Wireshark-dev: Re: [Wireshark-dev] where can I find the ip src address in packet-http.c
From: Guy Harris <[email protected]>
Date: Mon, 6 Dec 2010 17:56:32 -0800

On Dec 6, 2010, at 5:47 PM, 刘昆 wrote:

I want to find out the ip source address in packet-http.c.At first,I
thought dissect_http:pinfo->src->data should save the ip source
address,however when I use gdb to print pinfo->src->data ,the value is
"0x8b5301a" .But my ipv4 address is " ",it seems the two
values don't match.So what's wrong with it

What's wrong with what you're doing is that you're assuming that pinfo->src->data is an IP address rather than a pointer; a look at the C source code to Wireshark will shows that it's a pointer:

typedef struct _address {
  address_type  type;           /* type of address */
  int           len;            /* length of address, in bytes */
  const void    *data;          /* pointer to address data */
} address;

The data that it points to depends on the value of the "type" field in the structure.  *IF* pinfo->src->type is AT_IPv4, then - and *ONLY* then - does pinfo->src->data point to a 4-byte IPv4 address.  If you're in the HTTP dissector, there is *NO* guarantee that pinfo->src->type will be AT_IPv4; it might, for example, be AT_IPv6, in which case pinfo->src->data points to a 16-byte IPv6 address.