On Nov 6, 2020, at 9:22 PM, Vinay Meher <vinaykmeher@xxxxxxxxx> wrote:
> I am developing a plugin for WireShark. I need the IP Address but the pInfo->src has members with no interpretable fields for the IP Address in the IPv4 format.
> Kindly advise to retrieve the same.
pinfo->src, like pinfo->dst, is an "address" structure.
That structure contains:
a "type" field, giving the type of address;
a "len" field, giving the length of the address, in bytes;
a "data" field, pointing to a blob of data containing the value of the address, which is "len" bytes long.
*IF* the "type" field has the value AT_IPv4, *then* the address happens to be an IPv4 address, in which case:
1) it is a bug in the code that set up the address if "len" has any value other than 4;
2) "data" points to a 4-byte blob of data containing an IPv4 address, in *network* byte order.