During this period, I read volume 1 in "TCP/IP details". The biggest feature of this book is that it uses the tcpdump program to capture various network packages, this gives us a definite understanding of the protocols and Algorithms in each layer of the network. It is the protocol discussed in this book and its hierarchy.
1. TCP/IP protocol network hierarchy
The left side shows the status of the data packet at each network layer, and the right side shows the transmission of the data packet at each network layer. The Ethernet port uses an ethernet address to decide whether to discard or deliver packets over the Ethernet port (referred to as Ethernet frames). The Ethernet driver checks and determines whether to discard or deliver the packets to the upper layer; then, the driver splits the Ethernet frame through the "type" field in the Ethernet header to determine whether it is an ip datagram or an ARP/RARP request/response. If it is the latter, the protocol is used for response. If it is an ip datagram, it removes the end of the frame header and delivers it to the Ip layer. The IP layer checks and computes the packet to determine whether to deliver or discard the packet, and then uses the "protocol" field in the ip header to determine whether the packet is a UDP datagram, TCP segment, ICMP, or IGMP packet, in this way, IP datagram is used separately. If it is ICMP or IGMP, it will be processed according to the protocol. If it is TCP or UDP, it will go to its header and deliver it to the transport layer; TCP/UDP is an application that uses the port number to distribute data to this port for listening. In addition to the Protocols mentioned in, the "TCP/IP explanation (Volume 1)" book also mentions some protocols used in DNS and IP routing. The IP protocol itself provides unreliable services, but the TCP protocol established on the IP layer provides reliable services, which involves many control algorithms, TCP protocol is the most complex and detailed protocol in this book. A total of 8 (17 ~ Chapter 24) describes the algorithms used in this section.
2. Ethernet frame
Is the Encapsulation Format of Ethernet frames. The "type" field is used for IP datagram, ARP packet, and RARP packet sharing.
We can see that each Ethernet frame has a minimum length and a maximum length of 64 bytes to detect conflicts. The maximum length is 1518, and the maximum transmission unit MTU is 1500 bytes.
3. IP protocol
The IP address provides an unreliable, connectionless datagram transmission service. Unreliable means that it cannot guarantee that the IP datagram can successfully reach the destination. If an error occurs (such as the buffer temporarily used up by the router), the IP address has a simple processing algorithm: discard the datagram and send an ICMP message to the source. No connection means that the IP datagram does not maintain the status information of the task about the subsequent datagram. The processing of each datagram is independent of each other. First, let's take a look at the IP datagram format:
The 32-bit values of four bytes are transmitted in the following order: the first is 0 ~ 7 bit, followed by 8 ~ 15bit, then 16 ~ 23bit, last 24 ~ 31bit. This transmission order is called the big endian byte order. Because all the binary integers in the TCP/IP Header must be transmitted in this order, it is also called the network byte order. Machines that store binary integers in other forms, such as the little endian format, must convert the header to the network byte before data transmission.
The IPv4 protocol version number is 4. the header length field indicates the number of 32-bit characters in the header. Therefore, the maximum length of the header is (2 ^ 4-1) * 4 bytes.
The TOS field contains a 3bit priority subfield (which has been ignored now). The 4bit TOS subfield and 1bit are not used but must be set to 0. The 4bit TOS represent the minimum latency, respectively, maximum throughput, maximum reliability, and minimum cost. Only 1 bit in 4 bits can be set to 1. If all 4 bits are 0, it means a General Service.
The total length field refers to the length of the entire IP datagram, in bytes. By using the header length field and the total length field, you can know the start position and length of the data content in the IP datagram. Because this field is 16 bits long, the IP datagram can be up to 65535 bytes. The total length field is necessary in the IP header, because some data links need to fill in some data to achieve the minimum length.
The ID field uniquely identifies each datagram sent by the host. Generally, the value of each packet is added with 1.
The TTL survival time field sets the maximum number of routers that a datagram can pass. Each time a router processes it, its value is reduced by 1. when this field is 0, the datagram is discarded and the source host is notified of the ICMP message. In the traceroute program, it uses this feature to gradually obtain the vro from the source address to the destination address through which the datagram is sent starting from the TTL set to 1.
The protocol field, that is, the field used for IP data splitting, is displayed in the first figure.
The first check field is the check and code calculated based on the IP header. It does not calculate the data after the header, ICMP, IGMP, UDP, and TCP contain both header and data verification code in their respective headers. In order to calculate the IP address test of a datagram, the test field is set to 0, and then the sum of every 16 bits in the header is obtained. Note that if the highest bit has a forward bit, add 1 to the second bit as follows:
For more information, see Xie xiiren's "Computer Network".
The first digit of the three-digit mark is null, and the second digit is the DF bit. If it is set to 1, the datagram is "not segmented". If the MF bit is 1, it indicates there is still "more data". This is not needed when the last segment is used, the 13-bit "segment offset" field specifies the position of the segment in the current datagram. Its basic unit is 8 bytes, that is, the segment must be 8 bytes of digits.
