On Mar 30, 2005, at 5:49 PM, Mario Hollibaugh wrote:
Yeah i felt like a jackass because I looked up pretty much the exact thing you did a few minutes ago and realized that the IHL field is the length in 32-bit words. But I'm sitll lost here... I'm not the best programmer in the world obviously, but I do remember a little bit about parsing, and finding "the lower 4 bits" like you said he was doing. But I still don't completely understand what he's using the value 0xF with the bit-wise operator.
"ih->ver_ihl" refers to the value in the first byte of the header. A bit-wise AND of an 8-bit byte with the value 0xF is
+---+---+---+---+---+---+---+---+
| B | B | B | B | B | B | B | B |
+---+---+---+---+---+---+---+---+ANDed with
+---+---+---+---+---+---+---+---+
| 0 | 0 | 0 | 0 | 1 | 1 | 1 | 1 |
+---+---+---+---+---+---+---+---+giving
+---+---+---+---+---+---+---+---+
| 0 | 0 | 0 | 0 | B | B | B | B |
+---+---+---+---+---+---+---+---+So, with the version/IHL byte, that'd be
+---+---+---+---+---+---+---+---+
| V | V | V | V | L | L | L | L |
+---+---+---+---+---+---+---+---+ANDed with
+---+---+---+---+---+---+---+---+
| 0 | 0 | 0 | 0 | 1 | 1 | 1 | 1 |
+---+---+---+---+---+---+---+---+giving
+---+---+---+---+---+---+---+---+
| 0 | 0 | 0 | 0 | L | L | L | L |
+---+---+---+---+---+---+---+---+so that the four bits of the version field (the four bits marked as "V") are zeroed out, leaving only the four bits of the length field (the four bits marked as "L").
Furthermore, if the IHL field is in 32 bit words, let's set up a little example here...
My program reads a packet and (assuming I knew how to do the parse he did with the & operator) I retrieve the IHL field. Let's say it's 6... so now if I know that the length of the entire IP header is 6 32 bit words, I wanna multiply by 32 to get the total length in bits, correct me if I'm wrong.
OK, you're wrong. :-)
You want to multiply by 4 to get the total length in *bytes*; you don't want the total length in *bits*.
"ip_len" is being added to a "u_char *" pointer value; if you add N to the value of a "u_char *" pointer, the resulting pointer points to the byte N bytes after the byte to which the original pointer pointed.
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
