On 7/28/2011 5:39 PM, Bill Meier wrote:
On 7/28/2011 5:27 PM, Alex Lindberg wrote:
I am creating a dissector that overlays a complicated struct (bit
fields, unions, etc) on the the tvb.
Unfortunately, you can't do that; :)
From doc/README.developer
Don't use structures that overlay packet data, or into which you copy
packet data; the C programming language does not guarantee any
particular alignment of fields within a structure, and even the
extensions that try to guarantee that are compiler-specific and not
necessarily supported by all compilers used to build Wireshark. Using
bitfields in those structures is even worse; the order of bitfields
is not guaranteed.
(Also: The paragraph previous to the above in README.developer)
Don't fetch data from packets by getting a pointer to data in the packet
with "tvb_get_ptr()", casting that pointer to a pointer to a structure,
and dereferencing that pointer. That pointer won't necessarily be aligned
on the proper boundary, which can cause crashes on some platforms (even
if it doesn't crash on an x86-based PC); furthermore, the data in a
packet is not necessarily in the byte order of the machine on which
Wireshark is running. Use the tvbuff routines to extract individual
items from the packet, or use "proto_tree_add_item()" and let it extract
the items for you.
