use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.
the class QueryPcapFilterTest method testMissingSrcPort.
@Test
public void testMissingSrcPort() throws Exception {
Configuration config = new Configuration();
String query = "ip_src_addr == 'src_ip' and ip_dst_addr == 'dst_ip' and ip_dst_port == 1";
new QueryPcapFilter.Configurator().addToConfig(query, config);
{
QueryPcapFilter filter = new QueryPcapFilter() {
@Override
protected HashMap<String, Object> packetToFields(PacketInfo pi) {
return new HashMap<String, Object>() {
{
put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
put(Constants.Fields.SRC_PORT.getName(), 0);
put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
put(Constants.Fields.DST_PORT.getName(), 1);
}
};
}
};
filter.configure(config);
Assert.assertTrue(filter.test(null));
}
new QueryPcapFilter.Configurator().addToConfig(query, config);
{
QueryPcapFilter filter = new QueryPcapFilter() {
@Override
protected HashMap<String, Object> packetToFields(PacketInfo pi) {
return new HashMap<String, Object>() {
{
put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
put(Constants.Fields.SRC_PORT.getName(), 100);
put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
put(Constants.Fields.DST_PORT.getName(), 1);
}
};
}
};
filter.configure(config);
Assert.assertTrue(filter.test(null));
}
}
use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.
the class QueryPcapFilterTest method testMissingDstAddr.
@Test
public void testMissingDstAddr() throws Exception {
Configuration config = new Configuration();
String query = "ip_src_addr == 'src_ip' and ip_src_port == 0 and ip_dst_port == 1";
new QueryPcapFilter.Configurator().addToConfig(query, config);
{
QueryPcapFilter filter = new QueryPcapFilter() {
@Override
protected HashMap<String, Object> packetToFields(PacketInfo pi) {
return new HashMap<String, Object>() {
{
put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
put(Constants.Fields.SRC_PORT.getName(), 0);
put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
put(Constants.Fields.DST_PORT.getName(), 1);
}
};
}
};
filter.configure(config);
Assert.assertTrue(filter.test(null));
}
new QueryPcapFilter.Configurator().addToConfig(query, config);
{
QueryPcapFilter filter = new QueryPcapFilter() {
@Override
protected HashMap<String, Object> packetToFields(PacketInfo pi) {
return new HashMap<String, Object>() {
{
put(Constants.Fields.SRC_ADDR.getName(), "src_ip_no_match");
put(Constants.Fields.SRC_PORT.getName(), 0);
put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
put(Constants.Fields.DST_PORT.getName(), 1);
}
};
}
};
filter.configure(config);
Assert.assertFalse(filter.test(null));
}
}
use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.
the class QueryPcapFilterTest method testTrivialEquality.
@Test
public void testTrivialEquality() throws Exception {
Configuration config = new Configuration();
String query = "ip_src_addr == 'src_ip' and ip_src_port == 0 and ip_dst_addr == 'dst_ip' and ip_dst_port == 1";
new QueryPcapFilter.Configurator().addToConfig(query, config);
{
PcapFilter filter = new QueryPcapFilter() {
@Override
protected HashMap<String, Object> packetToFields(PacketInfo pi) {
return new HashMap<String, Object>() {
{
put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
put(Constants.Fields.SRC_PORT.getName(), 0);
put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
put(Constants.Fields.DST_PORT.getName(), 1);
}
};
}
};
filter.configure(config);
Assert.assertTrue(filter.test(null));
}
}
use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.
the class QueryPcapFilterTest method testMissingDstPort.
@Test
public void testMissingDstPort() throws Exception {
Configuration config = new Configuration();
String query = "ip_src_addr == 'src_ip' and ip_src_port == 0 and ip_dst_addr == 'dst_ip'";
new QueryPcapFilter.Configurator().addToConfig(query, config);
{
QueryPcapFilter filter = new QueryPcapFilter() {
@Override
protected HashMap<String, Object> packetToFields(PacketInfo pi) {
return new HashMap<String, Object>() {
{
put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
put(Constants.Fields.SRC_PORT.getName(), 0);
put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
put(Constants.Fields.DST_PORT.getName(), 1);
}
};
}
};
filter.configure(config);
Assert.assertTrue(filter.test(null));
}
new QueryPcapFilter.Configurator().addToConfig(query, config);
{
QueryPcapFilter filter = new QueryPcapFilter() {
@Override
protected HashMap<String, Object> packetToFields(PacketInfo pi) {
return new HashMap<String, Object>() {
{
put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
put(Constants.Fields.SRC_PORT.getName(), 0);
put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
put(Constants.Fields.DST_PORT.getName(), 100);
}
};
}
};
filter.configure(config);
Assert.assertTrue(filter.test(null));
}
new QueryPcapFilter.Configurator().addToConfig(query, config);
{
QueryPcapFilter filter = new QueryPcapFilter() {
@Override
protected HashMap<String, Object> packetToFields(PacketInfo pi) {
return new HashMap<String, Object>() {
{
put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
put(Constants.Fields.SRC_PORT.getName(), 100);
put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
put(Constants.Fields.DST_PORT.getName(), 100);
}
};
}
};
filter.configure(config);
Assert.assertFalse(filter.test(null));
}
}
use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.
the class QueryPcapFilterTest method testEmptyQueryFilter.
@Test
public void testEmptyQueryFilter() throws Exception {
Configuration config = new Configuration();
String query = "";
new QueryPcapFilter.Configurator().addToConfig(query, config);
{
PcapFilter filter = new QueryPcapFilter() {
@Override
protected HashMap<String, Object> packetToFields(PacketInfo pi) {
return new HashMap<String, Object>() {
{
put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
put(Constants.Fields.SRC_PORT.getName(), 0);
put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
put(Constants.Fields.DST_PORT.getName(), 1);
}
};
}
};
filter.configure(config);
Assert.assertTrue(filter.test(null));
}
}
Aggregations