From 6adae4b3405c43418bce666e4f0d3b10cb1c4f32 Mon Sep 17 00:00:00 2001
From: Dennis Oelkers <dennis@graylog.com>
Date: Tue, 8 Aug 2017 14:02:41 +0200
Subject: [PATCH] Adding test case + pcap for #16.

(cherry picked from commit 4b0a62e2ae51d719c7550b97dd10db2b68b8ddbc)
---
 .../netflow/v9/NetFlowV9ParserTest.java       |  46 ++++++++++++++++++
 .../netflow-data/nprobe-netflow9-4.pcap       | Bin 0 -> 1344 bytes
 2 files changed, 46 insertions(+)
 create mode 100644 src/test/resources/netflow-data/nprobe-netflow9-4.pcap

diff --git a/src/test/java/org/graylog/plugins/netflow/v9/NetFlowV9ParserTest.java b/src/test/java/org/graylog/plugins/netflow/v9/NetFlowV9ParserTest.java
index 4af5b01..123423a 100644
--- a/src/test/java/org/graylog/plugins/netflow/v9/NetFlowV9ParserTest.java
+++ b/src/test/java/org/graylog/plugins/netflow/v9/NetFlowV9ParserTest.java
@@ -418,6 +418,52 @@ public void pcap_nprobe_NetFlowV9_3() throws Exception {
         assertThat(allRecords).hasSize(898);
     }
 
+    @Test
+    public void pcap_nprobe_NetFlowV9_4() throws Exception {
+        final List<NetFlowV9BaseRecord> allRecords = new ArrayList<>();
+        final List<NetFlowV9Template> allTemplates = new ArrayList<>();
+        try (InputStream inputStream = Resources.getResource("netflow-data/nprobe-netflow9-4.pcap").openStream()) {
+            final Pcap pcap = Pcap.openStream(inputStream);
+            pcap.loop(packet -> {
+                        if (packet.hasProtocol(Protocol.UDP)) {
+                            final UDPPacket udp = (UDPPacket) packet.getPacket(Protocol.UDP);
+                            final ByteBuf byteBuf = Unpooled.wrappedBuffer(udp.getPayload().getArray());
+                            final NetFlowV9Packet netFlowV9Packet = NetFlowV9Parser.parsePacket(byteBuf, cache, typeRegistry);
+                            assertThat(netFlowV9Packet).isNotNull();
+                            allTemplates.addAll(netFlowV9Packet.templates());
+                            allRecords.addAll(netFlowV9Packet.records());
+                        }
+                        return true;
+                    }
+            );
+        }
+        assertThat(allTemplates).contains(
+                NetFlowV9Template.create(257, 18,
+                        ImmutableList.<NetFlowV9FieldDef>builder().add(
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(1, NetFlowV9FieldType.ValueType.UINT32, "in_bytes"), 4),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(2, NetFlowV9FieldType.ValueType.UINT32, "in_pkts"), 4),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(4, NetFlowV9FieldType.ValueType.UINT8, "protocol"), 1),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(5, NetFlowV9FieldType.ValueType.UINT8, "src_tos"), 1),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(6, NetFlowV9FieldType.ValueType.UINT8, "tcp_flags"), 1),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(7, NetFlowV9FieldType.ValueType.UINT16, "l4_src_port"), 2),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(8, NetFlowV9FieldType.ValueType.IPV4, "ipv4_src_addr"), 4),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(9, NetFlowV9FieldType.ValueType.UINT8, "src_mask"), 1),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(10, NetFlowV9FieldType.ValueType.UINT16, "input_snmp"), 4),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(11, NetFlowV9FieldType.ValueType.UINT16, "l4_dst_port"), 2),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(12, NetFlowV9FieldType.ValueType.IPV4, "ipv4_dst_addr"), 4),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(13, NetFlowV9FieldType.ValueType.UINT8, "dst_mask"), 1),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(14, NetFlowV9FieldType.ValueType.UINT16, "output_snmp"), 4),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(15, NetFlowV9FieldType.ValueType.IPV4, "ipv4_next_hop"), 4),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(16, NetFlowV9FieldType.ValueType.UINT16, "src_as"), 4),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(17, NetFlowV9FieldType.ValueType.UINT16, "dst_as"), 4),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(21, NetFlowV9FieldType.ValueType.UINT32, "last_switched"), 4),
+                                NetFlowV9FieldDef.create(NetFlowV9FieldType.create(22, NetFlowV9FieldType.ValueType.UINT32, "first_switched"), 4)
+                        ).build()
+                )
+        );
+        assertThat(allRecords).hasSize(898);
+    }
+
     private String name(NetFlowV9FieldDef def) {
         return def.type().name().toLowerCase();
     }
diff --git a/src/test/resources/netflow-data/nprobe-netflow9-4.pcap b/src/test/resources/netflow-data/nprobe-netflow9-4.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..5950588ccf534c15d4a334bf94a1d02dbd1bfd78
GIT binary patch
literal 1344
zcma)+PiPZC6o=o;Zo8W_wTWO6)E<KtycCKw6|I$C1i_;{c@R8F3W6fVgP`;e?WuZc
zv6e_E5qc_E2x1WeErJNGA|3^)pl8qG_cl#;vLup$UuNcIzj?Fso3~$Tn<Xp0#4QxV
zq*9)rym!HuEhZ{E{wTk`YR5Nn(iO^tn9BLfV=|U|IiZpF6=O^JFfh-j?np`k@rJ6C
z^W_Q)rP01I<{^C%*__DNRfU+)hGD(>(EYUwPemoNf)sL|bopjz7HF2xgF|TjY6qEW
zKsA6@hme!W<@xuh*@YdT9T9JlSf*P}&E(@uH@+1<-#&V_J{Y|sc5wh`PNeXgSRatY
zPr7_W0BEa2Ya%9OW;lpaoGA?S<fG@Be(c*%qT0p9;lIIuTpTK>i_6zqySVWI7k62@
z2PIwnwHCi|I~Nb`i$yJ6ba{98_Fx)lnoz^V@=OPrsz6ns7B0GcbEa*eZP&%Kai-Xt
zm{Avh_Sd&Jnj)Tb(cvSi;bH_WVW8GThb~e?T1c{oi`QTGh}Al5QH%0t<c+$x^u%>h
zz85#CMPIzg#Xa(7&^~%$j2x%TebLhQ8Fis<6c7oCq!_2^NebmlFY{yceJG1^=mhE)
zpZnK-t;QP4COB??R!*ZctUZ7(F*b6NuYu1Vba#X391>z#_N{FSW%NYmI1#-hs^r&6
s?v8Bfi9Aa;oyg7NVB$o2fw|Xmk^ZqRM1B4E7~g?5_u9MlP7rVP56$ep<p2Nx

literal 0
HcmV?d00001