Linux ICMP Learning notes one of the ICMP protocol-related formats __linux

Linux ICMP feature Analysis one ICMP protocol-related format

The ICMP protocol is a very important protocol in the network layer, it is called the Internet Control Message Protocol (Internet controlling messaging Protocol), the ICMP protocol makes up the lack of IP, it uses IP protocol to transmit information, Provide error information feedback to the source node in the packet that occurs at the network layer.

In the implementation, the router uses the protocol to report the problem, and the host uses the mechanism to test whether the destination station is up to it. The final destination of this message is not the user on an application or destination device, but the Internet Protocol software on the target device, and the receiving of the general ICMP message is processed by the ICMP receiving module in the Linux kernel. The ICMP request message can be sent to the kernel of the relevant subsystem can also be the application layer of the program sent (such as ping application).

1, ICMP message format

The first 32bits of the various ICMP packets are three fixed-length fields, the 8bit type field, the 8bit Code field, the 16bit checksum field (including the checksum of the ICMP data field), and the remaining fields have different meanings for different types of ICMP packets.

A) type types

There are currently 40 ICMP types, the following are more commonly used, and the current type of Linux support.

0 echo Response (echo-reply)

3 Not reachable

4 Source Station Suppression

5 redirect

8 echo Request (Echo-request)

11 Datagram Timeout

12 parameter failure

13 Time Stamp Request

14 Time Stamp response

15 Information Request (no longer in use)

16 Information response (no longer in use)

17 Address Mask request (no longer in use)

18 Address Mask answer (no longer used)

For the above types, it is important to echo request and reply (type 0, 8), unreachable (3), source-station suppression (4), route redirection (5), timestamp request and reply (13, 14)

2, the main ICMP format

A) Echo Request and reply

Where the type value represents a echo request or response, the code value is 0, and identifier is implemented as a process PID in Linux (because the ping request is an application, which enables you to confirm which application on the machine is performing a ping operation, To be able to perform matching operations on received data, and sequence is a counter that sets the sequence value for each echo Request packet. option is optional data, and its size is variable.

TYPE (8/0)	CODE (0)	Checksum
Identifier	Sequence
Option

b) Destination Station unreachable

TYPE (3)	CODE (0-15)	Checksum
Not used (must set 0)
Option

Because there are many reasons for the destination station unreachable, code is needed for further subdivision. For the Option field, the value is the IP header (including optional) plus the first 8 bytes of the original IP data portion.

And the code is defined as follows:

#define ICMP_NET_UNREACH0/* Network unreachable * *

#define ICMP_HOST_UNREACH1/* HOST Unreachable * *

#define ICMP_PROT_UNREACH2/* Protocol Unreachable * *

#define ICMP_PORT_UNREACH3/* PORT Unreachable * *

#define ICMP_FRAG_NEEDED4/* Fragmentation NEEDED/DF Set * * *

#define ICMP_SR_FAILED5/* Source Route Failed * *

#define Icmp_net_unknown6

#define ICMP_HOST_UNKNOWN7

#define Icmp_host_isolated8

#define Icmp_net_ano9

#define Icmp_host_ano10

#define ICMP_NET_UNR_TOS11

#define ICMP_HOST_UNR_TOS12

#define ICMP_PKT_FILTERED13/* Packet Filtered * *

#define ICMP_PREC_VIOLATION14/* Precedence violation * *

#define ICMP_PREC_CUTOFF15/* Precedence cut off * *

#define NR_ICMP_UNREACH15/* Instead of hardcoding immediate value * *

c) redirect

TYPE (5)	CODE (0-3)	Checksum
Route ' s IP
Option

For the Option field, the value is the IP header (including optional) plus the first 8 bytes of the original IP data portion.

The second 32bits represents the WAN side address of the router.

The code type is as follows:

#defineICMP_REDIR_NET 0/* Redirect NET */

#defineICMP_REDIR_HOST 1/* Redirect HOST * *

#defineICMP_REDIR_NETTOS 2/* Redirect Net for TOS */

#defineICMP_REDIR_HOSTTOS 3/* Redirect Host for TOS */

Redirect messages are limited to the interaction between routers and hosts that are directly connected to the same network.

d) Packet timeout

Because each IP packet has a TTL counter, the hop count counter, when the value of the TTL in the packet is 0 o'clock, the packet is discarded and a packet-timed ICMP message is sent. The following is the format of the ICMP packet Hyper-times text

TYPE (11)	CODE (0-1)	Checksum
Not used (must set 0)
Option

For the Option field, the value is the IP header (including optional) plus the first 8 bytes of the original IP data portion.

