def test_decode_netflow_packet_options_data_ipfix_inline_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
frame = {}
var = {}
djd._cp_flowset = MagicMock()
djd._cp_flowset.return_value = True
djd._convert_time_stamp_to_epoch = MagicMock()
djd._convert_time_stamp_to_epoch.return_value = True
lines = ['Cisco NetFlow/IPFIX',
'Version: 10',
'Observation Domain Id: 721920',
'Set 1',
'FlowSet Id: (Data) (516)',
'Flow 1',
'FlowExporter: 00000002',
'PacketsExp: 610',
'FlowsExp: 429',
'System Init Time: Jan 25, 2016 07:13:01.000000000 GMT+6',
'ExporterAddr: 10.0.0.1 (10.0.0.1)',
'Sampling interval: 1',
'Flow active timeout: 180',
'FlowExporter: 00000002',
'ExportProtocolVersion: 10'
'ExportTransportProtocol: 17',
'ExportProtocolVersion: 10']
self.assertEqual(djd._decode_netflow_packet(lines=lines,line_num=0, num_pkts=0, frame=frame, var=var, flow_selectors='SrcAddr'), 0)
def test_decode_netflow_packet_v9_data_packet_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
frame = {}
var = {}
djd._cp_flowset = MagicMock()
djd._cp_flowset.return_value = True
djd.mpls_over_udp = 1
djd._convert_time_stamp_to_epoch = MagicMock()
djd._convert_time_stamp_to_epoch.return_value = True
lines = ['Cisco NetFlow/IPFIX:',
'Version: 9',
'Timestamp: May 25, 2017 10:52:27.000000000 IST',
'FlowSequence: 339',
'FlowSet 1',
'FlowSet Id: (Data) (259)',
'FlowSet Length: 104',
'Flow 1',
'MPLS-Label1: 16 exp-bits: 0 top-of-stack',
'MPLS-Label2: 0 exp-bits: 0',
'SrcAddr: 2001::2 (2001::2)',
'SrcAddr: 1001::2 (1001::2)',
'DstAddr: 10.50.1.2 (10.50.1.2)',
'SrcPort: 20 (20)']
self.assertEqual(djd._decode_netflow_packet(lines=lines,line_num=0, num_pkts=0, frame=frame, var=var, flow_selectors='SrcAddr'), 0)
def test_decode_netflow_packet_options_template_v9_inline_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
frame = {}
var = {}
djd._cp_flowset = MagicMock()
djd._cp_flowset.return_value = True
djd._convert_time_stamp_to_epoch = MagicMock()
djd._convert_time_stamp_to_epoch.return_value = True
lines = ['Cisco NetFlow/IPFIX',
'Version: 9',
'FlowSet 1',
'FlowSet Id: Options Template(V9) (1)',
'Options Template (Id = 580) (Scope Count = 1; Data Count = 5)',
'Template Id: 580',
'Field (1/1) [Scope]: System',
'Scope Type: System (1)',
'Length: 0',
'Field (1/5): SAMPLING_INTERVAL',
'Type: SAMPLING_INTERVAL (34)',
'Length: 4',
'Field (2/5): FLOW_ACTIVE_TIMEOUT',
'Type: FLOW_ACTIVE_TIMEOUT (36)',
'Field (3/5): FLOW_INACTIVE_TIMEOUT',
'Field (4/5): TOTAL_PKTS_EXP',
'Field (5/5): TOTAL_FLOWS_EXP']
self.assertEqual(djd._decode_netflow_packet(lines=lines,line_num=0, num_pkts=0, frame=frame, var=var, flow_selectors='SrcAddr'), 0)
def test_decode_netflow_packet_ipfix_options_template_pic_template_scope_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
frame = {}
var = {}
djd._cp_flowset = MagicMock()
djd._cp_flowset.return_value = True
djd._convert_time_stamp_to_epoch = MagicMock()
djd._convert_time_stamp_to_epoch.return_value = True
lines = ['Cisco NetFlow/IPFIX',
'FlowSet 1',
'FlowSet Id: Options Template(V9) (1)',
'FlowSet Length: 28',
'Options Template (Id = 257) (Scope Count = 1; Data Count = 3)',
'Template Id: 257',
'Option Scope Length: 4',
'Option Length: 12',
'Field (1/1) [Scope]: Template',
'Scope Type: Template (5)',
'Length: 2',
'Field (1/3): FLOW_ACTIVE_TIMEOUT',
