Skip to content
This repository was archived by the owner on Mar 21, 2023. It is now read-only.

Commit 4b0a62e

Browse files
dennisoelkersdennisoelkers
committed
Adding test case + pcap for #16.
1 parent c131524 commit 4b0a62e

File tree

2 files changed

+46
-0
lines changed

2 files changed

+46
-0
lines changed

src/test/java/org/graylog/plugins/netflow/v9/NetFlowV9ParserTest.java

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -418,6 +418,52 @@ public void pcap_nprobe_NetFlowV9_3() throws Exception {
418418
assertThat(allRecords).hasSize(898);
419419
}
420420

421+
@Test
422+
public void pcap_nprobe_NetFlowV9_4() throws Exception {
423+
final List<NetFlowV9BaseRecord> allRecords = new ArrayList<>();
424+
final List<NetFlowV9Template> allTemplates = new ArrayList<>();
425+
try (InputStream inputStream = Resources.getResource("netflow-data/nprobe-netflow9-4.pcap").openStream()) {
426+
final Pcap pcap = Pcap.openStream(inputStream);
427+
pcap.loop(packet -> {
428+
if (packet.hasProtocol(Protocol.UDP)) {
429+
final UDPPacket udp = (UDPPacket) packet.getPacket(Protocol.UDP);
430+
final ByteBuf byteBuf = Unpooled.wrappedBuffer(udp.getPayload().getArray());
431+
final NetFlowV9Packet netFlowV9Packet = NetFlowV9Parser.parsePacket(byteBuf, cache, typeRegistry);
432+
assertThat(netFlowV9Packet).isNotNull();
433+
allTemplates.addAll(netFlowV9Packet.templates());
434+
allRecords.addAll(netFlowV9Packet.records());
435+
}
436+
return true;
437+
}
438+
);
439+
}
440+
assertThat(allTemplates).contains(
441+
NetFlowV9Template.create(257, 18,
442+
ImmutableList.<NetFlowV9FieldDef>builder().add(
443+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(1, NetFlowV9FieldType.ValueType.UINT32, "in_bytes"), 4),
444+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(2, NetFlowV9FieldType.ValueType.UINT32, "in_pkts"), 4),
445+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(4, NetFlowV9FieldType.ValueType.UINT8, "protocol"), 1),
446+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(5, NetFlowV9FieldType.ValueType.UINT8, "src_tos"), 1),
447+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(6, NetFlowV9FieldType.ValueType.UINT8, "tcp_flags"), 1),
448+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(7, NetFlowV9FieldType.ValueType.UINT16, "l4_src_port"), 2),
449+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(8, NetFlowV9FieldType.ValueType.IPV4, "ipv4_src_addr"), 4),
450+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(9, NetFlowV9FieldType.ValueType.UINT8, "src_mask"), 1),
451+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(10, NetFlowV9FieldType.ValueType.UINT16, "input_snmp"), 4),
452+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(11, NetFlowV9FieldType.ValueType.UINT16, "l4_dst_port"), 2),
453+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(12, NetFlowV9FieldType.ValueType.IPV4, "ipv4_dst_addr"), 4),
454+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(13, NetFlowV9FieldType.ValueType.UINT8, "dst_mask"), 1),
455+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(14, NetFlowV9FieldType.ValueType.UINT16, "output_snmp"), 4),
456+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(15, NetFlowV9FieldType.ValueType.IPV4, "ipv4_next_hop"), 4),
457+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(16, NetFlowV9FieldType.ValueType.UINT16, "src_as"), 4),
458+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(17, NetFlowV9FieldType.ValueType.UINT16, "dst_as"), 4),
459+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(21, NetFlowV9FieldType.ValueType.UINT32, "last_switched"), 4),
460+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(22, NetFlowV9FieldType.ValueType.UINT32, "first_switched"), 4)
461+
).build()
462+
)
463+
);
464+
assertThat(allRecords).hasSize(898);
465+
}
466+
421467
private String name(NetFlowV9FieldDef def) {
422468
return def.type().name().toLowerCase();
423469
}

src/test/resources/netflow-data/nprobe-netflow9-4.pcap

1.31 KB
Binary file not shown.

0 commit comments

Comments
 (0)