Wireshark · Wireshark-dev: Re: [Wireshark-dev] IP Address from pInfo->src

Wireshark-dev: Re: [Wireshark-dev] IP Address from pInfo->src

From: Guy Harris <gharris@xxxxxxxxx>

Date: Sat, 7 Nov 2020 09:02:30 -0800

On Nov 6, 2020, at 9:22 PM, Vinay Meher <vinaykmeher@xxxxxxxxx> wrote:

> I am developing a plugin for WireShark. I need the IP Address but the pInfo->src has members with no interpretable fields for the IP Address in the IPv4 format.
> Kindly advise to retrieve the same.

pinfo->src, like pinfo->dst, is an "address" structure.

That structure contains:

	a "type" field, giving the type of address;

	a "len" field, giving the length of the address, in bytes;

	a "data" field, pointing to a blob of data containing the value of the address, which is "len" bytes long.

*IF* the "type" field has the value AT_IPv4, *then* the address happens to be an IPv4 address, in which case:

	1) it is a bug in the code that set up the address if "len" has any value other than 4;

	2) "data" points to a 4-byte blob of data containing an IPv4 address, in *network* byte order.

References:
- [Wireshark-dev] IP Address from pInfo->src
  - From: Vinay Meher

Prev by Date: [Wireshark-dev] IP Address from pInfo->src
Next by Date: [Wireshark-dev] A-I/F in the Telephony menu
Previous by thread: [Wireshark-dev] IP Address from pInfo->src
Next by thread: [Wireshark-dev] A-I/F in the Telephony menu
Index(es):
- Date
- Thread