The way pointer arithmetic works in C (and C++ and Objective-C and Objective-C++) is that the pointer is presumed to point to the Nth element of an array, and if you add K to the pointer, the result points to the N+Kth element of the same array.
This means that, on a byte-addressible machine (your machine is byte-addressible, given that the OSes run by non-byte-addressible machines with C compilers don't support libpcap), if you have a pointer to an object that's M bytes long, if you add K to that pointer, the address corresponding to the result of that addition will be M*K bytes past the address in that pointer.
So, unless you have a pointer to a 1-byte value, adding a sizeof
value to the pointer is not what you want to do.
This means that
rtp2 = (struct rtphdr*) (udp + sizeof(struct udphdr));
is wrong. If udp
points to a UDP header, and you want to point past the UDP header, you need to do either
rtp2 = (struct rtphdr*) (udp + 1);
or
rtp2 = (struct rtphdr*) ((char *)udp + sizeof(struct udphdr));
I presume pointer
is a pointer to char
or unsigned char
, as would be handed to a libpcap callback, so the arithmetic you're doing with pointer
is correct.