wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] Wireshark lua (wslua) and bit

Re: [Wireshark-dev] Wireshark lua (wslua) and bit fields - how to do it?

From: Daniel Lynes <dlynes_at_nospam>
Date: Thu Oct 28 2010 - 14:24:42 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>

Thanks, Tony. I realized I had another problem with my particular
version of asterisk.

The bitmask doesn't actually work (if there's a bit turned on anywhere
within the byte, the bool will evaluate to true, no matter what the mask
is). I'm guessing it's probably not implemented, and there's no
mechanism in wireshark (or possibly lua) to tell you that it's not
implemented. The protocol doesn't currently have anything that overlaps
16-bit boundaries in the 64-bit word, so I'm able to break it up into
8-bit and 16-bit words.

You've provided a lot of insight into how to do bitfields, however.
After we've upgraded to Ubuntu 10.04, perhaps Wireshark will support the
bitmask. On 9.04 however, it shipped with Wireshark 1.0.7, and I've
since upgraded it to the latest wireshark that doesn't have display
corruption (I think it's a mismatch between wireshark and pango, causing
memory corruption) available for 9.04, being 1.2.0. I've tried 1.5 svn
snapshots as well, but they all have the pango/wireshark/memory
corruption issue.

On Mon, 2010-10-25 at 16:53 -0400, Tony Trinh wrote:

> No problem.
>
> I think I can better help you if you outlined the spec for the 64-bit field
> and told me what exactly you wanted to do with it, but I'll try to help based
> on what you've told me so far...
>
> Currently, masking a uint64 does not work (at least I couldn't do it
> on my machine).
> You can only mask an int up to 32 bits. So, you would have to define
> two 32-bit fields
> and adjust the masks accordingly.
>
> For your most recent example, you can do something like:
>
> -- 24-bit integer in upper 32 bits of 64-bit flags
> fields.shred_foo = ProtoField.uint32("shred.foo", "Foo field",
> base.DEC, nil, 0x00FFFFFF)
>
> -- read-only bit at bit 1 of 64-bit flags
> fields.shred_rd = ProtoField.bool("shred.rd", "Read only", base.DEC, nil, 0x02)
>
> [...]
>
> local OFFSET_FLAGS = offset+8
> local OFFSET_FLAGS_LSB = OFFSET_FLAGS+7
>
> subtree:add(fields.shred_foo, buf(OFFSET_FLAGS, 4))
> subtree:add(fields.shred_rd, buf(OFFSET_FLAGS_LSB, 1))
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

Daniel Lynes
Software Engineer
PV Labs Intelligent Imaging
(905) 667-7308

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe