Re: [WinPcap-users] Retrieving a pointer to a UDP or TCP header

Wed, 30 Mar 2005 17:25:24 -0800 


On Mar 30, 2005, at 5:26 PM, Mario Hollibaugh wrote:

I don't understand how this line of code is giving him the location of the udp header. In the first line where he says (ih- >ver_ihl & 0xf) * 4, why is he first using that bit-wise and operator with the hex value that follows?

To extract the lower 4 bits of the first byte of the IP header, which, as per RFC 791, has the IP version in the upper 4 bits and the header length in the lower 4 bits:

3.1.  Internet Header Format

  A summary of the contents of the internet header follows:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version|  IHL  |Type of Service|          Total Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Identification        |Flags|      Fragment Offset    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Time to Live |    Protocol   |         Header Checksum       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Source Address                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Destination Address                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                    Example Internet Datagram Header

                               Figure 4.

  Note that each tick mark represents one bit position.

  Version:  4 bits

The Version field indicates the format of the internet header. This
document describes version 4.

  IHL:  4 bits

    Internet Header Length is the length of the internet header in 32
    bit words, and thus points to the beginning of the data.  Note that
    the minimum value for a correct header is 5.

And why is he multiplying all of that by 4?

Because the IHL field is, as per the above bit of RFC 791, in units of 32-bit words, not in units of bytes.

If you wanted to know the length of the IP header why wouldn't you just take the 4-bit value that is passed in an IP header as the IP header length field?

Because that would give you the length in 32-bit words, not the length in bytes, and a "u_char" is a byte in C, meaning it's 8 bits in most if not all C implementations.


==================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/winpcap-users@winpcap.polito.it/

To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================

Reply via email to