Linux Network protocol Analysis---3

This chapter mainly introduces the LINXU network model, as well as the Common Network Protocol Analysis Ethernet Protocol, IP Protocol, TCP protocol, UDP protocol

First, the network model

The four protocol tiers of the TCP/IP tiered model perform the following functions, respectively:
　First Layer network interface layer
The network interface layer includes protocols for collaborating on the transfer of IP data over existing network media. In fact, the TCP/IP standard does not define the functions corresponding to the ISO data link layer and the physical layer. Instead, it defines protocols such as Address Resolution Protocol (Resolution Protocol,arp), which provides the interface between the data structure of the TCP/IP protocol and the actual physical hardware.
　　Second Layer Network layer
The mesh layer corresponds to the network layer of the OSI seven-layer reference model. This layer contains IP protocol, RIP protocol (Routing information Protocol, routing Information Protocol), which is responsible for the packing, addressing and routing of data. It also includes the inter-Network Control Message Protocol (Internet Command message PROTOCOL,ICMP) to provide network diagnostic information.
　　Third Layer Transport Layer
The transport layer corresponds to the transport layer of the OSI seven-layer reference model, which provides two types of end-to-end communication services. Where the TCP protocol (transmission Control Protocol) provides reliable data flow transport services, the UDP protocol (use Datagram Protocol) provides unreliable user datagram services.
　　Layer Fourth Application Layer

The application layer corresponds to the application layer and the expression layer of the OSI seven-layer reference model. The Internet Application layer protocol includes finger, Whois, FTP (File Transfer Protocol), Gopher, HTTP (Hypertext Transfer Protocol), Telent (Remote terminal Protocol), SMTP (Simple Mail Transfer Protocol), IRC (Internet Relay session), NNTP (Network News Transfer Protocol) and so on.

OSI and TCP/IP protocol Correspondence Relationship table:

OSI seven-layer model	TCP/IP four layer model	Data being transferred
Application Layer	Application Layer	Data
Presentation Layer	Application Layer	Data
Session Layer	Application Layer	Data
Transport Layer	Transport Layer	Paragraph
Network layer	Network layer	Package
Data Link Layer	Network interface Layer	Frame
Physical Layer	Network interface Layer	Bit stream

Second, the agreement analysis

The network protocol is a collection of communication rules between all the devices on the network (network servers , computers and switches , routers , firewalls , etc.), which specifies the format to be used for communication and the meaning of these formats. Most networks have a layered architecture, each layered on top of it, providing some service to its upper layer, and masking the details of how to implement the service.

The rule that the nth layer on one device communicates with the nth layer on another device is the nth layer protocol. There are many protocols in each layer of the network, and the receiver and sender must agree on the same layer, otherwise one party will not be able to identify the information sent by the other party. Network protocols enable various devices on the network to exchange information with each other. Common protocols are: TCP/IP protocol, Ethernet, UDP protocol, etc.

2.1 Protocol Architecture

Different protocol layers have different names for packets, called segments (segment) in the transport layer, called datagrams in the Network layer (datagram), and are called frames in the link layer. The data is encapsulated into a frame and sent to the transmission medium, and after reaching the destination host each layer of protocol is stripped off the corresponding header, and finally the application layer data is handed to the application for processing.

In fact, there is a physical layer below the link layer, refers to the transmission of electrical signals, such as the current Ethernet network cable (twisted pair), the use of early Ethernet coaxial cable (now mainly used for cable TV), optical fiber, etc. all belong to the concept of physical layer.

(1) Where the source address and destination address refers to the network card hardware address (also called MAC address), the length is 48 bits, is in the network card Factory curing.

(2) Note that the data received by the network card chip (for example, dm9000a) is a long string of data as shown above, including the Ethernet frame header, the IP datagram header, the Transport Layer protocol segment header, the application layer required data.

(3) The length of the data in the Ethernet frame specifies a minimum of 46 bytes, a maximum of 1500 bytes, and the length of the ARP and RARP packets is less than 46 bytes, which is to be padded at a later level. The maximum value of 1500 is called the Maximum Transmission Unit (MTU) of the Ethernet, and different network types have different MTU, and if a packet is routed from Ethernet to a dial-up link, the packet is larger than the MTU of the dial link, and the packet needs to be fragmented fragmentation). There is also "mtu:1500" in the output of the Ifconfig command. Note that the MTU concept exponent is the maximum length of the payload in a frame, excluding the length of the frame header.

