Wireshark-dev: Re: [Wireshark-dev] Wireshark lua (wslua) and bit fields - how to do it?
Thanks, Tony.
It doesn't quite do what I need it to do, but it comes pretty close...close enough that if I can't do it exactly the way I want easily enough, this will do.
The other complication comes in, where I might have the following scenario:
Bitmask: 0x00FFFFFF00000000
Shift: 24
So that 0x0012345600000000
becomes 0x0000000012345600
That being said, I just realized I can just alter the bitmask slightly to compensate.
Thanks again for your help, Tony.
Much appreciated.
On Sat, 2010-10-23 at 16:15 -0400, Tony Trinh wrote:
It doesn't quite do what I need it to do, but it comes pretty close...close enough that if I can't do it exactly the way I want easily enough, this will do.
The other complication comes in, where I might have the following scenario:
Bitmask: 0x00FFFFFF00000000
Shift: 24
So that 0x0012345600000000
becomes 0x0000000012345600
That being said, I just realized I can just alter the bitmask slightly to compensate.
Thanks again for your help, Tony.
Much appreciated.
On Sat, 2010-10-23 at 16:15 -0400, Tony Trinh wrote:
The shred_rd field should be defined with a mask, so that it's automatically
masked and shifted. I'm assuming it's a bit that represents "read only".
The Lua below lets you filter with "shred.rd == true":
-- read-only at bit 1
fields.shred_rd = ProtoField.bool("shred.rd", "Read only", base.DEC, nil, 0x02)
for shred = 1, num_shreds
do
subtree:add("----- NV Storage Shred" .. shred .. " -----")
subtree:add(fields.shred_id, buffer(offset, 8))
subtree:add(fields.shred_flags, buffer(offset+8, 8))
local flags=tonumber(tostring(buffer(offset+8,8):uint64()))
local hex=tostring(bit.tohex(bit.band(flags,0x02)))
subtree:add("----- NV Storage hexflags: " .. hex)
--[[
Since shred_rd is a bool, the buffer length must be 1.
shred_rd's offset (bit 1) is in the lower 8 bits of the 64-bit
flags.
]]--
local OFFSET_FLAGS_LSB = offset+8+7
subtree:add(fields.shred_rd, buffer(OFFSET_FLAGS_LSB,1))
offset=offset+inc
end
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 21 Oct 2010 17:46:29 +0000
> From: Daniel Lynes <dlynes@xxxxxxxxxxx>
> Subject: [Wireshark-dev] Wireshark lua (wslua) and bit fields - how to
> do it?
> To: wireshark-dev@xxxxxxxxxxxxx
> Message-ID: <1287683189.17967.24.camel@yvorontsov-gpu1>
> Content-Type: text/plain; charset="us-ascii"
>
> I'm trying to output some bit values in my wireshark dissector decode.
> However, I want to be able to filter based on those bit values.
>
> I can't seem to use the LUA bitop library to do it, because lua
> complains that the result is not a uservalue.
>
> I've got the following code:
>
> for shred = 1, num_shreds
> do
> subtree:add("----- NV Storage Shred " ..
> shred .. " -----")
> subtree:add(fields.shred_id,
> buffer(offset, 8))
> subtree:add(fields.shred_flags,
> buffer(offset+8, 8))
> local
> flags=tonumber(tostring(buffer(offset+8,8):uint64()))
> local
> hex=tostring(bit.tohex(bit.band(flags,0x02)))
> subtree:add("----- NV Storage hex flags:
> " .. hex)
> local hexba=ByteArray.new(hex)
> -- The following line complains about a nil
> uservalue
> local rdonly=Tvb.new_real(hexba, "hex")
> -- The following line complains about the
> value being a number instead of a uservalue
> subtree:add(fields.shred_rd,
> bit.band(flags, 0x02))
> offset=offset+inc
> end
>
> Does anyone happen to have any clues as to what I'm doing wrong? Fwiw,
> I'm using 1.2.0 (1.3, 1.4, and 1.5 all have video corruption issues, and
> 1.0 has issues with 64-bit integers).
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
|
Daniel Lynes Software Engineer PV Labs Intelligent Imaging (905) 667-7308 
|
- References:
- Prev by Date: [Wireshark-dev] 4 Bytes too much in tvb
- Next by Date: Re: [Wireshark-dev] Wireshark or protocol bug? (HTTP MIME multipart)
- Previous by thread: Re: [Wireshark-dev] Wireshark lua (wslua) and bit fields - how to do it?
- Next by thread: Re: [Wireshark-dev] Wireshark lua (wslua) and bit fields - how to do it?
- Index(es):