On Fri, Jan 23, 2015 at 12:40 AM, Anders Broman
<anders.broman@xxxxxxxxxxxx> wrote:
> Hi,
> You can also use proto_add_bits_item()
OK, thanks everyone.
> Regards
> Anders
>
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of yannick omnes
> Sent: den 23 januari 2015 08:46
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Dissecting a field that has non-octet bit boundaries
>
> Hi Richard,
>
> I had the same problem recently, that I solved using a bitmask in one of the register_info fields. It looked like that :
>
> {
> &hf_protocol_id,
> {
> "ID", "protocol.id",
> FT_UINT8, BASE_DEC_HEX,
> NULL, 0x1,
> NULL, HFILL
> },
> }
>
> This should display only the first bit of a byte.
>
> Hope that helps,
>
> Regards
>
> Yannick
>
>
> Le 23/01/2015 05:46, Richard Sharpe a écrit :
>> Hi Folks,
>>
>> I am trying to dissect MS-RSVD further since I have a capture of some
>> of that funky SCSI tunneled over SMB2/3.
>>
>> Anyway, they have a 4-byte header that consists of:
>>
>> 1 byte: Protocol ID
>> 12 bits: Protocol Version
>> 12 bits: Operation Code
>>
>> How do I deal with this. It does not seem like proto_tree_add_bitmask
>> is the correct thing.
>>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
