Search in sources :

Example 1 with QueryPcapFilter

use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.

the class QueryPcapFilterTest method testMissingSrcPort.

@Test
public void testMissingSrcPort() throws Exception {
    Configuration config = new Configuration();
    String query = "ip_src_addr == 'src_ip' and ip_dst_addr == 'dst_ip' and ip_dst_port == 1";
    new QueryPcapFilter.Configurator().addToConfig(query, config);
    {
        QueryPcapFilter filter = new QueryPcapFilter() {

            @Override
            protected HashMap<String, Object> packetToFields(PacketInfo pi) {
                return new HashMap<String, Object>() {

                    {
                        put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
                        put(Constants.Fields.SRC_PORT.getName(), 0);
                        put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
                        put(Constants.Fields.DST_PORT.getName(), 1);
                    }
                };
            }
        };
        filter.configure(config);
        Assert.assertTrue(filter.test(null));
    }
    new QueryPcapFilter.Configurator().addToConfig(query, config);
    {
        QueryPcapFilter filter = new QueryPcapFilter() {

            @Override
            protected HashMap<String, Object> packetToFields(PacketInfo pi) {
                return new HashMap<String, Object>() {

                    {
                        put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
                        put(Constants.Fields.SRC_PORT.getName(), 100);
                        put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
                        put(Constants.Fields.DST_PORT.getName(), 1);
                    }
                };
            }
        };
        filter.configure(config);
        Assert.assertTrue(filter.test(null));
    }
}
Also used : QueryPcapFilter(org.apache.metron.pcap.filter.query.QueryPcapFilter) Configuration(org.apache.hadoop.conf.Configuration) HashMap(java.util.HashMap) Test(org.junit.Test)

Example 2 with QueryPcapFilter

use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.

the class QueryPcapFilterTest method testMissingDstAddr.

@Test
public void testMissingDstAddr() throws Exception {
    Configuration config = new Configuration();
    String query = "ip_src_addr == 'src_ip' and ip_src_port == 0 and ip_dst_port == 1";
    new QueryPcapFilter.Configurator().addToConfig(query, config);
    {
        QueryPcapFilter filter = new QueryPcapFilter() {

            @Override
            protected HashMap<String, Object> packetToFields(PacketInfo pi) {
                return new HashMap<String, Object>() {

                    {
                        put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
                        put(Constants.Fields.SRC_PORT.getName(), 0);
                        put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
                        put(Constants.Fields.DST_PORT.getName(), 1);
                    }
                };
            }
        };
        filter.configure(config);
        Assert.assertTrue(filter.test(null));
    }
    new QueryPcapFilter.Configurator().addToConfig(query, config);
    {
        QueryPcapFilter filter = new QueryPcapFilter() {

            @Override
            protected HashMap<String, Object> packetToFields(PacketInfo pi) {
                return new HashMap<String, Object>() {

                    {
                        put(Constants.Fields.SRC_ADDR.getName(), "src_ip_no_match");
                        put(Constants.Fields.SRC_PORT.getName(), 0);
                        put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
                        put(Constants.Fields.DST_PORT.getName(), 1);
                    }
                };
            }
        };
        filter.configure(config);
        Assert.assertFalse(filter.test(null));
    }
}
Also used : QueryPcapFilter(org.apache.metron.pcap.filter.query.QueryPcapFilter) Configuration(org.apache.hadoop.conf.Configuration) HashMap(java.util.HashMap) Test(org.junit.Test)

Example 3 with QueryPcapFilter

use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.

the class QueryPcapFilterTest method testTrivialEquality.

@Test
public void testTrivialEquality() throws Exception {
    Configuration config = new Configuration();
    String query = "ip_src_addr == 'src_ip' and ip_src_port == 0 and ip_dst_addr == 'dst_ip' and ip_dst_port == 1";
    new QueryPcapFilter.Configurator().addToConfig(query, config);
    {
        PcapFilter filter = new QueryPcapFilter() {

            @Override
            protected HashMap<String, Object> packetToFields(PacketInfo pi) {
                return new HashMap<String, Object>() {

                    {
                        put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
                        put(Constants.Fields.SRC_PORT.getName(), 0);
                        put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
                        put(Constants.Fields.DST_PORT.getName(), 1);
                    }
                };
            }
        };
        filter.configure(config);
        Assert.assertTrue(filter.test(null));
    }
}
Also used : QueryPcapFilter(org.apache.metron.pcap.filter.query.QueryPcapFilter) Configuration(org.apache.hadoop.conf.Configuration) HashMap(java.util.HashMap) PcapFilter(org.apache.metron.pcap.filter.PcapFilter) QueryPcapFilter(org.apache.metron.pcap.filter.query.QueryPcapFilter) Test(org.junit.Test)

Example 4 with QueryPcapFilter

use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.

the class QueryPcapFilterTest method testMissingDstPort.

@Test
public void testMissingDstPort() throws Exception {
    Configuration config = new Configuration();
    String query = "ip_src_addr == 'src_ip' and ip_src_port == 0 and ip_dst_addr == 'dst_ip'";
    new QueryPcapFilter.Configurator().addToConfig(query, config);
    {
        QueryPcapFilter filter = new QueryPcapFilter() {

            @Override
            protected HashMap<String, Object> packetToFields(PacketInfo pi) {
                return new HashMap<String, Object>() {

                    {
                        put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
                        put(Constants.Fields.SRC_PORT.getName(), 0);
                        put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
                        put(Constants.Fields.DST_PORT.getName(), 1);
                    }
                };
            }
        };
        filter.configure(config);
        Assert.assertTrue(filter.test(null));
    }
    new QueryPcapFilter.Configurator().addToConfig(query, config);
    {
        QueryPcapFilter filter = new QueryPcapFilter() {

            @Override
            protected HashMap<String, Object> packetToFields(PacketInfo pi) {
                return new HashMap<String, Object>() {

                    {
                        put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
                        put(Constants.Fields.SRC_PORT.getName(), 0);
                        put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
                        put(Constants.Fields.DST_PORT.getName(), 100);
                    }
                };
            }
        };
        filter.configure(config);
        Assert.assertTrue(filter.test(null));
    }
    new QueryPcapFilter.Configurator().addToConfig(query, config);
    {
        QueryPcapFilter filter = new QueryPcapFilter() {

            @Override
            protected HashMap<String, Object> packetToFields(PacketInfo pi) {
                return new HashMap<String, Object>() {

                    {
                        put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
                        put(Constants.Fields.SRC_PORT.getName(), 100);
                        put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
                        put(Constants.Fields.DST_PORT.getName(), 100);
                    }
                };
            }
        };
        filter.configure(config);
        Assert.assertFalse(filter.test(null));
    }
}
Also used : QueryPcapFilter(org.apache.metron.pcap.filter.query.QueryPcapFilter) Configuration(org.apache.hadoop.conf.Configuration) HashMap(java.util.HashMap) Test(org.junit.Test)

Example 5 with QueryPcapFilter

use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.

the class QueryPcapFilterTest method testEmptyQueryFilter.

@Test
public void testEmptyQueryFilter() throws Exception {
    Configuration config = new Configuration();
    String query = "";
    new QueryPcapFilter.Configurator().addToConfig(query, config);
    {
        PcapFilter filter = new QueryPcapFilter() {

            @Override
            protected HashMap<String, Object> packetToFields(PacketInfo pi) {
                return new HashMap<String, Object>() {

                    {
                        put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
                        put(Constants.Fields.SRC_PORT.getName(), 0);
                        put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
                        put(Constants.Fields.DST_PORT.getName(), 1);
                    }
                };
            }
        };
        filter.configure(config);
        Assert.assertTrue(filter.test(null));
    }
}
Also used : QueryPcapFilter(org.apache.metron.pcap.filter.query.QueryPcapFilter) Configuration(org.apache.hadoop.conf.Configuration) HashMap(java.util.HashMap) PcapFilter(org.apache.metron.pcap.filter.PcapFilter) QueryPcapFilter(org.apache.metron.pcap.filter.query.QueryPcapFilter) Test(org.junit.Test)

Aggregations

HashMap (java.util.HashMap)6 Configuration (org.apache.hadoop.conf.Configuration)6 QueryPcapFilter (org.apache.metron.pcap.filter.query.QueryPcapFilter)6 Test (org.junit.Test)6 PcapFilter (org.apache.metron.pcap.filter.PcapFilter)2