diff options
| author | Dario Lombardo <lomato@gmail.com> | 2022-03-13 21:30:01 +0100 |
|---|---|---|
| committer | A Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2022-03-14 08:34:48 +0000 |
| commit | 9012722f9b73c3a1398eaff92dbf43ceac04b2b1 (patch) | |
| tree | a4c8569d6e18b1689bdfe03739c8dbb653e1cfb6 | |
| parent | 23ed064dedd78e6b51c71e916f486af21baeca9b (diff) | |
elastic: fix mapping with recent es versions.
| -rw-r--r-- | epan/proto.c | 53 | ||||
| -rw-r--r-- | test/baseline/elastic-mapping-ip-subset.json | 589 | ||||
| -rw-r--r-- | test/suite_clopts.py | 2 |
3 files changed, 320 insertions, 324 deletions
diff --git a/epan/proto.c b/epan/proto.c index 7a87bde829..c34958b14b 100644 --- a/epan/proto.c +++ b/epan/proto.c @@ -10871,9 +10871,6 @@ proto_registrar_dump_fieldcount(void) static void elastic_add_base_mapping(json_dumper *dumper) { - json_dumper_set_member_name(dumper, "index_patterns"); - json_dumper_value_string(dumper, "packets-*"); - json_dumper_set_member_name(dumper, "settings"); json_dumper_begin_object(dumper); json_dumper_set_member_name(dumper, "index.mapping.total_fields.limit"); @@ -10949,6 +10946,7 @@ proto_registrar_dump_elastic(const gchar* filter) gboolean found; guint j; gchar* type; + gchar* prev_item = NULL; /* We have filtering protocols. Extract them. */ if (filter) { @@ -10969,24 +10967,21 @@ proto_registrar_dump_elastic(const gchar* filter) json_dumper_set_member_name(&dumper, "mappings"); json_dumper_begin_object(&dumper); // 2.mappings - json_dumper_set_member_name(&dumper, "doc"); - - json_dumper_begin_object(&dumper); // 3.doc json_dumper_set_member_name(&dumper, "dynamic"); json_dumper_value_anyf(&dumper, "false"); json_dumper_set_member_name(&dumper, "properties"); - json_dumper_begin_object(&dumper); // 4.properties + json_dumper_begin_object(&dumper); // 3.properties json_dumper_set_member_name(&dumper, "timestamp"); - json_dumper_begin_object(&dumper); // 5.timestamp + json_dumper_begin_object(&dumper); // 4.timestamp json_dumper_set_member_name(&dumper, "type"); json_dumper_value_string(&dumper, "date"); - json_dumper_end_object(&dumper); // 5.timestamp + json_dumper_end_object(&dumper); // 4.timestamp json_dumper_set_member_name(&dumper, "layers"); - json_dumper_begin_object(&dumper); // 5.layers + json_dumper_begin_object(&dumper); // 4.layers json_dumper_set_member_name(&dumper, "properties"); - json_dumper_begin_object(&dumper); // 6.properties + json_dumper_begin_object(&dumper); // 5.properties for (i = 0; i < gpa_hfinfo.len; i++) { if (gpa_hfinfo.hfi[i] == NULL) @@ -11025,8 +11020,8 @@ proto_registrar_dump_elastic(const gchar* filter) } if (prev_proto && g_strcmp0(parent_hfinfo->abbrev, prev_proto)) { - json_dumper_end_object(&dumper); // 8.properties - json_dumper_end_object(&dumper); // 7.parent_hfinfo->abbrev + json_dumper_end_object(&dumper); // 7.properties + json_dumper_end_object(&dumper); // 8.parent_hfinfo->abbrev open_object = TRUE; } @@ -11034,34 +11029,38 @@ proto_registrar_dump_elastic(const gchar* filter) if (open_object) { json_dumper_set_member_name(&dumper, parent_hfinfo->abbrev); - json_dumper_begin_object(&dumper); // 7.parent_hfinfo->abbrev + json_dumper_begin_object(&dumper); // 6.parent_hfinfo->abbrev json_dumper_set_member_name(&dumper, "properties"); - json_dumper_begin_object(&dumper); // 8.properties + json_dumper_begin_object(&dumper); // 7.properties open_object = FALSE; } /* Skip the fields that would map into string. This is the default in elasticsearch. */ type = ws_type_to_elastic(hfinfo->type); if (type) { str = ws_strdup_printf("%s_%s", prev_proto, hfinfo->abbrev); - json_dumper_set_member_name(&dumper, dot_to_underscore(str)); - g_free(str); - json_dumper_begin_object(&dumper); // 9.hfinfo->abbrev - json_dumper_set_member_name(&dumper, "type"); - json_dumper_value_string(&dumper, type); - json_dumper_end_object(&dumper); // 9.hfinfo->abbrev + dot_to_underscore(str); + if (g_strcmp0(prev_item, str)) { + json_dumper_set_member_name(&dumper, str); + json_dumper_begin_object(&dumper); // 8.hfinfo->abbrev + json_dumper_set_member_name(&dumper, "type"); + json_dumper_value_string(&dumper, type); + json_dumper_end_object(&dumper); // 8.hfinfo->abbrev + } + g_free(prev_item); + prev_item = str; } } } + g_free(prev_item); if (prev_proto) { - json_dumper_end_object(&dumper); // 8.properties - json_dumper_end_object(&dumper); // 7.parent_hfinfo->abbrev + json_dumper_end_object(&dumper); // 7.properties + json_dumper_end_object(&dumper); // 6.parent_hfinfo->abbrev } - json_dumper_end_object(&dumper); // 6.properties - json_dumper_end_object(&dumper); // 5.layers - json_dumper_end_object(&dumper); // 4.properties - json_dumper_end_object(&dumper); // 3.doc + json_dumper_end_object(&dumper); // 5.properties + json_dumper_end_object(&dumper); // 4.layers + json_dumper_end_object(&dumper); // 3.properties json_dumper_end_object(&dumper); // 2.mappings json_dumper_end_object(&dumper); // 1.root gboolean ret = json_dumper_finish(&dumper); diff --git a/test/baseline/elastic-mapping-ip-subset.json b/test/baseline/elastic-mapping-ip-subset.json index 1357c9faca..d1a85d256d 100644 --- a/test/baseline/elastic-mapping-ip-subset.json +++ b/test/baseline/elastic-mapping-ip-subset.json @@ -1,304 +1,301 @@ { - "index_patterns" : "packets-*", "settings": { "index.mapping.total_fields.limit": 1000000 }, "mappings": { - "doc" : { - "dynamic": false, - "properties": { - "timestamp": { - "type": "date" - }, - "layers": { - "properties": { - "ip": { - "properties": { - "ip_ip_version": { - "type": "short" - }, - "ip_ip_hdr_len": { - "type": "short" - }, - "ip_ip_dsfield": { - "type": "short" - }, - "ip_ip_dsfield_dscp": { - "type": "short" - }, - "ip_ip_dsfield_ecn": { - "type": "short" - }, - "ip_ip_tos": { - "type": "short" - }, - "ip_ip_tos_precedence": { - "type": "short" - }, - "ip_ip_tos_delay": { - "type": "boolean" - }, - "ip_ip_tos_throughput": { - "type": "boolean" - }, - "ip_ip_tos_reliability": { - "type": "boolean" - }, - "ip_ip_tos_cost": { - "type": "boolean" - }, - "ip_ip_len": { - "type": "integer" - }, - "ip_ip_id": { - "type": "integer" - }, - "ip_ip_dst": { - "type": "ip" - }, - "ip_ip_src": { - "type": "ip" - }, - "ip_ip_addr": { - "type": "ip" - }, - "ip_ip_geoip_asnum": { - "type": "long" - }, - "ip_ip_geoip_lat": { - "type": "float" - }, - "ip_ip_geoip_lon": { - "type": "float" - }, - "ip_ip_geoip_src_asnum": { - "type": "long" - }, - "ip_ip_geoip_src_lat": { - "type": "float" - }, - "ip_ip_geoip_src_lon": { - "type": "float" - }, - "ip_ip_geoip_dst_asnum": { - "type": "long" - }, - "ip_ip_geoip_dst_lat": { - "type": "float" - }, - "ip_ip_geoip_dst_lon": { - "type": "float" - }, - "ip_ip_flags": { - "type": "short" - }, - "ip_ip_flags_sf": { - "type": "boolean" - }, - "ip_ip_flags_rb": { - "type": "boolean" - }, - "ip_ip_flags_df": { - "type": "boolean" - }, - "ip_ip_flags_mf": { - "type": "boolean" - }, - "ip_ip_frag_offset": { - "type": "integer" - }, - "ip_ip_ttl": { - "type": "short" - }, - "ip_ip_proto": { - "type": "short" - }, - "ip_ip_checksum": { - "type": "integer" - }, - "ip_ip_checksum_calculated": { - "type": "integer" - }, - "ip_ip_checksum_status": { - "type": "short" - }, - "ip_ip_opt_type": { - "type": "short" - }, - "ip_ip_opt_type_copy": { - "type": "boolean" - }, - "ip_ip_opt_type_class": { - "type": "short" - }, - "ip_ip_opt_type_number": { - "type": "short" - }, - "ip_ip_opt_len": { - "type": "short" - }, - "ip_ip_opt_ptr": { - "type": "short" - }, - "ip_ip_opt_sid": { - "type": "integer" - }, - "ip_ip_opt_mtu": { - "type": "integer" - }, - "ip_ip_opt_id_number": { - "type": "integer" - }, - "ip_ip_opt_ohc": { - "type": "integer" - }, - "ip_ip_opt_rhc": { - "type": "integer" - }, - "ip_ip_opt_originator": { - "type": "ip" - }, - "ip_ip_opt_ra": { - "type": "integer" - }, - "ip_ip_opt_addr": { - "type": "ip" - }, - "ip_ip_opt_padding": { - "type": "byte" - }, - "ip_ip_opt_qs_func": { - "type": "short" - }, - "ip_ip_opt_qs_rate": { - "type": "short" - }, - "ip_ip_opt_qs_ttl": { - "type": "short" - }, - "ip_ip_opt_qs_ttl_diff": { - "type": "short" - }, - "ip_ip_opt_qs_unused": { - "type": "short" - }, - "ip_ip_opt_qs_nonce": { - "type": "long" - }, - "ip_ip_opt_qs_reserved": { - "type": "long" - }, - "ip_ip_opt_sec_rfc791_sec": { - "type": "integer" - }, - "ip_ip_opt_sec_rfc791_comp": { - "type": "integer" - }, - "ip_ip_opt_sec_cl": { - "type": "short" - }, - "ip_ip_opt_sec_prot_auth_flags": { - "type": "short" - }, - "ip_ip_opt_sec_prot_auth_genser": { - "type": "boolean" - }, - "ip_ip_opt_sec_prot_auth_siop_esi": { - "type": "boolean" - }, - "ip_ip_opt_sec_prot_auth_sci": { - "type": "boolean" - }, - "ip_ip_opt_sec_prot_auth_nsa": { - "type": "boolean" - }, - "ip_ip_opt_sec_prot_auth_doe": { - "type": "boolean" - }, - "ip_ip_opt_sec_prot_auth_unassigned": { - "type": "short" - }, - "ip_ip_opt_sec_prot_auth_unassigned": { - "type": "short" - }, - "ip_ip_opt_sec_prot_auth_fti": { - "type": "boolean" - }, - "ip_ip_opt_ext_sec_add_sec_info_format_code": { - "type": "short" - }, - "ip_ip_opt_ext_sec_add_sec_info": { - "type": "byte" - }, - "ip_ip_rec_rt": { - "type": "ip" - }, - "ip_ip_cur_rt": { - "type": "ip" - }, - "ip_ip_src_rt": { - "type": "ip" - }, - "ip_ip_empty_rt": { - "type": "ip" - }, - "ip_ip_cipso_tag_type": { - "type": "short" - }, - "ip_ip_fragment_overlap": { - "type": "boolean" - }, - "ip_ip_fragment_overlap_conflict": { - "type": "boolean" - }, - "ip_ip_fragment_multipletails": { - "type": "boolean" - }, - "ip_ip_fragment_toolongfragment": { - "type": "boolean" - }, - "ip_ip_fragment_error": { - "type": "long" - }, - "ip_ip_fragment_count": { - "type": "long" - }, - "ip_ip_fragment": { - "type": "long" - }, - "ip_ip_fragments": { - "type": "byte" - }, - "ip_ip_reassembled_in": { - "type": "long" - }, - "ip_ip_reassembled_length": { - "type": "long" - }, - "ip_ip_reassembled_data": { - "type": "byte" - }, - "ip_ip_cipso_doi": { - "type": "long" - }, - "ip_ip_cipso_sensitivity_level": { - "type": "short" - }, - "ip_ip_cipso_tag_data": { - "type": "byte" - }, - "ip_ip_opt_overflow": { - "type": "short" - }, - "ip_ip_opt_flag": { - "type": "short" - }, - "ip_ip_opt_time_stamp": { - "type": "long" - }, - "ip_ip_opt_time_stamp_addr": { - "type": "ip" - } + "dynamic": false, + "properties": { + "timestamp": { + "type": "date" + }, + "layers": { + "properties": { + "ip": { + "properties": { + "ip_ip_version": { + "type": "short" + }, + "ip_ip_hdr_len": { + "type": "short" + }, + "ip_ip_dsfield": { + "type": "short" + }, + "ip_ip_dsfield_dscp": { + "type": "short" + }, + "ip_ip_dsfield_ecn": { + "type": "short" + }, + "ip_ip_tos": { + "type": "short" + }, + "ip_ip_tos_precedence": { + "type": "short" + }, + "ip_ip_tos_delay": { + "type": "boolean" + }, + "ip_ip_tos_throughput": { + "type": "boolean" + }, + "ip_ip_tos_reliability": { + "type": "boolean" + }, + "ip_ip_tos_cost": { + "type": "boolean" + }, + "ip_ip_len": { + "type": "integer" + }, + "ip_ip_id": { + "type": "integer" + }, + "ip_ip_dst": { + "type": "ip" + }, + "ip_ip_src": { + "type": "ip" + }, + "ip_ip_addr": { + "type": "ip" + }, + "ip_ip_geoip_asnum": { + "type": "long" + }, + "ip_ip_geoip_lat": { + "type": "float" + }, + "ip_ip_geoip_lon": { + "type": "float" + }, + "ip_ip_geoip_src_asnum": { + "type": "long" + }, + "ip_ip_geoip_src_lat": { + "type": "float" + }, + "ip_ip_geoip_src_lon": { + "type": "float" + }, + "ip_ip_geoip_dst_asnum": { + "type": "long" + }, + "ip_ip_geoip_dst_lat": { + "type": "float" + }, + "ip_ip_geoip_dst_lon": { + "type": "float" + }, + "ip_ip_flags": { + "type": "short" + }, + "ip_ip_flags_sf": { + "type": "boolean" + }, + "ip_ip_flags_rb": { + "type": "boolean" + }, + "ip_ip_flags_df": { + "type": "boolean" + }, + "ip_ip_flags_mf": { + "type": "boolean" + }, + "ip_ip_frag_offset": { + "type": "integer" + }, + "ip_ip_ttl": { + "type": "short" + }, + "ip_ip_proto": { + "type": "short" + }, + "ip_ip_checksum": { + "type": "integer" + }, + "ip_ip_checksum_calculated": { + "type": "integer" + }, + "ip_ip_checksum_status": { + "type": "short" + }, + "ip_ip_opt_type": { + "type": "short" + }, + "ip_ip_opt_type_copy": { + "type": "boolean" + }, + "ip_ip_opt_type_class": { + "type": "short" + }, + "ip_ip_opt_type_number": { + "type": "short" + }, + "ip_ip_opt_len": { + "type": "short" + }, + "ip_ip_opt_ptr": { + "type": "short" + }, + "ip_ip_opt_sid": { + "type": "integer" + }, + "ip_ip_opt_mtu": { + "type": "integer" + }, + "ip_ip_opt_id_number": { + "type": "integer" + }, + "ip_ip_opt_ohc": { + "type": "integer" + }, + "ip_ip_opt_rhc": { + "type": "integer" + }, + "ip_ip_opt_