Re: need to read three bytes of offset

[prashanth s <prbanglore () gmail com>]

Hi Chris,

I am reading the 3 bytes directly from the pcap file. I have implemented my
parser using the libpcap source code.

I wish I could use a function similar to tvb_get_ntoh24 ( ). The functions
provided by wireshark are marvelous.
I have written a couple of dissectors on wireshark earlier.

Regards,
Prashanth

On Fri, Mar 5, 2010 at 2:41 AM, Maynard, Chris <
Christopher.Maynard () gtech com> wrote:

>  Are you really reading those 3 bytes directly from the pcap file, or are
> you reading them from a tvbuff that wireshark hands your dissector?
>
>
>
> If from a tvbuff, why not just use tvb_get_ntoh24()?  And if you’re not
> doing anything with that value except for adding it to your tree, you can
> just use proto_tree_add_item() with the item specified as either FT_INT24 or
> FT_UINT24, whichever the case may be.
>
>
>
> - Chris
>
>
>
>
>
> *From:* wireshark-dev-bounces () wireshark org [mailto:
> wireshark-dev-bounces () wireshark org] *On Behalf Of *prashanth s
> *Sent:* Thursday, March 04, 2010 3:57 PM
>
> *To:* Developer support list for Wireshark
> *Subject:* Re: [Wireshark-dev] need to read three bytes of offset
>
>
>
> Oh, then it looks correct to write a function that reads 3 bytes int value
> from pacp / wire and convert it to an int? This is what I have done: I read
> the three bytes from the pcap in to an array of three bytes. And then I
> memcpy these 3 bytes from array to an int variable(which has been memset
> with 0's) And then I do a ntohl on this int variable and return it as an
> int.
>
>
>
> Thanks Guy Harris,
>
> Regards,
>
> Prashanth
>
>
>
> On Fri, Mar 5, 2010 at 2:17 AM, Guy Harris <guy () alum mit edu> wrote:
>
>
> On Mar 4, 2010, at 12:42 PM, prashanth joshi wrote:
>
> > thanks for the clarification.
> > I was writing a function to read such 3 byte values and convert them to
> int. Unaware that uint24 field is supported in C (I have seen uint24 field
> only in wireshark).
> > Now I am using the uint24 type.
>
> Standard C doesn't have a uint24 data type (even C99 doesn't have
> uint24_t).  I suppose if you're using C on the Datacraft/Harris machines (no
> relation):
>
>        http://bolt.beetlebolt.com/blog/?m=200706
>
> you'd have a 24-bit data type, but most if not all machines capable of
> running Wireshark have 8-bit bytes and 32-bit or 64-bit registers.
>
> Wireshark supports 24-bit integral-valued fields - but you put the values
> into 32-bit variables.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
>
>
>
> CONFIDENTIALITY NOTICE: The contents of this email are confidential
> and for the exclusive use of the intended recipient. If you receive this
> email in error, please delete it from your system immediately and
> notify us either by email, telephone or fax. You should not copy,
> forward, or otherwise disclose the content of the email.
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe