Wireshark-dev: Re: [Wireshark-dev] displaying more than 32 bits

From: "Yosi Saggi" <yosis@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 7 Mar 2011 09:32:07 +0200
I have debugged the variables. The f2_val, which is 64 bits has the
correct value in the correct order. There is no problem there.
My problem is how to display the different groups of bits. For example,
when I had a variable that was 32 bits there was no problem displaying
it with "proto_tree_add_item" function, when my hf variable has a
bitmask that groups the wanted bits. The display looks something like
this:
1... .... .... .... .... .... .... .... = Group A: 1
.0.. .... .... .... .... .... .... .... = Group B: 0
..01 1101 1011 0... .... .... .... .... = Group C: 950

And so on.
How and with what functions can I work when using more than 32 bits?
That is what I'm looking for.

Yosi

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Andreas
Sent: Sunday, March 06, 2011 9:32 PM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] displaying more than 32 bits

Am 06.03.2011 15:50, schrieb Yosi Saggi:
> Hi everybody
>
> I have a payload  that its size is 42 bits. I am getting it from the
TVB
> in little Endian.
>
> I have no problem displaying the whole payload as big endian with a
> guint 64bit variable:
>
> guint32  f2_val1, f2_val2;
> guint64 f2_val;
>
> f2_val1 = tvb_get_letohl(tvb, *plen)
> f2_val2 = tvb_get_letohl(tvb, (*plen+4));
> f2_val = f2_val1;
> f2_val= (f2_val<<32);
> f2_val = f2_val|f2_val2;

> Are threr any suggestions what can I use to display it correctly. As I
> have seen that "proto_tree_add_bits_ret_val", although having a "big
> endian/little endian" operand, that "little endian" is not implemented
> yet.


If you have a big endian number, than the high part should be *plen, the

lower part (*plen)+4 not (*plen+4). The latter is plen[4].

suggestions:

- Check the (*plen+4) term.
- Check that your 32 bit variables have the expected values.
- Check your variable names ;-) I got confused while trying to reproduce

it since with the names f2_val and f2_val2. If the code above is not 
literally from your dissector but "simplified" you probably also have 
done this failure.

--
Andy

________________________________________________________________________
___
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe