Wireshark-dev: Re: [Wireshark-dev] where can I find the ip src address in packet-http.c
From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Mon, 06 Dec 2010 21:09:42 -0500
On 12/6/2010 8:56 PM, Guy Harris wrote:

On Dec 6, 2010, at 5:47 PM, 刘昆 wrote:

I want to find out the ip source address in packet-http.c.At first,I
thought dissect_http:pinfo->src->data should save the ip source
address,however when I use gdb to print pinfo->src->data ,the value is
"0x8b5301a" .But my ipv4 address is "10.32.59.49 ",it seems the two
values don't match.So what's wrong with it

What's wrong with what you're doing is that you're assuming that
pinfo->src->data is an IP address rather than a pointer; a look at the C
source code to Wireshark will shows that it's a pointer:

typedef struct _address {
address_type type; /* type of address */
int len; /* length of address, in bytes */
const void *data; /* pointer to address data */
} address;

The data that it points to depends on the value of the "type" field in
the structure. *IF* pinfo->src->type is AT_IPv4, then - and *ONLY* then
- does pinfo->src->data point to a 4-byte IPv4 address. If you're in the
HTTP dissector, there is *NO* guarantee that pinfo->src->type will be
AT_IPv4; it might, for example, be AT_IPv6, in which case
pinfo->src->data points to a 16-byte IPv6 address.



Also note that the address is stored in *network* order.