Hello,
+all the frameworks, apps, Finder, etc
A nice system :-)
If DEFAULT_UDP_PORT is 256, then the statement
if (dst_port == 0x0100)
printf("Yes\n");
else
printf("No\n");
will print "Yes", regardless of whether it's running on a big-
endian or little-endian machin
On Jul 7, 2005, at 4:37 PM, Cyril wrote:
[iBook] Running what OS?
Mac OS X (Mach kernel + Darwin).
(...+all the frameworks, apps, Finder, etc. - but those aren't
relevant to this particular issue.)
Oks. So, BPF/LSF filter assumes that multi-byte values are in
network byte order (ie b
Me :
Why not safe_snprintf(..., htons(src_prt), ...) ? I swear that it's
my *last* stupid question :-)
^^
The only answer is that pcap_compile() reverts multibyte data found in
expression on little endian architectures. 0x0001 -> 0x0100. So
0x1f01
Hello,
[iBook] Running what OS?
Mac OS X (Mach kernel + Darwin).
Most PowerPC processors, however, support unaligned loads and
stores (although they might be slower). I think all the ones used
in modern Macs do.
Yes. Processors used in modern Macs are bi-endian PowerPC. They
support
Cyril wrote:
Ok. My computer is a G4 iBook.
Running what OS?
(Yes, that's a serious question. The default OS is a system with BPF,
so the packet data's network-layer header should be aligned on a 4-byte
boundary - and, at least for Ethernet and 802.11, the link-layer header
is fixed-lengt
Hello,
Guy :
That only applies to live captures on systems with BPF; it doesn't
apply, for example, on Linux
(even though Linux's socket filters implement the same filter
language as the BSD BPF code does),
or Windows (even though WinPcap implements that filter language) or
other platforms
On Jul 5, 2005, at 3:34 PM, Cyril wrote:
Yes. The question was stupid. My program computes a data offset (14
for an
Ethernet header) and assumes that network layer data follow link
layer data
However, I set up a BPF filter and BPF man page says :
The bh_hdrlen field exists to account
[I can't speak english fluently. Sorry :-(]
Guy :
No, they are not. What you get is what's on the network, and if
you have a 14-byte Ethernet header, for an IP datagram, for
example, the IP datagram starts *immediately* after the Ethernet
header - no padding.
Yes. The question was
Cyril wrote:
2) Are pcap_next() network layer data aligned in memory ? IE
-- Alignment
Link layer data
--
Gap
-- Alignment
Network layer data
No, they are not. What you get is what's on the network, and if you
have a 14
Hello,
I'm writing a tiny utility named YAT (Yet Another Traceroute). I have
a few
questions.
1) Libnet functions return big endian local (src_ip) and destination
(dst_ip)
IPv4 addresses used in UDP probes.
void
set_ip(const char *host)
{
src_ip = libnet_get_ipaddr4
10 matches
Mail list logo
