Wireshark-dev: Re: [Wireshark-dev] [Patch] native little endian ipv4 decoding function for the
Balint Reczey (IJ/ETH) wrote:
The attached patch adds ability of reading Little Endian encoded IPv4
addresses to the Lua plugin.
What exactly are the semantics of TvbRange_get_ipv4() and
TvbRange_get_le_ipv4() supposed to be?
Note, for example, that the value passed to SET_ADDRESS() should be the
*raw* bytes of the IPv4 address, *NOT* the value as processed by, for
example, tvb_get_ntohl() or g_ntohl(). The same applies to the value
passed to proto_tree_add_ipv4().
Any code that uses tvb_get_ntohl() to get an IPv4 address will fail on a
little-endian machine - and will often be "fixed" by the developer by
changing the call to tvb_get_letohl(), which will fail on a big-endian
machine (such as the machine on which I'm typing this).
I suspect that TvbRange_get_ipv4() should use tvb_get_ipv4() to fetch
the IPv4 address, at least fro the value passed to SET_ADDRESS().
If the purpose of TvbRange_get_le_ipv4() is to fix problems seen with
Lua scripts on little-endian machines, the right fix might be to fix
TvbRange_get_ipv4().
If the purpose is to handle packets where an IPv4 address is not stored
in network byte order - that's *very* rare, but it's not unheard of -
then, if TvbRange_get_ipv4() needs to use tvb_get_ipv4(),
TvbRange_get_le_ipv4() should use tvb_get_ipv4() and then byte-swap the
value.
