ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] bitmask handling in wireshark

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Andrei Emeltchenko <andrei.emeltchenko.news@xxxxxxxxx>
Date: Tue, 28 Dec 2010 17:39:57 +0200
Hi Ed

On Tue, Dec 28, 2010 at 4:56 PM, Ed Beroset <beroset@xxxxxxxxxxxxxx> wrote:
> Andrei Emeltchenko wrote:
>>I want to check what is the best way to convert code below to value_string
>
>>
>>                               proto_tree_add_text(tree, tvb, offset, 1,
>>                                               "%s%s%s%s",
>>                                               (buf & 0x80)? "16kHz " : "",
>>                                               (buf & 0x40)? "32kHz " : "",
>>                                               (buf & 0x20)? "44.1kHz " : "",
>>                                               (buf & 0x10)? "48kHz " : "");
>>                               proto_tree_add_text(tree, tvb, offset, 1,
>>                                               "%s%s%s%s",
>>                                               (buf & 0x08)? "Mono " : "",
>>                                               (buf & 0x04)? "DualChannel " : "",
>>                                               (buf & 0x02)? "Stereo " : "",
>>                                               (buf & 0x01)? "JointStereo " : "");
>>                               offset++;
>
> Here's how I'd do that.  First, the field definition (I'm only showing your first field):
>
> #define MYPROTO_FLAG_SAMPLING 0xf0
>
> static int hf_myproto_flags_sampling_rate = -1;
>
> static const value_string myproto_sampling_rates[] = {
>  { 0x01, "48kHz" },
>  { 0x02, "44.1kHz" },
>  { 0x04, "32kHz" },
>  { 0x08, "16kHz" },
>  { 0, NULL }
> };
>
>
> Then in your field definitions add this:
>
>   { &hf_myproto_flags_sampling_rate,
>    { "MyProto Sampling Rate", "myproto.flags.sampling_rate",
>    FT_UINT8, BASE_HEX,
>    VALS(myproto_sampling_rates), MYPROTO_FLAG_SAMPLING,
>    NULL, HFILL }
>   },
>
>
> Finally, in the same place you'd have the code above, instead you would do this:
>
>  proto_tree_add_item(flag_tree, hf_myproto_flags_sampling_rate, tvb, offset, 1, FALSE);

Will this function choose only one value? If I have flags like 0xff
then I need all flags to be printed.

I was trying  proto_tree_add_item function before.

Regards,
Andrei

>
> A few things to note here.  First, the values in the myproto_sampling_rates[] array are already shifted so although your original code uses 0x40 to identify a 32kHz rate, you'll see that this code uses 0x04.  That's deliberate and not a typo.
>
> Second, you'll see that I've added this item to a "flag_tree" variable.  This is a way to preserve the structure of the original packet by showing the individual subfields in a subtree.  For a complete example of this, see the tcp flags.
>
> Ed
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube