Wireshark-dev: Re: [Wireshark-dev] dissecting bits versus bytes
From: Brian Oleksa <[email protected]>
Date: Mon, 09 May 2011 13:53:22 -0400
Thanks for the info.

I was able to get that far. Things are starting to look a lot better now. Thanks for everybody's help.
I still have a couple of questions through:

I found these routines in the wireshark.README file:

guint8 tvb_get_bits8(tvbuff_t *tvb, gint bit_offset, gint no_of_bits);
guint16 tvb_get_bits16(tvbuff_t *tvb, gint bit_offset, gint no_of_bits,gboolean little_endian); guint32 tvb_get_bits32(tvbuff_t *tvb, gint bit_offset, gint no_of_bits,gboolean little_endian); guint64 tvb_get_bits64(tvbuff_t *tvb, gint bit_offset, gint no_of_bits,gboolean little_endian);
Is there a way to get a String...??
The string that I have ends with a special value of 0xFF ......and the string it's self has a bit_offset
that is determined at runtime. How do I read this..??

Also...I have a series of bits fields that span bytes....is there an example out there where somebody already dissected
a stream of bits not bytes..??

For example: How would I dissect an 18 bit field that starts at an offset of 2 bits..?

On 5/8/2011 11:50 PM, Ankith Agarwal wrote:
   You can directly take the mask and convert them into hex.
Example: If you want to extract bits 5-8 then the mask is 0xf0(11110000),
for bit 4 the value is 0x08(00001000), for bit 3&2 the value is
0x06(00000110), for the last bit the value is 0x01(00000001).
By this way there is no need of performing shift operations, also you
don't have to maintain indexes.


On Sat, May 7, 2011, Brian Oleksa<[email protected]>  said:


Yes.... I was able to figure this out.

<4 bits>  <1 bit>  <2 bits>  <1 bit>
          0xf         0x1     0x3        0x1
but then you have to shift the results:
          0xf0       0x8     0x6        0x1
to make room for the other fields.

BUT...I ran into a little snag.

I figured out that I must read 4 bits from the "end" of the byte (which
will give me 0010). This means I need to take bits 5-8 to construct the
version field...and use
bit 4 for x...and then use bit 3 and 2 for y and then bit 1 for z.

So this means I not only need to keep an index to the actual byte I am
on, but the individual bit index as well.

How would I do this within the wireshark code..?