Wireshark mailing list archives

Re: dissecting bit

From: Chris Maynard <chris.maynard () gtech com>
Date: Wed, 18 May 2011 15:06:37 +0000 (UTC)

Brian Oleksa <oleksab@...> writes:

I am trying to dissect bits but am running into a problem when bytes 
start to over lap (meaning the bit sets are not multiples of 8)

For example:

.... 0011
...0 ....
..1. ....
.1.. ....

*The above 7 bits are being used. Now I need the next 24 bits for the 
next field. How to I get that last bit in the first octet and add it to 
the next 23 bits....????*

Below is all the my current code base and screen shots. Also attached is 
the layout of the packet:

Any help is greatly appreciated.


A couple of things:
1) tvb_get_bits[16|32|64]() only work with consecutive bits; therefore you can't
use proto_tree_add_bits_item().
2) You seem to be using a mix of TRUE and FALSE as the endian argument to
proto_tree_add_bits_item(), meaning a mix of little and big endian.  I don't
know if your bytes are little endian or not, but even if the bits were
consecutive, until bug 4478 is resolved, tvb_get_bits[16|32|64]() do not support
little endian, so you wouldn't be able to use it (yet).

Assuming for the moment that your bytes are big endian and that the URN appears
as follows:

 Byte 0     Byte 1   Byte 2   Byte 3
+-+-------+--------+--------+-------+-+
|U|       +       URN(23/24)        | |
+-+-------+--------+--------+-------+-+

... then you can probably do something like the following *COMPLETELY UNTESTED*
code:

guint32 urn;

urn = (((guint32)tvb_get_guint8(tvb, offset) << 16) & 0x00800000) |
((tvb_get_guint24(tvb, offset + 1) >> 1) & 0x007FFFFF);

... then add it to the tree using:
proto_tree_add_item(vmf_sub_tree, hf_vmf_urn, tvb, offset, 4, FALSE);

... where hf_vmf_urn is declared as something along the lines of:

    {&hf_vmf_urn,
     {"URN", "vmf.urn",
      FT_UINT32, BASE_DEC, NULL, 0x80FFFFFE, NULL, HFILL }},



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

dissecting bit Brian Oleksa (May 18)
- Re: dissecting bit Chris Maynard (May 18)
  - Re: dissecting bit Chris Maynard (May 18)
  - Re: dissecting bit Brian Oleksa (May 18)
  - Re: dissecting bit Brian Oleksa (May 18)
    - Re: dissecting bit Chris Maynard (May 18)
    - Re: dissecting bit Brian Oleksa (May 18)
    - Re: dissecting bit Chris Maynard (May 18)
- Re: dissecting bit Jakub Zawadzki (May 18)
  - Re: dissecting bit Brian Oleksa (May 18)