diff options
| author | Derick Rethans <github@derickrethans.nl> | 2018-11-13 12:03:54 +0000 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2018-11-14 10:35:51 +0000 |
| commit | 9ea94e29efedaf856091b5337eb112c942187754 (patch) | |
| tree | 95d7a09d0e1373b141ed7571b58c447909e53bea /epan | |
| parent | f3b82ffae752f59e22dee7506322e644ca2144d1 (diff) | |
Update MongoDB ObjectID dissector element
The MongoDB ObjectID spec traditionally included a "host hash" and "PID" field.
These have for a while been treated as random data for the server, and the
MongoDB drivers have recently addopted a specification that says the same:
https://github.com/mongodb/specifications/blob/master/source/objectid.rst#random-value
This patch reorganises the original Host Hash and PID fields under a new
"Machine ID" field, to be able to show both the current interpretation of the
field, as well as the historical one.
Change-Id: Ib25b5552935781bc512fcdadb870ed20838d8808
Reviewed-on: https://code.wireshark.org/review/30604
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-mongo.c | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/epan/dissectors/packet-mongo.c b/epan/dissectors/packet-mongo.c index b032d99488..bd103427c6 100644 --- a/epan/dissectors/packet-mongo.c +++ b/epan/dissectors/packet-mongo.c @@ -229,8 +229,9 @@ static int hf_mongo_element_value_regex_pattern = -1; static int hf_mongo_element_value_regex_options = -1; static int hf_mongo_element_value_objectid = -1; static int hf_mongo_element_value_objectid_time = -1; -static int hf_mongo_element_value_objectid_machine = -1; +static int hf_mongo_element_value_objectid_host = -1; static int hf_mongo_element_value_objectid_pid = -1; +static int hf_mongo_element_value_objectid_machine_id = -1; static int hf_mongo_element_value_objectid_inc = -1; static int hf_mongo_element_value_db_ptr = -1; static int hf_mongo_element_value_js_code = -1; @@ -264,6 +265,7 @@ static gint ett_mongo_doc = -1; static gint ett_mongo_elements = -1; static gint ett_mongo_element = -1; static gint ett_mongo_objectid = -1; +static gint ett_mongo_machine_id = -1; static gint ett_mongo_code = -1; static gint ett_mongo_fcn = -1; static gint ett_mongo_flags = -1; @@ -310,8 +312,8 @@ dissect_bson_document(tvbuff_t *tvb, packet_info *pinfo, guint offset, proto_tre { gint32 document_length; guint final_offset; - proto_item *ti, *elements, *element, *objectid, *js_code, *js_scope; - proto_tree *doc_tree, *elements_tree, *element_sub_tree, *objectid_sub_tree, *js_code_sub_tree, *js_scope_sub_tree; + proto_item *ti, *elements, *element, *objectid, *js_code, *js_scope, *machine_id; + proto_tree *doc_tree, *elements_tree, *element_sub_tree, *objectid_sub_tree, *js_code_sub_tree, *js_scope_sub_tree, *machine_id_sub_tree; document_length = tvb_get_letohl(tvb, offset); @@ -400,8 +402,12 @@ dissect_bson_document(tvbuff_t *tvb, packet_info *pinfo, guint offset, proto_tre objectid_sub_tree = proto_item_add_subtree(objectid, ett_mongo_objectid); /* Unlike most BSON elements, parts of ObjectID are stored Big Endian, so they can be compared bit by bit */ proto_tree_add_item(objectid_sub_tree, hf_mongo_element_value_objectid_time, tvb, offset, 4, ENC_BIG_ENDIAN); - proto_tree_add_item(objectid_sub_tree, hf_mongo_element_value_objectid_machine, tvb, offset+4, 3, ENC_LITTLE_ENDIAN); - proto_tree_add_item(objectid_sub_tree, hf_mongo_element_value_objectid_pid, tvb, offset+7, 2, ENC_LITTLE_ENDIAN); + /* The machine ID was traditionally split up in Host Hash/PID */ + machine_id = proto_tree_add_item(objectid_sub_tree, hf_mongo_element_value_objectid_machine_id, tvb, offset+4, 5, ENC_NA); + machine_id_sub_tree = proto_item_add_subtree(machine_id, ett_mongo_machine_id); + proto_tree_add_item(machine_id_sub_tree, hf_mongo_element_value_objectid_host, tvb, offset+4, 3, ENC_LITTLE_ENDIAN); + proto_tree_add_item(machine_id_sub_tree, hf_mongo_element_value_objectid_pid, tvb, offset+7, 2, ENC_LITTLE_ENDIAN); + proto_tree_add_item(objectid_sub_tree, hf_mongo_element_value_objectid_inc, tvb, offset+9, 3, ENC_BIG_ENDIAN); offset += 12; break; @@ -1344,9 +1350,14 @@ proto_register_mongo(void) FT_INT32, BASE_DEC, NULL, 0x0, "ObjectID timestampt", HFILL } }, - { &hf_mongo_element_value_objectid_machine, - { "ObjectID Machine", "mongo.element.value.objectid.machine", + { &hf_mongo_element_value_objectid_host, + { "ObjectID Host", "mongo.element.value.objectid.host", FT_UINT24, BASE_HEX, NULL, 0x0, + "ObjectID Host Hash", HFILL } + }, + { &hf_mongo_element_value_objectid_machine_id, + { "ObjectID Machine", "mongo.element.value.objectid.machine_id", + FT_BYTES, BASE_NONE, NULL, 0x0, "ObjectID machine ID", HFILL } }, { &hf_mongo_element_value_objectid_pid, @@ -1355,7 +1366,7 @@ proto_register_mongo(void) "ObjectID process ID", HFILL } }, { &hf_mongo_element_value_objectid_inc, - { "ObjectID inc", "mongo.element.value.objectid.inc", + { "ObjectID Inc", "mongo.element.value.objectid.inc", FT_UINT24, BASE_DEC, NULL, 0x0, "ObjectID increment", HFILL } }, @@ -1417,6 +1428,7 @@ proto_register_mongo(void) &ett_mongo_elements, &ett_mongo_element, &ett_mongo_objectid, + &ett_mongo_machine_id, &ett_mongo_code, &ett_mongo_fcn, &ett_mongo_flags, |