2.3IP Protocol Format

Version:

4 bits, refers to the IP protocol version of the current IP protocol version number is 4 (that is, IPV4)

Header Length:

4 bits, the maximum value that can be represented is 15 units (4 bytes in one unit) so the maximum of the first ministerial degree of the IP is 60 bytes

Differentiated Services:

8 bits, used to get better service, is called the service type in the old standard, but has not been used. 1998 This field is renamed as a differentiated service. This field only works if you are using Differentiated Services (DIFFSERV). This field is not used in the general case

Total length:

16 bits, the length of the sum of the header and data, in bytes, so the maximum length of the datagram is 65535 bytes. The total length must not exceed the maximum transfer unit MTU

Identity:

Occupies 16 bits, it is a counter that is used to generate the identity of the datagram

Logo (flag):

3-bit, currently only the first two bits have meaning

　　Mf

1. The lowest bit of the Flag field is MF (more Fragment)
2. Mf=1 indicates "There are shards" later. Mf=0 represents the Last Shard

　　Df

1. The one in the middle of the Flag field is DF (Don ' t Fragment)
2. Shards are allowed only when df=0

Chip Offset:

Occupies 12 bits, which refers to the relative position of a piece in the original group after the Shard. Slice offset in 8-byte offset units

Survival time:

The maximum number of routers that are recorded as TTL (Time to Live) datagrams in the Network, and the TTL field is the initial setting of a 8 bit field by the sending side. The recommended initial value is specified by the assigned number RFC and the current value is 64. When sending an ICMP echo response, the TTL is often set to the most Large value 255

Agreement:

8 bits, which indicates what protocol the data is carrying in this datagram so that the IP layer of the destination host is given the data portion of the process, 1 is the ICMP protocol, 2 is the IGMP protocol, 6 is the TCP protocol, and 17 is the UDP protocol.

First Inspection and:

Accounted for 16 bits, only the header of the test datagram does not test the data section. There is no CRC test code and a simple calculation method is used.

Source Address and Destination address:

Each account is 4 bytes, recording the source address and destination address, respectively.

2.4TCP Protocol Format

1. Source port and destination port

Each accounted for 2 bytes, port number plus IP address, together constitute the socket. The process of communicating with each other uses a pair of sockets, including protocol, source IP, source port, destination IP, destination port, which are the only five elements that determine a TCP connection.

2. serial Number

is 4 bytes, which is the ordinal of the first byte of the data part sent by the TCP segment. In a data stream transmitted by TCP, each byte has an ordinal number. When a connection is established, the sender fills in the initial ordinal number (Initial Sequence, ISN) into the first sent TCP segment ordinal.

3. Confirmation Number

is 4 bytes, is expected to receive the next time the data sent by the other side of the first byte ordinal, that is expected to receive the next TCP segment in the header of the ordinal, equal to the TCP segment has been successfully received the last byte ordinal plus 1. The confirmation number is meaningful when the ACK flag is 1, except that the first TCP segment that initiates the connection does not set the ACK flag, and the TCP segment that is sent thereafter sets the ACK flag.

4. Data Migration

4 bits, which indicates how far from the beginning of the TCP segment the data began. is actually the length of the TCP segment header. The Data offset field is necessary because the header length is not fixed. The data offset is in 32-bit units of length, so the maximum length of the TCP header is 60 (15*4) bytes.

5. Control bits

Total 6, 6 bits, set to 1 o'clock effective. ORDER BY: URG, ACK, PSH, RST, SYN, FIN.

URG	Emergency bit, for 1 o'clock, the emergency pointer in the header is valid
Ack	Confirmation bit, 1 o'clock, the confirmation number in the header is valid
PSH	Push-bit, for 1 o'clock, requires the data to be handed to the application as soon as possible
Rst	Reset flag, 1 o'clock, reset connection, usually used when error or close connection
Syn	The synchronization bit, used when establishing the connection, when Syn=1 and ack=0, indicates that this is a connection request message segment. If the other party agrees to establish a connection, make syn=1 and ack=1 in the message segment sent back
FIN	The end bit, which is 1 o'clock, indicates that the sender has finished sending the data

6. Windows

is 2 bytes, which indicates the number of bytes expected to be received by the sender of the message segment, and the range of ordinal numbers that can be received is the data from the receiver's confirmation number to the confirmation number plus the window size.

7. Checksum

The checksum contains the pseudo-header, TCP header, and data, and the checksum is mandatory for TCP, which is computed by the sender and validated by the receiver.

8. Emergency Pointers

The URG flag is 1 o'clock, and the emergency pointer is valid, indicating that the data needs to be prioritized. The emergency pointer indicates the ordinal of the last byte of the emergency data in the TCP segment, allowing the receiver to know how long the emergency data is altogether.

9. Options

The most common option is the maximum segment size (Maximum Segment SIZE,MSS), notifying the other party of the maximum TCP segment length that the machine can receive. The MSS option is only sent in the request to establish the connection.

2.5UDP Protocol Format

UDP is a non-connected, unreliable transport layer protocol;
A limited error checking function is provided in the process-to-process communication.
The purpose of designing a relatively simple UDP protocol is to achieve the goal of process communication in the network environment with minimal overhead.
The process sends a short message, while the reliability of the message is not high, then the UDP protocol can be used.

Linux Network protocol Analysis---3