Summary of IP packet length issues

This article summarizes the good, from: http://hi.baidu.com/to_wait/blog/item/3e855931a5a51717eac4af22.html

The TCP/IP protocol involves four layers: link layer, network layer, transmission layer, and application layer.
The Ethernet data frame is at the link layer.
IP packageAt the network layer
TCP or UDP PacketsAt the transport layer
Data in TCP or UDP(Data) at the application layer
TheirLink isData frame {IP packet {TCP or UDP packet {data }}}
---------------------------------------------------------------------------------
The maximum length of data used in applications depends on the underlying limits.
Let's analyze from bottom to top:
1.Link LayerThe length of the data frame is (46 + 18)-(1500 + 18) determined by the physical characteristics of Ethernet. 18 is the header and end of the data frame, that isThe maximum data frame content is 1500.(Excluding frame header and frame tail), that is, MTU (maximum transmission unit) is 1500;
2.At the network layerBecause the header of the IP package occupies 20 bytes, the MTU is 1500-20 = 1480;
3.At the transport layerFor the UDP packet header, it takes 8 bytes, so the MTU is 1480-8 = 1472;
Therefore, at the application layer, your data length is 1472 at the maximum. (When our UDP packet contains more data than MTU (1472), the sender's IP layer needs to fragmentation for transmission, and the receiver's IP layer needs to reorganize the datagram, because UDP is an unreliable transmission protocol, if the part is lost, the reorganization fails, and UDP packets will be discarded ).
From the above analysis, in a common LAN environment, the maximum UDP data size is 1472 bytes (avoid sharding ).
However, in network programming, vrouters on the Internet may be set to different values (less than the default value ),The standard MTU value on the internet is 576Therefore, the Data Length in UDP programming on the Internet should be less than 576-20-8 = 548 bytes.
---------------------------------------------------------------------------------
MTU is very important to our UDP programming. How can we view the MTU value of the route?
For Windows OS: Ping-F-l such as: Ping-F-l 1472 192.168.0.1
If the message "packets needs to be fragmented but DF set." is displayed, the MTU is smaller than 1500, And the data_length value is continuously reduced. Finally, the MTU value of the gateway can be calculated;
For Linux OS: Ping-C-M do-s, for example, Ping-C 1-M do-s 1472 192.168.0.1
If the prompt is frag needed and DF set ...... It indicates that the MTU is less than 1500. You can test the MTU of the gateway again.
---------------------------------------------------------------------------------

The maximum length of an IP packet is 64 KB (65535 ),Because two bytes are used to describe the packet length in the IP address header, the maximum number of two bytes is 65535.

Because the IP protocol provides the upper-layer protocol to split and reorganize packets, there is no restriction on the packet length of the transport layer protocol in principle. In fact, there are still some restrictions, because the ID field of the IP package cannot be infinitely long after all, according to IPv4, it seems that the upper limit should be 4G (64 K * 64 K ). Relying on this mechanism,There is no "packet length" field in the TCP packet header, but it relies entirely on the IP layer to process frames. This is why TCP is often called a "stream protocol ".When using the TCP Service, developers do not have to worry about the data packet size. They only need to talk about socket as the entry to a data stream and put data in it, the TCP protocol implements congestion/traffic control.

UDP is different from TCP. The total length field in the UDP packet header is also two bytes. Therefore, the total length of the UDP packet is limited to 65535, which can be placed into an IP packet, this makes the implementation of UDP/IP protocol stack very simple and efficient. 65535 minus the eight bytes occupied by the UDP header. the maximum length of the payload in the UDP Service is only 65527. This value is the returned value when you specify so_max_msg_size when calling getsockopt (). The data sent at a time cannot exceed this value for any socket using the sock_dgram attribute. Otherwise, an error is returned.

What will happen when the IP package is submitted to the lower-layer protocol? This depends on the data link layer protocol. Generally, the data link layer protocol is responsible for dividing an IP packet into smaller frames and reorganizing it on the target end. On Ethernet, the size of the data link frame is described by the above two heroes. If the IP address is over ATM, the IP packet is split into an ATM cell with a size of 53 bytes.

