6

Look at this code segment:

if(ip_header->protocol == IPPROTO_TCP)
 {
   tcp_header = (struct tcphdr*)(packet + sizeof(struct ethhdr) + ip_header->ihl*4);

    /* Print the Dest and Src ports */

   printf("Source Port: %d\n", ntohs(tcp_header->source));
   printf("Dest Port: %d\n", ntohs(tcp_header->dest));

  }

What i am confused is, in case of determining the size of other headers we normally do, sizeof(struct tcphdr) or sizeof(struct ethhdr) but for IP header size, we don't do sizeof instead we do ip_header->ihl*4. Why is it so? Also what is this 4 for?

Here is how the struct declaration of IP heder:

00116 struct iphdr {
00117 #if defined(__LITTLE_ENDIAN_BITFIELD)
00118         __u8    ihl:4,
00119                 version:4;
00120 #elif defined (__BIG_ENDIAN_BITFIELD)
00121         __u8    version:4,
00122                 ihl:4;
00123 #else
00124 #error  "Please fix <asm/byteorder.h>"
00125 #endif
00126         __u8    tos;
00127         __u16   tot_len;
00128         __u16   id;
00129         __u16   frag_off;
00130         __u8    ttl;
00131         __u8    protocol;
00132         __u16   check;
00133         __u32   saddr;
00134         __u32   daddr;
00135         /*The options start here. */
00136 };
RajSanpui
  • 11,556
  • 32
  • 79
  • 146

1 Answers1

8

It's a problem of different units of measurement. The IHL field in the IP header is defined like this:

Internet Header Length is the length of the internet header in 32 bit words.

And this size isn't fixed (because of valid but discouraged IP options). So one packet could have IHL=5, the next could have IHL=6 and so on.

cnicutar
  • 178,505
  • 25
  • 365
  • 392
  • 1
    @kingsmasher1 I expanded my answer :-) The header isn't fixed in size. – cnicutar Jan 19 '12 at 12:25
  • okay, so you mean only in case of IP header it varies, but for others it is fixed. Let me check the structs declaration and compare, once more. – RajSanpui Jan 19 '12 at 12:27
  • See i have put the IP header struct in my question above, which field will change so that IP header length changes? Why this is not with other cases? I understand my question can be tedious, but still if you can clarify. Thanks in advance. – RajSanpui Jan 19 '12 at 12:34
  • @kingsmasher1 Your question is not tedious. You're simply lazy and didn't read RFC 791 (you didn't even read my answer carefully). Back to your question: the size of the header varies because of the mentioned **ip options**. – cnicutar Jan 19 '12 at 12:37
  • You are correct. I am checking this now: http://www.ietf.org/rfc/rfc791.txt but i read your answer carefully :) – RajSanpui Jan 19 '12 at 12:42
  • @kingsmasher1 Okay, no worries. Read about the options and you'll certainly get it. But note that most IP packets have IHL=5. – cnicutar Jan 19 '12 at 12:43
  • I got this from that document and understand the point: `The options may appear or not in datagrams. They must be implemented by all IP modules (host and gateways). What is optional is their transmission in any particular datagram, not their implementation. In some environments the security option may be required in all datagrams.` The option field is variable in length. There may be zero or more options. There are two cases for the format of an option: – RajSanpui Jan 19 '12 at 12:48