[关闭]
@natsumi 2016-04-20T02:16:41.000000Z 字数 4542 阅读 1157

wireshark中的field type(ftenum(field type enum) & field_display_e)

Wireshark


枚举类型field_display_e定义
for display
不同display类型,不同显示方式

  1. /* Values for header_field_info.display */
  2. /* For integral types, the display format is a BASE_* field_display_e value
  3. * possibly ORed with BASE_*_STRING */
  4. /** FIELD_DISPLAY_E_MASK selects the field_display_e value. */
  5. #define FIELD_DISPLAY_E_MASK 0xFF
  6. typedef enum {
  7. /* Integral types */
  8. BASE_NONE = 0, /**< none */
  9. BASE_DEC = 1, /**< decimal */
  10. BASE_HEX = 2, /**< hexadecimal */
  11. BASE_OCT = 3, /**< octal */
  12. BASE_DEC_HEX = 4, /**< decimal (hexadecimal) */
  13. BASE_HEX_DEC = 5, /**< hexadecimal (decimal) */
  14. BASE_CUSTOM = 6, /**< call custom routine (in ->strings) to format */
  15. /* String types */
  16. STR_ASCII = BASE_NONE, /**< shows non-printable ASCII characters as C-style escapes */
  17. /* XXX, support for format_text_wsp() ? */
  18. STR_UNICODE = 7, /**< shows non-printable UNICODE characters as \\uXXXX (XXX for now non-printable characters display depends on UI) */
  19. /* Byte types */
  20. SEP_DOT = 8, /**< hexadecimal bytes with a period (.) between each byte */
  21. SEP_DASH = 9, /**< hexadecimal bytes with a dash (-) between each byte */
  22. SEP_COLON = 10, /**< hexadecimal bytes with a colon (:) between each byte */
  23. SEP_SPACE = 11, /**< hexadecimal bytes with a space between each byte */
  24. /* Address types */
  25. BASE_NETMASK = 12, /**< Used for IPv4 address that shouldn't be resolved (like for netmasks) */
  26. /* Port types */
  27. BASE_PT_UDP = 13, /**< UDP port */
  28. BASE_PT_TCP = 14, /**< TCP port */
  29. BASE_PT_DCCP = 15, /**< DCCP port */
  30. BASE_PT_SCTP = 16 /**< SCTP port */
  31. } field_display_e;
  32. #define FIELD_DISPLAY(d) ((d) & FIELD_DISPLAY_E_MASK)
  33. /* Following constants have to be ORed with a field_display_e when dissector
  34. * want to use specials value-string MACROs for a header_field_info */
  35. #define BASE_RANGE_STRING 0x100
  36. #define BASE_EXT_STRING 0x200
  37. #define BASE_VAL64_STRING 0x400
  38. /** BASE_ values that cause the field value to be displayed twice */
  39. #define IS_BASE_DUAL(b) ((b)==BASE_DEC_HEX||(b)==BASE_HEX_DEC)
  40. /** BASE_PT_ values display decimal and transport port service name */
  41. #define IS_BASE_PORT(b) (((b)==BASE_PT_UDP||(b)==BASE_PT_TCP||(b)==BASE_PT_DCCP||(b)==BASE_PT_SCTP))

