Examples with FlowException - org.graylog.plugins.netflow.flows.FlowException

Example 1 with FlowException

use of org.graylog.plugins.netflow.flows.FlowException in project graylog2-server by Graylog2.

the class NetFlowCodec method decodeMessages.

@Nullable
@Override
public Collection<Message> decodeMessages(@Nonnull RawMessage rawMessage) {
    try {
        final ResolvableInetSocketAddress remoteAddress = rawMessage.getRemoteAddress();
        final InetSocketAddress sender = remoteAddress != null ? remoteAddress.getInetSocketAddress() : null;
        final byte[] payload = rawMessage.getPayload();
        if (payload.length < 3) {
            LOG.debug("NetFlow message (source: {}) doesn't even fit the NetFlow version (size: {} bytes)", sender, payload.length);
            return null;
        }
        final ByteBuf buffer = Unpooled.wrappedBuffer(payload);
        switch(buffer.readByte()) {
            case PASSTHROUGH_MARKER:
                final NetFlowV5Packet netFlowV5Packet = NetFlowV5Parser.parsePacket(buffer);
                return netFlowV5Packet.records().stream().map(record -> NetFlowFormatter.toMessage(netFlowV5Packet.header(), record, sender)).collect(Collectors.toList());
            case ORDERED_V9_MARKER:
                // our "custom" netflow v9 that has all the templates in the same packet
                return decodeV9(sender, buffer);
            default:
                final List<RawMessage.SourceNode> sourceNodes = rawMessage.getSourceNodes();
                final RawMessage.SourceNode sourceNode = sourceNodes.isEmpty() ? null : sourceNodes.get(sourceNodes.size() - 1);
                final String inputId = sourceNode == null ? "<unknown>" : sourceNode.inputId;
                LOG.warn("Unsupported NetFlow packet on input {} (source: {})", inputId, sender);
                return null;
        }
    } catch (FlowException e) {
        LOG.error("Error parsing NetFlow packet <{}> received from <{}>", rawMessage.getId(), rawMessage.getRemoteAddress(), e);
        if (LOG.isDebugEnabled()) {
            LOG.debug("NetFlow packet hexdump:\n{}", ByteBufUtil.prettyHexDump(Unpooled.wrappedBuffer(rawMessage.getPayload())));
        }
        return null;
    } catch (InvalidProtocolBufferException e) {
        LOG.error("Invalid NetFlowV9 entry found, cannot parse the messages", ExceptionUtils.getRootCause(e));
        return null;
    }
}

Also used : Configuration(org.graylog2.plugin.configuration.Configuration) TextField(org.graylog2.plugin.configuration.fields.TextField) NetFlowV5Packet(org.graylog.plugins.netflow.v5.NetFlowV5Packet) NetFlowV9OptionTemplate(org.graylog.plugins.netflow.v9.NetFlowV9OptionTemplate) LoggerFactory(org.slf4j.LoggerFactory) Unpooled(io.netty.buffer.Unpooled) NettyTransport(org.graylog2.plugin.inputs.transports.NettyTransport) Assisted(com.google.inject.assistedinject.Assisted) Inject(javax.inject.Inject) ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress) NetFlowFormatter(org.graylog.plugins.netflow.flows.NetFlowFormatter) ByteBuf(io.netty.buffer.ByteBuf) NetFlowV9Journal(org.graylog.plugins.netflow.v9.NetFlowV9Journal) Map(java.util.Map) RawMessage(org.graylog2.plugin.journal.RawMessage) NetFlowV9FieldTypeRegistry(org.graylog.plugins.netflow.v9.NetFlowV9FieldTypeRegistry) NetFlowV9Packet(org.graylog.plugins.netflow.v9.NetFlowV9Packet) CodecAggregator(org.graylog2.plugin.inputs.codecs.CodecAggregator) Codec(org.graylog2.plugin.inputs.annotations.Codec) Nonnull(javax.annotation.Nonnull) Nullable(javax.annotation.Nullable) ConfigurationRequest(org.graylog2.plugin.configuration.ConfigurationRequest) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) ConfigurationField(org.graylog2.plugin.configuration.fields.ConfigurationField) ExceptionUtils(org.graylog2.shared.utilities.ExceptionUtils) Logger(org.slf4j.Logger) MultiMessageCodec(org.graylog2.plugin.inputs.codecs.MultiMessageCodec) Collection(java.util.Collection) FactoryClass(org.graylog2.plugin.inputs.annotations.FactoryClass) IOException(java.io.IOException) FileInputStream(java.io.FileInputStream) Maps(com.google.common.collect.Maps) NetFlowV5Parser(org.graylog.plugins.netflow.v5.NetFlowV5Parser) InetSocketAddress(java.net.InetSocketAddress) Collectors(java.util.stream.Collectors) FlowException(org.graylog.plugins.netflow.flows.FlowException) NetFlowV9Template(org.graylog.plugins.netflow.v9.NetFlowV9Template) ByteBufUtil(io.netty.buffer.ByteBufUtil) List(java.util.List) ConfigClass(org.graylog2.plugin.inputs.annotations.ConfigClass) NetFlowV9Record(org.graylog.plugins.netflow.v9.NetFlowV9Record) NetFlowV9Parser(org.graylog.plugins.netflow.v9.NetFlowV9Parser) AbstractCodec(org.graylog2.plugin.inputs.codecs.AbstractCodec) VisibleForTesting(com.google.common.annotations.VisibleForTesting) Message(org.graylog2.plugin.Message) InputStream(java.io.InputStream) ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress) InetSocketAddress(java.net.InetSocketAddress) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) ByteBuf(io.netty.buffer.ByteBuf) ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress) FlowException(org.graylog.plugins.netflow.flows.FlowException) NetFlowV5Packet(org.graylog.plugins.netflow.v5.NetFlowV5Packet) RawMessage(org.graylog2.plugin.journal.RawMessage) Nullable(javax.annotation.Nullable)

Example 2 with FlowException

use of org.graylog.plugins.netflow.flows.FlowException in project graylog2-server by Graylog2.

the class NetFlowCodecTest method decodeMessagesReturnsNullIfNetFlowParserThrowsFlowException.

@Test
public void decodeMessagesReturnsNullIfNetFlowParserThrowsFlowException() throws Exception {
    final byte[] b = "Foobar".getBytes(StandardCharsets.UTF_8);
    final InetSocketAddress source = new InetSocketAddress(InetAddress.getLocalHost(), 12345);
    final RawMessage rawMessage = new RawMessage(b, source) {

        private boolean triggered = false;

        @Override
        public byte[] getPayload() {
            if (triggered) {
                return new byte[] {};
            }
            triggered = true;
            throw new FlowException("Boom!");
        }
    };
    final Collection<Message> messages = codec.decodeMessages(rawMessage);
    assertThat(messages).isNull();
}

Also used : RawMessage(org.graylog2.plugin.journal.RawMessage) Message(org.graylog2.plugin.Message) FlowException(org.graylog.plugins.netflow.flows.FlowException) InetSocketAddress(java.net.InetSocketAddress) RawMessage(org.graylog2.plugin.journal.RawMessage) Test(org.junit.Test)

Aggregations

InetSocketAddress (java.net.InetSocketAddress)2 FlowException (org.graylog.plugins.netflow.flows.FlowException)2 Message (org.graylog2.plugin.Message)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 Maps (com.google.common.collect.Maps)1 Assisted (com.google.inject.assistedinject.Assisted)1 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1 ByteBuf (io.netty.buffer.ByteBuf)1 ByteBufUtil (io.netty.buffer.ByteBufUtil)1 Unpooled (io.netty.buffer.Unpooled)1 FileInputStream (java.io.FileInputStream)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 Collection (java.util.Collection)1 List (java.util.List)1 Map (java.util.Map)1 Collectors (java.util.stream.Collectors)1 Nonnull (javax.annotation.Nonnull)1 Nullable (javax.annotation.Nullable)1 Inject (javax.inject.Inject)1