This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Structure for dissector plugin

0

I have a custom header as {version[2 bits], control[8 bits], high[6 bits], low[11 bits], index[5 bits]}

I am trying to create the data structure for my dissector plugin and I am having trouble with it.

Currently my structure looks like this:

      { &hf_packet_skip1,
          { "PACKET SKIP1", "packet.skip1",
          FT_UINT16, BASE_DEC,
          NULL, 0x0,
          NULL, HFILL }
      },
      { &hf_packet_version,
          { "PACKET VERSION", "packet.skip1.version",
          FT_UINT16, BASE_DEC,
          NULL, 0x0,
          NULL, HFILL }
      },    
      { &hf_packet_control,
          { "PACKET CONTROL", "packet.skip1.control",
          FT_UINT16, BASE_DEC,
          NULL, 0x0,
          NULL, HFILL }
      },
      { &hf_packet_high,
          { "PACKET HIGH", "packet.skip1.high",
          FT_UINT16, BASE_DEC,
          NULL, 0x0,
          NULL, HFILL }
      },
      { &hf_packet_skip2,
          { "PACKET SKIP2", "packet.skip2",
          FT_UINT16, BASE_DEC,
          NULL, 0x0,
          NULL, HFILL }
      }
      { &hf_packet_low,
          { "PACKET LOW", "packet.skip2.low",
          FT_UINT16, BASE_DEC,
          NULL, 0x0,
          NULL, HFILL }
      }
      { &hf_packet_index,
          { "PACKET INDEX", "packet.skip2.index",
          FT_UINT16, BASE_DEC,
          NULL, 0x0,
          NULL, HFILL }
      }

Please help me get the correct structure.

asked 25 Sep '15, 00:52

samprit's gravatar image

samprit
6467
accept rate: 0%


One Answer:

0

Change the '0x0' fields to applicable values for a bitmask to get desired field values.

answered 25 Sep '15, 02:58

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

I am currently stuck. Can you please show an example as to what value should I change it to.

(25 Sep '15, 05:46) samprit

It always helps to look at other dissectors to see how they addressed the issue at hand. Of course you'll need to understand that dissectors protocol as well, but who doesn't know about IPv4? So have a look at packet-ip.c and see how the structures are setup for some of their fields covering only a few bits of an octet. Oh, and for more details checkout doc/README

(25 Sep '15, 06:52) Jaap ♦