(This is a development question, so I'm replying just to ethereal-dev.)
On Thu, Feb 13, 2003 at 06:04:38PM -0500, Parks, Chauni wrote:
> I'm in the process of writing a dissector for our homegrown middleware
> messages. I am new at coding, so this has been a challenge. I am having a
> problem capturing the correct destination ip address, however I am able to
> capture the src ip address. I used the following:
>
> proto_add_tree_item(mtm_tree, hf_mtm_src_ip, offset + 16, 4, FALSE) . So I
> assuming that it's capturing the ip address that other dissectors are using.
No, it's capturing the IP address that starts at an offset of "offset +
16" bytes from the beginning of one of your middleware messages - it's
not, for example, capturing an IP address from the IP header for your
packet.
If you need the source or destination network-layer address for your
packet, you have to get it from the packet_info structure pointed to by
the "pinfo" argument to your dissector - "pinfo->net_src" and
"pinfo->net_dst" are the network-layer source and destination addresses
of your packet (and "pinfo->src" and "pinfo->dst" are also the
network-layer source and destination, unless the packet has no
network-layer source and destination addresses, in which case they're
the link-layer source and destination).
If "pinfo->net_src.type" or "pinfo->net_dst.type" is AT_IPv4, the
address in question is an IPv4 address; "pinfo->net_src.data" points to
4 bytes (not necessarily aligned) containing the source IP address, and
"pinfo->net_dst.data" points to 4 bytes (not necessarily aligned)
containing the destination IP address.
Why does your dissector need those addreses?