Thanks Guys Harris a lot. I understand more now. Actually I copied without modifying header fields "a", so it appeared to be *three* a in proto_tree_add_item
Steven
On 3/12/07,
Guy Harris <guy@xxxxxxxxxxxx> wrote:
On Mar 12, 2007, at 5:47 PM, Steven Le wrote:
> >No bitmasking necessary - FT_UINT24 takes care of it for you. Just
> put
> 0x0 for the bitmask field.
>
> I don't understand this part. Why is bitmask set to 0x instead of
> doing actually bitmasking
> while registering headers?
> I have 3 fields in bits that add up total 24 bits
> Example : a = 7 bits, b = 14 bits and c= 3 bits.
Then you have *three* fields the lengths of which happen to add up to
24, and that don't straddle byte boundaries, not one 24-bit field.
If you don't need the values of the fields to do any calculations,
just do
proto_tree_add_item(..........,a, offset, 3, TRUE);
proto_tree_add_item(..........,b, offset, 3, TRUE);
proto_tree_add_item(..........,c, offset, 3, TRUE); offset +=3;
*without* the tvb_get_letoh24() call. Do *NOT* use "a" in all three
calls; you need three separate field definitions, and need to use the
appropriate field hf_ value for the appropriate field.
If you do need the value, then get the value of the 24 bits that
include the three fields:
uint32 bits = tvb_get_letoh24(tvb, 3);
and either do
proto_tree_add_item(..........,a, offset, 3, TRUE);
proto_tree_add_item(..........,b, offset, 3, TRUE);
proto_tree_add_item(..........,c, offset, 3, TRUE); offset +=3;
or do
proto_tree_add_uint(..........,a, offset, 3, bits);
proto_tree_add_uint(..........,b, offset, 3, bits);
proto_tree_add_uint(..........,c, offset, 3, bits); offset +=3;
(the latter is slightly more efficient, but a bit more work - and you
have to get the types correct).
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
