Wireshark-dev: Re: [Wireshark-dev] bitmask handling in wireshark
From: Ed Beroset <beroset@xxxxxxxxxxxxxx>
Date: Tue, 28 Dec 2010 14:35:24 -0500 (GMT-05:00)
Andreas wrote:
>>> So far I've seen only lots of boolean values.
>>
>> You might want to take a look at proto_tree_add_bitmask().  See
>> doc/README.developer, which describes it and illustrates its use by taking an
>> example from the SCSI dissector.
>
>Where can I get a sample capture file to see how this will look like?

The easiest thing might be to look at epan/dissectors/packet-tcp.c for the code and pretty much any capture file with TCP.  In the code, look for hf_tcp_flags and in a capture file, just look at the TCP flags.  Also, looking at doc/README.developer is highly recommended.  It's how I learned.

Ed