Network package Several formats ETHHDR, Ether_header, Iphdr, TCPHDR, UDPHDR

1, Iphdr

IPHDR is a kind of computer language. Is the description structure of IP packets under Linux.

the header file is/usr/src/linux/include/linux/ip.h, and the structure is as follows:

struct IPHDR {
#if defined (__little_endian_bitfield)/small-end mode __u8
    ihl:4,//Header Length (4-bit)
        version:4;// IP protocol version IPv4
#elif defined (__big_endian_bitfield)//big-endian mode
    __u8 Version:4,
        ihl:4;
#else
#error "please fix <asm/byteorder.h>"
#endif
    __u8 tos;//Service Type field (8-bit)
    __be16 tot_len;/ /16-bit IP datagram total length
    __be16 id;//16 bit Identification field (only represents each datagram sent by the host)
    __be16 frag_off;//(3-bit fragment flag + 13-bit fragment offset)
    __u8 ttl;// 8-bit datagram lifetime
    __u8 protocol;//Protocol field (8-bit)
    __be16 check;//16 bit header checksum __be32 saddr;
    //Source IP address
    __be32 daddr;// Destination IP address
};

iphdr->version
Version (4-bit), the current protocol version number is 4, so IP is sometimes called IPv4.

IPHDR->IHL
Header Length (4 bits): The header length refers to the number of characters in the IP layer header (that is, the IP layer header contains 4 bytes – 32 bits), including any options. Because it is a 4-bit field, the header is up to 60 bytes long. Normal IP datagram (without any selections) the value of the field is 5 <==> 5 * 32/8 = 5 * 4 = Bytes.

Iphdr->tos
Service Type field (8-bit): The service Type (TOS) field includes a priority child field of 3 bit (now ignored), 4 bit TOS and 1 bit unused bits, but 0 must be placed. The TOS sub fields of the 4 bit represent: Minimum delay, maximum throughput, maximum reliability, and minimum cost. Only 1 bit can be set in the 4 bit. If all 4 bit are 0, then it means a General service.

Iphdr->tot_len
The total Length field (16 bits) refers to the length of the entire IP datagram, in bytes. With the header Length field and the total Length field, you can know the starting position and length of the data content in the IP datagram. Because the word length is 16 bits long, the IP datagram can be up to 65535 bytes, and the total size field is what is necessary in the IP header because some data links (such as Ethernet) need to populate some data to achieve the minimum length. Although Ethernet has a minimum frame length of 46 bytes, IP data may be shorter. If there is no total length field, then the IP layer does not know how much of the 46 bytes is the content of the IP datagram.

Iphdr->id
The Identity field (16-bit) uniquely identifies each datagram sent by the host. It usually adds 1 to the value of each message sent.

Iphdr->frag_off(16-bit)
The low 13-bit Frag_off domain-segment offset (Fragment offset) field indicates where the fragment is in the current datagram. All other segments (fragments) must be multiples of 8 bytes, except for the last segment of a datagram. This is 8 bytes is the base segment unit. Because the domain has 13 bits, each datagram has a maximum of 8,192 segments. Therefore, the maximum datagram length is 65,536 bytes, 1 larger than the Iphdr->tot_len domain.
Iphdr->frag_off, 3-bit high.
(1) Bit 0 is reserved and must be 0;
(2) Bit 1 is "do not Fragment" (Df–don ' t Fragment) flag, if this bit 1,ip will not be fragmented datagram, then if there is a need for fragmentation of the arrival of the datagram, will discard this datagram and send an ICMP error message to the starting end.
(3) Bit 2 is a "more fragmented" (Mf–more Fragment) flag. In addition to the last one, each of the other pieces that make up the datagram will have to place the bit at 1.

Iphdr->ttl
TTL (time-to-live) – 8 bit, the live Time field sets the maximum number of routers that datagrams can pass through. It specifies the life time of the datagram. The initial value of the TTL is set by the source host (usually 32 or 64), and its value is subtracted by 1 as soon as it passes through a router that handles it. When the value of this field is 0 o'clock, the datagram is discarded and an ICMP message is sent to notify the source host.
The TTL (Time to live) field is a counter that restricts the lifetime of a group. The Count time unit here is seconds, so the maximum lifetime is 255 seconds. The counter must be decremented on each hop, and the counter must be decremented multiple times when the datagram is queued longer on a router. In practice, it simply jumps the counter, and when it decrements to 0, the packet is discarded and the router sends a warning packet to the source host. This feature prevents datagrams from staying on the network for a long time, and sometimes it can happen when the routing table is corrupted.

Iphdr->protocol
Protocol field (8-bit): it is possible to identify which protocol transmits data to the IP. When the network layer is assembled to complete a full datagram, it needs to know how to handle it. The Protocol (PROTOCOL) field indicates to which transport process it should be handed. TCP is a possibility, but UDP or other protocols are also possible.

Iphdr->check
The first inspection and field (16-bit) are the tests and codes computed based on the IP header. It does not compute the data after the header. ICMP, IGMP, UDP, and TCP all contain both header and data validation and code in their respective header.
In order to compute the IP test of a datagram, the test and field are first set to 0. Then, a binary inverse code summation is performed on each bit in the header (the whole header is considered to consist of a string of bits), with the result being checked and field. When an IP datagram is received, the sum of the binary inverse codes is also performed on each bit in the header. Since the receiver includes the test in the header of the sender in the calculation process, the receiver shall calculate the result to be 1 if no error occurs during the first transmission. If the result is not all 1 (that is, check and error), then IP discards the datagram received. But does not generate the error message, from the upper level to discover the lost datagram and carries on the retransmission.

iphdr->saddr
32-bit Source IP address
iphdr->daddr
32-bit Destination IP address

Network byte order
The 4-byte bit value is transmitted in the following order: First is 0~7bit, next 8~15bit, then 16~23bit, and finally 24~31 bit. This transmission order is called the big endian byte sequence. Because all binary integers in the TCP/IP header are required in this order when they are transmitted across the network, it is also known as network byte order. 2, Tcphdr

TCPHDR is a description structure of TCP packets under Linux.
the header file is/usr/src/linux/include/linux/tcp.h, and the structure is as follows:

struct TCPHDR {
    __be16  source;//16 bit source port number
    __be16  seq dest;//16 bit destination port
    number  ;
    __be32  ack_seq;
#if defined (__little_endian_bitfield)
    __u16   res1:4,//reserved bit
        doff:4,//tcp head length
        fin:1, Syn:1
        ,
        rst:1,
        psh:1,
        ack:1,
        urg:1,
        ece:1,
        cwr:1;
#elif defined (__big_endian_bitfield)
    __u16 doff:4, Res1:4, cwr:1,
        ece:1
        , Urg:1,
        ack:1,
        psh:1,
        rst:1,
        syn:1,
        fin:1;
#else
#error  "Adjust your <asm/byteorder.h> defines"
#endif  
    __be16  window;// The size of the 16-bit sliding window
    __sum16 check;//tcp checksum
    __be16  urg_ptr;

Tcphdr->source
16-bit Source port number

tcphdr->dest
16-bit Destination port number

Tcphdr->seq
Represents the number of bytes of data sent this time in the entire message segment. The ordinal number is unsigned for the bit. For security purposes, its initial value is a randomly generated number that reaches the 32-bit maximum and starts at zero.

Tcphdr->ack_seq
Specifies the next expected byte to be received, not the last byte that has been properly received.

tcphdr->res1
Reserved bit

Tcphdr->doff
The TCP header length, which indicates how many 32-bit characters are included in the TCP head. This information is required because the length of the options field is variable, so the length of the entire TCP head varies. Technically, this field actually indicates the starting address of the data portion within the segment (measured in 32-bit terms), because the value is exactly the length of the TCP head in words, so the effect is equivalent.

Tcphdr->window
The size, in bytes, of the 16-bit sliding window starts at the value specified in the Confirm Serial Number field, which receives the number of bytes that are expected to be received, with a maximum value of 63353 bytes.
Traffic control in TCP is done through a sliding window of variable size. The window field specifies how many bytes can be received from the acknowledged byte. Window = 0 is also legal, which is equivalent to say that up to now up to ack_seq-1 bytes have been received, but the receiver is now in poor condition, need to rest, and then continue to receive more data, thank you. Later, the receiver can tell the sender to continue sending the data segment by sending a data segment that is the same ack_seq but window is not 0.

Tcphdr->check
TCP testing and, covering the entire TCP segment, this is a mandatory field, must be calculated and stored by the sender, and by the receiver to verify.
tcphdr->urg_ptr
This field is used to indicate the position of the emergency data in the current data segment, which is a byte offset value relative to the current serial number. This facility can replace interrupt information.

fin, SYN, RST, PSH, ACK, Urg for 6 sign Bits
The fact that these 6-bit domains have remained intact for more than One-fourth centuries is a good illustration of how thoughtful the TCP designers are considering. They have the following meanings:
The Tcphdr->fin fin bit is used to release a connection. It means that the sender has no data to transmit.

Tcphdr->syn
The sync sequence number used to initiate a connection. The SYN bit is used to establish the connection process. In the connection request, syn=1; Ack=0 indicates that the data segment does not use the confirmation field for the incidentally. The connection answered with a confirmation, so there was a syn=1; Ack=1. In essence, the SYN bit is used to represent the connection request and the connection accepted, but further use of the ACK bit to distinguish between the two cases.

Tcphdr->rst
For resetting an already confusing connection, the confusion may be due to a host crash or some other reason. This bit can also be used to reject an invalid data segment, or to deny a connection request. In general, if you have the data segment set to the RST bit, that means you have a problem at this end.

Tcphdr->psh
The receiver should immediately request that the data be submitted to the application after receiving the data, rather than buffering it until the entire buffer is fully received (the purpose may be for efficiency reasons).

Tcphdr->ack
The ACK bit is set to 1 to indicate that the TCPHDR->ACK_SEQ is valid. If the ACK is 0, the data segment does not contain confirmation information, so the Tcphdr->ack_seq field should be ignored.
Tcphdr->urg
Emergency pointer valid

tcphdr->ece
Use temporarily unknown

TCPHDR->CWR
Use temporarily unknown