Hi,
You can also use proto_add_bits_item()
Regards
Anders
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of yannick omnes
Sent: den 23 januari 2015 08:46
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissecting a field that has non-octet bit boundaries
Hi Richard,
I had the same problem recently, that I solved using a bitmask in one of the register_info fields. It looked like that :
{
&hf_protocol_id,
{
"ID", "protocol.id",
FT_UINT8, BASE_DEC_HEX,
NULL, 0x1,
NULL, HFILL
},
}
This should display only the first bit of a byte.
Hope that helps,
Regards
Yannick
Le 23/01/2015 05:46, Richard Sharpe a écrit :
> Hi Folks,
>
> I am trying to dissect MS-RSVD further since I have a capture of some
> of that funky SCSI tunneled over SMB2/3.
>
> Anyway, they have a 4-byte header that consists of:
>
> 1 byte: Protocol ID
> 12 bits: Protocol Version
> 12 bits: Operation Code
>
> How do I deal with this. It does not seem like proto_tree_add_bitmask
> is the correct thing.
>
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe