Wireshark-dev: Re: [Wireshark-dev] where can I find the ip src address in packet-http.c
From: Guy Harris <[email protected]>
Date: Mon, 6 Dec 2010 17:56:32 -0800

On Dec 6, 2010, at 5:47 PM, 刘昆 wrote:

I want to find out the ip source address in packet-http.c.At first,I
thought dissect_http:pinfo->src->data should save the ip source
address,however when I use gdb to print pinfo->src->data ,the value is
"0x8b5301a" .But my ipv4 address is "10.32.59.49 ",it seems the two
values don't match.So what's wrong with it

What's wrong with what you're doing is that you're assuming that pinfo->src->data is an IP address rather than a pointer; a look at the C source code to Wireshark will shows that it's a pointer:

typedef struct _address {
  address_type  type;           /* type of address */
  int           len;            /* length of address, in bytes */
  const void    *data;          /* pointer to address data */
} address;

The data that it points to depends on the value of the "type" field in the structure.  *IF* pinfo->src->type is AT_IPv4, then - and *ONLY* then - does pinfo->src->data point to a 4-byte IPv4 address.  If you're in the HTTP dissector, there is *NO* guarantee that pinfo->src->type will be AT_IPv4; it might, for example, be AT_IPv6, in which case pinfo->src->data points to a 16-byte IPv6 address.