Mattias Wadman
74c7dc4eaf
pcap: Add ns support and add header field
2022-08-18 14:09:42 +02:00
Mattias Wadman
9a5fcc89f1
xml: Allow trailing <?procinstr?>
...
Also more context in error messages and refactor trim function
2022-08-11 23:48:29 +02:00
Mattias Wadman
29005c70bf
interp,dump: Show address bar for root, nested roots and on format change
...
Also increase indent for nested roots a bit.
Makes it a bit easier to read i think.
2022-08-09 18:09:41 +02:00
Mattias Wadman
377af133e0
fqtest: Cleanup path usage
...
Make cwd for a test script the directory where the script is.
Use relative paths
2022-05-21 20:03:25 +02:00
Mattias Wadman
2dc509ab2f
interp: Refactor dump and revert #259 for now
...
Causes address bar to not be shown in some cases.
Will have to rethink and redo the whole dump thing somehow.
2022-05-20 12:38:43 +02:00
Mattias Wadman
5109df4a50
interp: dump: Show address bar for nested roots
...
Hopefully makes it a bit easier to read and spot
2022-05-11 00:00:39 +02:00
Mattias Wadman
34cf5442b3
tcp: Split into client/server structs and add skipped_bytes and has_start/end per direction
...
Feels clenaer and removes _client/server field prefixes
2022-05-06 16:52:18 +02:00
Mattias Wadman
c4dd518e04
decode: Make compound range sort optional
...
Some formats might want to control child order
mp4: Keep tracks in track id order
dns: Keep label component order
elf: Keep seciton order
macho: Keep command and section order
2022-05-03 16:16:09 +02:00
Mattias Wadman
21ad628add
interp: dump: Show field name for compound values in arrays
...
mp3: Remove one level of struct for granales
dump: Makes it a bit easier to understand array of arrays/structs.
avro_ocf: Rename ocf.go -> avro_ocr.go to have same name of source file as format
pcap,pcapng: Rename tcp flow struct to tcp_connection, makes more sense i think
mp4: Add ISOBMFF to format description
2022-04-21 17:47:15 +02:00
Mattias Wadman
963a7af0d0
Merge pull request #222 from wader/display-path-root-array-incorrect
...
interp: Paths with a array as root was missing start dot
2022-04-08 19:03:10 +02:00
Mattias Wadman
5d25bbc2e1
tcp,udp: Refactor and make port matching better
...
rtmp: check port based on tcp direction
dns,rtmp: refactor to use tcp and udp port match helpers
flow: add has start/end to tcp to know if stream has missing bytes
2022-04-08 17:44:39 +02:00
Mattias Wadman
6f03471d15
interp: Paths with a array as root was missing start dot
2022-04-08 16:47:40 +02:00
Mattias Wadman
5ff67e4cfe
formats: Sym and field name cleanup to be more jq friendly
2022-04-05 13:59:57 +02:00
Mattias Wadman
e8dc7112b6
ipv6,icmpv6: Add decoder
...
Refactor to use groups between network layers to make them less coupled and reusable:
link_frame (ethernet etc)
inet_packet (ipv4,ipv6 etc)
ip_packet (tcp packet (not stream), udp segment etc)
Rename data to payload as i think it makes more sense for network data
2022-04-03 17:43:51 +02:00
Mattias Wadman
fc0aacb654
interp: Cleanup display aliases, now: d, da, dd, dv, ddv
...
Think it makes sense to have them all start with d.
Also f is often used as function argument name.
2022-01-28 18:25:38 +01:00
Mattias Wadman
b9aef39ed4
pcap,pcapng,bsd_loopback_frame: Add decoder, refactor link frame into a group
...
Also fix incorrect struct name s/UDPDatagramIn/UDPPayloadIn/
2022-01-03 21:06:27 +01:00
Mattias Wadman
f3480026bf
sll2: fuzz: Limit address length to max 8 bytes
2021-12-09 10:38:34 +01:00
Mattias Wadman
6ed2e2e72e
interp: dump: Indicate arrays using jq-syntax
...
Related to #16
2021-12-08 16:24:28 +01:00
Mattias Wadman
1d7ace3899
pcap,pcapng,tcp: Use capture length not original length
2021-12-07 18:47:31 +01:00
Mattias Wadman
f55b1af6ac
inet: Add tcp and ipv4 reassembly
...
Also add tcp_stream and udp_payload to decode content
2021-11-29 18:42:18 +01:00
Mattias Wadman
7b7faaf02b
pcap: Add pcap, pcapng, ether8023, ipv4, udp, udp
2021-11-24 18:13:00 +01:00
