Wireshark mailing list archives

Re: Wireshark lua (wslua) and bit fields - how to do it?

From: Daniel Lynes <dlynes () pv-labs com>
Date: Thu, 28 Oct 2010 14:24:42 +0000

Thanks, Tony.  I realized I had another problem with my particular
version of asterisk.

The bitmask doesn't actually work (if there's a bit turned on anywhere
within the byte, the bool will evaluate to true, no matter what the mask
is).  I'm guessing it's probably not implemented, and there's no
mechanism in wireshark (or possibly lua) to tell you that it's not
implemented.  The protocol doesn't currently have anything that overlaps
16-bit boundaries in the 64-bit word, so I'm able to break it up into
8-bit and 16-bit words.

You've provided a lot of insight into how to do bitfields, however.
After we've upgraded to Ubuntu 10.04, perhaps Wireshark will support the
bitmask.  On 9.04 however, it shipped with Wireshark 1.0.7, and I've
since upgraded it to the latest wireshark that doesn't have display
corruption (I think it's a mismatch between wireshark and pango, causing
memory corruption) available for 9.04, being 1.2.0.  I've tried 1.5 svn
snapshots as well, but they all have the pango/wireshark/memory
corruption issue.

On Mon, 2010-10-25 at 16:53 -0400, Tony Trinh wrote:

No problem.

I think I can better help you if you outlined the spec for the 64-bit field
and told me what exactly you wanted to do with it, but I'll try to help based
on what you've told me so far...

Currently, masking a uint64 does not work (at least I couldn't do it
on my machine).
You can only mask an int up to 32 bits. So, you would have to define
two 32-bit fields
and adjust the masks accordingly.

For your most recent example, you can do something like:

-- 24-bit integer in upper 32 bits of 64-bit flags
fields.shred_foo = ProtoField.uint32("shred.foo", "Foo field",
base.DEC, nil, 0x00FFFFFF)

-- read-only bit at bit 1 of 64-bit flags
fields.shred_rd = ProtoField.bool("shred.rd", "Read only", base.DEC, nil, 0x02)

[...]

local OFFSET_FLAGS = offset+8
local OFFSET_FLAGS_LSB = OFFSET_FLAGS+7

subtree:add(fields.shred_foo, buf(OFFSET_FLAGS, 4))
subtree:add(fields.shred_rd, buf(OFFSET_FLAGS_LSB, 1))
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


Daniel Lynes
Software Engineer
PV Labs Intelligent Imaging
(905) 667-7308

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Wireshark lua (wslua) and bit fields - how to do it? Tony Trinh (Oct 23)
- Re: Wireshark lua (wslua) and bit fields - how to do it? Daniel Lynes (Oct 25)
- Re: Wireshark lua (wslua) and bit fields - how to do it? Tony Trinh (Oct 25)
  - Re: Wireshark lua (wslua) and bit fields - how to do it? Daniel Lynes (Oct 28)
  - Re: Wireshark lua (wslua) and bit fields - how to do it? Tony Trinh (Oct 28)