osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

elastic: make fields all the same. 

The outputs of -T ek and -G elastic-mapping don't match. To be effective
the fields in the mapping report and the fields in the traffic output must
be the same.

2 issues have been fixed. The elastic-mapping requires the parent protocol
to be prepended to the field to match the traffic output. The field "dns.a"
has been changed to "dns_dns_a".
The traffic output prints some fields with a leading "text_". This happens
for some fields that have been created under a text only field. One example
is "dns.a", that was printed as "text_dns_a". This has been fixed by accessing
the parent hfinfo resulting in "dns_dns_a" as other fields for the dns
protocol.

Bug: 15759
Change-Id: Ibd000c865102ca49bb6a6394019a475483eae4cc
Reviewed-on: https://code.wireshark.org/review/33099
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
This commit is contained in:
Dario Lombardo 2019-05-07 09:42:38 +02:00
parent 07aa2a8e49
commit 91bbc58402
5 changed files with 305 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
epan/print.c
View File

@ -1217,12 +1217,12 @@ ek_fill_attr(proto_node *node, GSList **attr_list, GHashTable *attr_table, write
static void
ek_write_name(proto_node *pnode, gchar* suffix, write_json_data* pdata)
{
field_info *fi = PNODE_FINFO(pnode);
field_info *fi_parent = PNODE_FINFO(pnode->parent);
field_info *fi = PNODE_FINFO(pnode);
gchar *str;
if (fi_parent != NULL) {
str = g_strdup_printf("%s_%s%s", fi_parent->hfinfo->abbrev, fi->hfinfo->abbrev, suffix ? suffix : "");
if (fi->hfinfo->parent != -1) {
header_field_info* parent = proto_registrar_get_nth(fi->hfinfo->parent);
str = g_strdup_printf("%s_%s%s", parent->abbrev, fi->hfinfo->abbrev, suffix ? suffix : "");
json_dumper_set_member_name(pdata->dumper, str);
} else {
str = g_strdup_printf("%s%s", fi->hfinfo->abbrev, suffix ? suffix : "");

2
epan/proto.c
View File

@ -10440,7 +10440,7 @@ proto_registrar_dump_elastic(const gchar* filter)
/* Skip the fields that would map into string. This is the default in elasticsearch. */
type = ws_type_to_elastic(hfinfo->type);
if (type) {
str = g_strdup(hfinfo->abbrev);
str = g_strdup_printf("%s_%s", prev_proto, hfinfo->abbrev);
json_dumper_set_member_name(&dumper, dot_to_underscore(str));
g_free(str);
json_dumper_begin_object(&dumper); // 9.hfinfo->abbrev

16
test/baseline/dhcp.ek
View File

@ -1,8 +1,8 @@
{"index" : {"_index": "packets-2004-12-05", "_type": "doc"}}
{"timestamp" : "1102274184317", "layers" : {"frame": {"frame_frame_encap_type": "1","frame_frame_time": "Dec 5, 2004 19:16:24.317453000 UTC","frame_frame_offset_shift": "0.000000000","frame_frame_time_epoch": "1102274184.317453000","frame_frame_time_delta": "0.000000000","frame_frame_time_delta_displayed": "0.000000000","frame_frame_time_relative": "0.000000000","frame_frame_number": "1","frame_frame_len": "314","frame_frame_cap_len": "314","frame_frame_marked": "0","frame_frame_ignored": "0","frame_frame_protocols": "eth:ethertype:ip:udp:dhcp"},"eth": {"eth_eth_dst": "ff:ff:ff:ff:ff:ff","eth_dst_eth_dst_resolved": "Broadcast","eth_dst_eth_addr": "ff:ff:ff:ff:ff:ff","eth_dst_eth_addr_resolved": "Broadcast","eth_dst_eth_lg": "1","eth_dst_eth_ig": "1","eth_eth_src": "00:0b:82:01:fc:42","eth_src_eth_src_resolved": "Grandstr_01:fc:42","eth_src_eth_addr": "00:0b:82:01:fc:42","eth_src_eth_addr_resolved": "Grandstr_01:fc:42","eth_src_eth_lg": "0","eth_src_eth_ig": "0","eth_eth_type": "0x00000800"},"ip": {"ip_ip_version": "4","ip_ip_hdr_len": "20","ip_ip_dsfield": "0x00000000","ip_dsfield_ip_dsfield_dscp": "0","ip_dsfield_ip_dsfield_ecn": "0","ip_ip_len": "300","ip_ip_id": "0x0000a836","ip_ip_flags": "0x00000000","ip_flags_ip_flags_rb": "0","ip_flags_ip_flags_df": "0","ip_flags_ip_flags_mf": "0","ip_flags_ip_frag_offset": "0","ip_ip_ttl": "250","ip_ip_proto": "17","ip_ip_checksum": "0x0000178b","ip_ip_checksum_status": "2","ip_ip_src": "0.0.0.0","ip_ip_addr": ["0.0.0.0","255.255.255.255"],"ip_ip_src_host": "0.0.0.0","ip_ip_host": ["0.0.0.0","255.255.255.255"],"ip_ip_dst": "255.255.255.255","ip_ip_dst_host": "255.255.255.255"},"udp": {"udp_udp_srcport": "68","udp_udp_dstport": "67","udp_udp_port": ["68","67"],"udp_udp_length": "280","udp_udp_checksum": "0x0000591f","udp_udp_checksum_status": "2","udp_udp_stream": "0","udp_text": "Timestamps","text_udp_time_relative": "0.000000000","text_udp_time_delta": "0.000000000"},"dhcp": {"dhcp_dhcp_type": "1","dhcp_dhcp_hw_type": "0x00000001","dhcp_dhcp_hw_len": "6","dhcp_dhcp_hops": "0","dhcp_dhcp_id": "0x00003d1d","dhcp_dhcp_secs": "0","dhcp_dhcp_flags": "0x00000000","dhcp_flags_dhcp_flags_bc": "0","dhcp_flags_dhcp_flags_reserved": "0x00000000","dhcp_dhcp_ip_client": "0.0.0.0","dhcp_dhcp_ip_your": "0.0.0.0","dhcp_dhcp_ip_server": "0.0.0.0","dhcp_dhcp_ip_relay": "0.0.0.0","dhcp_dhcp_hw_mac_addr": "00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding": "00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server": "","dhcp_dhcp_file": "","dhcp_dhcp_cookie": "99.130.83.99","dhcp_dhcp_option_type": ["53","61","50","55","0"],"dhcp_option_type_dhcp_option_length": ["1","7","4","4"],"dhcp_option_type_dhcp_option_value": ["01","01:00:0b:82:01:fc:42","00:00:00:00","01:03:06:2a"],"dhcp_option_type_dhcp_option_dhcp": "1","dhcp_option_type_dhcp_hw_type": "0x00000001","dhcp_option_type_dhcp_hw_mac_addr": "00:0b:82:01:fc:42","dhcp_option_type_dhcp_option_requested_ip_address": "0.0.0.0","dhcp_option_type_dhcp_option_request_list_item": ["1","3","6","42"],"dhcp_option_type_dhcp_option_end": "255","dhcp_dhcp_option_padding": "00:00:00:00:00:00:00"}}}
{"index" : {"_index": "packets-2004-12-05", "_type": "doc"}}
{"timestamp" : "1102274184317", "layers" : {"frame": {"frame_frame_encap_type": "1","frame_frame_time": "Dec 5, 2004 19:16:24.317748000 UTC","frame_frame_offset_shift": "0.000000000","frame_frame_time_epoch": "1102274184.317748000","frame_frame_time_delta": "0.000295000","frame_frame_time_delta_displayed": "0.000295000","frame_frame_time_relative": "0.000295000","frame_frame_number": "2","frame_frame_len": "342","frame_frame_cap_len": "342","frame_frame_marked": "0","frame_frame_ignored": "0","frame_frame_protocols": "eth:ethertype:ip:udp:dhcp"},"eth": {"eth_eth_dst": "00:0b:82:01:fc:42","eth_dst_eth_dst_resolved": "Grandstr_01:fc:42","eth_dst_eth_addr": "00:0b:82:01:fc:42","eth_dst_eth_addr_resolved": "Grandstr_01:fc:42","eth_dst_eth_lg": "0","eth_dst_eth_ig": "0","eth_eth_src": "00:08:74:ad:f1:9b","eth_src_eth_src_resolved": "Dell_ad:f1:9b","eth_src_eth_addr": "00:08:74:ad:f1:9b","eth_src_eth_addr_resolved": "Dell_ad:f1:9b","eth_src_eth_lg": "0","eth_src_eth_ig": "0","eth_eth_type": "0x00000800"},"ip": {"ip_ip_version": "4","ip_ip_hdr_len": "20","ip_ip_dsfield": "0x00000000","ip_dsfield_ip_dsfield_dscp": "0","ip_dsfield_ip_dsfield_ecn": "0","ip_ip_len": "328","ip_ip_id": "0x00000445","ip_ip_flags": "0x00000000","ip_flags_ip_flags_rb": "0","ip_flags_ip_flags_df": "0","ip_flags_ip_flags_mf": "0","ip_flags_ip_frag_offset": "0","ip_ip_ttl": "128","ip_ip_proto": "17","ip_ip_checksum": "0x00000000","ip_ip_checksum_status": "2","ip_ip_src": "192.168.0.1","ip_ip_addr": ["192.168.0.1","192.168.0.10"],"ip_ip_src_host": "192.168.0.1","ip_ip_host": ["192.168.0.1","192.168.0.10"],"ip_ip_dst": "192.168.0.10","ip_ip_dst_host": "192.168.0.10"},"udp": {"udp_udp_srcport": "67","udp_udp_dstport": "68","udp_udp_port": ["67","68"],"udp_udp_length": "308","udp_udp_checksum": "0x00002233","udp_udp_checksum_status": "2","udp_udp_stream": "1","udp_text": "Timestamps","text_udp_time_relative