1.UDP Brief IntroductionUDP is a transport layer protocol, and the TCP protocol is in a hierarchy, but unlike the TCP protocol, the UDP protocol does not provide time-out retransmission, error retransmission and other functions, that is, it is unreliable protocol.
UDP Datagram Structure:
UDP header Format:
Explain:
- Source port number: The item is any option, the default value is 0, which can be specified.
- Destination port number: The entry must be specified because this is the address associated with a particular application process within the receiving host.
- UDP Length: This field represents the length of the data message (including the Header and Data section), with a minimum of 8 bytes.
- Quarantine and: This field is used to prevent errors in the transmission of UDP user datagrams. When checking and calculating, add a temporary 12-byte pseudo-header before the UDP datagram. As shown in.
2.UDP protocol Header 2.1.UDP Port numberbecause many software needs to use the UDP protocol, the UDP protocol must use a flag to distinguish between the different programs required by the packet. The port number is the function of this, for example, a UDP program A in the system to register 3000 port, then, from the outside to pass in the destination port number 3000 UDP packets will be handed to the program. The port number can theoretically have 2^16 so much. because it is 16 bits in length. If the port is unreachable, the ICMP Port unreachable message is sent. (traceroute)
2.2.UDP Inspection andThis is an optional option, not all systems are checking UDP packets and data (relative to the TCP protocol must), but the RFC standard requires that the sender should calculate the test and.
UDP verifies and overwrites the UDP protocol header and data, which is different from the IP check and the IP protocol is verified and only overwrites the IP header, and does not overwrite all data. Both UDP and TCP contain a pseudo-header, which is set to calculate the test and. The pseudo-header even includes the IP address information in the IP protocol, the purpose is to allow UDP two times to check whether the data has been correctly reached the destination. If the sender does not open the test and the option, and the receiving end of the calculation of the test and error, then the UDP data will be silently discarded (not guaranteed delivery), without generating any error messages.
2.3.UDP lengthUDP messages can be long and can be as long as 65535 bytes. But the general network at the time of transmission, a general transmission is not so long protocol (related to the problem of MTU), it is necessary to the data sharding, of course, these are the UDP and other superior protocol transparent, UDP does not need to care about the IP protocol layer on the data fragmentation.
3.IP ShardsIP after receiving data from the upper layer, according to the IP address to determine the data sent from that interface (by routing), and the MTU of the query, if the data size exceeds the MTU of data fragmentation. The shards of the data are transparent to the upper and lower layers, and the data is simply reassembled at the destination, but don't worry, the IP layer provides enough information to re-assemble the data.
In the IP header, the 16bit identification number uniquely records the ID of an IP packet, the IP slice with the same ID will be reassembled, and the 13-bit offset records the position of the IP slice relative to the entire packet, and the two intermediate 3bit flags indicate whether there is a new shard behind the Shard. These three indicators make up all the information of the IP Shard, which the recipient can use to reorganize the IP data (even if the subsequent shards are first up than the previous shards, this information is sufficient).
Because the Shard technology is used frequently on the network, the software and people that forge the IP Shard packet for rogue attack are endless.
You can use the Trancdroute program to perform a simple MTU detection.
IP datagrams and groupings:
An IP datagram is an end-to-end transmission unit of an IP layer (after and after a shard), which refers to a data unit that travels between the IP layer and the data link layer. The grouping may be a shard of an IP datagram, or a complete IP datagram.
Interaction between 3.UDP and ARPThis is a detail that is not often noticed, for some systematic implementations. When the ARP cache is still empty. UDP before being sent must send an ARP request to obtain the MAC address of the destination host, if the UDP packet is large enough to the IP layer must be fragmented, imagine that the first shard of the UDP packet will issue an ARP query request, all the shards will Wait until this query is complete and send it later. Is this actually the case?
As a result, some systems cause each shard to send an ARP query, all of the shards are waiting, but the first response is accepted (because the ARP queue is the first-in, first-out, so the last shard gets a response, instead). The host only sends the last piece of data and discards the other (only the last shard of the IP datagram is sent, but the previous shard is not sent), which is really amazing (this is actually the normal operation of ARP.) In most implementations, when waiting for an ARP response, only the last message is sent to a specific destination host. Thus, because the data of the shards cannot be assembled in time, the receiving host will discard the IP packets that will never be assembled for a period of time, and send an ICMP packet with the assembly timeout (many systems do not produce this error) to ensure that the receiving host's own receive-side cache is not filled with shards that are never assembled.
4.ICMP Source Station Suppression errorWhen the target host's processing speed is not as fast as the data is received, because the host's IP layer cache is full, the host sends out an ICMP source station to suppress the error message.
5.UDP Server DesignSome of the features of the UDP protocol will affect our server program design, broadly summarized as follows:
- About customer IP and address: The server must have the ability to determine whether a packet is legitimate based on the client's IP address and port number (which seems to require each server)
- About Destination Address: The server must have the ability to filter broadcast addresses.
- About data entry: usually each port number of the server system corresponds to an input buffer, the incoming input according to the principle of first served waiting for the server processing, it is inevitable that a buffer overflow problem, in this case, the UDP packet may be discarded, and the application server program itself is not aware of the problem.
- The server should restrict the local IP address, that is, it should be able to bind itself to a certain port on a network interface.