IP 标头的分解
我必须做一个嗅探器作为安全课程的作业。我正在使用 C 和 pcap 库。我一切都运转良好(因为我从互联网上获得了代码并进行了更改)。但我对代码有一些疑问。
u_int ip_len = (ih->ver_ihl & 0xf) * 4;
ih 的类型为 ip_header,它当前指向数据包中的 IP 标头。ver_ihl 给出 IP 的版本。
我不知道什么是: & 0xf) * 4;
I have to do a sniffer as an assignment for the security course. I am using C and the pcap library. I got everything working well (since I got a code from the internet and changed it). But I have some questions about the code.
u_int ip_len = (ih->ver_ihl & 0xf) * 4;
ih is of type ip_header, and its currently pointing the to IP header in the packet.ver_ihl gives the version of the IP.
I can't figure out what is: & 0xf) * 4;
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
&是按位与运算符,在本例中,您将 ver_ihl 与 0xf 进行与运算,其效果是清除除最低有效位 4
0xff & 之外的所有位。 0x0f = 0x0f
ver_ihl 定义为前 4 位 = 版本 + 第二个 4 = 互联网标头长度。 and 运算删除版本数据,仅留下长度数据。长度被记录为 32 位字的计数,因此 *4 将 ip_len 转换为标头中的字节数
响应您的评论:
按位与操作数中的相应位。当你和任何带有 0 的东西时,它都会变成 0,而任何带有 1 的东西都保持不变。
0xf = 0x0f = 二进制 0000 1111
因此,当您将 0x0f 与任何内容进行运算时,前 4 位将设置为 0(因为您将它们与 0 进行与运算),而最后 4 位则与另一个操作数中的情况相同(就像您将它们与 1 进行运算一样) )。这是一种称为位掩码的常见技术。
http://en.wikipedia.org/wiki/Bitwise_operation#AND
& is the bitwise and operator, in this case you're anding ver_ihl with 0xf which has the effect of clearing all the bits other than the least signifcant 4
0xff & 0x0f = 0x0f
ver_ihl is defined as first 4 bits = version + second 4 = Internet header length. The and operation removes the version data leaving the length data by itself. The length is recorded as count of 32 bit words so the *4 turns ip_len into the count of bytes in the header
In response to your comment:
bitwise and ands the corresponding bits in the operands. When you and anything with 0 it becomes 0 and anything with 1 stays the same.
0xf = 0x0f = binary 0000 1111
So when you and 0x0f with anything the first 4 bits are set to 0 (as you are anding them against 0) and the last 4 bits remain as in the other operand (as you are anding them against 1). This is a common technique called bit masking.
http://en.wikipedia.org/wiki/Bitwise_operation#AND
阅读定义 IPv4 的 RFC 791:
IP 标头的前 8 位是版本和 IHL 字段的组合。
您所拥有的代码正在执行的操作是取出前 8 位,并删除 IHL 部分,然后将其转换为字节数。与
0xF的按位AND将隔离IHL字段,并且乘以4是因为32位字中有4个字节。Reading from RFC 791 that defines IPv4:
The first 8 bits of the IP header are a combination of the version, and the IHL field.
What the code you have is doing, is taking the first 8 bits there, and chopping out the IHL portion, then converting it to the number of bytes. The bitwise AND by
0xFwill isolate the IHL field, and the multiply by 4 is there because there are 4 bytes in a 32-bit word.ver_ihl 字段包含两个 4 位整数,打包为低位和高位 nybble。长度指定为 32 位字的数量。因此,如果您有一个版本 4 IP 帧,带有 20 个字节的标头,则 ver_ihl 字段值为 69。然后您将得到以下结果:
所以,是的,“&0xf”屏蔽了低 4 位位。
The ver_ihl field contains two 4-bit integers, packed as the low and high nybble. The length is specified as a number of 32-bit words. So, if you have a Version 4 IP frame, with 20 bytes of header, you'd have a ver_ihl field value of 69. Then you'd have this:
So, yes, the "&0xf" masks out the low 4 bits.