Ethereal-dev: Re: [Ethereal-dev] extracting http

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 19 May 2005 12:06:37 -0700
F Lace wrote:


Thanks again, for pointing out the silly mistake, my C basics are
really bad. Thanks to ethereal, the unit of "tcp header length" (hlen)
seems to be 2-bit word,


No.  Thanks to RFC 793, the units of "TCP header length" are 4-*byte* words:

 Data Offset:  4 bits
The number of 32 bit words in the TCP Header. This indicates where 
   the data begins.  The TCP header (even one including options) is an
   integral number of 32 bits long.


so the correct expression is:

       http_data = (char *) ((u_char *)th + (int)th->hlen/4);

No, the correct expression is

   http_data = (char *) ((u_char *)th + (int)th->hlen*4);
as I said. *Multiply* by 4, don't *divide* by 4 - you're converting something that counts 4-byte words to something that counts bytes, so 1 4-byte word is 4 bytes.