Wireshark-dev: [Wireshark-dev] dissecting bit
|
I am trying to dissect bits but am running into a problem when bytes start to over lap (meaning the bit sets are not multiples of 8) For example: .... 0011 ...0 .... ..1. .... .1.. .... The above 7 bits are being used. Now I need the next 24 bits for the next field. How to I get that last bit in the first octet and add it to the next 23 bits....???? Below is all the my current code base and screen shots. Also attached is the layout of the packet: Any help is greatly appreciated. NOTE: the packets are not in order. Here is an overview of how they are coming across the wire. For example: (counting from 0) 01234567 bits 4-7 are the version bit 3 is the FPI bit 2 and 1 is the data compression (if FPI == 1) etc...etc void dissect_vmf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *vmf_item = NULL; proto_item *vmf_sub_item = NULL; proto_tree *vmf_tree = NULL; proto_tree *vmf_header_tree = NULL; guint8 fpi; guint8 gpi; col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_VMF); col_clear(pinfo->cinfo, COL_INFO); if (tree) { guint8 bit_offset; guint32 offset; vmf_item = proto_tree_add_item(tree, proto_vmf, tvb, 0, -1, FALSE); vmf_tree = proto_item_add_subtree(vmf_item, ett_vmf); vmf_header_tree = proto_item_add_subtree(vmf_item, ett_vmf); vmf_header_tree = proto_item_add_subtree(vmf_sub_item, ett_vmf); { #define MAXIUM_BUFFER 1024 char *buf = (char*)ep_alloc(MAXIUM_BUFFER); char * packet_name = "VMF Message Rev C"; proto_tree *vmf_sub_tree = NULL; offset = 0; bit_offset = 4; g_snprintf(buf, BUFFER, "%s", packet_name); vmf_item = proto_tree_add_text(tree, tvb, offset, 0, "%s", buf); vmf_sub_tree = proto_item_add_subtree(vmf_item, ett_vmf); //Version proto_tree_add_bits_item(vmf_sub_tree, hf_vmf_version, tvb, bit_offset, 4, TRUE); bit_offset -= 1; //FPI fpi = tvb_get_bits8(tvb, bit_offset, 1); proto_tree_add_bits_item(vmf_sub_tree, hf_vmf_fpi, tvb, bit_offset, 1, TRUE); //Field presence indicator (FPI). If FPI = 1 then the next field is presence. If it = 0 than it is absence. if(fpi == 1) { //Data Compression type bit_offset -= 2; proto_tree_add_bits_item(vmf_sub_tree, hf_vmf_datacompressiontype, tvb, bit_offset, 2, TRUE); } if(fpi == 0) { bit_offset -= 1; } //GPI gpi = tvb_get_bits8(tvb, bit_offset, 1); proto_tree_add_bits_item(vmf_sub_tree, hf_vmf_gpi, tvb, bit_offset, 1, TRUE); //Group presence indicator (GPI). If GPI = 1 then the next field is presence. If it = 0 than it is absence. if(gpi == 1) { bit_offset -= 1; //FPI fpi = tvb_get_bits8(tvb, bit_offset, 1); proto_tree_add_bits_item(vmf_sub_tree, hf_vmf_fpi, tvb, bit_offset, 1, TRUE); if(fpi == 1) { //URN Here is where the problem starts: bit_offset -= 1; //getting that last bit in the first octet. Need to figure out how to include this bit to the URN bit_offset = +23; proto_tree_add_bits_item(vmf_sub_tree, hf_vmf_urn, tvb, bit_offset, 24, FALSE); } } } } } Here is the layout of the packet: 01234567 bits 4-7 is the version: bit 3 is the FPI (if FPI ==1) then bits 2 and 1 is the data compression (if FPI ==0) then the data compression does not exist...so bit 2 is now the GPI (If GPI == 1) then the next field is present. So FPI is now bit 1 If GPI == 0 then the whole Group (G1) is not present. I am currently stuck on the URN. Here is the spec sheet:  |
- Follow-Ups:
- Re: [Wireshark-dev] dissecting bit
- From: Chris Maynard
- Re: [Wireshark-dev] dissecting bit
- From: Jakub Zawadzki
- Re: [Wireshark-dev] dissecting bit
- Prev by Date: [Wireshark-dev] Time stamping
- Next by Date: Re: [Wireshark-dev] dissecting bit
- Previous by thread: [Wireshark-dev] Time stamping
- Next by thread: Re: [Wireshark-dev] dissecting bit
- Index(es):
- Get Wireshark
- Download
- Code of Conduct