-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Brian Oleksa
Sent: den 6 maj 2011 15:22
To: Developer support list for Wireshark
Subject: [Wireshark-dev] dissecting bits versus bytes
I am used to getting a spec sheet of a packet that needs to be dissected and most of the time each part of the packet is in bytes.
For example: The first byte in the packet is the version number. So this is what I would do.
proto_tree_add_item(myproto_sub_tree, hf_myproto_version, tvb, offset, 1, FALSE);
offset += 1;
{ &hf_myproto_version,
{ "Version", "myproto.version", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL}},
But now I was ordered to dissect a packet that the max size is in bits.
Since a byte is bigger than a bit.....how would you dissect this..??
version (max field size = 4 bits)..??
Thanks,
Brian
Hi,
If the spec looks like
Bit1 Bit4 Bit8
Ocet1 | Verion | Foo |
E.g The fields fill up a byte and always align the protocol is still octet oriented and you should do:
proto_tree_add_item(myproto_sub_tree, hf_myproto_version, tvb, offset, 1, FALSE); proto_tree_add_item(myproto_sub_tree, hf_myproto_foo, tvb, offset, 1, FALSE);
offset += 1;
{ &hf_myproto_version,
{ "Version", "myproto.version", FT_UINT8, BASE_DEC, NULL, 0xf0,
NULL, HFILL}},
{ &hf_myproto_foo,
{ "Foo, "myproto.foo", FT_UINT8, BASE_DEC, NULL, 0x0f,
NULL, HFILL}},
Note the bitmasks (0xf0 & 0x0f) which decides which part of the octet belongs to this field.
Offset is increased once the whole octet is handled, there is numerous examples in the code base.
Regards
Anders
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
