Decoding a packet - broadcast or multicast

Question

After looking up packet decoding for multicast and broadcast packets, I am having some difficulties in creating the decision logic. From what I have read and observed using wireshark (and looked at some of its source) here is what I have found:

Broadcasts:

• Special case for 0.0.0.0 or rather dst addr 255.255.255.255
• Local broadcast where IG and LG bits for dst addr are set to 1
• I cannot know what subnet a packet is from and so I cannot determine specific broadcast addresses due to custom sub-netting.
• Should I test and see if dest addr might be a legit broadcast address (i.e. guess cidr?)

Is this sufficient?

Multicasts:

• IG bit set to 1, and LG bit set to 0
• dst address destined to 224 - 239 subnet (first octet)

What I have so far?

/*
* Is packet destined for a multicast address?
*/
int is_multicast(CONNECTION temp)
{

char *save;
save = strtok(inet_ntoa(temp.ip_dst), ".");

int firstOct = 0;
firstOct = atoi(save);

if((temp.ether_dhost[0] == 1 ) && 
   (temp.ether_dhost[1] == 0 ) &&
   ((firstOct >= 224) && 
   (firstOct <= 239))) 
{
    return 1;

}

return 0;
}

/*
* Is packet destined for a broadcast address?
*/
int is_broadcast(CONNECTION temp)
{

    if ((temp.ether_dhost[0] == 0xFF) &&
        (temp.ether_dhost[1] == 0xFF) &&
        (temp.ether_dhost[2] == 0xFF) &&
        (temp.ether_dhost[3] == 0xFF) &&
        (temp.ether_dhost[4] == 0xFF) &&
        (temp.ether_dhost[5] == 0xFF)) {
        return 1;   // DHCP or ARP 
    } else if ((temp.ether_dhost[0] == 0xFF) &&
           (temp.ether_dhost[1] == 0xFF))
        && (temp.ether_dhost[2] != 0xFF) {
        return 1;   // Other local broadcast
    }

    return 0;
}

Any thoughts?

Answer 1

In case of IPv4, for checking multicast, the test for first octect should be sufficient.

(224 <= first octect <= 239)

For broadcast, I did not understand the else if() loop in your code. The first if() loop should give desired results.