[
https://issues.apache.org/jira/browse/METRON-870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15984915#comment-15984915
]
ASF GitHub Bot commented on METRON-870:
---------------------------------------
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/541#discussion_r113468302
--- Diff:
metron-platform/metron-pcap/src/main/java/org/apache/metron/pcap/filter/fixed/FixedPcapFilter.java
---
@@ -21,76 +21,131 @@
import com.google.common.base.Joiner;
import org.apache.hadoop.conf.Configuration;
import org.apache.metron.common.Constants;
+import org.apache.metron.common.dsl.MapVariableResolver;
import org.apache.metron.common.dsl.VariableResolver;
import org.apache.metron.pcap.PacketInfo;
import org.apache.metron.pcap.PcapHelper;
import org.apache.metron.pcap.filter.PcapFilter;
import org.apache.metron.pcap.filter.PcapFilterConfigurator;
import org.apache.metron.pcap.filter.PcapFilters;
import org.apache.metron.pcap.filter.PcapFieldResolver;
+import org.apache.metron.pcap.pattern.ByteArrayMatchingUtil;
+import javax.xml.bind.DatatypeConverter;
import java.util.EnumMap;
import java.util.Map;
+import java.util.concurrent.ExecutionException;
public class FixedPcapFilter implements PcapFilter {
- public static class Configurator implements
PcapFilterConfigurator<EnumMap<Constants.Fields, String>> {
+ public static class Configurator implements
PcapFilterConfigurator<Map<String, String>> {
@Override
- public void addToConfig(EnumMap<Constants.Fields, String> fields,
Configuration conf) {
- for (Map.Entry<Constants.Fields, String> kv : fields.entrySet()) {
- conf.set(kv.getKey().getName(), kv.getValue());
+ public void addToConfig(Map<String, String> fields, Configuration
conf) {
+ for (Map.Entry<String, String> kv : fields.entrySet()) {
+ conf.set(kv.getKey(), kv.getValue());
}
conf.set(PCAP_FILTER_NAME_CONF, PcapFilters.FIXED.name());
}
@Override
- public String queryToString(EnumMap<Constants.Fields, String> fields) {
+ public String queryToString(Map<String, String> fields) {
return (fields == null ? "" : Joiner.on("_").join(fields.values()));
}
}
+ private String packetFilter;
private String srcAddr;
private Integer srcPort;
private String dstAddr;
private Integer dstPort;
private String protocol;
private boolean includesReverseTraffic = false;
+ private boolean doHeaderFiltering = false;
@Override
public void configure(Iterable<Map.Entry<String, String>> config) {
for (Map.Entry<String, String> kv : config) {
if (kv.getKey().equals(Constants.Fields.DST_ADDR.getName())) {
+ System.out.println("Processing: " + kv.getKey() + " => " +
kv.getValue());
--- End diff --
Nah, leave them alone. I forgot about that bit of annoyance in MR jobs.
> Add filtering by packet payload to the pcap query
> -------------------------------------------------
>
> Key: METRON-870
> URL: https://issues.apache.org/jira/browse/METRON-870
> Project: Metron
> Issue Type: Improvement
> Reporter: Casey Stella
>
> Currently we have the ability to filter packets in the pcap query tool by
> header information (src/dest ip/port). We should be able to filter by binary
> regex on the packets themselves.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
