Wireshark mailing list archives

Correct and efficient way of displaying bit fields?

From: Kaul <mykaul () gmail com>
Date: Fri, 7 Oct 2011 23:22:14 +0200

I'm struggling for some time now with displaying bitfields, I'm sure there
must be something I'm overlooking, or it's just a bit difficult to do in
Wireshark.

I have a 32bit, little endian field, which I'd like to parse the bits (as
set/not set):
Example:
05 00 00 00

1 0 0 0 .... Feature A - set
0 0 0 0 ... Feature B - not set
0 0 1 0 ... Feature C - Set


1. Do I really have to create a hf_xxx for each? And use something like
proto_tree_add_bits_item() ? I was hoping to do it in a single
proto_tree_add_xxx() and pass it a single HF that would hold a VALS(...)
which will describe all the attributes.
2. How do I take into consideration the endianess?

Best I could do so far, it works but it's ugly and not maintainable, is:
proto_tree_add_bits_item(tree, hf_common_cap_auth_select, tvb, (offset * 8)
+ 7, 1, ENC_NA);
proto_tree_add_bits_item(tree, hf_common_cap_auth_spice, tvb, (offset * 8) +
6, 1, ENC_NA);
proto_tree_add_bits_item(tree, hf_common_cap_auth_sasl, tvb, (offset * 8) +
5, 4, ENC_NA);

...

        { &hf_common_cap_auth_select,
          { "Auth Selection", "spice.common_cap_auth_select",
            FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0,
            NULL, HFILL }
        },
        { &hf_common_cap_auth_spice,
          { "Auth Spice", "spice.common_cap_auth_spice",
            FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0,
            NULL, HFILL }
        },
        { &hf_common_cap_auth_sasl,
          { "Auth SASL", "spice.common_cap_auth_sasl",
            FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0,
            NULL, HFILL }
        },


If I look at how it's done in packet-tcp.c, then it's again quite a bit of
manual labour, this time with proto_tree_add_boolean() - per each single
bit!
Is there a better way?

TIA,
Y.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Correct and efficient way of displaying bit fields? Kaul (Oct 07)
- Re: Correct and efficient way of displaying bit fields? Helge Kruse (Oct 08)
- Re: Correct and efficient way of displaying bit fields? Guy Harris (Oct 08)
- Re: Correct and efficient way of displaying bit fields? Glenn Matthews (Oct 10)