Martin Corraine (mcorrain) wrote:
In the readme.developer, it states you shouldn't use "tvb_get_ntohl(tvb,
offset);"
No, it doesn't.
It does say
Don't fetch a little-endian value using "tvb_get_ntohs() or
"tvb_get_ntohl()" and then using "g_ntohs()", "g_htons()", "g_ntohl()",
or "g_htonl()" on the resulting value - the g_ routines in question
convert between network byte order (big-endian) and *host* byte order,
not *little-endian* byte order; not all machines on which Wireshark runs
are little-endian, even though PCs are. Fetch those values using
"tvb_get_letohs()" and "tvb_get_letohl()".
but that doesn't say "don't use tvb_get_ntohl()", it says "don't fetch
little-endian values using tvb_get_ntohl()".
It also says
NOTE: IPv4 addresses are not to be converted to host byte order before
being passed to "proto_tree_add_ipv4()". You should use "tvb_get_ipv4()"
to fetch them, not "tvb_get_ntohl()" *OR* "tvb_get_letohl()" - don't,
for example, try to use "tvb_get_ntohl()", find that it gives you the
wrong answer on the PC on which you're doing development, and try
"tvb_get_letohl()" instead, as "tvb_get_letohl()" will give the wrong
answer on big-endian machines.
but that also doesn't say "don't use tvb_get_ntohl()", it says "don't
fetch IPv4 addresses using tvb_get_ntohl()".