How about using : Octet = tvb_get_guint(tvb,offset); Octet = octet & 0x03; proto_tree_add_uint_format...
use grep to find proto_tree_add_uint_format in the sources and do some copy pasting :-) BTW displaying it as .... .010 tells the user which bits corresponds to the displayed value (2) which may be useful. Regards Anders -----Ursprungligt meddelande----- Från: [email protected] [mailto:[email protected]] För Swapnil Barai (sbarai) Skickat: den 16 juli 2009 01:28 Till: Developer support list for Wireshark Ämne: Re: [Wireshark-dev] Changing how the fields are displayed intheoutput of dissector * Only last 3 bits -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Swapnil Barai (sbarai) Sent: Wednesday, July 15, 2009 4:26 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Changing how the fields are displayed in theoutput of dissector Hey, So in the following code which is part of void proto_register_PROTOABBREV(void), what should I enter in the fieldname. I am asking this because in the printf format argument in the call to proto_tree_add_*_format() I have already mentioned what I want to display. static hf_register_info hf[] = { { &hf_PROTOABBREV_FIELDABBREV, { "FIELDNAME", "PROTOABBREV.FIELDABBREV", FIELDTYPE, FIELDBASE, FIELDCONVERT, BITMASK, "FIELDDESCR", HFILL } } }; Also the field that I am trying to manipulate just occupies 3 bits of an octet. Thus I am using proto_tree_bytes_format() as I could not find any other format function suitable. In the start_ptr argument of this I am passing tvb_get_ptr(tvb,offset,length). Is this start_ptr right coz my field doesn't occupy the whole byte, only last 3 bytes? Thanks Swapnil -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jaap Keuter Sent: Wednesday, July 15, 2009 11:13 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Changing how the fields are displayed in the output of dissector Hi, No, that's part of the proto tree item presentation code. All you can do is use your own formatted presentations through proto_tree_add_*_format() calls. Thanx, Jaap Swapnil Barai (sbarai) wrote: > Oh, so is there any way to alter this standard presentation for my own > dissector. > > Thanks for your help. > > Swapnil > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jaap Keuter > Sent: Wednesday, July 15, 2009 10:56 AM > To: Developer support list for Wireshark > Subject: Re: [Wireshark-dev] Changing how the fields are displayed in > the output of dissector > > Hi, > > That is the standard presentation for header fields registered with a > BITMASK!=0 > > Thanx, > Jaap > > Swapnil Barai (sbarai) wrote: >> Yes, that's right. But which part of the source code needs to be >> manipulated here I am not sure of that. As in what part of code is >> causing the 000... = to appear before Qualifier. >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Jaap Keuter >> Sent: Wednesday, July 15, 2009 10:45 AM >> To: Developer support list for Wireshark >> Subject: Re: [Wireshark-dev] Changing how the fields are displayed in >> the output of dissector >> >> Hi, >> >> Not without changing the sourcecode. >> >> Thanx, >> Jaap >> >> Swapnil Barai (sbarai) wrote: >>> >>> >>> Hi >>> >>> >>> >>> This is a sample output of wireshark SCSI dissector. >>> >>> >>> >>> 000.... = Qualifier: Device type is connected to logical unit >> (0x00) >>> >>> >>> Qualifier being a registered field in the SCSI dissector. >>> >>> >>> >>> Is there a way to make this output as >>> >>> >>> >>> Qualifier: Device type is connected to logical unit (0x00) >>> >>> >>> >>> Thanks >>> >>> ________________________________________________________________________ ___ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe ________________________________________________________________________ ___ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
