Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Help needed on value translation of dissected bits

From: "Maynard, Chris" <Christopher.Maynard () GTECH COM>
Date: Thu, 3 Dec 2009 10:55:07 -0500
Would something like this [untested] code work for you?

 

b = tvb_get_ntohs(tvb, offset);

b = ((b & 0x8000) >> 7) | (b & 0x00ff);

proto_tree_add_uint_format(tree, hf_myproto_B, tvb, offset, 2, b, "B
Value: %u", b);

 

README.developer has more information on all the proto_tree_add_xxx()
functions.

- Chris

 

From: wireshark-dev-bounces () wireshark org
[mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Jarolin,
Robert
Sent: Wednesday, December 02, 2009 11:56 AM
To: wireshark-dev () wireshark org
Subject: [Wireshark-dev] Help needed on value translation of dissected
bits

 

Normally with the translation of specific bits to a decimal value is
easy using the definition in the hf structure, but I am trying to find a
way to properly display 1 or more bytes that have disjoint bits
associated to a specific value.

Let me give an example: 
Assume that you have 2 bytes to dissect that are formatted as follows: 
- There are 2 values, A and B that are encoded into 2 Bytes 
- Value A has a maximum size of 127 and is encoded using the lower 7
bits of Byte 1 
- Value B has a maximum size of 511 and is encoded using all 8 bits in
Byte 2 along with bit 8 in Byte 1 representing the MSB for Value B

Normally, I would define the dissection in the hf structure as follows: 
{ &hf_myproto_B, 
  { "B Value", "myproto.b", 
       FT_UINT16, BASE_DEC, NULL, 0x80ff, NULL, HFILL 
  } 
} 

In this case, it will mask of the bits correctly, but it will translate
it to decimal as if there the extra bits that are masked off still
exist, but are a value of 0

So, for instance, the following encoding: 
 1000 0000 
 0000 0000 

Would be translated as follows: 
A = 0 
B = 32768 

Instead of what I want: 
A = 0 
B = 256 

Any way that I can do it?  If not, can I somehow use "proto_add_text" or
something similar to make the addition to the tree look similar to how
it would have looked with the bits that are masked off being shown?

Thanks for any help. 


Confidentiality Notice: This e-mail (including any attachments) is
intended only for the recipients named above. It may contain
confidential or privileged information and should not be read, copied or
otherwise used by any other person. If you are not a named recipient,
please notify the sender of that fact and delete the e-mail from your
system. 

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: