Wireshark-dev: Re: [Wireshark-dev] where can I find the ip src address in packet-http.c

From: 刘昆 <liukunmeister@xxxxxxxxx>
Date: Tue, 07 Dec 2010 10:39:40 +0800
于 2010年12月07日 09:56, Guy Harris 写道:

On Dec 6, 2010, at 5:47 PM, 刘昆 wrote:

I want to find out the ip source address in packet-http.c.At first,I
thought dissect_http:pinfo->src->data should save the ip source
address,however when I use gdb to print pinfo->src->data ,the value is
"0x8b5301a" .But my ipv4 address is "10.32.59.49 ",it seems the two
values don't match.So what's wrong with it

What's wrong with what you're doing is that you're assuming that pinfo->src->data is an IP address rather than a pointer; a look at the C source code to Wireshark will shows that it's a pointer:

typedef struct _address {
  address_type  type;           /* type of address */
  int           len;            /* length of address, in bytes */
  const void    *data;          /* pointer to address data */
} address;

The data that it points to depends on the value of the "type" field in the structure.  *IF* pinfo->src->type is AT_IPv4, then - and *ONLY* then - does pinfo->src->data point to a 4-byte IPv4 address.  If you're in the HTTP dissector, there is *NO* guarantee that pinfo->src->type will be AT_IPv4; it might, for example, be AT_IPv6, in which case pinfo->src->data points to a 16-byte IPv6 address.

___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-de
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Thank you. Now I have noticed "data" is a pointer

I add "printf("%s\n",(pinfo->src).data)"to packet-http.c:dissect_http  and want to watch the ip address which "data" point

 ;1�����
���
 ;1
���
 ;1

However the result is unreadable code.What happen ?