": "0.000000000","text_udp_time_delta": "0.000000000"},"dhcp": {"dhcp_dhcp_type": "2","dhcp_dhcp_hw_type": "0x00000001","dhcp_dhcp_hw_len": "6","dhcp_dhcp_hops": "0","dhcp_dhcp_id": "0x00003d1d","dhcp_dhcp_secs": "0","dhcp_dhcp_flags": "0x00000000","dhcp_flags_dhcp_flags_bc": "0","dhcp_flags_dhcp_flags_reserved": "0x00000000","dhcp_dhcp_ip_client": "0.0.0.0","dhcp_dhcp_ip_your": "192.168.0.10","dhcp_dhcp_ip_server": "192.168.0.1","dhcp_dhcp_ip_relay": "0.0.0.0","dhcp_dhcp_hw_mac_addr": "00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding": "00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server": "","dhcp_dhcp_file": "","dhcp_dhcp_cookie": "99.130.83.99","dhcp_dhcp_option_type": ["53","1","58","59","51","54","0"],"dhcp_option_type_dhcp_option_length": ["1","4","4","4","4","4"],"dhcp_option_type_dhcp_option_value": ["02","ff:ff:ff:00","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01"],"dhcp_option_type_dhcp_option_dhcp": "2","dhcp_option_type_dhcp_option_subnet_mask": "255.255.255.0","dhcp_option_type_dhcp_option_renewal_time_value": "1800","dhcp_option_type_dhcp_option_rebinding_time_value": "3150","dhcp_option_type_dhcp_option_ip_address_lease_time": "3600","dhcp_option_type_dhcp_option_dhcp_server_id": "192.168.0.1","dhcp_option_type_dhcp_option_end": "255","dhcp_dhcp_option_padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}}
{"index" : {"_index": "packets-2004-12-05", "_type": "doc"}}
{"timestamp" : "1102274184387", "layers" : {"frame": {"frame_frame_encap_type": "1","frame_frame_time": "Dec 5, 2004 19:16:24.387484000 UTC","frame_frame_offset_shift": "0.000000000","frame_frame_time_epoch": "1102274184.387484000","frame_frame_time_delta": "0.069736000","frame_frame_time_delta_displayed": "0.069736000","frame_frame_time_relative": "0.070031000","frame_frame_number": "3","frame_frame_len": "314","frame_frame_cap_len": "314","frame_frame_marked": "0","frame_frame_ignored": "0","frame_frame_protocols": "eth:ethertype:ip:udp:dhcp"},"eth": {"eth_eth_dst": "ff:ff:ff:ff:ff:ff","eth_dst_eth_dst_resolved": "Broadcast","eth_dst_eth_addr": "ff:ff:ff:ff:ff:ff","eth_dst_eth_addr_resolved": "Broadcast","eth_dst_eth_lg": "1","eth_dst_eth_ig": "1","eth_eth_src": "00:0b:82:01:fc:42","eth_src_eth_src_resolved": "Grandstr_01:fc:42","eth_src_eth_addr": "00:0b:82:01:fc:42","eth_src_eth_addr_resolved": "Grandstr_01:fc:42","eth_src_eth_lg": "0","eth_src_eth_ig": "0","eth_eth_type": "0x00000800"},"ip": {"ip_ip_version": "4","ip_ip_hdr_len": "20","ip_ip_dsfield": "0x00000000","ip_dsfield_ip_dsfield_dscp": "0","ip_dsfield_ip_dsfield_ecn": "0","ip_ip_len": "300","ip_ip_id": "0x0000a837","ip_ip_flags": "0x00000000","ip_flags_ip_flags_rb": "0","ip_flags_ip_flags_df": "0","ip_flags_ip_flags_mf": "0","ip_flags_ip_frag_offset": "0","ip_ip_ttl": "250","ip_ip_proto": "17","ip_ip_checksum": "0x0000178a","ip_ip_checksum_status": "2","ip_ip_src": "0.0.0.0","ip_ip_addr": ["0.0.0.0","255.255.255.255"],"ip_ip_src_host": "0.0.0.0","ip_ip_host": ["0.0.0.0","255.255.255.255"],"ip_ip_dst": "255.255.255.255","ip_ip_dst_host": "255.255.255.255"},"udp": {"udp_udp_srcport": "68","udp_udp_dstport": "67","udp_udp_port": ["68","67"],"udp_udp_length": "280","udp_udp_checksum": "0x00009fbd","udp_udp_checksum_status": "2","udp_udp_stream": "0","udp_text": "Timestamps","text_udp_time_relative": "0.070031000","text_udp_time_delta": "0.070031000"},"dhcp": {"dhcp_dhcp_type": "1","dhcp_dhcp_hw_type": "0x00000001","dhcp_dhcp_hw_len": "6","dhcp_dhcp_hops": "0","dhcp_dhcp_id": "0x00003d1e","dhcp_dhcp_secs": "0","dhcp_dhcp_flags": "0x00000000","dhcp_flags_dhcp_flags_bc": "0","dhcp_flags_dhcp_flags_reserved": "0x00000000","dhcp_dhcp_ip_client": "0.0.0.0","dhcp_dhcp_ip_your": "0.0.0.0","dhcp_dhcp_ip_server": "0.0.0.0","dhcp_dhcp_ip_relay": "0.0.0.0","dhcp_dhcp_hw_mac_addr": "00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding": "00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server": "","dhcp_dhcp_file": "","dhcp_dhcp_cookie": "99.130.83.99","dhcp_dhcp_option_type": ["53","61","50","54","55","0"],"dhcp_option_type_dhcp_option_length": ["1","7","4","4","4"],"dhcp_option_type_dhcp_option_value": ["03","01:00:0b:82:01:fc:42","c0:a8:00:0a","c0:a8:00:01","01:03:06:2a"],"dhcp_option_type_dhcp_option_dhcp": "3","dhcp_option_type_dhcp_hw_type": "0x00000001","dhcp_option_type_dhcp_hw_mac_addr": "00:0b:82:01:fc:42","dhcp_option_type_dhcp_option_requested_ip_address": "192.168.0.10","dhcp_option_type_dhcp_option_dhcp_server_id": "192.168.0.1","dhcp_option_type_dhcp_option_request_list_item": ["1","3","6","42"],"dhcp_option_type_dhcp_option_end": "255","dhcp_dhcp_option_padding": "00"}}}
{"index" : {"_index": "packets-2004-12-05", "_type": "doc"}}
{"timestamp" : "1102274184387", "layers" : {"frame": {"frame_frame_encap_type": "1","frame_frame_time": "Dec 5, 2004 19:16:24.387798000 UTC","frame_frame_offset_shift": "0.000000000","frame_frame_time_epoch": "1102274184.387798000","frame_frame_time_delta": "0.000314000","frame_frame_time_delta_displayed": "0.000314000","frame_frame_time_relative": "0.070345000","frame_frame_number": "4","frame_frame_len": "342","frame_frame_cap_len": "342","frame_frame_marked": "0","frame_frame_ignored": "0","frame_frame_protocols": "eth:ethertype:ip:udp:dhcp"},"eth": {"eth_eth_dst": "00:0b:82:01:fc:42","eth_dst_eth_dst_resolved": "Grandstr_01:fc:42","eth_dst_eth_addr": "00:0b:82:01:fc:42","eth_dst_eth_addr_resolved": "Grandstr_01:fc:42","eth_dst_eth_lg": "0","eth_dst_eth_ig": "0","eth_eth_src": "00:08:74:ad:f1:9b","eth_src_eth_src_resolved": "Dell_ad:f1:9b","eth_src_eth_addr": "00:08:74:ad:f1:9b","eth_src_eth_addr_resolved": "Dell_ad:f1:9b","eth_src_eth_lg": "0","eth_src_eth_ig": "0","eth_eth_type": "0x00000800"},"ip": {"ip_ip_version": "4","ip_ip_hdr_len": "20","ip_ip_dsfield": "0x00000000","ip_dsfield_ip_dsfield_dscp": "0","ip_dsfield_ip_dsfield_ecn": "0","ip_ip_len": "328","ip_ip_id": "0x00000446","ip_ip_flags": "0x00000000","ip_flags_ip_flags_rb": "0","ip_flags_ip_flags_df": "0","ip_flags_ip_flags_mf": "0","ip_flags_ip_frag_offset": "0","ip_ip_ttl": "128","ip_ip_proto": "17","ip_ip_checksum": "0x00000000","ip_ip_checksum_status": "2","ip_ip_src": "192.168.0.1","ip_ip_addr": ["192.168.0.1","192.168.0.10"],"ip_ip_src_host": "192.168.0.1","ip_ip_host": ["192.168.0.1","192.168.0.10"],"ip_ip_dst": "192.168.0.10","ip_ip_dst_host": "192.168.0.10"},"udp": {"udp_udp_srcport": "67","udp_udp_dstport": "68","udp_udp_port": ["67","68"],"udp_udp_length": "308","udp_udp_checksum": "0x0000dfdb","udp_udp_checksum_status": "2","udp_udp_stream": "1","udp_text": "Timestamps","text_udp_time_relative": "0.070050000","text_udp_time_delta": "0.070050000"},"dhcp": {"dhcp_dhcp_type": "2","dhcp_dhcp_hw_type": "0x00000001","dhcp_dhcp_hw_len": "6","dhcp_dhcp_hops": "0","dhcp_dhcp_id": "0x00003d1e","dhcp_dhcp_secs": "0","dhcp_dhcp_flags": "0x00000000","dhcp_flags_dhcp_flags_bc": "0","dhcp_flags_dhcp_flags_reserved": "0x00000000","dhcp_dhcp_ip_client": "0.0.0.0","dhcp_dhcp_ip_your": "192.168.0.10","dhcp_dhcp_ip_server": "0.0.0.0","dhcp_dhcp_ip_relay": "0.0.0.0","dhcp_dhcp_hw_mac_addr": "00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding": "00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server": "","dhcp_dhcp_file": "","dhcp_dhcp_cookie": "99.130.83.99","dhcp_dhcp_option_type": ["53","58","59","51","54","1","0"],"dhcp_option_type_dhcp_option_length": ["1","4","4","4","4","4"],"dhcp_option_type_dhcp_option_value": ["05","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01","ff:ff:ff:00"],"dhcp_option_type_dhcp_option_dhcp": "5","dhcp_option_type_dhcp_option_renewal_time_value": "1800","dhcp_option_type_dhcp_option_rebinding_time_value": "3150","dhcp_option_type_dhcp_option_ip_address_lease_time": "3600","dhcp_option_type_dhcp_option_dhcp_server_id": "192.168.0.1","dhcp_option_type_dhcp_option_subnet_mask": "255.255.255.0","dhcp_option_type_dhcp_option_end": "255","dhcp_dhcp_option_padding": "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}}
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184317","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.317453000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.317453000","frame_frame_time_delta":"0.000000000","frame_frame_time_delta_displayed":"0.000000000","frame_frame_time_relative":"0.000000000","frame_frame_number":"1","frame_frame_len":"314","frame_frame_cap_len":"314","frame_frame_marked":"0","frame_frame_ignored":"0","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_dst_resolved":"Broadcast","eth_eth_addr":"ff:ff:ff:ff:ff:ff","eth_eth_addr_resolved":"Broadcast","eth_eth_lg":"1","eth_eth_ig":"1","eth_eth_src":"00:0b:82:01:fc:42","eth_eth_src_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_lg":"0","eth_eth_ig":"0","eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"300","ip_ip_id":"0x0000a836","ip_ip_flags":"0x00000000","ip_ip_flags_rb":"0","ip_ip_flags_df":"0","ip_ip_flags_mf":"0","ip_ip_frag_offset":"0","ip_ip_ttl":"250","ip_ip_proto":"17","ip_ip_checksum":"0x0000178b","ip_ip_checksum_status":"2","ip_ip_src":"0.0.0.0","ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_src_host":"0.0.0.0","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_dst":"255.255.255.255","ip_ip_dst_host":"255.255.255.255"},"udp":{"udp_udp_srcport":"68","udp_udp_dstport":"67","udp_udp_port":["68","67"],"udp_udp_length":"280","udp_udp_checksum":"0x0000591f","udp_udp_checksum_status":"2","udp_udp_stream":"0","text":"Timestamps","udp_udp_time_relative":"0.000000000","udp_udp_time_delta":"0.000000000"},"dhcp":{"dhcp_dhcp_type":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":"0","dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","61","50","55","0"],"dhcp_dhcp_option_length":["1","7","4","4"],"dhcp_dhcp_option_value":["01","01:00:0b:82:01:fc:42","00:00:00:00","01:03:06:2a"],"dhcp_dhcp_option_dhcp":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_option_requested_ip_address":"0.0.0.0","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00"}}}
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184317","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.317748000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.317748000","frame_frame_time_delta":"0.000295000","frame_frame_time_delta_displayed":"0.000295000","frame_frame_time_relative":"0.000295000","frame_frame_number":"2","frame_frame_len":"342","frame_frame_cap_len":"342","frame_frame_marked":"0","frame_frame_ignored":"0","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_dst_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_lg":"0","eth_eth_ig":"0","eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_addr":"00:08:74:ad:f1:9b","eth_eth_addr_resolved":"Dell_ad:f1:9b","eth_eth_lg":"0","eth_eth_ig":"0","eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"328","ip_ip_id":"0x00000445","ip_ip_flags":"0x00000000","ip_ip_flags_rb":"0","ip_ip_flags_df":"0","ip_ip_flags_mf":"0","ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"17","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.0.1","ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_src_host":"192.168.0.1","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_dst":"192.168.0.10","ip_ip_dst_host":"192.168.0.10"},"udp":{"udp_udp_srcport":"67","udp_udp_dstport":"68","udp_udp_port":["67","68"],"udp_udp_length":"308","udp_udp_checksum":"0x00002233","udp_udp_checksum_