We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-dev: Re: [Wireshark-dev] dissecting bits versus bytes

From: Ankith Agarwal <[email protected]>
Date: Tue, 10 May 2011 09:30:12 +0530 (IST)

>> I found these routines in the wireshark.README file:
>> guint8 tvb_get_bits8(tvbuff_t *tvb, gint bit_offset, gint no_of_bits);
>> guint16 tvb_get_bits16(tvbuff_t *tvb, gint bit_offset, gint 
>> no_of_bits,gboolean little_endian);
>> guint32 tvb_get_bits32(tvbuff_t *tvb, gint bit_offset, gint 
>> no_of_bits,gboolean little_endian);
>> guint64 tvb_get_bits64(tvbuff_t *tvb, gint bit_offset, gint 
>> no_of_bits,gboolean little_endian);
>> Is there a way to get a String...??

The tvb pointer which is present in the context is an array of
characters..indirectly a string.. so, you can copy the values of tvb into
a local string variable...(don't forget to get the size of the string)

>> The string that I have ends with a special value of 0xFF ......

if this is the case you can copy a character and loop it till the
condition of 0xFF doesn't satisfy...

>> string it's self has a bit_offset
>> that is determined at runtime. How do I read this..??

You can work out from the previous mails, on how to read a bit_offset...

>> Also...I have a series of bits fields that span bytes....is there an 
>> example out there where somebody already dissected
>> a stream of bits not bytes..??
>> For example:  How would I dissect an 18 bit field that starts at an 
>> offset of 2 bits..?
You cannot dissect the bit fields directly... you have to take the largest
container of it and the put a mask to obtain the values...
As for your example... for 18 bit field, just get the next power of 2 ie,
32 and put the mask, or do an and operation with
(11111111111111111100000000000000) 0xFFFFC000, and you will be extract
your 18 bits into a local variable... Then by further processing you can
get your bit fields dissected completely...


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.