[
https://issues.apache.org/jira/browse/METRON-870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15984875#comment-15984875
]
ASF GitHub Bot commented on METRON-870:
---------------------------------------
Github user justinleet commented on the issue:
https://github.com/apache/incubator-metron/pull/541
Taking a first glance through this and had a couple comments before I dig
in a little further and spin things up.
Can you flesh out the unit tests around the binary filtering? The
converted unit tests are helpful, but it seems like there's probably more cases
than are covered by the couple additions involving.
I'm not familiar with the library, but does this work if I provide things
in a '0x' hex format? E.g. your example has `BYTEARRAY_MATCHER('1F90',
packet)` but will it still work if it's `BYTEARRAY_MATCHER('0x1F90', packet)`?
I don't think it's necessary that it does, but I looked at the example and
immediately suspected I'd have prepended '0x' to '1F90' out of pure habit.
> Add filtering by packet payload to the pcap query
> -------------------------------------------------
>
> Key: METRON-870
> URL: https://issues.apache.org/jira/browse/METRON-870
> Project: Metron
> Issue Type: Improvement
> Reporter: Casey Stella
>
> Currently we have the ability to filter packets in the pcap query tool by
> header information (src/dest ip/port). We should be able to filter by binary
> regex on the packets themselves.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