'Type: FLOW_ACTIVE_TIMEOUT (36)',
'Length: 2',
'Field (2/3): FLOW_INACTIVE_TIMEOUT',
'Type: FLOW_INACTIVE_TIMEOUT (37)'
'Length: 2',
'Field (3/3): SAMPLING_INTERVAL',
'Type: SAMPLING_INTERVAL (34)',
'Length: 4']
self.assertEqual(djd._decode_netflow_packet(lines=lines,line_num=0, num_pkts=0, frame=frame, var=var, flow_selectors='SrcAddr'), 0)
def test_decode_netflow_packet_data_template_inline_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
frame = {}
var = {}
djd._cp_flowset = MagicMock()
djd._cp_flowset.return_value = True
djd.mpls_over_udp = 1
lines = ['Cisco NetFlow/IPFIX',
'Set 1',
'FlowSet Id: Data Template (V10 [IPFIX]) (2)',
'FlowSet Length: 116',
'Template (Id = 256, Count = 27)',
'Template Id: 256',
'Field (1/27): IP_SRC_ADDR',
'0... .... .... .... = Pen provided: No',
'.000 0000 0000 1000 = Type: IP_SRC_ADDR (8)',
'Length: 4',
'Field (25/30): flowStartMilliseconds',
'0... .... .... .... = Pen provided: No',
'000 0000 1001 1000 = Type: flowStartMilliseconds (152)',
'Length: 8',
'Field (1/10): DESTINATION_MAC',
'0... .... .... .... = Pen provided: No',
'.000 0000 0101 0000 = Type: DESTINATION_MAC (80)',
'Length: 6',
'Field (1/27): IPV6_SRC_ADDR',
'0... .... .... .... = Pen provided: No',
'.000 0000 0001 1011 = Type: IPV6_SRC_ADDR (27)',
'Length: 16',
'.000 0000 0001 1011 = Type: IPV6_SRC_ADDR (27)',
'Frame 5: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits)',
'Set 1']
self.assertEqual(djd._decode_netflow_packet(lines=lines,line_num=0, num_pkts=0, frame=frame, var=var, flow_selectors='SrcAddr'), 0)
def test_jflow_dump_decode_arguments_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
response = Values()
response.response = MagicMock()
response.response.return_value = 'Pass'
djd.device.shell.return_value = response
djd._parse_jflow_tethereal_verbose = MagicMock()
djd._parse_jflow_tethereal_verbose.return_value = True
var = {}
self.assertEqual(djd._jflow_dump_decode(), None)
def test_jflow_dump_decode_failure_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
response = Values()
response.response = MagicMock()
response.response.return_value = 'No such file or directory'
djd.device.shell.return_value = response
var = {}
with self.assertRaises(Exception) as context:
djd._jflow_dump_decode()
self.assertTrue(
'Could not find the tethereal path on the host' in str(context.exception))
def test_cp_flowset_v6_template_packet_case(self):
djd = decode_jflow_dump()
var = {}
flow_selectors = []
frame = {'FlowSequence': '0',
'Observation Domain Id': '525312',
'flowset': {'Field Count': '27',
'FlowSet Id': 'Data Template (V10 [IPFIX]) (2)',
'DataRecord (Template Id)': '256',
'field': [{'Length': '4', 'Type': 'IP_SRC_ADDR (8)'}]},
'frame_index': 1,
'ip': {'dscp': '0x0', 'dst_ip': '10.50.1.2', 'src_ip': '10.50.1.1'},
'tmpl_type': 'inline-ipv4',
'udp': {'dst_port': '2055', 'src_port': '50101'}}
self.assertEqual(djd._cp_flowset(var, frame), None)
def test_decode_netflow_packet_data_flowset_pic_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
frame = {}
var = {}
djd._cp_flowset = MagicMock()
djd._cp_flowset.return_value = True
djd._convert_time_stamp_to_epoch = MagicMock()
djd._convert_time_stamp_to_epoch.return_value = True
lines = ['Cisco NetFlow/IPFIX',
'Version: 9',
'SourceId: 20',
'FlowSet 1',
'Data FlowSet (Template Id): 263']
