Balint Reczey (IJ/ETH) wrote: > The attached patch adds ability of reading Little Endian encoded IPv4 > addresses to the Lua plugin.
What exactly are the semantics of TvbRange_get_ipv4() and TvbRange_get_le_ipv4() supposed to be? Note, for example, that the value passed to SET_ADDRESS() should be the *raw* bytes of the IPv4 address, *NOT* the value as processed by, for example, tvb_get_ntohl() or g_ntohl(). The same applies to the value passed to proto_tree_add_ipv4(). Any code that uses tvb_get_ntohl() to get an IPv4 address will fail on a little-endian machine - and will often be "fixed" by the developer by changing the call to tvb_get_letohl(), which will fail on a big-endian machine (such as the machine on which I'm typing this). I suspect that TvbRange_get_ipv4() should use tvb_get_ipv4() to fetch the IPv4 address, at least fro the value passed to SET_ADDRESS(). If the purpose of TvbRange_get_le_ipv4() is to fix problems seen with Lua scripts on little-endian machines, the right fix might be to fix TvbRange_get_ipv4(). If the purpose is to handle packets where an IPv4 address is not stored in network byte order - that's *very* rare, but it's not unheard of - then, if TvbRange_get_ipv4() needs to use tvb_get_ipv4(), TvbRange_get_le_ipv4() should use tvb_get_ipv4() and then byte-swap the value. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
