Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] dissecting bits versus bytes

From: Anders Broman <a.broman@xxxxxxxxxxxx>
Date: Mon, 09 May 2011 23:50:42 +0200
Brian Oleksa skrev 2011-05-09 19:53:
Thanks for the info.

I was able to get that far. Things are starting to look a lot better now. Thanks for everybody's help.

I still have a couple of questions through:

I found these routines in the wireshark.README file:

guint8 tvb_get_bits8(tvbuff_t *tvb, gint bit_offset, gint no_of_bits);
guint16 tvb_get_bits16(tvbuff_t *tvb, gint bit_offset, gint no_of_bits,gboolean little_endian); guint32 tvb_get_bits32(tvbuff_t *tvb, gint bit_offset, gint no_of_bits,gboolean little_endian); guint64 tvb_get_bits64(tvbuff_t *tvb, gint bit_offset, gint no_of_bits,gboolean little_endian);

Is there a way to get a String...??
The string that I have ends with a special value of 0xFF ......and the string it's self has a bit_offset
that is determined at runtime. How do I read this..??

Also...I have a series of bits fields that span bytes....is there an example out there where somebody already dissected
a stream of bits not bytes..??

For example: How would I dissect an 18 bit field that starts at an offset of 2 bits..?

Thanks,
Brian




On 5/8/2011 11:50 PM, Ankith Agarwal wrote:
Hi
   You can directly take the mask and convert them into hex.
Example: If you want to extract bits 5-8 then the mask is 0xf0(11110000),
for bit 4 the value is 0x08(00001000), for bit 3&2 the value is
0x06(00000110), for the last bit the value is 0x01(00000001).
By this way there is no need of performing shift operations, also you
don't have to maintain indexes.

Regards
Ankith

On Sat, May 7, 2011, Brian Oleksa<oleksab@xxxxxxxxxxxxxxxxxxxxxx>  said:

Anders

Yes.... I was able to figure this out.

<4 bits> <1 bit> <2 bits> <1 bit>
          0xf         0x1     0x3        0x1
but then you have to shift the results:
          0xf0       0x8     0x6        0x1
to make room for the other fields.

BUT...I ran into a little snag.

I figured out that I must read 4 bits from the "end" of the byte (which
will give me 0010). This means I need to take bits 5-8 to construct the
version field...and use
bit 4 for x...and then use bit 3 and 2 for y and then bit 1 for z.

So this means I not only need to keep an index to the actual byte I am
on, but the individual bit index as well.

How would I do this within the wireshark code..?

Thanks,
Brian

Truly bit oriented protocols are not that common I think, ASN.1 PER encoded protocols being an exception. But if you need examples use grep on the sources for the functions you are interested in, like proto_add_bits_item() packet-per,c and packet-h264.c are good starting points. You should only get the value if you really need it for some additional logic. A string placed in a bit field is something you'd
have to code yourself.
Regards
Anders


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe