On Mon, Mar 12, 2007 at 02:07:59PM -0400, Neely Grady-W30566 wrote:
> Hi I am new to the list and this is my first post.
Welcome!
> I am writing a dissector plugin for Wireshark and have a question.
> If I have a set of data that I am iterating through. Sometimes the
> one message inside the data ends on a byte boundary, and others end on
> the third bit or the fifth bit or some other non-nibble boundary bit.
>
> What I want to do is print this different fields inside each message.
> But I cannot assume a bitmask will always be the same since each
> message can end essentially anywhere in the bytestream and not just on
> a boundary.
>
> Can I use the proto_tree_add_item? How would I define a bitmask in the
> hf_ structure?
Are you using the same field name for each message, no matter which bit
it ends on? In this case, you wouldn't be able to use
proto_tree_add_item() unless you defined three different field names,
each with a different bitmask. You would still need logic in the
program to determine which field to use in the proto_tree_add_item()
call. How does the protocol specify how long the bit stream will be?
Steve