The last field in the IP header is any option, which is an optional variable length information in the datagram. The optional information includes:
1. Security and Handling Restrictions (for military purposes)
2. Record the path (let every vro write down its IP address)
3. timestamp (note the IP address and time of each vro)
4. Loose Origin Site Selection
5. Strict Source site selection.
4. IP Route Selection
Next is the IP route selection. The essential difference between a router and a host is that the host never forwards data from one interface to another, while the router forwards data. IP can receive data packets from TCP, UDP, ICMP, and IGMP interfaces (that is, data to be sent locally), or from a network interface. The IP layer has a route table in the memory. When a packet is received and sent, it searches for the table once. When a datagram comes from a network interface, the IP address first checks whether the destination IP address is one of the local IP addresses or the IP broadcast address. If so, the datagram is sent to the protocol module specified by the IP header protocol field for processing. If the destination of the datagram is not these addresses, (1) the host discards the packet; (2) the router forwards the datagram.
Each entry in the route table includes: (this route table can be found through netstat-rn)
(1) the destination IP address, which can be either a complete host address or a network address. The host address has a host number other than 0, to specify a specific host, and the host number in the network address is 0, to specify the host in the network.
(2) the IP address of the next hop router or the IP address of the directly connected network.
(3) flag. One flag indicates whether the destination IP address is a network address or a host address, and the other indicates whether the next route is a router or a directly connected interface. There are five different signs in total: U (this route is available), G (this route is to a gateway), H (this route is to a host), D (this route was created from rewrite to message), and M (this route has been modified by the redirection message ).
IP Route Selection mainly includes the following functions:
(1) Search the route table to find a table that exactly matches the destination IP address. If so, send the packet to the address;
(2) search the route table and find the table that matches the destination network number. If the table is found, send the report to the network interface directly connected to the next router in the table;
(3) Search for the route table and find the table marked as "default". If yes, send the report to the next-Stop router specified in the table.
If none of the preceding steps are successful, the datagram cannot be sent. If the data that cannot be transmitted comes from the local machine, an "inaccessible host" or "inaccessible network" error is generally returned to the application that generates the data.
5. ARP Protocol
When a host sends an Ethernet data frame to another host located on the same LAN, the destination interface is determined based on the 48bit ethernet address. The device driver never checks the destination IP address in the IP datagram. ARP and RARP provide dynamic ing between IP addresses and corresponding hardware addresses. RARP is used by systems without disk drives and does not seem to require much attention. The key to efficient ARP operation is that each host has an ARP high-speed cache, which stores the ing records between the nearest IP address and the hardware address. Each item in the cache lasts for 20 minutes and starts from the time it was created. You can use (arp-a) to check the ARP high-speed cache.
Is the ARP grouping format
The op field specifies four operation types, which are ARP requests (with a value of 1), ARP responses (with a value of 2), and RARP requests (with a value of 3) RARP response (value: 4 ). For arp requests, all fields except the target hardware address have a fill value. After the system receives an arp request message from the target machine, it fills in the hardware address and replaces the two Sending addresses with the two destination addresses, set the operation field to 2.
For arp requests, the hardware address in the first part of the Ethernet frame is full 1, which indicates broadcast. The Request Host broadcasts an arp request to the network where the request is located, "If you are the owner of this IP address, please answer your hardware address ". If the queried host has been shut down or does not exist, the output of tcpdump shows that the host is sent again after 5.5 seconds, and then sent again in 24 seconds, that is, the timeout limit is 29.5 seconds. If you use arp-a to view the arp cache, you can see that the mac address bar corresponding to the IP address is written (incomplete). As mentioned above, the timeout value for the complete table item is set to 20 minutes, for incomplete table items, the timeout time is 3 minutes.
If an arp request is sent from one network host to another, the router connecting the two networks can answer the request. This process is called an arp proxy. (I don't really understand this part. Isn't the broadcast router at the link layer not capable of broadcasting ?)
Another feature of arp requests is free arp, which means that the host sends arp requests to find its own IP address. It has two functions:
(1) One host can use it to determine whether the other host has the same IP address. The host that sends the free arp does not want an answer to this request. However, if you receive an answer, it indicates that there is an ip conflict in the network.
(2) If the host that sends the free arp packet changes the hardware address, the group can update the old hardware address in the cache of other hosts. This is based on the fact of an arp Protocol: if the host receives an arp request from an IP address and it is already in the recipient's high-speed cache, in this case, the sender's hardware address in the arp request must be used to update the corresponding content in the cache. The host must complete this operation when it receives any arp request.
The following are some arp commands:
Arp-a lists all arp cache records on the host.
Arp-d deletes a content in the arp high-speed cache (superuser permission) (it seems that after deletion, the host record is still there, but its mac address item is set to incomplete ).
Arp-s adds content in the cache, and the new content is permanent, unless the keyword temp is appended at the end of the command line.
This time, we mainly summarized the overall framework of the TCP/IP protocol, and summarized several protocols used by Ethernet frames (Data Link frames) and their "types: ip, arp, rarp, and rarp are not introduced because they are not very useful. In fact, this book only uses two pages for a brief introduction.