Chris
Thanks for the reply.
It is good to know not to waste my time anymore with the
proto_tree_add_bits_item() anymore.
I am looking for a starting point now.
Knowing that all my bytes are little endian....what would be the best
way to start dissecting my bytes..??
I have done this thus far: (I am heading in the right direction since I
cannot use proto_tree_add_bits_item)...??
As you can see.... I am basically telling each field where the bits are
located. But what happens when I come across a field that is variable
length..??
Any help is greatly appreciated.
//Version
proto_tree_add_item(vmf_sub_tree,hf_vmf_version, tvb, offset, 1,
FALSE);
//FPI
fpi = tvb_get_bits8(tvb, bit_offset, 1);
proto_tree_add_item(vmf_sub_tree,hf_vmf_fpi, tvb, offset, 1, FALSE);
if(fpi == 1)
{
//Data Compression type
proto_tree_add_item(vmf_sub_tree,hf_vmf_datacompressiontype, tvb,
offset, 1, FALSE);
}
//GPI
gpi = tvb_get_bits8(tvb, bit_offset, 1);
proto_tree_add_item(vmf_sub_tree,hf_vmf_gpi, tvb, offset,
1, FALSE);
{ &hf_vmf_version,
{ "Version", "vmf.version", FT_UINT8, BASE_DEC, NULL, 0x0f,
NULL, HFILL}},
{ &hf_vmf_fpi,
{ "FPI", "vmf.fpi", FT_UINT8, BASE_DEC, NULL, 0x10,
NULL, HFILL}},
{ &hf_vmf_gpi,
{ "GPI", "vmf.gpi", FT_UINT8, BASE_DEC, NULL, 0x80,
NULL, HFILL}},
Thanks,
Brian
On 5/18/2011 11:06 AM, Chris Maynard wrote:
Brian Oleksa<oleksab@...> writes:
I am trying to dissect bits but am running into a problem when bytes
start to over lap (meaning the bit sets are not multiples of 8)
For example:
.... 0011
...0 ....
..1. ....
.1.. ....
*The above 7 bits are being used. Now I need the next 24 bits for the
next field. How to I get that last bit in the first octet and add it to
the next 23 bits....????*
Below is all the my current code base and screen shots. Also attached is
the layout of the packet:
Any help is greatly appreciated.
A couple of things:
1) tvb_get_bits[16|32|64]() only work with consecutive bits; therefore you can't
use proto_tree_add_bits_item().
2) You seem to be using a mix of TRUE and FALSE as the endian argument to
proto_tree_add_bits_item(), meaning a mix of little and big endian. I don't
know if your bytes are little endian or not, but even if the bits were
consecutive, until bug 4478 is resolved, tvb_get_bits[16|32|64]() do not support
little endian, so you wouldn't be able to use it (yet).
Assuming for the moment that your bytes are big endian and that the URN appears
as follows:
Byte 0 Byte 1 Byte 2 Byte 3
+-+-------+--------+--------+-------+-+
|U| + URN(23/24) | |
+-+-------+--------+--------+-------+-+
... then you can probably do something like the following *COMPLETELY UNTESTED*
code:
guint32 urn;
urn = (((guint32)tvb_get_guint8(tvb, offset)<< 16)& 0x00800000) |
((tvb_get_guint24(tvb, offset + 1)>> 1)& 0x007FFFFF);
... then add it to the tree using:
proto_tree_add_item(vmf_sub_tree, hf_vmf_urn, tvb, offset, 4, FALSE);
... where hf_vmf_urn is declared as something along the lines of:
{&hf_vmf_urn,
{"URN", "vmf.urn",
FT_UINT32, BASE_DEC, NULL, 0x80FFFFFE, NULL, HFILL }},
___________________________________________________________________________
Sent via: Wireshark-dev mailing list<[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
