Replace CIDR list with java cdr-ip-trie for faster lookups #12
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Oh, I guess this totally breaks IPv6 support too. I opened veqryn/cidr-ip-trie#7 to add IPv6 support to the upstream library, but I understand if this is a blocker. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current code is very slow, in that it simply iterates the list of CIDRs and checks them individually to see if the IP is contained within it. This PR replaces the list with cdr-ip-trie:
There is a minor breaking change here in that network lists specified within the logstash config (as opposed to sourced from an external file) are no longer sprintf'd from event fields, but since this was never documented as supported, I'm not sure it matters. If this needs to be retained, I can add add it back, with some additional refactoring.