Hi,
I am working on the USB HID dissector and I need to dissect data on a
bit by bit basis, instead of byte. The data structure is completely
dynamic (described by the HID descriptor) and the basic data block is
the bit. Any bit or sequence of bits can have a meaning, the data can
be completely unaligned. See the following example which shows
different fields distributed in a 2 byte packet.
What is the best way to dissect this data? I feel like I am going to
have to basically write a complicated internal wrapper around the tvb
API, and that won't even work properly in some cases.
Is modifying the tvb API to allow data control on a bit level
reasonable?
The API already allows fields which are bits, including unaligned ones, see proto_tree_add_bits_item() described in proto.[c,h]
It even allows fields made of non-contiguous bits assembled into a single field, see proto_tree_add_split_bits_*()
If you have the field types defined (say that you know the possible types of data fields, just not their structure or how many
ahead of time), you can dynamically pass in the values for the bit_offset, no_of_bits, and/or
the crumb_spec to those functions. If you need to change the formatting, you can use the
proto_tree_add_[u]int[64]_bits_format_value() functions. (Though I don't think that there is a *bits_format() function
that would let you change the name of the field for your Button A, Button B types.) You can also do the
_add_bitmask* functions and dynamically change the pointer of fields passed in.
John Thacker
