How can I dissect 1- and 3-bit fields from a byte?

Question

Hi, I am trying to dissect a byte field for protocol with following byte structure.

=============
|T|S|TSG|RES|
=============
|1|1| 3 | 3 |
=============

T bit 1 bit
S bit 1 bit
TSG 3 bit
RES 3 bit

I was trying to get 1 byte unsigned int, AND with the MASKs for the bits and right shift operation.

(tvb_get_guint8(tvb,stlv_offset+46)) && 0x80) >> 7
(tvb_get_guint8(tvb,stlv_offset+46)) && 0x40) >> 6
(tvb_get_guint8(tvb,stlv_offset+46)) && 0x38) >> 3

I am using above functions as an argument to add_text like:

proto_tree_add_text(stlv_tree, tvb, stlv_offset+46, 1, "Termination Capable: %d",    
                   ((tvb_get_guint8(tvb,stlv_offset+46)) && 0x80)>>7));

But this is giving me all 0 values, and messes my further dissecting. I am fairly new to Wireshark development, but I was thinking I could just get int, bitwise and, then right shift to get the correct bits.

Is there a better way to do this?
I have a C program wherein I receive a byte array and I do the same thing, extracting bytes and using masks to get the correct bit values, which works. The same logic is not working in Wireshark code.

Answer 1

Read about proto_tree_add_bitmask() in README.developer. There are plenty of dissectors that make use this function; packet-icmp.c is one example.

By the way, you should try to avoid proto_tree_add_text() as much as possible, because any fields added to the tree using that function won't be filterable.

Answer 2

Is stlv_offset a byte offset or bit offset?

I run into into a similar situation where tvb _ read_bits8 always seems to return 0, it turns out that I forget to multiply the running byte offset with 8.