I'm making a program using pcap to parse .pcap files.
I'm actually working on the DNS protocol, i'm able to get the header and display its information. Now I'd like to display its Resource Records (Question, Answer, Authority, Additional).
I found this interesting doc: http://www.zytrax.com/books/dns/ch15/
And, as I did before for parsing the different headers, I wanted to create a structure and cast my packet in it.
Following this doc I created my structure as follow:
struct question_s {
u_short *qname;
u_short qtype;
u_short qclass;
}
and I'm casting :
struct question_s *record = (struct question_s*)(data + offset);
Where data is the packet representation, and offset is the total size of previous protocols.
Now I'm having trouble understanding some points, and as my English is not perfect, it's possible that I missed something in the documentation. Here are my questions:
As qname is of variable size, am I doing it right by making it a pointer on u_short?
All pointer are 8 bytes long, so my structure should be 12 bytes long, but where is the name in memory? Should I add 12 to my offset without taking care of the name length?
I tried to display qname, working on it as if it was a char*, but it doesn't seem to work (seg. fault), here is what I did:
void test(u_short *qname) {
for (int c = 0; qname[c] != 0; ++c)
write(1, &qname[c], 1);
}
But maybe there isn't a '\0' in the string?
May be that's an endianess issue? I use htons and htonl on all my u_short and u_int values because the network byte order isn't the same as mine, but I'm not sure it applies to pointers.
