问题
I am trying to write a Wireshark dissector (in C) for a custom protocol. The first 3 bits of the packet defines how the rest of the packet is constructed. For example, if these 3 bits are 000, the remainder of the packet is a 5-bit field followed by 2 byte fields. If the leading 3 bit is 001, the remainder of the packet is a 13-bit field followed by a byte field. I can get the leading 3-bit field. In the dissector function, I've tried using this value to tailor the rest of the dissection thus:
(pseudo code)
if(hf_format==0)
{
proto_tree_add_item( ..5-bit field...);
proto_tree_add_item( ..first byte field...);
proto_tree_add_item( ..second byte field...);
}
else if (hf_format==1)
{
proto_tree_add_item( ..13-bit field...);
proto_tree_add_item( ..byte field...);
}
else etc.
Why doesn't this approach work?, Is there an example you can refer me to?
来源:https://stackoverflow.com/questions/61129327/writing-a-non-trivial-wireshark-dissector