Re: IP Header Size is always 5

[Guy Harris <guy () alum mit edu>]

On Apr 1, 2009, at 8:32 AM, Shameem Ahamed wrote:

> In that case also, we should be able to get the source and  
> destination IP address from the below code
>
> printf("Source IP: %s \n",inet_ntoa(ipHeader->ip_src));
>
> For me it gives me Segmentation Fault.

inet_ntoa() takes a "struct in_addr" as an argument; is the ip_src  
field in "struct ip" a "struct in_addr"?

If not, then you would need to declare a "struct in_addr" variable:

        struct in_addr addr;

and do

        memcpy(&addr.s_addr, ipHeader->ip_src, sizeof addr.s_addr);
        printf("Source IP: %s\n", inet_ntoa(addr));

as

	1) there might be an alignment issue, as Sebastien said (admittedly,  
he works at Sun, who have one of the few lines of processors that  
don't do unaligned accesses; most people are probably programming on  
x86 machines these days, and they don't have alignment issues with any  
OS I know of, *but* they shouldn't assume a lack of alignment issues  
in the general case);

	2) there is no *guarantee* that a 4-byte structure such as a "struct  
in_addr" is passed as an argument the same way a 4-byte integral  
value, for example, is passed (it might be likely, but it's not  
guaranteed, and code should *NOT* assume it in the general case).

> Also, i am not able to access the tcp header details.

        ...

> tcpHeader=(struct tcphdr *)(packet +ETHER_SIZE+size_ip);

size_ip is set to ipHeader->ip_hl*4, right?

If not, it should be, as per what Sebastien said.

> printf("====================TCP Header Details================\n");
> size_tcp=tcpHeader->doff;
> printf("TCP Header Size is: %d \n",size_tcp);

That's also in units of 4-byte words, so the TCP header size is  
tcpHeader->doff*4.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.