wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] Wireshark lua (wslua) and bit

Re: [Wireshark-dev] Wireshark lua (wslua) and bit fields - how to do it?

From: Daniel Lynes <dlynes_at_nospam>
Date: Mon Oct 25 2010 - 13:33:32 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>

Thanks, Tony.

It doesn't quite do what I need it to do, but it comes pretty
close...close enough that if I can't do it exactly the way I want easily
enough, this will do.

The other complication comes in, where I might have the following
scenario:

Bitmask: 0x00FFFFFF00000000
Shift: 24

So that 0x0012345600000000
becomes 0x0000000012345600

That being said, I just realized I can just alter the bitmask slightly
to compensate.

Thanks again for your help, Tony.

Much appreciated.

On Sat, 2010-10-23 at 16:15 -0400, Tony Trinh wrote:

> The shred_rd field should be defined with a mask, so that it's automatically
> masked and shifted. I'm assuming it's a bit that represents "read only".
>
> The Lua below lets you filter with "shred.rd == true":
>
> -- read-only at bit 1
> fields.shred_rd = ProtoField.bool("shred.rd", "Read only", base.DEC, nil, 0x02)
>
> for shred = 1, num_shreds
> do
> subtree:add("----- NV Storage Shred" .. shred .. " -----")
> subtree:add(fields.shred_id, buffer(offset, 8))
> subtree:add(fields.shred_flags, buffer(offset+8, 8))
>
> local flags=tonumber(tostring(buffer(offset+8,8):uint64()))
> local hex=tostring(bit.tohex(bit.band(flags,0x02)))
> subtree:add("----- NV Storage hexflags: " .. hex)
>
> --[[
> Since shred_rd is a bool, the buffer length must be 1.
> shred_rd's offset (bit 1) is in the lower 8 bits of the 64-bit
> flags.
> ]]--
> local OFFSET_FLAGS_LSB = offset+8+7
> subtree:add(fields.shred_rd, buffer(OFFSET_FLAGS_LSB,1))
>
> offset=offset+inc
> end
>
>
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Thu, 21 Oct 2010 17:46:29 +0000
> > From: Daniel Lynes <dlynes@pv-labs.com>
> > Subject: [Wireshark-dev] Wireshark lua (wslua) and bit fields - how to
> > do it?
> > To: wireshark-dev@wireshark.org
> > Message-ID: <1287683189.17967.24.camel@yvorontsov-gpu1>
> > Content-Type: text/plain; charset="us-ascii"
> >
> > I'm trying to output some bit values in my wireshark dissector decode.
> > However, I want to be able to filter based on those bit values.
> >
> > I can't seem to use the LUA bitop library to do it, because lua
> > complains that the result is not a uservalue.
> >
> > I've got the following code:
> >
> > for shred = 1, num_shreds
> > do
> > subtree:add("----- NV Storage Shred " ..
> > shred .. " -----")
> > subtree:add(fields.shred_id,
> > buffer(offset, 8))
> > subtree:add(fields.shred_flags,
> > buffer(offset+8, 8))
> > local
> > flags=tonumber(tostring(buffer(offset+8,8):uint64()))
> > local
> > hex=tostring(bit.tohex(bit.band(flags,0x02)))
> > subtree:add("----- NV Storage hex flags:
> > " .. hex)
> > local hexba=ByteArray.new(hex)
> > -- The following line complains about a nil
> > uservalue
> > local rdonly=Tvb.new_real(hexba, "hex")
> > -- The following line complains about the
> > value being a number instead of a uservalue
> > subtree:add(fields.shred_rd,
> > bit.band(flags, 0x02))
> > offset=offset+inc
> > end
> >
> > Does anyone happen to have any clues as to what I'm doing wrong? Fwiw,
> > I'm using 1.2.0 (1.3, 1.4, and 1.5 all have video corruption issues, and
> > 1.0 has issues with 64-bit integers).
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

Daniel Lynes
Software Engineer
PV Labs Intelligent Imaging
(905) 667-7308

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe