Search in sources :

Example 6 with QueryPcapFilter

use of org.apache.metron.pcap.filter.query.QueryPcapFilter in project metron by apache.

the class QueryPcapFilterTest method testMissingSrcAddr.

@Test
public void testMissingSrcAddr() throws Exception {
    Configuration config = new Configuration();
    String query = "ip_src_port == 0 and ip_dst_addr == 'dst_ip' and ip_dst_port == 1";
    new QueryPcapFilter.Configurator().addToConfig(query, config);
    {
        QueryPcapFilter filter = new QueryPcapFilter() {

            @Override
            protected HashMap<String, Object> packetToFields(PacketInfo pi) {
                return new HashMap<String, Object>() {

                    {
                        put(Constants.Fields.SRC_ADDR.getName(), "src_ip");
                        put(Constants.Fields.SRC_PORT.getName(), 0);
                        put(Constants.Fields.DST_ADDR.getName(), "dst_ip");
                        put(Constants.Fields.DST_PORT.getName(), 1);
                    }
                };
            }
        };
        filter.configure(config);
        Assert.assertTrue(filter.test(null));
    }
}
Also used : QueryPcapFilter(org.apache.metron.pcap.filter.query.QueryPcapFilter) Configuration(org.apache.hadoop.conf.Configuration) HashMap(java.util.HashMap) Test(org.junit.Test)

Aggregations

HashMap (java.util.HashMap)6 Configuration (org.apache.hadoop.conf.Configuration)6 QueryPcapFilter (org.apache.metron.pcap.filter.query.QueryPcapFilter)6 Test (org.junit.Test)6 PcapFilter (org.apache.metron.pcap.filter.PcapFilter)2