Re: Byte ordering for dissectors

[Guy Harris <guy () alum mit edu>]

On Jan 10, 2014, at 11:21 AM, Jakub Zawadzki <darkjames-ws () darkjames pl> wrote:

> In packet-nflog.c I'm trying to guess endianess (nflog_tvb_byte_order())

Sadly, nflog doesn't have a fixed amount of fixed-format data that is in host byte order, with everything else in a 
standard byte order, so guessing the byte endianness is the best you can do.

Guessing the byte endianness requires at least one field where the maximum value requires fewer bits than the field 
size, so that some bits are guaranteed to be zero, and where at least one of those bytes is guaranteed to be *non-zero* 
in a byte-swapped version of a valid value.  For example, a value that won't be > 65535, in a 4-byte field that's never 
zero, would be sufficient.

If there is no such field, and there's a fixed amount of fixed-format data in host byte order, you need to do the 
byte-swap-on-read that libpcap and libwiretap do.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe