|
207
206
|
[id="plugins-{type}s-{plugin}-common-options"]
|
208
207
|
include::{include_path}/{type}.asciidoc[]
|
data/lib/logstash/inputs/tcp.rb
CHANGED
@@ -105,12 +105,12 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
|
|
105
105
|
# Useful when the CA chain is not necessary in the system store.
|
106
106
|
config :ssl_extra_chain_certs, :validate => :array, :default => []
|
107
107
|
|
108
|
-
# Validate client certificates against these authorities. You can define multiple files or paths. All the certificates will be read and added to the trust store.
|
109
|
-
config :ssl_certificate_authorities, :validate => :array, :default => []
|
110
|
-
|
111
108
|
# Instruct the socket to use TCP keep alives. Uses OS defaults for keep alive settings.
|
112
109
|
config :tcp_keep_alive, :validate => :boolean, :default => false
|
113
110
|
|
111
|
+
# Option to allow users to avoid DNS Reverse Lookup.
|
112
|
+
config :dns_reverse_lookup_enabled, :validate => :boolean, :default => true
|
113
|
+
|
114
114
|
HOST_FIELD = "host".freeze
|
115
115
|
HOST_IP_FIELD = "[@metadata][ip_address]".freeze
|
116
116
|
PORT_FIELD = "port".freeze
|
@@ -200,6 +200,10 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
|
|
200
200
|
end
|
201
201
|
end
|
202
202
|
|
203
|
+
def dns_reverse_lookup_enabled?
|
204
|
+
@dns_reverse_lookup_enabled
|
205
|
+
end
|
206
|
+
|
203
207
|
private
|
204
208
|
|
205
209
|
RUN_LOOP_ERROR_MESSAGE="TCP input server encountered error"
|
@@ -313,10 +317,6 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
|
|
313
317
|
@ssl_context = OpenSSL::SSL::SSLContext.new
|
314
318
|
@ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert))
|
315
319
|
@ssl_context.key = OpenSSL::PKey::RSA.new(File.read(@ssl_key),@ssl_key_passphrase.value)
|
316
|
-
if @ssl_extra_chain_certs.any?
|
317
|
-
@ssl_context.extra_chain_cert = @ssl_extra_chain_certs.map {|cert_path| OpenSSL::X509::Certificate.new(File.read(cert_path)) }
|
318
|
-
@ssl_context.extra_chain_cert.unshift(OpenSSL::X509::Certificate.new(File.read(@ssl_cert)))
|
319
|
-
end
|
320
320
|
if @ssl_verify
|
321
321
|
@ssl_context.cert_store = load_cert_store
|
322
322
|
@ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
|
@@ -332,7 +332,7 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
|
|
332
332
|
def load_cert_store
|
333
333
|
cert_store = OpenSSL::X509::Store.new
|
334
334
|
cert_store.set_default_paths
|
335
|
-
@
|
335
|
+
@ssl_extra_chain_certs.each do |cert|
|
336
336
|
cert_store.add_file(cert)
|
337
337
|
end
|
338
338
|
cert_store
|
@@ -51,10 +51,17 @@ class DecoderImpl
|
|
51
51
|
else
|
52
52
|
filtered = received
|
53
53
|
@ip_address = channel_addr.get_address.get_host_address
|
54
|
-
@address = channel_addr
|
54
|
+
@address = extract_host_name(channel_addr)
|
55
55
|
@port = channel_addr.get_port
|
56
56
|
end
|
57
57
|
@first_read = false
|
58
58
|
filtered
|
59
59
|
end
|
60
|
+
|
61
|
+
private
|
62
|
+
def extract_host_name(channel_addr)
|
63
|
+
return channel_addr.get_host_string unless @tcp.dns_reverse_lookup_enabled?
|
64
|
+
|
65
|
+
channel_addr.get_host_name
|
66
|
+
end
|
60
67
|
end
|
data/spec/inputs/tcp_spec.rb
CHANGED
@@ -335,9 +335,11 @@ describe LogStash::Inputs::Tcp do
|
|
335
335
|
end
|
336
336
|
|
337
337
|
context "when ssl_enable is true" do
|
338
|
-
let(:
|
339
|
-
let(:certificate) {
|
340
|
-
let(:key) {
|
338
|
+
let(:pki) { Flores::PKI.generate }
|
339
|
+
let(:certificate) { pki[0] }
|
340
|
+
let(:key) { pki[1] }
|
341
|
+
let(:certificate_file) { Stud::Temporary.file }
|
342
|
+
let(:key_file) { Stud::Temporary.file }
|
341
343
|
let(:queue) { Queue.new }
|
342
344
|
|
343
345
|
let(:config) do
|
@@ -345,59 +347,30 @@ describe LogStash::Inputs::Tcp do
|
|
345
347
|
"host" => "127.0.0.1",
|
346
348
|
"port" => port,
|
347
349
|
"ssl_enable" => true,
|
348
|
-
"ssl_cert" =>
|
349
|
-
"ssl_key" =>
|
350
|
-
|
350
|
+
"ssl_cert" => certificate_file.path,
|
351
|
+
"ssl_key" => key_file.path,
|
352
|
+
|
353
|
+
# Trust our self-signed cert.
|
354
|
+
# TODO(sissel): Make this a separate certificate for the client
|
355
|
+
"ssl_extra_chain_certs" => certificate_file.path
|
351
356
|
}
|
352
357
|
end
|
353
358
|
|
354
359
|
subject(:input) { LogStash::Plugin.lookup("input", "tcp").new(config) }
|
355
360
|
|
356
361
|
before do
|
362
|
+
certificate_file.write(certificate)
|
363
|
+
key_file.write(key)
|
364
|
+
|
365
|
+
# Close to flush the file writes.
|
366
|
+
certificate_file.close
|
367
|
+
key_file.close
|
357
368
|
subject.register
|
358
369
|
end
|
359
370
|
|
360
|
-
|
361
|
-
|
362
|
-
|
363
|
-
{
|
364
|
-
"host" => "127.0.0.1",
|
365
|
-
"port" => port,
|
366
|
-
"ssl_enable" => true,
|
367
|
-
"ssl_cert" => chain_of_certificates[:b_cert].path,
|
368
|
-
"ssl_key" => chain_of_certificates[:b_key].path,
|
369
|
-
"ssl_extra_chain_certs" => [ chain_of_certificates[:a_cert].path ],
|
370
|
-
"ssl_certificate_authorities" => [ chain_of_certificates[:root_ca].path ],
|
371
|
-
"ssl_verify" => true
|
372
|
-
}
|
373
|
-
end
|
374
|
-
let(:tcp) { TCPSocket.new("127.0.0.1", port) }
|
375
|
-
let(:sslcontext) do
|
376
|
-
sslcontext = OpenSSL::SSL::SSLContext.new
|
377
|
-
sslcontext.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
378
|
-
sslcontext.ca_file = chain_of_certificates[:root_ca].path
|
379
|
-
sslcontext.cert = OpenSSL::X509::Certificate.new(File.read(chain_of_certificates[:aa_cert].path))
|
380
|
-
sslcontext.key = OpenSSL::PKey::RSA.new(File.read(chain_of_certificates[:aa_key].path))
|
381
|
-
sslcontext
|
382
|
-
end
|
383
|
-
let(:sslsocket) { OpenSSL::SSL::SSLSocket.new(tcp, sslcontext) }
|
384
|
-
let(:input_task) { Stud::Task.new { input.run(queue) } }
|
385
|
-
|
386
|
-
before do
|
387
|
-
input_task
|
388
|
-
end
|
389
|
-
|
390
|
-
it "should be able to connect and write data" do
|
391
|
-
sslsocket.connect
|
392
|
-
sslsocket.write("Hello world\n")
|
393
|
-
tcp.flush
|
394
|
-
sslsocket.close
|
395
|
-
tcp.close
|
396
|
-
result = input_task.thread.join(0.5)
|
397
|
-
expect(result).to be_nil
|
398
|
-
expect(queue.size).to eq(1)
|
399
|
-
end
|
400
|
-
|
371
|
+
after do
|
372
|
+
File.unlink(certificate_file.path)
|
373
|
+
File.unlink(key_file.path)
|
401
374
|
end
|
402
375
|
|
403
376
|
context "with a poorly-behaving client" do
|
@@ -483,8 +456,8 @@ describe LogStash::Inputs::Tcp do
|
|
483
456
|
let(:garbage) { Flores::Random.iterations(max_length).collect { Flores::Random.integer(1...255) }.pack("C*") }
|
484
457
|
|
485
458
|
before do
|
486
|
-
sslcontext.cert =
|
487
|
-
sslcontext.key =
|
459
|
+
sslcontext.cert = certificate
|
460
|
+
sslcontext.key = key
|
488
461
|
sslcontext.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
489
462
|
|
490
463
|
sslsocket.connect
|
Binary file
|
data/version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
5.0
|
1
|
+
5.1.0
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-tcp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.0
|
4
|
+
version: 5.1.0
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-09-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -163,7 +163,7 @@ files:
|
|
163
163
|
- logstash-input-tcp.gemspec
|
164
164
|
- spec/inputs/tcp_spec.rb
|
165
165
|
- spec/spec_helper.rb
|
166
|
-
- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/5.0
|
166
|
+
- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/5.1.0/logstash-input-tcp-5.1.0.jar
|
167
167
|
- version
|
168
168
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
169
169
|
licenses:
|