Re: IP Address from pInfo->src

[Guy Harris <gharris () sonic net>]

On Nov 6, 2020, at 9:22 PM, Vinay Meher <vinaykmeher () gmail com> wrote:

> I am developing a plugin for WireShark. I need the IP Address but the pInfo->src has members with no interpretable 
> fields for the IP Address in the IPv4 format.
> Kindly advise to retrieve the same.

pinfo->src, like pinfo->dst, is an "address" structure.

That structure contains:

        a "type" field, giving the type of address;

        a "len" field, giving the length of the address, in bytes;

        a "data" field, pointing to a blob of data containing the value of the address, which is "len" bytes long.

*IF* the "type" field has the value AT_IPv4, *then* the address happens to be an IPv4 address, in which case:

        1) it is a bug in the code that set up the address if "len" has any value other than 4;

        2) "data" points to a 4-byte blob of data containing an IPv4 address, in *network* byte order.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe