This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decode value dissector

Hi I'm creating a dissector but I have some problems. I'm doing it in c. In my protocol I have the value "length" thais is encoded with either 1 or 2 bytes. To obtain the value of this field (designated as v) I have to consider : If v1 < 127 then v = v1 with one byte encoding • If v1 128 then v is encoded within the first and the second byte (little-endian byte order) the value of v is: how can I implement this so I can add to proto_tree the value "length2 ???

encoding proto_tree_add_item dissector newbie wireshark

asked 14 Dec '16, 14:53

mat656
0●1●1●3
accept rate: 0%

edited 15 Dec '16, 05:53

One Answer:

By:

fetching the first byte;
if it's < 127, setting the length value to the value of the byte;
if it's >= 128, fetching the second byte, combining their values, and setting the length to the result;
adding the item to the field using proto_tree_add_uint().

proto_tree_add_item() doesn't support the variable-length encoding used by your protocol; it only supports fixed-length big-endian and little-endian simple binary encodings.

answered 14 Dec '16, 18:10

Guy Harris ♦♦
17.4k●3●35●196
accept rate: 19%

edited 14 Dec '16, 18:10