mirror of
https://github.com/wader/fq.git
synced 2024-09-11 20:07:11 +03:00
pyrdp: Use field description for formatted timestamp
Same as other formats that use timestamps and makes it easier to use them in query, number instead of a formatted string. Can still use todescription/0 to get formatted timestamp.
This commit is contained in:
parent
52eaf10de2
commit
9db82260e5
@ -115,7 +115,7 @@ func decodePYRDP(d *decode.D) any {
|
|||||||
|
|
||||||
size := d.FieldU64("size") // minus the length
|
size := d.FieldU64("size") // minus the length
|
||||||
pdu_type := uint16(d.FieldU16("pdu_type", pduTypesMap))
|
pdu_type := uint16(d.FieldU16("pdu_type", pduTypesMap))
|
||||||
d.FieldU64("timestamp", timestampMapper)
|
d.FieldU64("timestamp", scalar.UintActualUnixTimeDescription(time.Millisecond, time.RFC3339Nano))
|
||||||
pdu_size := int64(size - 18)
|
pdu_size := int64(size - 18)
|
||||||
|
|
||||||
pduParser, ok := pduParsersMap[pdu_type]
|
pduParser, ok := pduParsersMap[pdu_type]
|
||||||
@ -144,8 +144,3 @@ func decodePYRDP(d *decode.D) any {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func noParse(d *decode.D, length int64) {}
|
func noParse(d *decode.D, length int64) {}
|
||||||
|
|
||||||
var timestampMapper = scalar.UintFn(func(s scalar.Uint) (scalar.Uint, error) {
|
|
||||||
s.Sym = time.UnixMilli(int64(s.Actual)).UTC().String()
|
|
||||||
return s, nil
|
|
||||||
})
|
|
||||||
|
754
format/pyrdp/testdata/test.fqtest
vendored
754
format/pyrdp/testdata/test.fqtest
vendored
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user