Linux Network Programming-7. TCP/IP protocol

You may have heard of the TCP/IP protocol. Do you know what TCP is and what Ip is? In this chapter, we will learn about the most widely used protocol on the network.

7.1 network transmission layering
If you have passed the computer grade examination, you should have understood the concept of network transmission layering. on the network, for the convenience of data transmission, the network transmission is divided into seven layers. they are: application layer, presentation layer, Session Layer, transmission layer, network layer, data link layer, and physical layer. after dividing the layer, if you want to transmit data on the previous layer, you can directly go down to the next layer without managing the details of data transmission. the next layer only provides data to the previous layer, instead of taking care of other things. if you don't want to take the test, you don't have to remember these things. as long as you know that the layers are layered and have different roles.

7.2 IP protocol
The IP protocol is a network-layer protocol. It mainly sends packets. The following table lists the packet formats of ip4.

0 4 8 16 32
--------------------------------------------------
| Version | header length | service type | Total Packet Length |
--------------------------------------------------
| Identifier | DF | MF | shard offset |
--------------------------------------------------
| Survival time | Protocol | comparison of the first part |
------------------------------------------------
| Source IP address |
------------------------------------------------
| Destination IP address |
-------------------------------------------------
| Option |
========================================================== ==========
| Data |
-------------------------------------------------

Let's take a look at the IP structure definition.

Struct IP
{
# If _ byte_order = _ little_endian
Unsigned int ip_hl: 4;/* Header Length */
Unsigned int ip_v: 4;/* version */
# Endif
# If _ byte_order = _ big_endian
Unsigned int ip_v: 4;/* version */
Unsigned int ip_hl: 4;/* Header Length */
# Endif
U_int8_t ip_tos;/* type of service */
U_short ip_len;/* total length */
U_short ip_id;/* identification */
U_short ip_off;/* Fragment offset field */
# Define ip_rf 0x8000/* Reserved fragment flag */
# Define ip_df 0X4000/* dont fragment flag */
# Define ip_mf 0x2000/* more fragments flag */
# Define ip_offmask 0x1fff/* mask for fragmenting bits */
U_int8_t ip_ttl;/* Time to live */
U_int8_t ip_p;/* Protocol */
U_short ip_sum;/* checksum */
Struct in_addr ip_src, ip_dst;/* Source and DEST address */
};

The version number of ip_vip protocol. Here is 4. Now IPv6 is available.

The length of the header of the ip_hlip packet. The value is 4 bytes. The fixed length of the IP header is 20 bytes. If no option is available for the IP packet, the value is 5.

Ip_tos indicates the priority provided.

Ip_len indicates the length of IP data, in bytes.

Ip_id identifies the IP packet.

Ip_off fragmentation offset, Which is used together with the above ID to restructure the fragmentation.

Ip_ttl survival time. When a route is not passed, it is dropped until it is 0.

Ip_p indicates the high-level protocol for creating this IP packet, such as TCP and UDP.

Ip_sum header checksum, which verifies the header data.

IP address of ip_src, ip_dst sender and receiver

For more information about the IP protocol, see rfc791.

7.3 ICMP protocol
ICMP is a message control protocol and also at the network layer. When an IP packet is transmitted over the network, if an error occurs, the ICMP protocol will be used to report the error.

The ICMP packet structure is as follows:

0 8 16 32
---------------------------------------------------------------------
| Type | code | checksum |
--------------------------------------------------------------------
| Data |
--------------------------------------------------------------------

The definition of ICMP in is
Struct icmphdr
{
U_int8_t type;/* Message Type */
U_int8_t code;/* type sub-Code */
U_int16_t checksum;
Union
{
Struct
{
U_int16_t ID;
U_int16_t sequence;
} Echo;/* echo datasync */
U_int32_t gateway;/* gateway address */
Struct
{
U_int16_t _ unused;
U_int16_t MTU;
} Frag;/* path MTU discovery */
} Un;
};

For details about the ICMP protocol, refer to rfc792.

7.4 UDP protocol
The UDP protocol is based on the IP protocol and used in the transport layer. UDP and IP protocols are unreliable datagram services. The UDP Header Format is:

0 16 32
---------------------------------------------------
| UDP source port | UDP destination port |
---------------------------------------------------
| UDP datagram length | UDP datagram verification |
---------------------------------------------------

The UDP structure is defined as follows:
Struct udphdr {
U_int16_t source;
U_int16_t DEST;
U_int16_t Len;
U_int16_t check;
};

For more information about UDP, see rfc768.
7.5 TCP
The TCP protocol is also built on the IP protocol, but the TCP protocol is reliable and sent in order. The TCP data structure is more complex than the previous structure.