status":"2","udp_udp_stream":"1","text":"Timestamps","udp_udp_time_relative":"0.000000000","udp_udp_time_delta":"0.000000000"},"dhcp":{"dhcp_dhcp_type":"2","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1d","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":"0","dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_ip_server":"192.168.0.1","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","1","58","59","51","54","0"],"dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_option_value":["02","ff:ff:ff:00","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01"],"dhcp_dhcp_option_dhcp":"2","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_option_rebinding_time_value":"3150","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}}
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184387","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.387484000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.387484000","frame_frame_time_delta":"0.069736000","frame_frame_time_delta_displayed":"0.069736000","frame_frame_time_relative":"0.070031000","frame_frame_number":"3","frame_frame_len":"314","frame_frame_cap_len":"314","frame_frame_marked":"0","frame_frame_ignored":"0","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"ff:ff:ff:ff:ff:ff","eth_eth_dst_resolved":"Broadcast","eth_eth_addr":"ff:ff:ff:ff:ff:ff","eth_eth_addr_resolved":"Broadcast","eth_eth_lg":"1","eth_eth_ig":"1","eth_eth_src":"00:0b:82:01:fc:42","eth_eth_src_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_lg":"0","eth_eth_ig":"0","eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"300","ip_ip_id":"0x0000a837","ip_ip_flags":"0x00000000","ip_ip_flags_rb":"0","ip_ip_flags_df":"0","ip_ip_flags_mf":"0","ip_ip_frag_offset":"0","ip_ip_ttl":"250","ip_ip_proto":"17","ip_ip_checksum":"0x0000178a","ip_ip_checksum_status":"2","ip_ip_src":"0.0.0.0","ip_ip_addr":["0.0.0.0","255.255.255.255"],"ip_ip_src_host":"0.0.0.0","ip_ip_host":["0.0.0.0","255.255.255.255"],"ip_ip_dst":"255.255.255.255","ip_ip_dst_host":"255.255.255.255"},"udp":{"udp_udp_srcport":"68","udp_udp_dstport":"67","udp_udp_port":["68","67"],"udp_udp_length":"280","udp_udp_checksum":"0x00009fbd","udp_udp_checksum_status":"2","udp_udp_stream":"0","text":"Timestamps","udp_udp_time_relative":"0.070031000","udp_udp_time_delta":"0.070031000"},"dhcp":{"dhcp_dhcp_type":"1","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":"0","dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"0.0.0.0","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","61","50","54","55","0"],"dhcp_dhcp_option_length":["1","7","4","4","4"],"dhcp_dhcp_option_value":["03","01:00:0b:82:01:fc:42","c0:a8:00:0a","c0:a8:00:01","01:03:06:2a"],"dhcp_dhcp_option_dhcp":"3","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_option_requested_ip_address":"192.168.0.10","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_request_list_item":["1","3","6","42"],"dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00"}}}
{"index":{"_index":"packets-2004-12-05","_type":"doc"}}
{"timestamp":"1102274184387","layers":{"frame":{"frame_frame_encap_type":"1","frame_frame_time":"Dec 5, 2004 19:16:24.387798000 UTC","frame_frame_offset_shift":"0.000000000","frame_frame_time_epoch":"1102274184.387798000","frame_frame_time_delta":"0.000314000","frame_frame_time_delta_displayed":"0.000314000","frame_frame_time_relative":"0.070345000","frame_frame_number":"4","frame_frame_len":"342","frame_frame_cap_len":"342","frame_frame_marked":"0","frame_frame_ignored":"0","frame_frame_protocols":"eth:ethertype:ip:udp:dhcp"},"eth":{"eth_eth_dst":"00:0b:82:01:fc:42","eth_eth_dst_resolved":"Grandstr_01:fc:42","eth_eth_addr":"00:0b:82:01:fc:42","eth_eth_addr_resolved":"Grandstr_01:fc:42","eth_eth_lg":"0","eth_eth_ig":"0","eth_eth_src":"00