Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 38106: /trunk/epan/dissectors/ /trun

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 18 Jul 2011 23:15:39 -0700
On Jul 18, 2011, at 10:19 PM, Maynard, Chris wrote:

> Isn't this more confusing now?

The whole dissector is confusing, given the use of TRUE in the proto_tree_add_item() calls.  At least this makes the confusion obvious....

> I don't have access to the BACnet standard, but surely it's either big or little endian and not some mix of both?

Probably - but, again, the dissector author used TRUE for the endianness.

> Assuming the reporter of bug 5769 is correct and the Info column displays the values of the low and high limits correctly, then the protocol is ENC_BIG_ENDIAN.  All of the fields affected by r38106 are either FT_UINT8's or FT_BOOLEAN's spanning 1 byte, so endian-ness really doesn't matter, but if someone does the old "copy-and-paste" thing later on, [s]he might incorrectly copy an ENC_LITTLE_ENDIAN when it should be ENC_BIG_ENDIAN.

If they're all one-byte fields, they might as well be ENC_BIG_ENDIAN, if that's the intent of the BACnet protocol; if somebody objects that the calls had TRUE for the old "endianness" field, explain to them that using TRUE there made no sense.

One adavantage of making that argument an encoding is that it forces people to think a bit more about what they mean.  The sooner we banish the use of TRUE and FALSE as the last argument to proto_tree_add_item(), the better....