Wireshark-dev: Re: [Wireshark-dev] dissecting bit

From: Chris Maynard <chris.maynard@xxxxxxxxx>
Date: Wed, 18 May 2011 19:55:42 +0000 (UTC)
Brian Oleksa <oleksab@...> writes:

> It is good to know not to waste my time anymore with the 
> proto_tree_add_bits_item() anymore.

Well, you could fix bug 4478, then it wouldn't be a waste, assuming your data is
little-endian with MSB 0 bit ordering, which I'm not entirely sure that it is.

> I am looking for a starting point now.
> 
> Knowing that all my bytes are little endian....what would be the best 
> way to start dissecting my bytes..??

Are your bytes little endian (LE), or is the bit ordering LSB 0 as Jakub seemed
to imply they were.  Or both?  Once you figure that out, then it should be
rather straightforward what you need to do, I would think.

If LE+MSB0 => I already gave you an example using BE+MSB0, so it should be easy
enough to recode that example using tvb_get_letohl() instead of tvb_get_nothl()
and changing the shifting/masking accordingly.  (You should probably also use
ENC_LITTLE_ENDIAN instead of TRUE, by the way, as endian arguments to any
proto_tree_xxx() functions you might use.)

If LSB0 => Then Jakub's brand new tvb_get_bits_buf() function might help you. 
It is available as of r37254.  Or you could always grab the bytes in whichever
byte order is most helpful to you and do the bit-swapping yourself.