Wireshark · Wireshark-dev: Re: [Wireshark-dev] Correct and efficient way of displaying bit fields?

Wireshark-dev: Re: [Wireshark-dev] Correct and efficient way of displaying bit fields?

From: Helge Kruse <Helge.Kruse-nospam@xxxxxxx>

Date: Sat, 08 Oct 2011 18:36:50 +0200

Am 07.10.2011 23:22, schrieb Kaul:

I'm struggling for some time now with displaying bitfields, I'm sure there
must be something I'm overlooking, or it's just a bit difficult to do in
Wireshark.

I have a 32bit, little endian field, which I'd like to parse the bits (as
set/not set):
Example:
05 00 00 00

1 0 0 0 .... Feature A - set
0 0 0 0 ... Feature B - not set
0 0 1 0 ... Feature C - Set


1. Do I really have to create a hf_xxx for each? And use something like
proto_tree_add_bits_item() ? I was hoping to do it in a single
proto_tree_add_xxx() and pass it a single HF that would hold a VALS(...)
which will describe all the attributes.

When you add all these hf_info records you provide information that willbe displayed quite well. Additionally all these fields can be used in adisplay filter expression. That's worth to add all the info.

When I have such one-bit fields I put them in an array and use a loopover this field and call proto_tree_add_boolean for each iteration. Thissaves code lines. But when the field size varies, you will needindividual code lines.


Helge

References:
- [Wireshark-dev] Correct and efficient way of displaying bit fields?
  - From: Kaul

Prev by Date: [Wireshark-dev] syntax errors are eating my time and brain though my code is almost correct
Next by Date: Re: [Wireshark-dev] syntax errors are eating my time and brain though my code is almost correct
Previous by thread: [Wireshark-dev] Correct and efficient way of displaying bit fields?
Next by thread: Re: [Wireshark-dev] Correct and efficient way of displaying bit fields?
Index(es):
- Date
- Thread