Wireshark-dev: Re: [Wireshark-dev] Dissector Question - arrays of data in packets - how to disp
I guess where I'm confused is NOT the bitfield
part, I have that working, but and I use the same
hf[] field registration over and over and over
within a loop? I guess I don't really understand the field registration part all
that well and wasn't sure what would happen.
For example, can I do (excepts below) something
like:
#define
MADD_ATTEN_MASK_405MSG 0x07FF
#define
ENABLE_RANGE_ATTEN_FLAG_MASK_405MSG
0x0800
#define
LOS_FLAG_405MSG 0x1000
#define
ENABLE_FREQ_ATTEN_FLAG_MASK_405MSG
0x2000
...
- { &hf_asicp_405_maddatten,
- { "MADD ATTEN", "asicp.msg.40.maddatten",
- FT_BOOLEAN, 16, NULL, MADD_ATTEN_MASK_405MSG,
- NULL, HFILL }
- },
- { &hf_asicp_405_enablerangeattenflag,
- { "Enable Range ATTEN Flag", "asicp.msg.405.enablerangeattenflag",
- FT_BOOLEAN, 16, NULL, ENABLE_RANGE_ATTEN_FLAG_MASK_405MSG,
- NULL, HFILL }
- },
- { &hf_asicp_405_losflag,
- { "LOS Flag", "asicp.msg.405.losflag",
- FT_BOOLEAN, 16, NULL, LOS_FLAG_405MSG,
- NULL, HFILL }
- },
- { &hf_asicp_405_enablefreqattenflag,
- { "Enable Freq ATTEN Flag", "asicp.msg.405.enablefreqattenflag",
- FT_BOOLEAN, 16, NULL, ENABLE_FREQ_ATTEN_FLAG_MASK_405MSG,
- NULL, HFILL }
- },
- ...
/* Generator 1-512: 5 fields for each of the next
512, 2 byte "things" ) */
currentOffset = WHATEVER;
for (i=0; i<512; i++)
{
proto_tree_add_item(asicp_tree, hf_asicp_405_maddatten, tvb, offset, 2,
TRUE);
proto_tree_add_item(asicp_tree,
hf_asicp_405_enablerangeattenflag, tvb, offset, 2, TRUE);
proto_tree_add_item(asicp_tree,
hf_asicp_405_losflag, tvb, offset, 2, TRUE);
proto_tree_add_item(asicp_tree,
hf_asicp_405_enablefreqattenflag, tvb, offset, 2, TRUE);();
proto_tree_add_string_format(asicp_tree,
hf_asicp_405_maddatten, tvb, offset, 2, VAL, "
currentOffset += 2; /* 2 bytes for each
field */
}
So - the general question is I can I "reuse"
the hf_asicp_405_maddatten etc. fields over and over
and over in the loop without messing anything up? And if I click on one "group"
of those in the middle pane, will it highlight the proper bytes in the bottom
display
Sincerely,
John Jamulla
----- Original Message -----
Sent: Tuesday, February 27, 2007 8:05
PM
Subject: Re: [Wireshark-dev] Dissector Question -
arrays of data in packets - how to display
> On Sat, Feb 24, 2007 at 11:04:27AM -0500, John Jamulla
wrote:
>
> > I have some data in my own protocol that is really
a set of 512, 2
> > byte bit fields, and I want to display something
like:
> >
> > Generator 1 Fielda
> >
Generator 1 Fieldb
> > Generator 1
Fieldc
> > Generator 1 Fieldd
> > Generator
2 Fielda
> > Generator 2 Fieldb
> >
Generator 2 Fieldc
> > Generator 2
Fieldd
> > ...
> >
> > Where field a-d are
bitfields. I know how to get the bits into a
> > useful value, but I
have no idea really how to display something like
> > this?
>
> You would typically use proto_tree_add_item() and define the bitmask as
> part of the hf[] field registration. Search doc/README.developer
for
> bitfield for some more information. You can also take a look
at an
> existing dissector to see how it is handled. The VNC
dissector
> (epan/dissectors/packet-vnc.c) uses bitfields in a number of
places, for
> example:
>
> proto_tree_add_item(subrect_tree,
hf_vnc_hextile_subrect_x_pos, tvb,
> *offset, 1, FALSE);
>
>
{ &hf_vnc_hextile_subrect_x_pos,
>
{ "X position", "vnc.hextile_subrect_x_pos",
>
FT_UINT8, BASE_DEC, NULL, 0xF0, /* Top 4 bits */
>
"X position of this subrectangle", HFILL }
>
},
>
> Does this help?
>
>
> Steve
>
> _______________________________________________
> Wireshark-dev
mailing list
> Wireshark-dev@xxxxxxxxxxxxx> http://www.wireshark.org/mailman/listinfo/wireshark-dev>
