use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.
the class QueryPcapFilterTest method testMissingSrcAddr.
@Test
public void testMissingSrcAddr() throws Exception {
Configuration config = new Configuration();
String query = "ip_src_port == 0 and ip_dst_addr == 'dst_ip' and ip_dst_port == 1";
new QueryPcapFilter.Configurator().addToConfig(query, config);
{
QueryPcapFilter filter = new QueryPcapFilter() {
@Override
protected HashMap<String, Object> packetToFields(PacketInfo pi) {
return new HashMap<String, Object>() {
{
put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
put(Constants.Fields.SRC_PORT.getName(), 0);
put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
put(Constants.Fields.DST_PORT.getName(), 1);
}
};
}
};
filter.configure(config);
Assert.assertTrue(filter.test(null));
}
}
Aggregations