I am reading the 3 bytes directly from the pcap file. I have implemented my parser using the libpcap source code.
I wish I could use a function similar to tvb_get_ntoh24 ( ). The functions provided by wireshark are marvelous
I have written a couple of dissectors on wireshark earlier.
On Fri, Mar 5, 2010 at 2:41 AM, Maynard, Chris <[email protected]>
Are you really reading those 3 bytes directly from the pcap file,
or are you reading them from a tvbuff that wireshark hands your dissector?
If from a tvbuff, why not just use tvb_get_ntoh24()? And
if you’re not doing anything with that value except for adding it to your
tree, you can just use proto_tree_add_item() with the item specified as either
FT_INT24 or FT_UINT24, whichever the case may be.
From: [email protected]
[mailto:[email protected]] On Behalf Of prashanth s
Sent: Thursday, March 04, 2010 3:57 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] need to read three bytes of offset
Oh, then it looks correct to write a function that reads 3 bytes int value
from pacp / wire and convert it to an int? This is what I have done: I read the
three bytes from the pcap in to an array of three bytes. And then I memcpy
these 3 bytes from array to an int variable(which has been memset with 0's) And
then I do a ntohl on this int variable and return it as an int.
Thanks Guy Harris,
On Fri, Mar 5, 2010 at 2:17 AM, Guy Harris <[email protected]> wrote:
On Mar 4, 2010, at 12:42 PM, prashanth joshi wrote:
> thanks for the clarification.
> I was writing a function to read such 3 byte values and convert them to
int. Unaware that uint24 field is supported in C (I have seen uint24 field only
> Now I am using the uint24 type.
Standard C doesn't have a uint24 data type (even C99 doesn't
have uint24_t). I suppose if you're using C on the Datacraft/Harris
machines (no relation):
you'd have a 24-bit data type, but most if not all machines capable of running
Wireshark have 8-bit bytes and 32-bit or 64-bit registers.
Wireshark supports 24-bit integral-valued fields - but you put the values into
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
Sent via: Wireshark-dev mailing list <[email protected]>