This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Replace proto_tree_add_text with proto_tree_add_item doesn’t work for Enum Bit Fields

0

Hi

I have an requirement in which 1 byte is splited to two fileds each of 4 bits and in which enumeration is defined. Earlier i used to use proto_tree_add_text to perform these operation. but where as now proto_tree_add_item won't allow to show the exact 4bit value. (Because of HF_TYPE or HF_Value)

Example:

--------------Master Field: 0x40 [Parent Tree]

1.) First Bit Field - 0x8 (Eight Bit Data enum) [Subtree data for parent tree]

2.) Second Bit - 0x32 (ThirtyTwo Bit Data enum) [Subtree data for parent tree]

Based on those two values 0x8 and 0x32, i have to perform operation on the below upcoming fileds.

code snippet:

/* Old Wireshar Version 1.12.7 */
main_tree_value = tvb_get_guint8(tvb, offset);
if(parent_tree) {
    item = proto_tree_add_uint(parent_tree, hf_main_tree, tvb,
            offset, 1, main_tree_value);
main_tree = proto_item_add_subtree(item, ett_main_tree);

}

second_bit_value = tvb_get_bits8(tvb, (offset8),4); first_bit_value = tvb_get_bits8(tvb, ((offset8)+4),4); if(main_tree) { proto_tree_add_text(main_tree, tvb, offset, 1, "First Bit Field : %u (%s)", first_bit_value, val_to_str(first_bit_value, first_bit_value_enum_flag, "Unknown")); } if(main_tree) { proto_tree_add_text(main_tree, tvb, offset, 1, "Second Bit Field : %u (%s)", second_bit_value, val_to_str(second_bit_value, second_bit_value_enum_flag, "Unknown")); } offset = offset + 1;

/* Wireshark Version 2.0.3 */ main_tree_value = tvb_get_guint8(tvb, offset); if(parent_tree) { item = proto_tree_add_uint(parent_tree, hf_main_tree, tvb, offset, 1, main_tree_value); main_tree = proto_item_add_subtree(item, ett_main_tree); }

second_bit_value = tvb_get_bits8(tvb, (offset8),4); first_bit_value = tvb_get_bits8(tvb, ((offset8)+4),4); if(main_tree) { enum_tree = proto_tree_add_item(main_tree, hf_first_bit_field, tvb, offset, 1, FALSE); proto_item_append_text (enum_tree, " (%s)", val_to_str(first_bit_value, first_bit_value_enum_flag, "Unknown")); } if(main_tree) { enum_tree = proto_tree_add_item(main_tree, hf_second_bit_field, tvb, offset, 1, FALSE); proto_item_append_text (enum_tree, " (%s)", val_to_str(second_bit_value, second_bit_value_enum_flag, "Unknown")); } offset = offset + 1;

Please suggest me, how i can define HF_TYPE or HF_VALUE or if any other.

Regards

Dinesh Sadu

asked 12 May ‘16, 03:04

Dinesh%20Babu%20Sadu's gravatar image

Dinesh Babu …
16131517
accept rate: 0%

edited 12 May ‘16, 08:50


One Answer:

1

What you've got looks like a good start. Next steps should be to:

  1. Don't bother calling tvb_get_bits8(): you won't need it.
  2. Remove the proto_tree_append_text() calls; you won't need them.
  3. Set the BITFIELD part of hf_*_bit_field appropriately; looks like it should be 0xf0 for the first bitfield and 0x0f for the second bitfield.
  4. Put VALS(*_bit_value_enum_flag) in the FIELDCONVERT sections of the two bit_field hf's.
  5. Make sure the offset is correct in the two proto_tree_add_item() calls.

If that doesn't work another way would be to use proto_tree_add_uint(main_tree, hf_first_bit_field, tvb, offset, 1, first_bit_value) and then put VALS(first_bit_value_enum_flag) in the FIELDCONVERT section of hf_first_bit_field (thus avoiding the use of proto_item_append_text()).

answered 13 May '16, 06:30

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%