self.assertEqual(djd._decode_netflow_packet(lines=lines,line_num=0, num_pkts=0, frame=frame, var=var, flow_selectors='SrcAddr'), 0)
def test_cp_flowset_mpls_v9_data_packet_case(self):
djd = decode_jflow_dump()
var = {}
flow_selectors = []
frame = {'FlowSequence' : '0',
'SourceId': '525312',
'Version': '9',
'flowset': {'FlowSet Id': '(Data) (323)',
'FlowSet Length': '56',
'Template Id': '323',
'pdu': [{'MPLS-Label1':'1000208', 'MPLS-Label2':'1000400', 'MPLS-Label3':'0'}]},
'frame_index': 1,
'ip': {'dscp': '0x0', 'dst_ip': '10.50.1.2', 'src_ip': '10.50.1.1'},
'tmpl_type': 'v9inline-mpls',
'udp': {'dst_port': '2055', 'src_port': '50101'}}
self.assertEqual(djd._cp_flowset(var, frame), None)
def test_cp_flowset_vpls_data_packet_case(self):
djd = decode_jflow_dump()
var = {}
flow_selectors = []
frame = {'FlowSequence' : '0',
'Observation Domain Id': '525312',
'Version': '10',
'flowset': {'FlowSet Id': '(Data) (258)',
'FlowSet Length': '56',
'Data FlowSet (Template Id)': '258',
'pdu': [{'Destination Mac Address' : '00:00:00:00:02:29', 'Source Mac Address' : '00:00:00:00:01:11'}]},
'frame_index': 1,
'ip': {'dscp': '0x0', 'dst_ip': '10.50.1.2', 'src_ip': '10.50.1.1'},
'tmpl_type': 'vpls',
'udp': {'dst_port': '2055', 'src_port': '50101'}}
self.assertEqual(djd._cp_flowset(var, frame), None)
def test_cp_flowset_mpls_ipv4_ipfix_data_packet_case(self):
djd = decode_jflow_dump()
var = {}
flow_selectors = []
frame = {'FlowSequence' : '0',
'Observation Domain Id': '525312',
'Version': '10',
'flowset': {'FlowSet Id': '(Data) (260)',
'FlowSet Length': '56',
'Template Id': '260',
'pdu': [{'SrcAddr':'20.40.2.2', 'DstAddr':'50.0.0.9', 'MPLS-Label1':'1000208', 'MPLS-Label2':'1000400', 'MPLS-Label3':'0'}]},
'frame_index': 1,
'ip': {'dscp': '0x0', 'dst_ip': '10.50.1.2', 'src_ip': '10.50.1.1'},
'tmpl_type': 'mplsipv4-inline',
'udp': {'dst_port': '2055', 'src_port': '50101'}}
self.assertEqual(djd._cp_flowset(var, frame), None)
def test_cp_flowset_v6_options_template_packet_case(self):
djd = decode_jflow_dump()
var = {}
flow_selectors = []
frame = {'FlowSequence': '0',
'Observation Domain Id': '525312',
'Version': '10',
'flowset': {'FlowSet Id': 'Options Template (V10 [IPFIX]) (3)',
'FlowSet Length': '56',
'Template Id': '512',
'field': [{'Length': '4', 'Type': 'FLOW_EXPORTER (144)'}]},
'frame_index': 1,
'ip': {'dscp': '0x0', 'dst_ip': '10.50.1.2', 'src_ip': '10.50.1.1'},
'tmpl_type': 'mpls-inline',
'udp': {'dst_port': '2055', 'src_port': '50101'}}
self.assertEqual(djd._cp_flowset(var, frame), None)
def test_decode_netflow_packet_data_template_mpls_v9_inline_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
frame = {}
var = {}
djd._cp_flowset = MagicMock()
djd._cp_flowset.return_value = True
lines = ['Cisco NetFlow/IPFIX',
'Version: 9',
'SourceId: 721920',
'FlowSet 1',
'FlowSet Id: Data Template (V9) (0)',
'Template (Id = 324, Count = 26)',
'Template Id: 324',
'Field (1/26): MPLS_LABEL_1',
'Type: MPLS_LABEL_1 (70)',
'Length: 3']
self.assertEqual(djd._decode_netflow_packet(lines=lines,line_num=0, num_pkts=0, frame=frame, var=var, flow_selectors='SrcAddr'), 0)
def test_parse_jflow_tethereal_verbose_ip_udp_negative_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
resp = Values()
resp.response = MagicMock()
