On Mon, Mar 12, 2001 at 07:20:19AM +1100, Ronnie Sahlberg wrote:
> If no better solution is available, I could add globals which IP and RPC
> would fill in when dissecting their
> parts of the packet and just read them from MOUNT, though this would be very
> ugly
It would be *extremely* ugly to add the global for the IP address...
...given that there's *already* such a variable.
The RPC MOUNT dissector isn't yet a tvbuffified dissector, so the IP
source and destination addresses of a packet can be found as
"pi.net_src" and "pi.net_dst"...
...*assuming that the packet was transmitted using IP* (99 44/100% of
ONC RPC packets probably are, but ONC RPC *is* supported over, for
example, the OSI transport protocols).
Bear in mind also that there is *no* guarantee that the IP addresses in
question will be four bytes long - they could be IPv6 addresses.
"pi.net_src" and "pi.net_dst" are structures of type "address"; those
structures, as defined in "epan/packet.h" have three members:
type - the type of address, which would be one of:
AT_IPv4 for ONC RPC-over-IPv4;
AT_IPv6 for ONC RPC-over-IPv6;
*maybe* AT_IPX *if* anybody ever ran ONC RPC over IPX,
but I don't think anybody's defined an IPX socket for
the portmapper, so I'm not sure that's supported;
AT_NONE if the transport layer is unsupported (we should
probably add OSI support at some point);
len - the length, in bytes, of the address;
data - a "const guint8 *" pointing to "len" bytes worth of
address.
To compare two addresses:
first, compare the "type" fields - if they're not equal, the
addresses aren't the same;
second, compare the "len" fields - if they're not equal, the
addresses aren't the same;
then, compare the "len" bytes of data poitned to by the "data"
fields.
Code that does that needn't know, nor care, whether the addresses are
IPv4, IPv6, or something else.
