Skip to content

Clone the field definition #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Clone the field definition #16

wants to merge 1 commit into from

Conversation

bodgit
Copy link
Contributor

@bodgit bodgit commented Aug 18, 2015

Otherwise we end up changing the field definitions. Fixes some of the issues seen in #6.

@bodgit
Clone the field definition
31284f8 
Otherwise we end up changing the field definitions.
@purbon
Copy link

purbon commented Sep 4, 2015

Thanks a lot for your contributions @bodgit, it would be super nice if you can add test for this change. We try to enforce that all PR introduce some kind of testing, so we're able to increase the overall quality. Don't hesitate to ask any question regarding you might have, more than looking forward to help.

@jorritfolmer
Copy link
Contributor

I happened to have tested this PR, so I can provide a .pcap file that, when replayed to the netflow udp port, is able to reproduce the original condition that this PR fixes.
But how do we go from there?

@bodgit
Copy link
Contributor Author

bodgit commented Sep 10, 2015

There are tests in the source already under spec/, I think the pcap file needs to just be turned into a stream of the packet payloads without any of the pcap headers. There's probably a way of doing that with tshark perhaps.

@jordansissel
Copy link
Contributor

@jorritfolmer thank you for helping test! This is useful info :)

@jorritfolmer jorritfolmer mentioned this pull request Sep 24, 2015
Closed
@jorritfolmer
Copy link
Contributor

There seems to be an issue with a stream of netflow packets in 1 single .dat file.
For 3 packets in one .dat file, a bundle exec rspec gives:

    Failure/Error: subject.decode(data){|event| events << event}
     ArgumentError:
       negative length -1 given

If I change it to a single packet in a .dat file, things are fine.
This leads me to believe I cannot use multiple packets in 1 .dat file.

However, for this test I need to:

  1. parse a netflow template with data from source A
  2. parse a netflow template (edit: that is different from A) without data from source B
  3. parse a netflow data packet from source B

The tests to be done are:

  1. test whether data from source A matches a predefined json
  2. test whether data from source B matches another predefined json.

Without the fix in this PR, the json from source B will fail to match.
With the fix, it will match.

But how do I wrestle this set-of-packets into rspec?

@jorritfolmer jorritfolmer mentioned this pull request Oct 15, 2015
Closed
@jorritfolmer
Copy link
Contributor

Yeah! I think I've found a way to create a test that decodes an ordered set of packets!
I've created a seperate PR #25 with tests to address this.

@elasticsearch-release
Copy link

Jenkins standing by to test this. If you aren't a maintainer, you can ignore this comment. Someone with commit access, please review this and clear it for Jenkins to run; then say 'jenkins, test it'.

@jorritfolmer
Copy link
Contributor

Closed with half-twin PR #25

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug needs tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bodgit @purbon @jorritfolmer @jordansissel @elasticsearch-release