:08:74:ad:f1:9b","eth_eth_src_resolved":"Dell_ad:f1:9b","eth_eth_addr":"00:08:74:ad:f1:9b","eth_eth_addr_resolved":"Dell_ad:f1:9b","eth_eth_lg":"0","eth_eth_ig":"0","eth_eth_type":"0x00000800"},"ip":{"ip_ip_version":"4","ip_ip_hdr_len":"20","ip_ip_dsfield":"0x00000000","ip_ip_dsfield_dscp":"0","ip_ip_dsfield_ecn":"0","ip_ip_len":"328","ip_ip_id":"0x00000446","ip_ip_flags":"0x00000000","ip_ip_flags_rb":"0","ip_ip_flags_df":"0","ip_ip_flags_mf":"0","ip_ip_frag_offset":"0","ip_ip_ttl":"128","ip_ip_proto":"17","ip_ip_checksum":"0x00000000","ip_ip_checksum_status":"2","ip_ip_src":"192.168.0.1","ip_ip_addr":["192.168.0.1","192.168.0.10"],"ip_ip_src_host":"192.168.0.1","ip_ip_host":["192.168.0.1","192.168.0.10"],"ip_ip_dst":"192.168.0.10","ip_ip_dst_host":"192.168.0.10"},"udp":{"udp_udp_srcport":"67","udp_udp_dstport":"68","udp_udp_port":["67","68"],"udp_udp_length":"308","udp_udp_checksum":"0x0000dfdb","udp_udp_checksum_status":"2","udp_udp_stream":"1","text":"Timestamps","udp_udp_time_relative":"0.070050000","udp_udp_time_delta":"0.070050000"},"dhcp":{"dhcp_dhcp_type":"2","dhcp_dhcp_hw_type":"0x00000001","dhcp_dhcp_hw_len":"6","dhcp_dhcp_hops":"0","dhcp_dhcp_id":"0x00003d1e","dhcp_dhcp_secs":"0","dhcp_dhcp_flags":"0x00000000","dhcp_dhcp_flags_bc":"0","dhcp_dhcp_flags_reserved":"0x00000000","dhcp_dhcp_ip_client":"0.0.0.0","dhcp_dhcp_ip_your":"192.168.0.10","dhcp_dhcp_ip_server":"0.0.0.0","dhcp_dhcp_ip_relay":"0.0.0.0","dhcp_dhcp_hw_mac_addr":"00:0b:82:01:fc:42","dhcp_dhcp_hw_addr_padding":"00:00:00:00:00:00:00:00:00:00","dhcp_dhcp_server":"","dhcp_dhcp_file":"","dhcp_dhcp_cookie":"99.130.83.99","dhcp_dhcp_option_type":["53","58","59","51","54","1","0"],"dhcp_dhcp_option_length":["1","4","4","4","4","4"],"dhcp_dhcp_option_value":["05","00:00:07:08","00:00:0c:4e","00:00:0e:10","c0:a8:00:01","ff:ff:ff:00"],"dhcp_dhcp_option_dhcp":"5","dhcp_dhcp_option_renewal_time_value":"1800","dhcp_dhcp_option_rebinding_time_value":"3150","dhcp_dhcp_option_ip_address_lease_time":"3600","dhcp_dhcp_option_dhcp_server_id":"192.168.0.1","dhcp_dhcp_option_subnet_mask":"255.255.255.0","dhcp_dhcp_option_end":"255","dhcp_dhcp_option_padding":"00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"}}}

315
test/baseline/elastic-mapping-ip-subset.json
View File

@ -1,36 +1,303 @@
{
"index_patterns" : "packets-*",
"settings" : {
"index.mapping.total_fields.limit" : 1000000
"settings": {
"index.mapping.total_fields.limit": 1000000
},
"mappings" : {
"mappings": {
"doc" : {
"dynamic" : false,
"properties" : {
"timestamp" : {
"type" : "date"
"dynamic": false,
"properties": {
"timestamp": {
"type": "date"
},
"layers" : {
"properties" : {
"ip" : {
"properties" : {
"ip_version" : {
"type" : "short"
"layers": {
"properties": {
"ip": {
"properties": {
"ip_ip_version": {
"type": "short"
},
"ip_tos_delay" : {
"type" : "boolean"
"ip_ip_hdr_len": {
"type": "short"
},
"ip_len" : {
"type" : "integer"
"ip_ip_dsfield": {
"type": "short"
},
"ip_dst" : {
"type" : "ip"
"ip_ip_dsfield_dscp": {
"type": "short"
},
"ip_geoip_lat" : {
"type" : "float"
"ip_ip_dsfield_ecn": {
"type": "short"
},
"ip_opt_padding" : {
"type" : "byte"
"ip_ip_tos": {
"type": "short"
},
"ip_ip_tos_precedence": {
"type": "short"
},
"ip_ip_tos_delay": {
"type": "boolean"
},
"ip_ip_tos_throughput": {
"type": "boolean"
},
"ip_ip_tos_reliability": {
"type": "boolean"
},
"ip_ip_tos_cost": {
"type": "boolean"
},
"ip_ip_len": {
"type": "integer"
},
"ip_ip_id": {
"type": "integer"
},
"ip_ip_dst": {
"type": "ip"
},
"ip_ip_src": {
"type": "ip"
},
"ip_ip_addr": {
"type": "ip"
},
"ip_ip_geoip_asnum": {
"type": "long"
},
"ip_ip_geoip_lat": {
"type": "float"
},
"ip_ip_geoip_lon": {
"type": "float"
},
"ip_ip_geoip_src_asnum": {
"type": "long"
},
"ip_ip_geoip_src_lat": {
"type": "float"
},
"ip_ip_geoip_src_lon": {
