Wireshark-dev: Re: [Wireshark-dev] dissecting bit

From: Brian Oleksa <oleksab@xxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 18 May 2011 16:35:18 -0400
Chris

Thanks for the info.

In your example you did this:

guint32 urn;

urn = (((guint32)tvb_get_guint8(tvb, offset)<<  16)&  0x00800000) |
((tvb_get_guint24(tvb, offset + 1)>>  1)&  0x007FFFFF);

proto_tree_add_item(vmf_sub_tree, hf_vmf_urn, tvb, offset, 4, FALSE);

... where hf_vmf_urn is declared as something along the lines of:

    {&hf_vmf_urn,
     {"URN", "vmf.urn",
      FT_UINT32, BASE_DEC, NULL, 0x80FFFFFE, NULL, HFILL }},



But you actually do not use the variable urn

So how is the urn variable (in your example) being used..??

Thanks,
Brian




On 5/18/2011 3:55 PM, Chris Maynard wrote:
Brian Oleksa<oleksab@...>  writes:

It is good to know not to waste my time anymore with the
proto_tree_add_bits_item() anymore.
Well, you could fix bug 4478, then it wouldn't be a waste, assuming your data is
little-endian with MSB 0 bit ordering, which I'm not entirely sure that it is.

I am looking for a starting point now.

Knowing that all my bytes are little endian....what would be the best
way to start dissecting my bytes..??
Are your bytes little endian (LE), or is the bit ordering LSB 0 as Jakub seemed
to imply they were.  Or both?  Once you figure that out, then it should be
rather straightforward what you need to do, I would think.

If LE+MSB0 =>  I already gave you an example using BE+MSB0, so it should be easy
enough to recode that example using tvb_get_letohl() instead of tvb_get_nothl()
and changing the shifting/masking accordingly.  (You should probably also use
ENC_LITTLE_ENDIAN instead of TRUE, by the way, as endian arguments to any
proto_tree_xxx() functions you might use.)

If LSB0 =>  Then Jakub's brand new tvb_get_bits_buf() function might help you.
It is available as of r37254.  Or you could always grab the bytes in whichever
byte order is most helpful to you and do the bit-swapping yourself.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe