Comment # 10
on bug 9612
from Evan Huus
(In reply to comment #9)
> Created attachment 12475 [details]
> Patch for dissecting AMQP 1.0 - version 2
>
> Attached new patch proposal, with all points from
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9612#c4 implemented.
>
> Three comments to the patch:
> 1) I use stdio.h there for two sprintf calls to properly format some output.
> If this can cause some problems on some architectures, let me know and I can
> use strcpy instead.
As per doc/README.developer, use the g_snprintf() function declared by <glib.h>
instead.
>
> 2) None composite field (i.e. no field that can be list, map or array BUT
> also can be null) can be filtered based on content. I.e. there is filter
> amqp.performative.arguments.error but no filter
> "amqp.performative.arguments.error == 64" to filter just errors equal to
> null (0x40=64 is null in AMQP 1.0).
>
> The reason is I found no way how to have just one filter name for potential
> both hf_*_error variables such that one has FT_UINT8 (for null error) and
> another FT_<whatever> for a list. Every solution I tried resulted in
> segfault when applying some search.
>
> And having two different filter names for the same AMQP field seems to me as
> rather confusing than beneficial.
Please read section 1.5.1 of doc/README.dissector which explains what can and
cannot be done here (specifically which FT_ types can be mixed and which
can't).
>
> 3) Filtering for null value (".. = 64") might return also fields with
> integer value 64, and vice versa. E.g. applying filter
>
> amqp.performative.arguments.idleTimeout == 64
>
> to attached tcpdump - in attempt to see "open" performatives with
> idle-time-out set to 64 seconds - would result in showing 2 frames with null
> timeout set.
You are receiving this mail because:
- You are watching all bug changes.