**************************************** **************************************** **************************************** ******

**************************************** **************************************** **************************************** ******

CP provides a connection-oriented and reliable byte stream service. An important way for TCP to provide reliability is MSS. Through MSS, application data is divided into data blocks that TCP considers to be the most suitable for sending. The unit of information transmitted by TCP to the IP address is called the segment or segment ). Multiple members in struct tcp_sock, a struct representing a TCP socket, are suitable for determining the maximum number of data blocks (MSS) that the application data is divided ).
The most relevant parameter to the maximum packet segment length is the MTU of the network device interface. The MTU of Ethernet is 1500, the basic IP header is 20, and the TCP header is 20, therefore, the MSS value can reach 1460 (MSS does not include the protocol header and only contains application data ).
In the preceding TCP three-way handshake protocol, both parties have advertised the desired MSS value through the TCP option, which is directly derived from the advmss member of struct tcp_sock, the value is taken directly from the MTU of the network device interface minus the length of the IP header and TCP header. It can be up to 1460 in local Ethernet (if the header does not include the option ). The member rx_opt is a struct tcp_options_received, which records the TCP option announcement from the peer end. Its member mss_clamp indicates the upper limit of the MSS, and its source is the MSS announcement of the Peer end, while mss_user is the user-set MSS, which has the highest priority. If user_mss exists, user_mss is used to ignore others.
We can see from the above that MSS can be negotiated through the SYN segment (the MSS option can only appear in the SYN packet segment), but it can not be negotiated under any conditions, if one party does not accept the MSS value from the other party and does not have user_mss, MSS is set to the default value of 536 bytes (with the header, 576 bytes of IP datagram is allowed ). In fact, the initial value of struct tcp_sock-> rx_opt-> mss_clamp is set to 536. It is modified only after receiving the MSS announcement from the peer end. The mss_cache Member of the struct tcp_sock is used to cache the last valid MSS, and its initial value is also set to 536.
The mytcp_sync_mss function synchronizes data for MSS-related members in a TCP socket. The basic algorithm is as follows:
1. The current MSS should normally be the MTU-IP header-TCP Header (excluding the option ).
2. struct tcp_sock-> rx_opt-> mss_clamp contains the acceptable MSS value advertised by the peer. If the value is smaller than the MSS value calculated in the first step, the value prevails.
3. If the IP header contains the IP option, the length of the option is subtracted from the Option Length in MSS.
4. If the MSS is already smaller than 48, it is equal to 48.
5. Subtract the length of the option in the TCP header.
6. If MSS is already greater than 1/2 of the sliding window size, take 1/2 of the sliding window size as the MSS value (but not smaller than 48 ).
7. The member mss_cache is used to cache the computed MSS.
Therefore, it is incorrect to say that MSS is 1460 in local Ethernet, and it will also change dynamically. If the options are available in the IP header and TCP header, the MSS should be reduced accordingly, generally, the TCP Header has a 12-byte Timestamp Option (plus the two-byte fill option), and the MSS is equal to 1448.
The main function of MSS is to limit the length of data sent by the host on the other end. At the same time, the host itself also controls the length of data sent by itself, this will avoid segmentation when a small MTU is connected to a host on a network.
Struct tcp_sock has a member xmit_size_goal, which is used to record the segment size when the socket sends the data report. Generally, its value is equal to that of MSs (in special cases, exceptions may occur and analysis is performed later ).
----------------------------------------

Ethernet (IEEE 802.3) frame format:

1. Forward code: 7 bytes 0x55, a string of 1 and 0 intervals, used for signal synchronization

2. Frame start delimiter: 1-byte 0xd5 (10101011), indicating the start of a frame

3. Da (destination MAC): 6 bytes

4. SA (source MAC): 6 bytes

5. Type/length: 2 bytes, 0 ~ 1500 reserved as the length field value, 1536 ~ 65535 reserved as the type field value (0x0600 ~ 0 xFFFF)

6. Data: 46 ~ 1500 bytes

7. Frame verification sequence (FCS): 4 bytes. The CRC is used to calculate the checksum obtained from the target Mac to the data domain.

Ethernet is a type of LAN that uses CSMA/CD as the MAC Algorithm. Methods To avoid CSMA/CD conflicts: Send after listening, send while listening, and resend after random delay. In the event of a conflict, each host must be able to detect it. The minimum sending gap and the minimum frame length are also required to avoid conflicts.

Consider the following situation: the host sends a very small frame, while the two conflicting hosts are far apart. B starts sending frames the moment before the frames sent by host a are transmitted to host B. In this way, when frame a reaches B, B detects a conflict and sends a conflict signal. If frame a has been sent before the conflicting signal of B is transmitted to a, then a cannot detect the conflict and mistakenly believes that the sent message is successful. Because there is a delay in signal propagation, it takes some time to detect conflicts. This is why there must be a minimum frame length limit.

According to the standard, when 10 Mbps Ethernet uses a repeater, the maximum connection length is 2500 meters and a maximum of four reconnections are allowed. Therefore, the minimum transmission time for a 10 Mbps Ethernet frame is 51.2 microseconds. The data that can be transmitted during this period is 512 bits, so this time is also called 512 bits. This time is defined as an Ethernet time slot or a time slot in conflict. 512-bit = 64-byte, which is the reason for the minimum 64-byte Ethernet frame.

512 bits is the time when the host captures the channel. If the 64-byte frames sent by a host do not conflict with each other, no conflict will occur in the future. This host captures the channel.

Because the channel is shared by all hosts, if the data frame is too long, some hosts cannot send data for a long time, and some send data may exceed the buffer size of the acceptor, resulting in buffer overflow. To prevent a single host from occupying too long a channel, the maximum frame length of an Ethernet frame is 1500.

When the time slot of 512 Mbps Ethernet is still 5.12 bits, the minimum sending time of a frame must be μs.

The time slot of 512 Mbps Ethernet is increased to 4096 bytes, that is, 4.096 μs for bits.

*************************************

MTU Description: Maximum length of the payload field in a MAC frame

When we use the ping command, the size of the data packet specified by the-l parameter refers to the length of the icmpdata field in the ICMP packet, excluding the ICMP header and ipheader.

The maximum length of the IP packet encapsulated by Ethernet is 1500 bytes. That is to say, the maximum length of the Ethernet frame should be 1500 In the Ethernet header, plus a 7-byte leading synchronization code and a 1-byte frame starting delimiter, specifically: 7-byte leading synchronization + 1-byte frame start delimiter + 6-byte destination MAC + 6-byte source MAC + 2-byte Frame Type + 1500 + 4-byte FCS.

    According to the above, the maximum frame should be 1526 bytes, but the maximum frame we get from Packet Capturing is 1514 bytes. Why not 1526 bytes? The reason is that when the data frame arrives at the NIC, the NIC on the physical layer must first remove the leading synchronization code and the starting delimiters of the frame, and then perform CRC checks on the frame. If the frame checksum is incorrect, the frame is discarded. If the checksum is correct, check whether the target hardware address of the frame meets your receiving conditions (the destination address is your own physical hardware address, broadcast address, and the available multicast hardware address ), if yes, the frame will be handed over to the "device driver" for further processing. At this time, our packet capture software can capture data. Therefore, what the packet capture software captures is to remove the leading synchronization code, the frame start delimiter, and data outside of the FCS, the maximum value is 6 + 6 + 2 + 1500 = 1514.

   According to Ethernet rules, the minimum part of the Ethernet frame data domain is 46 bytes, that is, the minimum value of the Ethernet frame is 6 + 6 + 2 + 46 + 4 = 64. Except for the 4-byte FCS, the packet capture time is 60 bytes. When the length of a data field is less than 46 bytes, the MAC Sub-layer will fill the data field to ensure that the data frame length is not less than 64 bytes. The MAC Sub-layer is responsible for filling data, that is, the device driver. Different Packet Capture programs and device drivers may have different priority levels, and the packet capture program may have a higher priority than the device driver, that is, our package capture program may have captured data when the device driver has not filled a 64-byte frame. Therefore, the size of data frames captured by different packet capture tools may be different. The following is the result of packet capture with Wireshark and sniffer respectively.
The size of the ACK validation frame is 54 bytes, and the size of one is 60 bytes. Wireshark does not fill the data segment when capturing, while sniffer does not.