(This is a development question, so I'm replying just to ethereal-dev.) On Thu, Feb 13, 2003 at 06:04:38PM -0500, Parks, Chauni wrote: > I'm in the process of writing a dissector for our homegrown middleware > messages. I am new at coding, so this has been a challenge. I am having a > problem capturing the correct destination ip address, however I am able to > capture the src ip address. I used the following: > > proto_add_tree_item(mtm_tree, hf_mtm_src_ip, offset + 16, 4, FALSE) . So I > assuming that it's capturing the ip address that other dissectors are using.
No, it's capturing the IP address that starts at an offset of "offset + 16" bytes from the beginning of one of your middleware messages - it's not, for example, capturing an IP address from the IP header for your packet. If you need the source or destination network-layer address for your packet, you have to get it from the packet_info structure pointed to by the "pinfo" argument to your dissector - "pinfo->net_src" and "pinfo->net_dst" are the network-layer source and destination addresses of your packet (and "pinfo->src" and "pinfo->dst" are also the network-layer source and destination, unless the packet has no network-layer source and destination addresses, in which case they're the link-layer source and destination). If "pinfo->net_src.type" or "pinfo->net_dst.type" is AT_IPv4, the address in question is an IPv4 address; "pinfo->net_src.data" points to 4 bytes (not necessarily aligned) containing the source IP address, and "pinfo->net_dst.data" points to 4 bytes (not necessarily aligned) containing the destination IP address. Why does your dissector need those addreses?
