vasanth.manickam@xxxxxx wrote:
> I am using the pdml generated using ethereal as input for various
> applications.. The problem I am facing is with sub fields which are
> less than 1 byte (Boolean values). The value field in the xml file
> displays the value for the whole byte and not the Boolean value 1 or
> 0. Is there a way to fix it..
>
> Example:-
>
> <field name="*tcp.flags*" showname="*Flags: 0x0018 (PSH, ACK)*"
> size="*1*" pos="*47*" show="*0x18*" value="*18*">
> <field name="*tcp.flags.cwr*" showname="*0... .... =
> Congestion Window Reduced (CWR): Not set*" size="*1*" pos="*47*"
> show="*0*" value="*18*" />
>
> <field name="*tcp.flags.ecn*" showname="*.0.. .... = ECN-Echo:
> Not set*" size="*1*" pos="*47*" show="*0*" value="*18*" />
> <field name="*tcp.flags.urg*" showname="*..0. .... = Urgent:
> Not set*" size="*1*" pos="*47*" show="*0*" value="*18*" />
> <field name="*tcp.flags.ack*" showname="*...1 .... =
> Acknowledgment: Set*" size="*1*" pos="*47*" show="*1*" value="*18*" />
>
> <field name="*tcp.flags.push*" showname="*.... 1... = Push:
> Set*" size="*1*" pos="*47*" show="*1*" value="*18*" />
> <field name="*tcp.flags.reset*" showname="*.... .0.. = Reset:
> Not set*" size="*1*" pos="*47*" show="*0*" value="*18*" />
> <field name="*tcp.flags.syn*" showname="*.... ..0. = Syn: Not
> set*" size="*1*" pos="*47*" show="*0*" value="*18*" />
> <field name="*tcp.flags.fin*" showname="*.... ...0 = Fin: Not
> set*" size="*1*" pos="*47*" show="*0*" value="*18*" />
> </field>
>
>
> All the value fields have 18 as their value but for the sub fields it
> should be just 0 or 1 isn't it...
>
That "problem" is existing for the dissectors as well. When working with
bit fields, you'll have to bit mask the value coming from the epan engine.
I don't know a good way solving this without breaking a lot of other
dissector code.
Anyone a good idea?
Regards, ULFL