For command traceroute (tracert under Windows), the IP address that finds all hops to the destination site is based on the TTL. That is, 3 TTL 1 packets are sent first, the first next hop address is obtained according to the received ICMP packet timeout, and then 3 TTL packets are sent to the second next hop address according to the received packet timeout. , and so on until all the hop-point addresses are found or the max value that has arrived at the TTL has not yet been returned to the destination site.

Basically, these 4 ICMP messages are the most important.

3, the ICMP related data structure in Linux

#defineICMP_ECHOREPLY 0/* Echo Reply * *

#defineICMP_DEST_UNREACH 3/* Destination Unreachable * *

#defineICMP_SOURCE_QUENCH 4/* SOURCE Quench * *

#defineICMP_REDIRECT 5/* REDIRECT (change route) * *

#defineICMP_ECHO 8/* ECHO Request * * *

#defineICMP_TIME_EXCEEDED/* Time Exceeded * *

#defineICMP_PARAMETERPROB/* Parameter Problem * *

#defineICMP_TIMESTAMP/* TIMESTAMP Request * *

#defineICMP_TIMESTAMPREPLY/* Timestamp Reply * *

#defineICMP_INFO_REQUEST/* Information REQUEST * *

#defineICMP_INFO_REPLY/* Information REPLY * *

#defineICMP_ADDRESS/* Address Mask Request * *

#defineICMP_ADDRESSREPLY/* Address Mask Reply * *

#defineNR_ICMP_TYPES 18

/*codes for Unreach. */

#defineICMP_NET_UNREACH 0/* Network unreachable * *

#defineICMP_HOST_UNREACH 1/* HOST Unreachable * *

#defineICMP_PROT_UNREACH 2/* Protocol Unreachable * *

#defineICMP_PORT_UNREACH 3/* PORT Unreachable * *

#defineICMP_FRAG_NEEDED 4/* Fragmentation NEEDED/DF Set * * *

#defineICMP_SR_FAILED 5/* Source Route FAILED * *

#defineICMP_NET_UNKNOWN 6

#defineICMP_HOST_UNKNOWN 7

#defineICMP_HOST_ISOLATED 8

#defineICMP_NET_ANO 9

#defineICMP_HOST_ANO 10

#defineICMP_NET_UNR_TOS 11

#defineICMP_HOST_UNR_TOS 12

#defineICMP_PKT_FILTERED/* Packet Filtered * *

#defineICMP_PREC_VIOLATION/* Precedence violation * *

#defineICMP_PREC_CUTOFF/* Precedence cut off/*

#defineNR_ICMP_UNREACH/* Instead of hardcoding immediate value */

/*codes for REDIRECT. */

#defineICMP_REDIR_NET 0/* Redirect NET */

#defineICMP_REDIR_HOST 1/* Redirect HOST * *

#defineICMP_REDIR_NETTOS 2/* Redirect Net for TOS */

#defineICMP_REDIR_HOSTTOS 3/* Redirect Host for TOS */

/*codes for time_exceeded. */

#defineICMP_EXC_TTL 0/* TTL count exceeded * *

#defineICMP_EXC_FRAGTIME 1/* Fragment reass Time Exceeded * *

ICMP header definition:

STRUCTICMPHDR {

__U8 type;

__U8 Code;

__SUM16 checksum;

Union {

struct {

__BE16 ID;

__be16 sequence;

} Echo;

__BE32 Gateway;

struct {

__be16 __unused;

__be16 MTU;

} Frag;

} un;

};

In this data structure, the definition of the first 32bits is the same, and the definition of the following 32bits has different meanings because of the different definition of message echo request and reply and redirect.

Sends an ICMP message-related data structure.

STRUCTICMP_BXM {

struct Sk_buff *skb;//received ICMP message

int offset;//option data offset in ICMP data

int DATA_LEN;//ICMP Data message length

struct {

struct ICMPHDR icmph;/icmp head/

__be32 Times[3];

} data;

int head_len;//icmp head length

struct ip_options replyopts;//the option data stored to receive ICMP messages, to be used when sending

unsigned char optbuf[40];

};