Wireshark mailing list archives
Re: Dissect data on a bit-by-bit basis
From: Tomasz Moń <desowin () gmail com>
Date: Thu, 23 Jul 2020 09:07:01 +0200
On Thu, Jul 23, 2020 at 8:18 AM Guy Harris <gharris () sonic net> wrote:
On Jul 21, 2020, at 6:04 PM, Filipe Laíns <lains () archlinux org> wrote:I am working on the USB HID dissector and I need to dissect data on a bit by bit basis, instead of byte. The data structure is completely dynamic (described by the HID descriptor) and the basic data block is the bit. Any bit or sequence of bits can have a meaning, the data can be completely unaligned. See the following example which shows different fields distributed in a 2 byte packet. 0110000000011111 ^^^\__^___/\_^_/ ||| | | ||| | | Y axis (5 bit wide) ||| | ||| | X axis (8 bit wide) ||| ||| button 3 || || button 2 | | button 1That's 16 bits, so, while individual data *items* may be completely unaligned, the mouse report itself can be aligned on a byte or possibly even 16-bit boundary. If that's the case, then this is fairly easy. You can just define Boolean (FT_BOOLEAN) button1, button2, and button3 fields, an 8-bit integral (FT_UINT16 if unsigned, FT_INT16 if unsigned) x field, and a 5-bit integral (again, FT_UINT16 or FT_INT16) y field, with bitfields in the field definition. proto_tree_add_item() will handle extracting the relevant bits and displaying them as, for example: 0... .... .... .... = Button 1: up .0.. .... .... .... = Button 2: up ..1. .... .... .... = Button 3: down ...0 0000 111. .... = X: 7 .... .... ...0 1111 = Y: 15 If, however, the position and button information is *not* aligned on a 16-bit boundary, so that any of those fields can begin on an *arbitrary* bit boundary, you will have to use more complicated APIs, such as the ones described in John Thacker's message.
In this case, I think using proto_tree_add_bits_item() is actually less complicated. The reason for that is that the actual bit positions are only known at runtime, after dissecting the HID descriptor - the order is determined by the HID report descriptor stored in USB HID device firmware. The generic header field definitions can be created beforehand, but the bit positions will only be known at runtime. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Dissect data on a bit-by-bit basis Filipe Laíns (Jul 21)
- Re: Dissect data on a bit-by-bit basis John Thacker (Jul 21)
- Re: Dissect data on a bit-by-bit basis Guy Harris (Jul 22)
- Re: Dissect data on a bit-by-bit basis Tomasz Moń (Jul 23)