Bump to 4.2.0, and minor IPv6 perf improvement

logstash-plugins · Oct 28, 2018 · 4999ebf · 4999ebf
1 parent 8cc4241
commit 4999ebf
Show file tree

Hide file tree

Showing 8 changed files with 101 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 4.2.0
+
+  - Added Cisco ACI to list of known working Netflow v9 exporters
+  - Added support for IXIA Packet Broker IPFIX
+  - Fixed issue with Procera float fields
+
 ## 4.1.2
 
   - Fixed issue where TTL in template registry was not being respected.

diff --git a/CONTRIBUTORS b/CONTRIBUTORS
@@ -4,6 +4,7 @@ reports, or in general have helped logstash along its way.
 Contributors:
 * Aaron Mildenstein (untergeek)
 * Adam Kaminski (thimslugga)
+* Ana (janniten)
 * Andrew Cholakian (andrewvc)
 * Ayden Beeson (abeeson)
 * Bjørn Ruberg (bruberg)
@@ -27,6 +28,7 @@ Contributors:
 * Paul Warren (pwarren)
 * Pedro de Oliveira
 * Philipp Kahr
+* Philippe Veys
 * Pier-Hugues Pellerin (ph)
 * Pulkit Agrawal (propulkit)
 * Raju Nair (rajutech76)

diff --git a/docs/index.asciidoc b/docs/index.asciidoc
@@ -36,6 +36,7 @@ The following Netflow/IPFIX exporters have been seen and tested with the most re
 |===========================================================================================
 |Netflow exporter         | v5 | v9 | IPFIX | Remarks
 |Barracuda Firewall       |    |    |   y   | With support for Extended Uniflow
+|Cisco ACI                |    | y  |       |
 |Cisco ASA                |    | y  |       |  
 |Cisco ASR 1k             |    |    |   N   | Fails because of duplicate fields
 |Cisco ASR 9k             |    | y  |       |  
@@ -47,6 +48,7 @@ The following Netflow/IPFIX exporters have been seen and tested with the most re
 |Fortigate FortiOS        |    | y  |       |
 |Huawei Netstream         |    | y  |       |
 |ipt_NETFLOW              |  y | y  |   y   |
+|IXIA packet broker       |    |    |   y   |
 |Juniper MX               |  y |    |   y   | SW > 12.3R8. Fails to decode IPFIX from Junos 16.1 due to duplicate field names which we currently don't support.
 |Mikrotik                 |  y |    |   y   | http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow
 |nProbe                   |  y | y  |   y   | L7 DPI fields now also supported

diff --git a/lib/logstash/codecs/netflow/util.rb b/lib/logstash/codecs/netflow/util.rb
@@ -36,13 +36,13 @@ def set(val)
   end
 
   def get
-    # There faster implementations, however they come with the 
+    # There are faster implementations, however they come with the 
     # loss of compressed IPv6 notation.
     # For benchmarks see spec/codecs/benchmarks/IP6Addr.rb
     unless self.storage.nil?
-      IPAddr.new_ntoh((0..7).map { |i|
-        (self.storage >> (112 - 16 * i)) & 0xffff
-      }.pack('n8')).to_s
+      b = "%032x" % self.storage
+      c = b[0..3] + ":" + b[4..7] + ":" + b[8..11] + ":" + b[12..15] + ":" + b[16..19] + ":" + b[20..23] + ":" + b[24..27] + ":" + b[28..31]
+      IPAddr.new(c).to_s
     end
   end
 end

diff --git a/logstash-codec-netflow.gemspec b/logstash-codec-netflow.gemspec
@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-codec-netflow'
-  s.version         = '4.1.2'
+  s.version         = '4.2.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Reads Netflow v5, Netflow v9 and IPFIX data"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

diff --git a/spec/codecs/benchmarks/IP6Addr.rb b/spec/codecs/benchmarks/IP6Addr.rb
@@ -1,16 +1,28 @@
 require 'benchmark'
 require 'ipaddr'
+require 'bindata'
 
 Benchmark.bm do |x|
   x.report {
-    # Implementation pre v3.11.0
+    # Implementation since v0.1
     ip = 85060308944708794891899627827609206785
     2000000.times do
-      IPAddr.new_ntoh([ip].pack('N')).to_s
+      IPAddr.new_ntoh((0..7).map { |i|
+        (ip >> (112 - 16 * i)) & 0xffff
+      }.pack('n8')).to_s
     end }
 
   x.report {
-    # Implementation as of v3.11.2
+    # Implementation since v4.2.0
+    ip = 85060308944708794891899627827609206785
+    2000000.times do
+      b = "%032x" % ip
+      c = b[0..3] + ":" + b[4..7] + ":" + b[8..11] + ":" + b[12..15] + ":" + b[16..19] + ":" + b[20..23] + ":" + b[24..27] + ":" + b[28..31]
+      IPAddr.new(c).to_s
+    end }
+
+  x.report {
+    # Alternative. Loses compressed IPv6 notation
     ip = 85060308944708794891899627827609206785
     2000000.times do
       b = "%032x" % ip
@@ -20,5 +32,7 @@
 end
 
 #       user     system      total        real
-#  21.800000   0.000000  21.800000 ( 21.811893)
-#  11.760000   0.000000  11.760000 ( 11.768260)
+#  81.500000   0.000000  81.500000 ( 81.498991)
+#  78.210000   0.000000  78.210000 ( 78.252662)
+#  11.710000   0.010000  11.720000 ( 11.712025)
+
diff --git a/spec/codecs/benchmarks/IPAddr.rb b/spec/codecs/benchmarks/IPAddr.rb
@@ -30,3 +30,5 @@
 #   4.410000   0.000000   4.410000 (  4.411973)
 #   6.450000   0.000000   6.450000 (  6.446321)
 
+
+
diff --git a/spec/codecs/benchmarks/benchmark_fields.rb b/spec/codecs/benchmarks/benchmark_fields.rb
@@ -0,0 +1,65 @@
+require 'benchmark'
+require 'bindata'
+require '../../../lib/logstash/codecs/netflow/util.rb'
+
+Benchmark.bm(16) do |x|
+  x.report("IP4Addr") {
+    data = ["344c01f9"].pack("H*")
+    200000.times do
+      IP4Addr.read(data)
+    end }
+
+  x.report("IP6Addr") {
+    data = ["fe80000000000000e68d8cfffe20ede6"].pack("H*")
+    200000.times do
+      IP6Addr.read(data)
+    end }
+
+  x.report("IP6Addr_Test") {
+    data = ["fe80000000000000e68d8cfffe20ede6"].pack("H*")
+    200000.times do
+      IP6Addr_Test.read(data)
+    end }
+
+  x.report("MacAddr") {
+    data = ["005056c00001"].pack("H*")
+    200000.times do
+      MacAddr.read(data)
+    end }
+
+  x.report("ACLIdASA") {
+    data = ["433a1af1be9efe9600000000"].pack("H*")
+    200000.times do
+      ACLIdASA.read(data)
+    end }
+
+  x.report("Application_Id64") {
+    data = ["140000304400003dc8"].pack("H*")
+    200000.times do
+      Application_Id64.read(data)
+    end }
+
+  x.report("VarString") {
+    data = ["184c534e34344031302e3233312e3232332e31313300000000"].pack("H*")
+    200000.times do
+      VarString.read(data)
+    end }
+
+  x.report("VarString_Test") {
+    data = ["184c534e34344031302e3233312e3232332e31313300000000"].pack("H*")
+    200000.times do
+      VarString_Test.read(data)
+    end }
+
+end
+
+#                        user     system      total        real
+# IP4Addr           24.120000   0.000000  24.120000 ( 24.123782)
+# IP6Addr           37.940000   0.010000  37.950000 ( 37.950464)
+# MacAddr           25.270000   0.000000  25.270000 ( 25.282082)
+# ACLIdASA          24.870000   0.000000  24.870000 ( 24.882335)
+# Application_Id64  41.270000   0.000000  41.270000 ( 41.305001)
+# VarString         39.030000   0.000000  39.030000 ( 39.062235)
+
+
+
Original file line number	Diff line number	Diff line change
Expand Up		@@ -30,3 +30,5 @@
		# 4.410000 0.000000 4.410000 ( 4.411973)
		# 6.450000 0.000000 6.450000 ( 6.446321)