Wireshark-dev: Re: [Wireshark-dev] dissecting bits versus bytes
From: Ankith Agarwal <[email protected]>
Date: Tue, 10 May 2011 09:30:12 +0530 (IST)
Hi

>> I found these routines in the wireshark.README file:
>>
>> guint8 tvb_get_bits8(tvbuff_t *tvb, gint bit_offset, gint no_of_bits);
>> guint16 tvb_get_bits16(tvbuff_t *tvb, gint bit_offset, gint 
>> no_of_bits,gboolean little_endian);
>> guint32 tvb_get_bits32(tvbuff_t *tvb, gint bit_offset, gint 
>> no_of_bits,gboolean little_endian);
>> guint64 tvb_get_bits64(tvbuff_t *tvb, gint bit_offset, gint 
>> no_of_bits,gboolean little_endian);
>>
>> Is there a way to get a String...??

The tvb pointer which is present in the context is an array of
characters..indirectly a string.. so, you can copy the values of tvb into
a local string variable...(don't forget to get the size of the string)

>> The string that I have ends with a special value of 0xFF ......

if this is the case you can copy a character and loop it till the
condition of 0xFF doesn't satisfy...

>> string it's self has a bit_offset
>> that is determined at runtime. How do I read this..??
>>

You can work out from the previous mails, on how to read a bit_offset...

>> Also...I have a series of bits fields that span bytes....is there an 
>> example out there where somebody already dissected
>> a stream of bits not bytes..??
>>
>> For example:  How would I dissect an 18 bit field that starts at an 
>> offset of 2 bits..?
>>
You cannot dissect the bit fields directly... you have to take the largest
container of it and the put a mask to obtain the values...
As for your example... for 18 bit field, just get the next power of 2 ie,
32 and put the mask, or do an and operation with
(11111111111111111100000000000000) 0xFFFFC000, and you will be extract
your 18 bits into a local variable... Then by further processing you can
get your bit fields dissected completely...

Regards
Ankith

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.