wader/fq
1
1
Fork 0
mirror of https://github.com/wader/fq.git synced 2024-07-14 23:30:28 +03:00
Code Issues Projects Releases Wiki Activity

pyrdp: Use field description for formatted timestamp

Browse Source 
Same as other formats that use timestamps and makes it easier to use them in query,
number instead of a formatted string. Can still use todescription/0 to get
formatted timestamp.
This commit is contained in:
Mattias Wadman 2024-06-14 21:13:22 +02:00
parent 52eaf10de2
commit 9db82260e5
2 changed files with 378 additions and 383 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
format/pyrdp/pyrdp.go
View File

@ -115,7 +115,7 @@ func decodePYRDP(d *decode.D) any {
size := d.FieldU64("size") // minus the length
pdu_type := uint16(d.FieldU16("pdu_type", pduTypesMap))
d.FieldU64("timestamp", timestampMapper)
d.FieldU64("timestamp", scalar.UintActualUnixTimeDescription(time.Millisecond, time.RFC3339Nano))
pdu_size := int64(size - 18)
pduParser, ok := pduParsersMap[pdu_type]
@ -144,8 +144,3 @@ func decodePYRDP(d *decode.D) any {
}
func noParse(d *decode.D, length int64) {}
var timestampMapper = scalar.UintFn(func(s scalar.Uint) (scalar.Uint, error) {
s.Sym = time.UnixMilli(int64(s.Actual)).UTC().String()
return s, nil
})

754
format/pyrdp/testdata/test.fqtest vendored
View File

File diff suppressed because it is too large Load Diff