"type": "float"
},
"ip_ip_geoip_dst_asnum": {
"type": "long"
},
"ip_ip_geoip_dst_lat": {
"type": "float"
},
"ip_ip_geoip_dst_lon": {
"type": "float"
},
"ip_ip_flags": {
"type": "integer"
},
"ip_ip_flags_sf": {
"type": "boolean"
},
"ip_ip_flags_rb": {
"type": "boolean"
},
"ip_ip_flags_df": {
"type": "boolean"
},
"ip_ip_flags_mf": {
"type": "boolean"
},
"ip_ip_frag_offset": {
"type": "integer"
},
"ip_ip_ttl": {
"type": "short"
},
"ip_ip_proto": {
"type": "short"
},
"ip_ip_checksum": {
"type": "integer"
},
"ip_ip_checksum_calculated": {
"type": "integer"
},
"ip_ip_checksum_status": {
"type": "short"
},
"ip_ip_opt_type": {
"type": "short"
},
"ip_ip_opt_type_copy": {
"type": "boolean"
},
"ip_ip_opt_type_class": {
"type": "short"
},
"ip_ip_opt_type_number": {
"type": "short"
},
"ip_ip_opt_len": {
"type": "short"
},
"ip_ip_opt_ptr": {
"type": "short"
},
"ip_ip_opt_sid": {
"type": "integer"
},
"ip_ip_opt_mtu": {
"type": "integer"
},
"ip_ip_opt_id_number": {
"type": "integer"
},
"ip_ip_opt_ohc": {
"type": "integer"
},
"ip_ip_opt_rhc": {
"type": "integer"
},
"ip_ip_opt_originator": {
"type": "ip"
},
"ip_ip_opt_ra": {
"type": "integer"
},
"ip_ip_opt_addr": {
"type": "ip"
},
"ip_ip_opt_padding": {
"type": "byte"
},
"ip_ip_opt_qs_func": {
"type": "short"
},
"ip_ip_opt_qs_rate": {
"type": "short"
},
"ip_ip_opt_qs_ttl": {
"type": "short"
},
"ip_ip_opt_qs_ttl_diff": {
"type": "short"
},
"ip_ip_opt_qs_unused": {
"type": "short"
},
"ip_ip_opt_qs_nonce": {
"type": "long"
},
"ip_ip_opt_qs_reserved": {
"type": "long"
},
"ip_ip_opt_sec_rfc791_sec": {
"type": "short"
},
"ip_ip_opt_sec_rfc791_comp": {
"type": "integer"
},
"ip_ip_opt_sec_cl": {
"type": "short"
},
"ip_ip_opt_sec_prot_auth_flags": {
"type": "short"
},
"ip_ip_opt_sec_prot_auth_genser": {
"type": "boolean"
},
"ip_ip_opt_sec_prot_auth_siop_esi": {
"type": "boolean"
},
"ip_ip_opt_sec_prot_auth_sci": {
"type": "boolean"
},
"ip_ip_opt_sec_prot_auth_nsa": {
"type": "boolean"
},
"ip_ip_opt_sec_prot_auth_doe": {
"type": "boolean"
},
"ip_ip_opt_sec_prot_auth_unassigned": {
"type": "short"
},
"ip_ip_opt_sec_prot_auth_unassigned": {
"type": "short"
},
"ip_ip_opt_sec_prot_auth_fti": {
"type": "boolean"
},
"ip_ip_opt_ext_sec_add_sec_info_format_code": {
"type": "short"
},
"ip_ip_opt_ext_sec_add_sec_info": {
"type": "byte"
},
"ip_ip_rec_rt": {
"type": "ip"
},
"ip_ip_cur_rt": {
"type": "ip"
},
"ip_ip_src_rt": {
"type": "ip"
},
"ip_ip_empty_rt": {
"type": "ip"
},
"ip_ip_cipso_tag_type": {
"type": "short"
},
"ip_ip_fragment_overlap": {
"type": "boolean"
},
"ip_ip_fragment_overlap_conflict": {
"type": "boolean"
},
"ip_ip_fragment_multipletails": {
"type": "boolean"
},
"ip_ip_fragment_toolongfragment": {
"type": "boolean"
},
"ip_ip_fragment_error": {
"type": "long"
},
"ip_ip_fragment_count": {
"type": "long"
},
"ip_ip_fragment": {
"type": "long"
},
"ip_ip_fragments": {
"type": "byte"
},
"ip_ip_reassembled_in": {
"type": "long"
},
"ip_ip_reassembled_length": {
"type": "long"
},
"ip_ip_reassembled_data": {
"type": "byte"
},
"ip_ip_cipso_doi": {
"type": "long"
},
"ip_ip_cipso_sensitivity_level": {
"type": "short"
},
"ip_ip_cipso_tag_data": {
"type": "byte"
},
"ip_ip_opt_overflow": {
"type": "short"
},
"ip_ip_opt_flag": {
"type": "short"
},
"ip_ip_opt_time_stamp": {
"type": "long"
},
"ip_ip_opt_time_stamp_addr": {
"type": "ip"
}
}
}
@ -39,4 +306,4 @@
}
}
}
}
}

1
test/suite_clopts.py
View File

@ -188,6 +188,7 @@ class case_tshark_dump_glossaries(subprocesstest.SubprocessTestCase):
def test_tshark_elastic_mapping(self, cmd_tshark, dirs, base_env):
def get_ip_props(obj):
return obj['mappings']['doc']['properties']['layers']['properties']['ip']['properties']
self.maxDiff = None
baseline_file = os.path.join(dirs.baseline_dir, 'elastic-mapping-ip-subset.json')
with open(baseline_file) as f:
expected_obj = json.load(f)