Pavel Moravec
changed
bug 9612
| What |
Removed |
Added |
| Attachment #12413 is obsolete |
|
1
|
Comment # 9
on bug 9612
from Pavel Moravec
Created attachment 12475 [details]
Patch for dissecting AMQP 1.0 - version 2
Attached new patch proposal, with all points from
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9612#c4 implemented.
Three comments to the patch:
1) I use stdio.h there for two sprintf calls to properly format some output. If
this can cause some problems on some architectures, let me know and I can use
strcpy instead.
2) None composite field (i.e. no field that can be list, map or array BUT also
can be null) can be filtered based on content. I.e. there is filter
amqp.performative.arguments.error but no filter
"amqp.performative.arguments.error == 64" to filter just errors equal to null
(0x40=64 is null in AMQP 1.0).
The reason is I found no way how to have just one filter name for potential
both hf_*_error variables such that one has FT_UINT8 (for null error) and
another FT_<whatever> for a list. Every solution I tried resulted in segfault
when applying some search.
And having two different filter names for the same AMQP field seems to me as
rather confusing than beneficial.
3) Filtering for null value (".. = 64") might return also fields with integer
value 64, and vice versa. E.g. applying filter
amqp.performative.arguments.idleTimeout == 64
to attached tcpdump - in attempt to see "open" performatives with idle-time-out
set to 64 seconds - would result in showing 2 frames with null timeout set.
You are receiving this mail because:
- You are watching all bug changes.