On Apr 22, 2009, at 2:32 AM, Rayne wrote:
In packet-udp.c, the following code is used to calculate UDP checksum:
...
Are
pinfo->src.data;
pinfo->src.len;
pinfo->dst.data;
pinfo->dst.len;
equivalent to
inet_ntoa(ip->ip_src);
4
inet_ntoa(ip->ip_dst);
4
respectively?
If the packet was transported over IPv4, then pinfo->src.data points
to 4 bytes of source IPv4 address and pinfo->src.len is 4. That's not
equivalent to inet_ntoa(ip->ip_src), as inet_ntoa() takes 4 bytes of
source IPv4 addresa and turns it into a text string; the UDP checksum
(and the TCP checksum) use the raw address, *not* its representation
as a text string showing a dotted quad.
Similarly, if the packet was transported over IPv4, then pinfo-
>dst.data points to 4 bytes of destination IPv4 address and pinfo-
>dst.len is 4.
If the packet was transported over IPv6, then pinfo->src.data points
to 16 bytes of source IPv6 address and pinfo->src.len is 16 - and that
applies, *mutatis mutandis* (i.e. change "source" to "destination"),
for pinfo->dst as well.
And does cksum_vec[3].ptr point to the beginning of the UDP header?
"offset" is still 0 at that point, so tvb_get_ptr(tvb, offset, udph-
>uh_ulen) returns a pointer to the beginning of the data in the
tvbuff handed to the UDP dissector; that data begins with the UDP
header, so, yes, it points to the beginning of the UDP header.
