Wireshark mailing list archives
Re: bitmask handling in wireshark
From: Andreas <AndreasSander1 () gmx net>
Date: Wed, 29 Dec 2010 07:07:25 +0100
Am 28.12.2010 20:35, schrieb Ed Beroset:
Andreas wrote:So far I've seen only lots of boolean values.You might want to take a look at proto_tree_add_bitmask(). See doc/README.developer, which describes it and illustrates its use by taking an example from the SCSI dissector.Where can I get a sample capture file to see how this will look like?The easiest thing might be to look at epan/dissectors/packet-tcp.c for the code and pretty much any capture file with TCP. In the code, look for hf_tcp_flags and in a capture file, just look at the TCP flags. Also, looking at doc/README.developer is highly recommended. It's how I learned.
I did so before asking: $ grep -l "proto_tree_add_bitmask" *.c packet-dcerpc-netlogon.c packet-dlm3.c packet-fcels.c packet-fip.c packet-giop.c packet-h264.c packet-ipmi-app.c packet-ipmi-chassis.c packet-ipmi-picmg.c packet-ipmi-se.c packet-ipmi-storage.c packet-ipmi-transport.c packet-maccontrol.c packet-mrp-msrp.c packet-nfs.c packet-omron-fins.c packet-pnrp.c packet-sasp.c packet-scsi-sbc.c packet-scsi-smc.c packet-scsi-ssc.c packet-scsi.c packet-smb.c packet-smb2.c packet-sv.c packet-tn3270.c packet-tn5250.c Andy@HOME ~/Projects/Wireshark/Source/wireshark-1.4.1/epan/dissectors $ Looks like TCP does _not_ use this function. That's why I asked for a sample capture file of one of the protocols above. This is the actual packet-tcp.c code: tf = proto_tree_add_uint_format(tcp_tree, hf_tcp_flags, tvb, offset + 13, 1, tcph->th_flags, "Flags: 0x%02x (%s)", tcph->th_flags, flags_strbuf->str); field_tree = proto_item_add_subtree(tf, ett_tcp_flags); proto_tree_add_boolean(field_tree, hf_tcp_flags_cwr, tvb, offset + 13, 1, tcph->th_flags); proto_tree_add_boolean(field_tree, hf_tcp_flags_ecn, tvb, offset + 13, 1, tcph->th_flags); proto_tree_add_boolean(field_tree, hf_tcp_flags_urg, tvb, offset + 13, 1, tcph->th_flags); proto_tree_add_boolean(field_tree, hf_tcp_flags_ack, tvb, offset + 13, 1, tcph->th_flags); proto_tree_add_boolean(field_tree, hf_tcp_flags_push, tvb, offset + 13, 1, tcph->th_flags);
The easiest thing might be to look at epan/dissectors/packet-tcp.c for the code and pretty much any capture file with TCP.
Ehm, no. -- Andy ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- bitmask handling in wireshark Andrei Emeltchenko (Dec 28)
- Re: bitmask handling in wireshark Christopher Maynard (Dec 28)
- Re: bitmask handling in wireshark Andreas (Dec 28)
- Re: bitmask handling in wireshark Christopher Maynard (Dec 28)
- Re: bitmask handling in wireshark Andreas (Dec 28)
- <Possible follow-ups>
- Re: bitmask handling in wireshark Ed Beroset (Dec 28)
- Re: bitmask handling in wireshark Andrei Emeltchenko (Dec 28)
- Re: bitmask handling in wireshark Dirk Jagdmann (Dec 29)
- Re: bitmask handling in wireshark Ed Beroset (Dec 28)
- Re: bitmask handling in wireshark Andreas (Dec 28)
- Re: bitmask handling in wireshark Christopher Maynard (Dec 28)