[Bro] Syntax Question - Nested Switch Case

[Jon Siwek]

On Tue, Oct 16, 2018 at 12:46 AM TQ <nothinrandom at gmail.com> wrote:

> How do you do a nested switch case inside a record? I have some data 0xAABBCCDD01020304 or 0xAABBCCDD01020405 that I need to verify that the header is 0xAABBCCDD and switch based on the last two bytes, either 0x0304 or 0x0405. Is this a good practice of switch record since data length will change based on the command. The nested case I have below is incorrect and is throwing error "make[3]: *** [test_pac.h] Segmentation fault (core dumped)"

It's possible that you've just run into a binpac bug related to nested
records and you can file a bug/issue for that on GitHub, but you may
also be able to organize things differently.  For example, instead of
nesting switch/case you can do:

type HeaderCmd(cmd: uint16) = case cmd of {
  DEVICE_CMD2_1  -> info1: Record_A;
  DEVICE_CMD2_2  -> info2: Record_B;
};

type Device_Response = record {
  header: Header;
  data: case(header.header) of {
    DEVICE_HEADER -> head_cmd: HeaderCmd(header.cmd2);
    default       -> unknown: bytestring &restofdata;
  };
} &byteorder=littleendian;

Also, if you only ever expect to see that DEVICE_HEADER value and not
any other header values for this protocol, you might just use an
&enforce attribute at the top level instead of a switch/case.

- Jon