Hi I am new to the list and this is my first post.
I am writing a dissector plugin for Wireshark and have a
question. If I have a set of data that I am iterating through. Sometimes
the one message inside the data ends on a byte boundary, and others end on the
third bit or the fifth bit or some other non-nibble boundary bit.
What I want to do is print this different fields inside each
message. But I cannot assume a bitmask will always be the same since each
message can end essentially anywhere in the bytestream and not just on a
boundary.
Can I use the proto_tree_add_item? How would I define a
bitmask in the hf_ structure?
Currently, I take the bits that I want, put them in a string,
and use proto_add_tree_string to print them. But there must be a better
way (I hope).
Any help or best use cases for each function would be
appreciated.
Grady
Neely
Motorola
- Austin, TX
Phone:
(512) 427-7313
Cell: (512)
450-8738
Fax:
(512) 996-7130