0 4 8 10 16 24 32
-------------------------------------------------------------------
| Source port | destination port |
-------------------------------------------------------------------
| Serial number |
------------------------------------------------------------------
| Confirmation number |
------------------------------------------------------------------
| U | A | p | S | f |
| Header length | reserved | r | c | S | Y | I | window |
| G | K | H | n |
-----------------------------------------------------------------
| Checksum | emergency pointer |
-----------------------------------------------------------------
| Option | fill byte |
-----------------------------------------------------------------

The TCP structure is defined in:
Struct tcphdr
{
U_int16_t source;
U_int16_t DEST;
U_int32_t seq;
U_int32_t ack_seq;
# If _ byte_order = _ little_endian
U_int16_t RES1: 4;
U_int16_t doff: 4;
U_int16_t Fin: 1;
U_int16_t SYN: 1;
U_int16_t rst: 1;
U_int16_t PSH: 1;
U_int16_t ack: 1;
U_int16_t URG: 1;
U_int16_t RES2: 2;
# Elif _ byte_order = _ big_endian
U_int16_t doff: 4;
U_int16_t RES1: 4;
U_int16_t RES2: 2;
U_int16_t URG: 1;
U_int16_t ack: 1;
U_int16_t PSH: 1;
U_int16_t rst: 1;
U_int16_t SYN: 1;
U_int16_t Fin: 1;
# Endif
U_int16_t window;
U_int16_t check;
U_int16_t urg_prt;
};

Source Port for sending TCP Data
Destination port on which DEST accepts TCP Data

SEQ identifies the start serial number of the data bytes contained in the TCP

Ack_seq indicates the serial number of the data accepted by the receiver next time.

The length of the doff data header. The same as the IP protocol, the unit is 4 bytes. Generally, the length is 5 bytes.

If URG sets an emergency Data Pointer, this bit is 1

Ack if the confirmation number is correct, it is 1

If the PSH is set to 1, the Receiver immediately submits the data to the previous program after receiving the data.

When RST is 1, the request is reconnected.

When SYN is set to 1, a connection is requested.

When Fin is 1, the connection is closed

Window to tell the recipient the acceptable size

Check checks the TCP data.

Urg_ptr if URG = 1, it indicates the Offset Value of the serial number starting from the historical data for the emergency data.

For details about the TCP protocol, see rfc793

7.6 establish a TCP connection
TCP is a reliable connection. To ensure the reliability of the connection, the TCP connection is divided into several steps. We call this connection process "three-way handshake ".

Next we will analyze the process of establishing a connection from an instance.

Step 1: the client sends a TCP packet to the server, indicating that the request establishes a connection. Therefore, the client sets the SYN bit of the packet to 1 and the serial number seq = 1000 (we assume it is 1000 ).

Step 2 the server receives the packet and learns from the SYN bit 1 that this is a connection to establish the request. the server also sends a TCP packet to the client. in response to client requests, the server sets Ack to 1, sak_seq = 1001 (1000 + 1), and sets its own serial number. SEQ = 2000 (we assume it is 2000 ).

Step 3: the client receives the TCP of the server and obtains the confirmation information from the server from ack 1 and ack_seq = 1001. therefore, the client also sends confirmation information to the server. the client sets Ack = 1, and ack_seq = 2001, seq = 1001, and sends it to the server. the client has completed the connection.

In the last step, the server is confirmed and the connection is completed.

Through the above steps, a TCP connection is established. Of course, errors may occur during the establishment process, but the TCP protocol can ensure that you can handle errors.

Let's talk about one of the errors.
Have you heard of dos? (Not the operating system). During the Spring Festival this year, the five websites in the United States were attacked together. The attackers used DoS (Denial-of-Service) methods.
The client performs the first step. After the server receives the request, the server performs the second step. The client performs the third step according to the normal TCP connection.
However, the attacker does not actually perform the third step. because the client modifies its own IP address during the first step, that is, it fills a nonexistent IP address in the IP address column of the sender of the IP address package. in this way, because no one receives the IP address sent by the server, the server will not receive the confirmation signal in step 3, so that the service end will wait there until the timeout.
In this way, when a large number of customers send requests, the server will wait a lot until all the resources are used up and cannot receive client requests.
In this way, when a normal user sends a request to the server, the request cannot be successful due to lack of resources, so the situation occurs during the Spring Festival.