resp.response.return_value = '''Frame 5: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits)\n
Internet Protocol Version 4, Src: 20.50.1.1 (20.50.1.1), Dst: 20.50.1.2 (20.50.1.2)\n
Source: 20.50.1.1 (20.50.1.1)\n
Destination: 20.50.1.2 (20.50.1.2)\n
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
User Datagram Protocol, Src Port: 50101 (50101), Dst Port: 2055 (2055)\n
Cisco NetFlow/IPFIX'''
djd.device.shell.return_value = resp
var = {}
with self.assertRaises(Exception) as context:
djd._parse_jflow_tethereal_verbose()
self.assertTrue(
'No flowset found in Frame 0' in str(context.exception))
def test_parse_jflow_tethereal_verbose_ip_udp_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
djd.decoded_dict = {}
resp = Values()
resp.response = MagicMock()
resp.response.return_value = '''Frame 5: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits)\n
Internet Protocol Version 4, Src: 20.50.1.1 (20.50.1.1), Dst: 20.50.1.2 (20.50.1.2)\n
Source: 20.50.1.1 (20.50.1.1)\n
Destination: 20.50.1.2 (20.50.1.2)\n
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
User Datagram Protocol, Src Port: 50101 (50101), Dst Port: 2055 (2055)\n
Cisco NetFlow/IPFIXi\n
Frame 6: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits)'''
djd.device.shell.return_value = resp
var = {}
djd._decode_netflow_packet = MagicMock()
djd._decode_netflow_packet.return_value = 1
self.assertEqual(djd._parse_jflow_tethereal_verbose(), None)
def test_cp_flowset_v4_data_packet_with_flow_selector_case(self):
djd = decode_jflow_dump()
var = {}
djd.flow_selectors = ['SrcAddr', 'DstAddr']
frame = {'Observation Domain Id' : '525568',
'FlowSequence' : '112',
'Version': '10',
'flowset': {'FlowSet Id': '(Data) (256)',
'num_pdu': 1,
'pdu': [{'Direction': 'Unknown (255)',
'Dot1q Customer Vlan Id': '0',
'DstAddr': '2.0.0.2',
'SrcAddr': '1.0.0.1',
'SrcPort': '20 (20)',
'Dot1q Vlan Id': '0'}]},
'ip': {'dscp': '0x0', 'dst_ip': '20.50.1.2', 'src_ip': '20.50.1.1'},
'tmpl_type': '',
'frame_index': '5',
'udp': {'dst_port': '2055', 'src_port': '50101'}
}
self.assertEqual(djd._cp_flowset(var, frame), None)
def test_decode_netflow_packet_ipfix_options_template_pic_system_scope_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
frame = {}
var = {}
djd._cp_flowset = MagicMock()
djd._cp_flowset.return_value = True
djd._convert_time_stamp_to_epoch = MagicMock()
djd._convert_time_stamp_to_epoch.return_value = True
lines = ['Cisco NetFlow/IPFIX',
'FlowSet 1',
'FlowSet Id: Options Template(V9) (1)',
'Options Template (Id = 261) (Scope Count = 1; Data Count = 1)',
'Template Id: 261',
'Field (1/1) [Scope]: System'
'Scope Type: System (1)'
'Length: 4',
'Field (1/1): SAMPLING_ALGORITHM',
'Type: SAMPLING_ALGORITHM (35)',
'Length: 1']
self.assertEqual(djd._decode_netflow_packet(lines=lines,line_num=0, num_pkts=0, frame=frame, var=var, flow_selectors='SrcAddr'), 0)
def test_decode_netflow_packet_options_template_ipfix_inline_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
frame = {}
var = {}
djd._cp_flowset = MagicMock()
djd._cp_flowset.return_value = True
djd._convert_time_stamp_to_epoch = MagicMock()
djd._convert_time_stamp_to_epoch.return_value = True
lines = ['Cisco NetFlow/IPFIX',
'Version: 10',
'Observation Domain Id: 721920',
'Set 1',
'FlowSet Id: Options Template (V10 [IPFIX]) (3)',
'Options Template (Id = 516) (Scope Count = 1; Data Count = 10)',
'Template Id: 516',
'Field (1/1) [Scope]: FLOW_EXPORTER',
'0... .... .... .... = Pen provided: No',
'.000 0000 1001 0000 = Type: FLOW_EXPORTER (144)',
'Length: 4']
self.assertEqual(djd._decode_netflow_packet(lines=lines,line_num=0, num_pkts=0, frame=frame, var=var, flow_selectors='SrcAddr'), 0)
def test_decode_netflow_packet_options_data_v9_inline_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
frame = {}
var = {}
djd._cp_flowset = MagicMock()
djd._cp_flowset.return_value = True
djd._convert_time_stamp_to_epoch = MagicMock()
djd._convert_time_stamp_to_epoch.return_value = True
lines = ['Cisco NetFlow/IPFIX',
'Version: 9',
'SysUptime: 19088000',
'SourceId: 721920',
'FlowSet 1',
'FlowSet Id: (Data) (580)',
'Flow 1',
'Sampling interval: 1',
'Flow active timeout: 180',
'Flow inactive timeout: 60',
'PacketsExp: 702',
'FlowsExp: 1310']
self.assertEqual(djd._decode_netflow_packet(lines=lines,line_num=0, num_pkts=0, frame=frame, var=var, flow_selectors='SrcAddr'), 0)
def test_cp_flowset_v6_data_packet_with_fs_type_negative_case(self):
djd = decode_jflow_dump()
var = {}
flow_selectors = ['SrcAddr', 'DstAddr']
frame = {'Observation Domain Id' : '525568',
'FlowSequence' : '112',
'Version': '10',
'flowset': {
'num_pdu': 1,
'pdu': [{'Direction': 'Unknown (255)',
'Dot1q Customer Vlan Id': '0',
'DstAddr': '2222::2',
'SrcAddr': '1111::2',
'SrcPort': '20',
'Dot1q Vlan Id': '0'}]},
'ip': {'dscp': '0x0', 'dst_ip': '20.50.1.2', 'src_ip': '20.50.1.1'},
'tmpl_type': 'ipv6',
'frame_index': '5',
'udp': {'dst_port': '2055', 'src_port': '50101'}
}
with self.assertRaises(Exception) as context:
djd._cp_flowset(var, frame)
self.assertTrue(
'' in str(context.exception))
def test_cp_flowset_v4_data_packet_flow_selector_negative_case(self):
djd = decode_jflow_dump()
var = {}
flow_selectors = []
frame = {'SourceId' : '525568',
'FlowSequence': '0',
'Version': '10',
'flowset': {'FlowSet Id': '(Data) (256)',
'type' : 'DATA',
'num_pdu': 1,
'pdu': [{'Direction': 'Unknown (255)',
'Dot1q Customer Vlan Id': '0',
'DstAddr': '2.0.0.2',
'SrcAddr': '1.0.0.1',
'Dot1q Vlan Id': '0'}]},
'ip': {'dscp': '0x0', 'dst_ip': '20.50.1.2', 'src_ip': '20.50.1.1'},
'tmpl_type': 'mpls-ipv4',
'frame_index': '5',
'udp': {'dst_port': '2055', 'src_port': '50101'}
}
with self.assertRaises(Exception) as context:
djd._cp_flowset(var, frame)
self.assertTrue(
'SrcPort not found in keys of frame as well as pdu, please make sure the string being parsed is correct for pdu_index 0' in str(context.exception))
def test_decode_netflow_packet_ipfix_options_data_pic_case(self):
djd = decode_jflow_dump()
djd.device = MagicMock()
djd.device.shell = MagicMock()
frame = {}
var = {}
djd._cp_flowset = MagicMock()
djd._cp_flowset.return_value = True
djd._convert_time_stamp_to_epoch = MagicMock()
djd._convert_time_stamp_to_epoch.return_value = True
lines = ['Cisco NetFlow/IPFIX',
'FlowSet 1',
'FlowSet Id: (Data) (260)',
'Flow 1',
'ScopeTemplate: 0103',
'Flow active timeout: 120',
'Flow inactive timeout: 30',
'Sampling interval: 1800000',
'FlowSet 2',
'FlowSet Id: (Data) (260)',
'Flow 1',
'ScopeSystem: 01000000',
'Sampling algorithm: Random sampling mode configured (2)']
self.assertEqual(djd._decode_netflow_packet(lines=lines,line_num=0, num_pkts=0, frame=frame, var=var, flow_selectors='SrcAddr'), 0)
