1
1
mirror of https://github.com/wader/fq.git synced 2024-12-20 11:51:58 +03:00
Commit Graph

18 Commits

Author SHA1 Message Date
Mattias Wadman
051a70bd4b interp: Change bit ranges to use exclusive end
All other ranges and slicing uses exclusive end so i think it make sense
to make it consistent.

Update docs and add additional example for non-byte-aligned field.

Also fixes issue showing zero bit ranges as start-NA.
2023-10-20 15:37:26 +02:00
Mattias Wadman
23ae4d978b decode,interp: Make synthetic values more visible and not act as decode values 2023-10-07 17:40:16 +02:00
Mattias Wadman
6c032455eb pcap,pcapng,ipv4,ipv6: Support raw link type (ipv4 or ipv6) 2023-03-02 18:37:00 +01:00
Mattias Wadman
c8666eeb04 ipv4_packet,ipv6_packet,sll_packet,sll2_packet: Support ipv4/ipv6 link frames and pass correct in arg
ipv4/ipv6 in sll* accidentally worked as it passed wrong arg with ether type
2023-02-20 01:34:38 +01:00
Mattias Wadman
62e2cef5c2 tcp_segment: Decode standard options and rename maxseg to mss 2023-01-31 12:42:16 +01:00
Mattias Wadman
29005c70bf interp,dump: Show address bar for root, nested roots and on format change
Also increase indent for nested roots a bit.

Makes it a bit easier to read i think.
2022-08-09 18:09:41 +02:00
Mattias Wadman
377af133e0 fqtest: Cleanup path usage
Make cwd for a test script the directory where the script is.
Use relative paths
2022-05-21 20:03:25 +02:00
Mattias Wadman
2dc509ab2f interp: Refactor dump and revert #259 for now
Causes address bar to not be shown in some cases.
Will have to rethink and redo the whole dump thing somehow.
2022-05-20 12:38:43 +02:00
Mattias Wadman
5109df4a50 interp: dump: Show address bar for nested roots
Hopefully makes it a bit easier to read and spot
2022-05-11 00:00:39 +02:00
Mattias Wadman
34cf5442b3 tcp: Split into client/server structs and add skipped_bytes and has_start/end per direction
Feels clenaer and removes _client/server field prefixes
2022-05-06 16:52:18 +02:00
Mattias Wadman
21ad628add interp: dump: Show field name for compound values in arrays
mp3: Remove one level of struct for granales
dump: Makes it a bit easier to understand array of arrays/structs.
avro_ocf: Rename ocf.go -> avro_ocr.go to have same name of source file as format
pcap,pcapng: Rename tcp flow struct to tcp_connection, makes more sense i think
mp4: Add ISOBMFF to format description
2022-04-21 17:47:15 +02:00
Mattias Wadman
5d25bbc2e1 tcp,udp: Refactor and make port matching better
rtmp: check port based on tcp direction
dns,rtmp: refactor to use tcp and udp port match helpers
flow: add has start/end to tcp to know if stream has missing bytes
2022-04-08 17:44:39 +02:00
Mattias Wadman
e8dc7112b6 ipv6,icmpv6: Add decoder
Refactor to use groups between network layers to make them less coupled and reusable:
link_frame (ethernet etc)
inet_packet (ipv4,ipv6 etc)
ip_packet (tcp packet (not stream), udp segment etc)

Rename data to payload as i think it makes more sense for network data
2022-04-03 17:43:51 +02:00
Mattias Wadman
fc0aacb654 interp: Cleanup display aliases, now: d, da, dd, dv, ddv
Think it makes sense to have them all start with d.
Also f is often used as function argument name.
2022-01-28 18:25:38 +01:00
Mattias Wadman
edd0ae198b tcp,flow: By default allow missing syn/ack for now
Is probably what you usually want
2022-01-07 12:02:38 +01:00
Mattias Wadman
6ed2e2e72e interp: dump: Indicate arrays using jq-syntax
Related to #16
2021-12-08 16:24:28 +01:00
Mattias Wadman
f55b1af6ac inet: Add tcp and ipv4 reassembly
Also add tcp_stream and udp_payload to decode content
2021-11-29 18:42:18 +01:00
Mattias Wadman
7b7faaf02b pcap: Add pcap, pcapng, ether8023, ipv4, udp, udp 2021-11-24 18:13:00 +01:00