originator": { + "type": "ip" + }, + "ip_ip_opt_ra": { + "type": "integer" + }, + "ip_ip_opt_addr": { + "type": "ip" + }, + "ip_ip_opt_padding": { + "type": "byte" + }, + "ip_ip_opt_qs_func": { + "type": "short" + }, + "ip_ip_opt_qs_rate": { + "type": "short" + }, + "ip_ip_opt_qs_ttl": { + "type": "short" + }, + "ip_ip_opt_qs_ttl_diff": { + "type": "short" + }, + "ip_ip_opt_qs_unused": { + "type": "short" + }, + "ip_ip_opt_qs_nonce": { + "type": "long" + }, + "ip_ip_opt_qs_reserved": { + "type": "long" + }, + "ip_ip_opt_sec_rfc791_sec": { + "type": "integer" + }, + "ip_ip_opt_sec_rfc791_comp": { + "type": "integer" + }, + "ip_ip_opt_sec_cl": { + "type": "short" + }, + "ip_ip_opt_sec_prot_auth_flags": { + "type": "short" + }, + "ip_ip_opt_sec_prot_auth_genser": { + "type": "boolean" + }, + "ip_ip_opt_sec_prot_auth_siop_esi": { + "type": "boolean" + }, + "ip_ip_opt_sec_prot_auth_sci": { + "type": "boolean" + }, + "ip_ip_opt_sec_prot_auth_nsa": { + "type": "boolean" + }, + "ip_ip_opt_sec_prot_auth_doe": { + "type": "boolean" + }, + "ip_ip_opt_sec_prot_auth_unassigned": { + "type": "short" + }, + "ip_ip_opt_sec_prot_auth_unassigned": { + "type": "short" + }, + "ip_ip_opt_sec_prot_auth_fti": { + "type": "boolean" + }, + "ip_ip_opt_ext_sec_add_sec_info_format_code": { + "type": "short" + }, + "ip_ip_opt_ext_sec_add_sec_info": { + "type": "byte" + }, + "ip_ip_rec_rt": { + "type": "ip" + }, + "ip_ip_cur_rt": { + "type": "ip" + }, + "ip_ip_src_rt": { + "type": "ip" + }, + "ip_ip_empty_rt": { + "type": "ip" + }, + "ip_ip_cipso_tag_type": { + "type": "short" + }, + "ip_ip_fragment_overlap": { + "type": "boolean" + }, + "ip_ip_fragment_overlap_conflict": { + "type": "boolean" + }, + "ip_ip_fragment_multipletails": { + "type": "boolean" + }, + "ip_ip_fragment_toolongfragment": { + "type": "boolean" + }, + "ip_ip_fragment_error": { + "type": "long" + }, + "ip_ip_fragment_count": { + "type": "long" + }, + "ip_ip_fragment": { + "type": "long" + }, + "ip_ip_fragments": { + "type": "byte" + }, + "ip_ip_reassembled_in": { + "type": "long" + }, + "ip_ip_reassembled_length": { + "type": "long" + }, + "ip_ip_reassembled_data": { + "type": "byte" + }, + "ip_ip_cipso_doi": { + "type": "long" + }, + "ip_ip_cipso_sensitivity_level": { + "type": "short" + }, + "ip_ip_cipso_tag_data": { + "type": "byte" + }, + "ip_ip_opt_overflow": { + "type": "short" + }, + "ip_ip_opt_flag": { + "type": "short" + }, + "ip_ip_opt_time_stamp": { + "type": "long" + }, + "ip_ip_opt_time_stamp_addr": { + "type": "ip" } } } diff --git a/test/suite_clopts.py b/test/suite_clopts.py index 2674a99a1e..b0a17b1f49 100644 --- a/test/suite_clopts.py +++ b/test/suite_clopts.py @@ -191,7 +191,7 @@ class case_tshark_dump_glossaries(subprocesstest.SubprocessTestCase): def test_tshark_elastic_mapping(self, cmd_tshark, dirs, base_env): def get_ip_props(obj): - return obj['mappings']['doc']['properties']['layers']['properties']['ip']['properties'] + return obj['mappings']['properties']['layers']['properties']['ip']['properties'] self.maxDiff = None baseline_file = os.path.join(dirs.baseline_dir, 'elastic-mapping-ip-subset.json') with open(baseline_file) as f: |