use of memcpy to store data from buffer into struct

Question

I have sflow packet capture code in which I need to print the sflow data information from buffer. I have defined the structs for the required information and trying to use memcp

Answer 1

You're copying from the wrong offsets in your buffer.

Assuming the data contains a struct sampled_header, followed by a struct sampled_ethernet, followed by a struct sampled_ipv4, followed by a struct extended_switch, you should do the following:

memcpy(&head,buffer,sizeof head);
// read contents of head
...
memcpy(&ether,&buffer[sizeof(head)],sizeof ether);
// read contents of ether
...
memcpy(&ip4,&buffer[sizeof(head) + sizeof(ether)],sizeof ip4);
// read contents of ip4
...
memcpy(&swh,&buffer[sizeof(head) + sizeof(ether) + sizeof(ip4)],sizeof swh);
// read contents of swh
...

Edit:

It looks like we're way off on what the data looks like. I took the data bytes you listed in this question, read them into a buffer and sent it out in a UDP packet. I fired up Wireshark, which gave us this:

So the packet contains:

• The sflow version, 32-bit (5)
• an 32 bit int (value=1)
• a struct sample_datagram_v5
• the number of samples (32-bit int, value=6)
• six samples

The first sample contains:

• The sample type as a data_format (in this case a flow sample)
• a struct flow_sample
• the number of flow samples (32-bit int, value=2)

The first flow in the first sample:

• The flow type as a data_format (int this case a raw packet sample, so...)
• the flow data length (32-bit int, value=144)
• a struct sampled_header
• 4 bytes that are skipped as per the value of sampled_header.stripped
• ethernet header
• IP header (payload=TCP)
• TCP header (port=80)
• data bytes (62)

The second flow in the first sample:

• The flow type as a data_format (int this case extended switch data)
• the flow data length (32-bit int, value=16)
• a struct extended_switch

Then five more samples. In this case, all the samples contain a raw packet header and extended switch data.

So this should give you a better idea of what you need to do. Since each data packet will be different, you'll need to figure our how many samples you have. Then for each sample, you'll need to figure out the type, and based on that figure out how to parse the individual flows.

If you need more examples I'd strongly suggest using Wireshark to capture these sflow packets so you can see exactly what's in them to validate that your parser works for all expected input.

Answer 2

All 3 uses of memcpy() shown are passing *buffer, &buffer, and &buffer, so your copies are coming from the wrong location, leading to the wrong output you see. Just pass buffer instead, as it is already the pointer needed.