Skip to content
This repository was archived by the owner on Mar 21, 2023. It is now read-only.

Commit c131524

Browse files
author
Jochen Schalanda
committed
Add another nprobe NetFlow 9 pcap and tests
1 parent 353a785 commit c131524

File tree

2 files changed

+46
-0
lines changed

2 files changed

+46
-0
lines changed

src/test/java/org/graylog/plugins/netflow/v9/NetFlowV9ParserTest.java

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -372,6 +372,52 @@ public void pcap_nprobe_NetFlowV9_2() throws Exception {
372372
);
373373
}
374374

375+
@Test
376+
public void pcap_nprobe_NetFlowV9_3() throws Exception {
377+
final List<NetFlowV9BaseRecord> allRecords = new ArrayList<>();
378+
final List<NetFlowV9Template> allTemplates = new ArrayList<>();
379+
try (InputStream inputStream = Resources.getResource("netflow-data/nprobe-netflow9-3.pcap").openStream()) {
380+
final Pcap pcap = Pcap.openStream(inputStream);
381+
pcap.loop(packet -> {
382+
if (packet.hasProtocol(Protocol.UDP)) {
383+
final UDPPacket udp = (UDPPacket) packet.getPacket(Protocol.UDP);
384+
final ByteBuf byteBuf = Unpooled.wrappedBuffer(udp.getPayload().getArray());
385+
final NetFlowV9Packet netFlowV9Packet = NetFlowV9Parser.parsePacket(byteBuf, cache, typeRegistry);
386+
assertThat(netFlowV9Packet).isNotNull();
387+
allTemplates.addAll(netFlowV9Packet.templates());
388+
allRecords.addAll(netFlowV9Packet.records());
389+
}
390+
return true;
391+
}
392+
);
393+
}
394+
assertThat(allTemplates).contains(
395+
NetFlowV9Template.create(257, 18,
396+
ImmutableList.<NetFlowV9FieldDef>builder().add(
397+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(1, NetFlowV9FieldType.ValueType.UINT32, "in_bytes"), 4),
398+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(2, NetFlowV9FieldType.ValueType.UINT32, "in_pkts"), 4),
399+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(4, NetFlowV9FieldType.ValueType.UINT8, "protocol"), 1),
400+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(5, NetFlowV9FieldType.ValueType.UINT8, "src_tos"), 1),
401+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(6, NetFlowV9FieldType.ValueType.UINT8, "tcp_flags"), 1),
402+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(7, NetFlowV9FieldType.ValueType.UINT16, "l4_src_port"), 2),
403+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(8, NetFlowV9FieldType.ValueType.IPV4, "ipv4_src_addr"), 4),
404+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(9, NetFlowV9FieldType.ValueType.UINT8, "src_mask"), 1),
405+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(10, NetFlowV9FieldType.ValueType.UINT16, "input_snmp"), 4),
406+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(11, NetFlowV9FieldType.ValueType.UINT16, "l4_dst_port"), 2),
407+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(12, NetFlowV9FieldType.ValueType.IPV4, "ipv4_dst_addr"), 4),
408+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(13, NetFlowV9FieldType.ValueType.UINT8, "dst_mask"), 1),
409+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(14, NetFlowV9FieldType.ValueType.UINT16, "output_snmp"), 4),
410+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(15, NetFlowV9FieldType.ValueType.IPV4, "ipv4_next_hop"), 4),
411+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(16, NetFlowV9FieldType.ValueType.UINT16, "src_as"), 4),
412+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(17, NetFlowV9FieldType.ValueType.UINT16, "dst_as"), 4),
413+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(21, NetFlowV9FieldType.ValueType.UINT32, "last_switched"), 4),
414+
NetFlowV9FieldDef.create(NetFlowV9FieldType.create(22, NetFlowV9FieldType.ValueType.UINT32, "first_switched"), 4)
415+
).build()
416+
)
417+
);
418+
assertThat(allRecords).hasSize(898);
419+
}
420+
375421
private String name(NetFlowV9FieldDef def) {
376422
return def.type().name().toLowerCase();
377423
}

src/test/resources/netflow-data/nprobe-netflow9-3.pcap

53.2 KB
Binary file not shown.

0 commit comments

Comments
 (0)