Wireshark-dev: Re: [Wireshark-dev] Wireshark lua (wslua) and bit fields - how to do it?

From: Daniel Lynes <dlynes@xxxxxxxxxxx>
Date: Thu, 28 Oct 2010 14:24:42 +0000
Thanks, Tony.  I realized I had another problem with my particular version of asterisk.

The bitmask doesn't actually work (if there's a bit turned on anywhere within the byte, the bool will evaluate to true, no matter what the mask is).  I'm guessing it's probably not implemented, and there's no mechanism in wireshark (or possibly lua) to tell you that it's not implemented.  The protocol doesn't currently have anything that overlaps 16-bit boundaries in the 64-bit word, so I'm able to break it up into 8-bit and 16-bit words.

You've provided a lot of insight into how to do bitfields, however.  After we've upgraded to Ubuntu 10.04, perhaps Wireshark will support the bitmask.  On 9.04 however, it shipped with Wireshark 1.0.7, and I've since upgraded it to the latest wireshark that doesn't have display corruption (I think it's a mismatch between wireshark and pango, causing memory corruption) available for 9.04, being 1.2.0.  I've tried 1.5 svn snapshots as well, but they all have the pango/wireshark/memory corruption issue.

On Mon, 2010-10-25 at 16:53 -0400, Tony Trinh wrote:
No problem.

I think I can better help you if you outlined the spec for the 64-bit field
and told me what exactly you wanted to do with it, but I'll try to help based
on what you've told me so far...

Currently, masking a uint64 does not work (at least I couldn't do it
on my machine).
You can only mask an int up to 32 bits. So, you would have to define
two 32-bit fields
and adjust the masks accordingly.

For your most recent example, you can do something like:

-- 24-bit integer in upper 32 bits of 64-bit flags
fields.shred_foo = ProtoField.uint32("shred.foo", "Foo field",
base.DEC, nil, 0x00FFFFFF)

-- read-only bit at bit 1 of 64-bit flags
fields.shred_rd = ProtoField.bool("shred.rd", "Read only", base.DEC, nil, 0x02)

[...]

local OFFSET_FLAGS = offset+8
local OFFSET_FLAGS_LSB = OFFSET_FLAGS+7

subtree:add(fields.shred_foo, buf(OFFSET_FLAGS, 4))
subtree:add(fields.shred_rd, buf(OFFSET_FLAGS_LSB, 1))
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Daniel Lynes
Software Engineer
PV Labs Intelligent Imaging
(905) 667-7308