Wireshark mailing list archives

Re: Dissect data on a bit-by-bit basis

From: John Thacker <johnthacker () gmail com>
Date: Tue, 21 Jul 2020 21:34:34 -0400

On Tue, Jul 21, 2020 at 9:05 PM Filipe Laíns <lains () archlinux org> wrote:

Hi,

I am working on the USB HID dissector and I need to dissect data on a
bit by bit basis, instead of byte. The data structure is completely
dynamic (described by the HID descriptor) and the basic data block is
the bit. Any bit or sequence of bits can have a meaning, the data can
be completely unaligned. See the following example which shows
different fields distributed in a 2 byte packet.


What is the best way to dissect this data? I feel like I am going to
have to basically write a complicated internal wrapper around the tvb
API, and that won't even work properly in some cases.

Is modifying the tvb API to allow data control on a bit level
reasonable?



The API already allows fields which are bits, including unaligned ones, see
proto_tree_add_bits_item() described in proto.[c,h]
It even allows fields made of non-contiguous bits assembled into a single
field, see proto_tree_add_split_bits_*()

If you have the field types defined (say that you know the possible types
of data fields, just not their structure or how many
ahead of time), you can dynamically pass in the values for the bit_offset,
no_of_bits, and/or
the crumb_spec to those functions. If you need to change the formatting,
you can use the
proto_tree_add_[u]int[64]_bits_format_value() functions. (Though I don't
think that there is a *bits_format() function
that would let you change the name of the field for your Button A, Button B
types.) You can also do the
_add_bitmask* functions and dynamically change the pointer of fields passed
in.

John Thacker

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Dissect data on a bit-by-bit basis Filipe Laíns (Jul 21)
- Re: Dissect data on a bit-by-bit basis John Thacker (Jul 21)
- Re: Dissect data on a bit-by-bit basis Guy Harris (Jul 22)
  - Re: Dissect data on a bit-by-bit basis Tomasz Moń (Jul 23)