How about using :
Octet = tvb_get_guint(tvb,offset);
Octet = octet & 0x03;
proto_tree_add_uint_format...
use grep to find proto_tree_add_uint_format in the sources and do some copy
pasting :-)
BTW displaying it as .... .010 tells the user which bits corresponds to the
displayed value (2) which may be useful.
Regards
Anders
-----Ursprungligt meddelande-----
Från: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För Swapnil Barai (sbarai)
Skickat: den 16 juli 2009 01:28
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Changing how the fields are displayed intheoutput
of dissector
* Only last 3 bits
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Swapnil Barai
(sbarai)
Sent: Wednesday, July 15, 2009 4:26 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Changing how the fields are displayed in
theoutput of dissector
Hey,
So in the following code which is part of void
proto_register_PROTOABBREV(void), what should I enter in the fieldname.
I am asking this because in the printf format argument in the call to
proto_tree_add_*_format() I have already mentioned what I want to
display.
static hf_register_info hf[] = {
{ &hf_PROTOABBREV_FIELDABBREV,
{ "FIELDNAME",
"PROTOABBREV.FIELDABBREV",
FIELDTYPE, FIELDBASE, FIELDCONVERT, BITMASK,
"FIELDDESCR", HFILL }
}
};
Also the field that I am trying to manipulate just occupies 3 bits of an
octet. Thus I am using proto_tree_bytes_format() as I could not find any
other format function suitable. In the start_ptr argument of this I am
passing tvb_get_ptr(tvb,offset,length). Is this start_ptr right coz my
field doesn't occupy the whole byte, only last 3 bytes?
Thanks
Swapnil
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
Sent: Wednesday, July 15, 2009 11:13 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Changing how the fields are displayed in
the output of dissector
Hi,
No, that's part of the proto tree item presentation code.
All you can do is use your own formatted presentations through
proto_tree_add_*_format() calls.
Thanx,
Jaap
Swapnil Barai (sbarai) wrote:
> Oh, so is there any way to alter this standard presentation for my own
> dissector.
>
> Thanks for your help.
>
> Swapnil
>
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
> Sent: Wednesday, July 15, 2009 10:56 AM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Changing how the fields are displayed in
> the output of dissector
>
> Hi,
>
> That is the standard presentation for header fields registered with a
> BITMASK!=0
>
> Thanx,
> Jaap
>
> Swapnil Barai (sbarai) wrote:
>> Yes, that's right. But which part of the source code needs to be
>> manipulated here I am not sure of that. As in what part of code is
>> causing the 000... = to appear before Qualifier.
>>
>> -----Original Message-----
>> From: wireshark-dev-bounces@xxxxxxxxxxxxx
>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
>> Sent: Wednesday, July 15, 2009 10:45 AM
>> To: Developer support list for Wireshark
>> Subject: Re: [Wireshark-dev] Changing how the fields are displayed in
>> the output of dissector
>>
>> Hi,
>>
>> Not without changing the sourcecode.
>>
>> Thanx,
>> Jaap
>>
>> Swapnil Barai (sbarai) wrote:
>>>
>>>
>>> Hi
>>>
>>>
>>>
>>> This is a sample output of wireshark SCSI dissector.
>>>
>>>
>>>
>>> 000.... = Qualifier: Device type is connected to logical unit
>> (0x00)
>>>
>>>
>>> Qualifier being a registered field in the SCSI dissector.
>>>
>>>
>>>
>>> Is there a way to make this output as
>>>
>>>
>>>
>>> Qualifier: Device type is connected to logical unit (0x00)
>>>
>>>
>>>
>>> Thanks
>>>
>>>
________________________________________________________________________
___
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
________________________________________________________________________
___
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
