Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] bitmask handling in wireshark

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Andreas <AndreasSander1@xxxxxxx>
Date: Wed, 29 Dec 2010 07:07:25 +0100
Am 28.12.2010 20:35, schrieb Ed Beroset:

Andreas wrote:

So far I've seen only lots of boolean values.


You might want to take a look at proto_tree_add_bitmask().  See
doc/README.developer, which describes it and illustrates its use by taking an
example from the SCSI dissector.


Where can I get a sample capture file to see how this will look like?


The easiest thing might be to look at epan/dissectors/packet-tcp.c for the code and pretty much any capture file with TCP.  In the code, look for hf_tcp_flags and in a capture file, just look at the TCP flags.  Also, looking at doc/README.developer is highly recommended.  It's how I learned.



I did so before asking:

$ grep -l "proto_tree_add_bitmask" *.c
packet-dcerpc-netlogon.c
packet-dlm3.c
packet-fcels.c
packet-fip.c
packet-giop.c
packet-h264.c
packet-ipmi-app.c
packet-ipmi-chassis.c
packet-ipmi-picmg.c
packet-ipmi-se.c
packet-ipmi-storage.c
packet-ipmi-transport.c
packet-maccontrol.c
packet-mrp-msrp.c
packet-nfs.c
packet-omron-fins.c
packet-pnrp.c
packet-sasp.c
packet-scsi-sbc.c
packet-scsi-smc.c
packet-scsi-ssc.c
packet-scsi.c
packet-smb.c
packet-smb2.c
packet-sv.c
packet-tn3270.c
packet-tn5250.c

Andy@HOME ~/Projects/Wireshark/Source/wireshark-1.4.1/epan/dissectors
$
Looks like TCP does _not_ use this function. That's why I asked for a sample capture file of one of the protocols above. 

This is the actual packet-tcp.c code:

  tf = proto_tree_add_uint_format(tcp_tree, hf_tcp_flags, tvb,
           offset + 13, 1, tcph->th_flags,
           "Flags: 0x%02x (%s)", tcph->th_flags, flags_strbuf->str);
  field_tree = proto_item_add_subtree(tf, ett_tcp_flags);
  proto_tree_add_boolean(field_tree, hf_tcp_flags_cwr, tvb,
                         offset + 13, 1, tcph->th_flags);
  proto_tree_add_boolean(field_tree, hf_tcp_flags_ecn, tvb,
                         offset + 13, 1, tcph->th_flags);
  proto_tree_add_boolean(field_tree, hf_tcp_flags_urg, tvb,
                         offset + 13, 1, tcph->th_flags);
  proto_tree_add_boolean(field_tree, hf_tcp_flags_ack, tvb,
                         offset + 13, 1, tcph->th_flags);
  proto_tree_add_boolean(field_tree, hf_tcp_flags_push, tvb,
                         offset + 13, 1, tcph->th_flags);

> The easiest thing might be to look at epan/dissectors/packet-tcp.c
> for the code and pretty much any capture file with TCP.

Ehm, no.


--
Andy
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube