README ¶
Mongodb protocol parsing for packetbeat
Main documentation link:
Understanding wire protocol vs command
At first it is difficult to understand how the legacy protocol fits with the concept of 'command' which is always repeated in the doc but not very well explained (or not where I looked).
This mail thread fortunately gave the answer: "GetLastError is a command and command are implemented using findOne, which generates an OP_QUERY message."
In the write operations as commands mode which seems to be the current mode, the response is therefore a 'OP_REPLY' message and there will always be one to close the transaction.
In the case of write operations as separate message types, we should parse the following 'getLastError' command and consider it as part of the same transaction, the response to this command actually being the response to the original write operation. Except that the getLastError command is optional, the client will not send it if it was requested with a write concern of 0. This mode is only supported by clients dans database as a legacy mode, it will be supported by this parser only very basically.
TODO
- Support option to send documents in response (Send_Response ?)
- Support option to send update and insert documents in request (Send_Request ?)
- Support option to ignore non user commands
- Fill bytes_in and bytes_out
Documentation ¶
Index ¶
- Variables
- type Mongodb
- func (mongodb *Mongodb) ConnectionTimeout() time.Duration
- func (mongodb *Mongodb) GapInStream(tcptuple *common.TcpTuple, dir uint8, nbytes int, private protos.ProtocolData) (priv protos.ProtocolData, drop bool)
- func (mongodb *Mongodb) GetPorts() []int
- func (mongodb *Mongodb) Init(test_mode bool, results publisher.Client) error
- func (mongodb *Mongodb) InitDefaults()
- func (mongodb *Mongodb) Parse(pkt *protos.Packet, tcptuple *common.TcpTuple, dir uint8, ...) protos.ProtocolData
- func (mongodb *Mongodb) ReceivedFin(tcptuple *common.TcpTuple, dir uint8, private protos.ProtocolData) protos.ProtocolData
- type MongodbMessage
- type MongodbStream
- type MongodbTransaction
Constants ¶
This section is empty.
Variables ¶
var DatabaseCommands = []string{}/* 141 elements not displayed */
List of mongodb user commands (send throuwh a query of the legacy protocol) see http://docs.mongodb.org/manual/reference/command/
This list was obtained by calling db.listCommands() and some grepping. They are compared cased insensitive
var OpCodes = map[int]string{
1: "OP_REPLY",
1000: "OP_MSG",
2001: "OP_UPDATE",
2002: "OP_INSERT",
2003: "RESERVED",
2004: "OP_QUERY",
2005: "OP_GET_MORE",
2006: "OP_DELETE",
2007: "OP_KILL_CURSORS",
}
List of valid mongodb wire protocol operation codes see http://docs.mongodb.org/meta-driver/latest/legacy/mongodb-wire-protocol/#request-opcodes
Functions ¶
This section is empty.
Types ¶
type Mongodb ¶
type Mongodb struct { // config Ports []int Send_request bool Send_response bool Max_docs int Max_doc_length int // contains filtered or unexported fields }
func (*Mongodb) ConnectionTimeout ¶
func (*Mongodb) GapInStream ¶
func (mongodb *Mongodb) GapInStream(tcptuple *common.TcpTuple, dir uint8, nbytes int, private protos.ProtocolData) (priv protos.ProtocolData, drop bool)
func (*Mongodb) InitDefaults ¶
func (mongodb *Mongodb) InitDefaults()
func (*Mongodb) Parse ¶
func (mongodb *Mongodb) Parse(pkt *protos.Packet, tcptuple *common.TcpTuple, dir uint8, private protos.ProtocolData) protos.ProtocolData
func (*Mongodb) ReceivedFin ¶
func (mongodb *Mongodb) ReceivedFin(tcptuple *common.TcpTuple, dir uint8, private protos.ProtocolData) protos.ProtocolData
type MongodbMessage ¶
type MongodbStream ¶
type MongodbStream struct {
// contains filtered or unexported fields
}
Represent a stream being parsed that contains a mongodb message
func (*MongodbStream) PrepareForNewMessage ¶
func (stream *MongodbStream) PrepareForNewMessage()
Parser moves to next message in stream
type MongodbTransaction ¶
type MongodbTransaction struct { Type string Src common.Endpoint Dst common.Endpoint ResponseTime int32 Ts int64 JsTs time.Time BytesOut int BytesIn int Mongodb common.MapStr // contains filtered or unexported fields }
Represent a full mongodb transaction (request/reply) These transactions are the end product of this parser