Guy Harris wrote:
Yeah i felt like a jackass because I looked up pretty much the exact thing you did a few minutes ago and realized that the IHL field is the length in 32-bit words. But I'm sitll lost here... I'm not the best programmer in the world obviously, but I do remember a little bit about parsing, and finding "the lower 4 bits" like you said he was doing. But I still don't completely understand what he's using the value 0xF with the bit-wise operator. Furthermore, if the IHL field is in 32 bit words, let's set up a little example here...
On Mar 30, 2005, at 5:26 PM, Mario Hollibaugh wrote:
I don't understand how this line of code is giving him the location of the udp header. In the first line where he says (ih- >ver_ihl & 0xf) * 4, why is he first using that bit-wise and operator with the hex value that follows?
To extract the lower 4 bits of the first byte of the IP header, which, as per RFC 791, has the IP version in the upper 4 bits and the header length in the lower 4 bits:
3.1. Internet Header Format
A summary of the contents of the internet header follows:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Example Internet Datagram Header
Figure 4.
Note that each tick mark represents one bit position.
Version: 4 bits
The Version field indicates the format of the internet header. This document describes version 4.
IHL: 4 bits
Internet Header Length is the length of the internet header in 32 bit words, and thus points to the beginning of the data. Note that the minimum value for a correct header is 5.
And why is he multiplying all of that by 4?
Because the IHL field is, as per the above bit of RFC 791, in units of 32-bit words, not in units of bytes.
If you wanted to know the length of the IP header why wouldn't you just take the 4-bit value that is passed in an IP header as the IP header length field?
Because that would give you the length in 32-bit words, not the length in bytes, and a "u_char" is a byte in C, meaning it's 8 bits in most if not all C implementations.
My program reads a packet and (assuming I knew how to do the parse he did with the & operator) I retrieve the IHL field. Let's say it's 6... so now if I know that the length of the entire IP header is 6 32 bit words, I wanna multiply by 32 to get the total length in bits, correct me if I'm wrong. This is why the multiplication by 4 is throwing me for a loop.
Sorry for the "wet-behind-the-earsedness", but it's still not making sense to me :-(
cheers, Mario
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