字段的实际类型
不一定和其占用空间相符
不如FT_UINT24其实占4byte

  1. /* field types */
  2. enum ftenum {
  3. FT_NONE, /* used for text labels with no value */
  4. FT_PROTOCOL,
  5. FT_BOOLEAN, /* TRUE and FALSE come from <glib.h> */
  6. FT_UINT8,
  7. FT_UINT16,
  8. FT_UINT24, /* really a UINT32, but displayed as 3 hex-digits if FD_HEX*/
  9. FT_UINT32,
  10. FT_UINT40, /* really a UINT64, but displayed as 10 hex-digits if FD_HEX*/
  11. FT_UINT48, /* really a UINT64, but displayed as 12 hex-digits if FD_HEX*/
  12. FT_UINT56, /* really a UINT64, but displayed as 14 hex-digits if FD_HEX*/
  13. FT_UINT64,
  14. FT_INT8,
  15. FT_INT16,
  16. FT_INT24, /* same as for UINT24 */
  17. FT_INT32,
  18. FT_INT40, /* same as for UINT40 */
  19. FT_INT48, /* same as for UINT48 */
  20. FT_INT56, /* same as for UINT56 */
  21. FT_INT64,
  22. FT_FLOAT,
  23. FT_DOUBLE,
  24. FT_ABSOLUTE_TIME,
  25. FT_RELATIVE_TIME,
  26. FT_STRING,
  27. FT_STRINGZ, /* for use with proto_tree_add_item() */
  28. FT_UINT_STRING, /* for use with proto_tree_add_item() */
  29. FT_ETHER,
  30. FT_BYTES,
  31. FT_UINT_BYTES,
  32. FT_IPv4,
  33. FT_IPv6,
  34. FT_IPXNET,
  35. FT_FRAMENUM, /* a UINT32, but if selected lets you go to frame with that number */
  36. FT_PCRE, /* a compiled Perl-Compatible Regular Expression object */
  37. FT_GUID, /* GUID, UUID */
  38. FT_OID, /* OBJECT IDENTIFIER */
  39. FT_EUI64,
  40. FT_AX25,
  41. FT_VINES,
  42. FT_REL_OID, /* RELATIVE-OID */
  43. FT_SYSTEM_ID,
  44. FT_STRINGZPAD, /* for use with proto_tree_add_item() */
  45. FT_FCWWN,
  46. FT_NUM_TYPES /* last item number plus one */
  47. };
  48. #define IS_FT_INT(ft) ((ft)==FT_INT8||(ft)==FT_INT16||(ft)==FT_INT24||(ft)==FT_INT32||(ft)==FT_INT40||(ft)==FT_INT48||(ft)==FT_INT56||(ft)==FT_INT64)
  49. #define IS_FT_UINT(ft) ((ft)==FT_UINT8||(ft)==FT_UINT16||(ft)==FT_UINT24||(ft)==FT_UINT32||(ft)==FT_UINT40||(ft)==FT_UINT48||(ft)==FT_UINT56||(ft)==FT_UINT64||(ft)==FT_FRAMENUM)
  50. #define IS_FT_TIME(ft) ((ft)==FT_ABSOLUTE_TIME||(ft)==FT_RELATIVE_TIME)
  51. #define IS_FT_STRING(ft) ((ft)==FT_STRING||(ft)==FT_STRINGZ||(ft)==FT_STRINGZPAD)
  52. /* field types lengths */
  53. #define FT_ETHER_LEN 6
  54. #define FT_GUID_LEN 16
  55. #define FT_IPv4_LEN 4
  56. #define FT_IPv6_LEN 16
  57. #define FT_IPXNET_LEN 4
  58. #define FT_EUI64_LEN 8
  59. #define FT_AX25_ADDR_LEN 7
  60. #define FT_VINES_ADDR_LEN 6
  61. #define FT_FCWWN_LEN 8
  62. typedef enum ftenum ftenum_t;

显示类型和字段类型之间的联系

  1. --For FT_UINT{8,16,24,32,40,48,56,64} and
  2. FT_INT{8,16,24,32,40,48,56,64):
  3. BASE_DEC, BASE_HEX, BASE_OCT, BASE_DEC_HEX, BASE_HEX_DEC,
  4. or BASE_CUSTOM, possibly ORed with BASE_RANGE_STRING,
  5. BASE_EXT_STRING or BASE_VAL64_STRING
  6. --For FT_UINT16:
  7. BASE_PT_UDP, BASE_PT_TCP, BASE_PT_DCCP or BASE_PT_SCTP
  8. --For FT_ABSOLUTE_TIME:
  9. ABSOLUTE_TIME_LOCAL, ABSOLUTE_TIME_UTC, or
  10. ABSOLUTE_TIME_DOY_UTC
  11. --For FT_BOOLEAN:
  12. if BITMASK is non-zero:
  13. Number of bits in the field containing the FT_BOOLEAN
  14. bitfield.
  15. otherwise:
  16. (must be) BASE_NONE
  17. --For FT_STRING, FT_STRINGZ and FT_UINT_STRING:
  18. STR_ASCII or STR_UNICODE
  19. --For FT_BYTES:
  20. SEP_DOT, SEP_DASH, SEP_COLON, or SEP_SPACE to provide
  21. a separator between bytes.
  22. BASE_NONE has no separator between bytes
  23. --For FT_IPv4:
  24. BASE_NETMASK - Used for IPv4 address that should never
  25. attempted to be resolved (like netmasks)
  26. otherwise:
  27. (must be) BASE_NONE
  28. --For all other types:
  29. BASE_NONE
添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注