On Tue, Jul 21, 2020 at 9:05 PM Filipe Laíns <la...@archlinux.org> wrote:
> Hi, > > I am working on the USB HID dissector and I need to dissect data on a > bit by bit basis, instead of byte. The data structure is completely > dynamic (described by the HID descriptor) and the basic data block is > the bit. Any bit or sequence of bits can have a meaning, the data can > be completely unaligned. See the following example which shows > different fields distributed in a 2 byte packet. > > > What is the best way to dissect this data? I feel like I am going to > have to basically write a complicated internal wrapper around the tvb > API, and that won't even work properly in some cases. > > Is modifying the tvb API to allow data control on a bit level > reasonable? The API already allows fields which are bits, including unaligned ones, see proto_tree_add_bits_item() described in proto.[c,h] It even allows fields made of non-contiguous bits assembled into a single field, see proto_tree_add_split_bits_*() If you have the field types defined (say that you know the possible types of data fields, just not their structure or how many ahead of time), you can dynamically pass in the values for the bit_offset, no_of_bits, and/or the crumb_spec to those functions. If you need to change the formatting, you can use the proto_tree_add_[u]int[64]_bits_format_value() functions. (Though I don't think that there is a *bits_format() function that would let you change the name of the field for your Button A, Button B types.) You can also do the _add_bitmask* functions and dynamically change the pointer of fields passed in. John Thacker
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
