Re: need to read three bytes of offset

["Maynard, Chris" <Christopher.Maynard () GTECH COM>]

Are you really reading those 3 bytes directly from the pcap file, or are you reading them from a tvbuff that wireshark 
hands your dissector?

If from a tvbuff, why not just use tvb_get_ntoh24()?  And if you're not doing anything with that value except for 
adding it to your tree, you can just use proto_tree_add_item() with the item specified as either FT_INT24 or FT_UINT24, 
whichever the case may be.

- Chris


From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of prashanth s
Sent: Thursday, March 04, 2010 3:57 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] need to read three bytes of offset


Oh, then it looks correct to write a function that reads 3 bytes int value from pacp / wire and convert it to an int? 
This is what I have done: I read the three bytes from the pcap in to an array of three bytes. And then I memcpy these 3 
bytes from array to an int variable(which has been memset with 0's) And then I do a ntohl on this int variable and 
return it as an int.



Thanks Guy Harris,

Regards,

Prashanth

On Fri, Mar 5, 2010 at 2:17 AM, Guy Harris <guy () alum mit edu<mailto:guy () alum mit edu>> wrote:

On Mar 4, 2010, at 12:42 PM, prashanth joshi wrote:

> thanks for the clarification.
> I was writing a function to read such 3 byte values and convert them to int. Unaware that uint24 field is supported 
> in C (I have seen uint24 field only in wireshark).
> Now I am using the uint24 type.
Standard C doesn't have a uint24 data type (even C99 doesn't have uint24_t).  I suppose if you're using C on the 
Datacraft/Harris machines (no relation):

       http://bolt.beetlebolt.com/blog/?m=200706

you'd have a 24-bit data type, but most if not all machines capable of running Wireshark have 8-bit bytes and 32-bit or 
64-bit registers.

Wireshark supports 24-bit integral-valued fields - but you put the values into 32-bit variables.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org<mailto:wireshark-dev-request () wireshark 
org>?subject=unsubscribe

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe