From 8f83f9bc972df69dda84fea1ab3d8d70d0943deb Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.ch>
Date: Sun, 4 Jun 2023 10:53:27 +0200
Subject: [PATCH] inlet/flow: add tests for ICMP and Netflow

---
 common/helpers/tests_pcap.go                  |   2 +-
 inlet/flow/decoder/netflow/root_test.go       |  72 ++++++++++++++++++
 .../flow/decoder/netflow/testdata/icmp-1.pcap | Bin 0 -> 542 bytes
 .../flow/decoder/netflow/testdata/icmp-2.pcap | Bin 0 -> 222 bytes
 4 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 inlet/flow/decoder/netflow/testdata/icmp-1.pcap
 create mode 100644 inlet/flow/decoder/netflow/testdata/icmp-2.pcap

diff --git a/common/helpers/tests_pcap.go b/common/helpers/tests_pcap.go
index 73778e3d..c136fae4 100644
--- a/common/helpers/tests_pcap.go
+++ b/common/helpers/tests_pcap.go
@@ -15,7 +15,7 @@ import (
 	"github.com/google/gopacket/pcapgo"
 )
 
-// ReadPcapPayload reads and parses a PCAP file and return the payload (after Layer 4).
+// ReadPcapPayload reads and parses a PCAP file and return the payload (Layer 4).
 func ReadPcapPayload(t testing.TB, pcapfile string) []byte {
 	t.Helper()
 	f, err := os.Open(pcapfile)
diff --git a/inlet/flow/decoder/netflow/root_test.go b/inlet/flow/decoder/netflow/root_test.go
index 5529ae18..495b5926 100644
--- a/inlet/flow/decoder/netflow/root_test.go
+++ b/inlet/flow/decoder/netflow/root_test.go
@@ -234,3 +234,75 @@ func TestTemplatesMixedWithData(t *testing.T) {
 		t.Fatalf("Metrics after data (-got, +want):\n%s", diff)
 	}
 }
+
+func TestDecodeICMP(t *testing.T) {
+	r := reporter.NewMock(t)
+	nfdecoder := New(r, decoder.Dependencies{Schema: schema.NewMock(t).EnableAllColumns()})
+
+	data := helpers.ReadPcapPayload(t, filepath.Join("testdata", "icmp-1.pcap"))
+	got := nfdecoder.Decode(decoder.RawFlow{Payload: data, Source: net.ParseIP("127.0.0.1")})
+	data = helpers.ReadPcapPayload(t, filepath.Join("testdata", "icmp-2.pcap"))
+	got = append(got, nfdecoder.Decode(decoder.RawFlow{Payload: data, Source: net.ParseIP("127.0.0.1")})...)
+
+	expectedFlows := []*schema.FlowMessage{
+		{
+			ExporterAddress: netip.MustParseAddr("::ffff:127.0.0.1"),
+			SrcAddr:         netip.MustParseAddr("2001:db8::"),
+			DstAddr:         netip.MustParseAddr("2001:db8::1"),
+			ProtobufDebug: map[schema.ColumnKey]interface{}{
+				schema.ColumnBytes:      104,
+				schema.ColumnDstPort:    32768,
+				schema.ColumnEType:      34525,
+				schema.ColumnICMPv6Type: 128, // Code: 0
+				schema.ColumnPackets:    1,
+				schema.ColumnProto:      58,
+			},
+		},
+		{
+			ExporterAddress: netip.MustParseAddr("::ffff:127.0.0.1"),
+			SrcAddr:         netip.MustParseAddr("2001:db8::1"),
+			DstAddr:         netip.MustParseAddr("2001:db8::"),
+			ProtobufDebug: map[schema.ColumnKey]interface{}{
+				schema.ColumnBytes:      104,
+				schema.ColumnDstPort:    33024,
+				schema.ColumnEType:      34525,
+				schema.ColumnICMPv6Type: 129, // Code: 0
+				schema.ColumnPackets:    1,
+				schema.ColumnProto:      58,
+			},
+		},
+		{
+			ExporterAddress: netip.MustParseAddr("::ffff:127.0.0.1"),
+			SrcAddr:         netip.MustParseAddr("::ffff:203.0.113.4"),
+			DstAddr:         netip.MustParseAddr("::ffff:203.0.113.5"),
+			ProtobufDebug: map[schema.ColumnKey]interface{}{
+				schema.ColumnBytes:      84,
+				schema.ColumnDstPort:    2048,
+				schema.ColumnEType:      2048,
+				schema.ColumnICMPv4Type: 8, // Code: 0
+				schema.ColumnPackets:    1,
+				schema.ColumnProto:      1,
+			},
+		},
+		{
+			ExporterAddress: netip.MustParseAddr("::ffff:127.0.0.1"),
+			SrcAddr:         netip.MustParseAddr("::ffff:203.0.113.5"),
+			DstAddr:         netip.MustParseAddr("::ffff:203.0.113.4"),
+			ProtobufDebug: map[schema.ColumnKey]interface{}{
+				schema.ColumnBytes:   84,
+				schema.ColumnEType:   2048,
+				schema.ColumnPackets: 1,
+				schema.ColumnProto:   1,
+				// Type/Code  = 0
+			},
+		},
+	}
+	for _, f := range got {
+		f.TimeReceived = 0
+	}
+
+	if diff := helpers.Diff(got, expectedFlows); diff != "" {
+		t.Fatalf("Decode() (-got, +want):\n%s", diff)
+	}
+
+}
diff --git a/inlet/flow/decoder/netflow/testdata/icmp-1.pcap b/inlet/flow/decoder/netflow/testdata/icmp-1.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..3ce005ccfb2af90de9a5259f2a72694799ff5eb7
GIT binary patch
literal 542
zcmca|c+)~A1{MYcU}0bca-RCuq=-c`GJFGaKzPkO@m9Z7n;QGW0hc)#Tp1W&-2LRh
z;2`*Z&Vd!B%0SGxZ8?Vt<CUN{44e#X3=C#pQ)+yl0u2Hg1_CZXJNOx9GH@`=0AfZU
zW&&axAd3rVJs%L;f<;*vcz|qnpe#2KvjWA~fEeN^7Zyg!&EO!$9nuT}3^G6rvLEIa
zBzJHS;|@G#0Nt<x7&INN6C@fCG&r0xz$8!*7>H1yz{tA;#s<-7d{78CFfdpl41yU9
SQp`ZuKt?nJLAn~j1_A&f05<ag

literal 0
HcmV?d00001

diff --git a/inlet/flow/decoder/netflow/testdata/icmp-2.pcap b/inlet/flow/decoder/netflow/testdata/icmp-2.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..bbe44ad65a6cacc7cef7d86e9bd2c652dd7b262d
GIT binary patch
literal 222
zcmca|c+)~A1{MYcU}0bca-RCuq{K!uGHe5~L3qtP@m9Z7n;QGW0hc)#Tp1Wv-2Lpp
z;2`+n_JI|p%0SGxZ8?Vt!xTRb22KVh1_raQDK)-Nff|8q29Ws`3=E7NtrO&DA!v{c
jLkO4z3L@NanxT*dh*=pJIDnEs*N~u*6{HzrBv2y&M*b@W

literal 0
HcmV?d00001