TCP/IP Study Notes (6)-UDP Protocol 1. Brief Introduction to UDP
UDP is a transport layer protocol, which is in a layer with TCP protocol. However, unlike TCP, UDP does not provide timeout retransmission, error retransmission, and other functions, that is, it is an unreliable protocol.
2. UDP header 2.1.udp port number
Because many software applications require the UDP protocol, the UDP protocol must use a flag to distinguish the data packets required by different programs. This is the function of the port number. For example, if a UDP program A registers port 3000 in the system, the UDP packet sent from the outside with the destination port 3000 will be handed over to the program. Theoretically, there can be so many port numbers as 2 ^ 16. Because it is 16 bits in length
2.2.udp test and
This is an optional option. Not all systems verify UDP data packets (which is a must of the TCP protocol). However, according to the standard requirements in RFC, the sending end should calculate the verification.
UDP checks and overwrites the UDP protocol header and data, which is different from the IP address test. The IP protocol test only overwrites the IP address data header and does not overwrite all the data. Both UDP and TCP contain a pseudo header, which is produced for calculation test and. The pseudo-header even contains information in the IP protocol such as the IP address, so that UDP checks whether the data has arrived at the destination correctly twice. If the check and option are not enabled on the sender, And the acceptor calculates the check and has errors, the UDP data will be quietly lost (not guaranteed delivery) without generating any error packets.
2.3.udp Length
UDP can be long and long, and can be 65535 bytes long. However, when the network is transmitting data, a protocol that generally fails to transmit that long (involving MTU issues) will have to be split into data. Of course, these are transparent to UDP and other upper-level protocols. UDP does not need to care about how the IP protocol layer partitions data. The next chapter will discuss some sharding policies.
3. IP sharding
After the IP address receives data from the upper layer, it determines from which interface the data is sent (by selecting routes) based on the IP address and performs MTU query. If the data size exceeds the MTU, data is split. Data fragments are transparent to the upper and lower layers, and the data will be re-assembled when it reaches the destination. However, you don't have to worry. The IP layer provides enough information for data re-assembly.
In the IP header, the 16bit identification number uniquely records the ID of an IP package. IP segments with the same ID will be reassembled; the 13-bit slice offset records the position of an IP slice relative to the entire package, and the 3-bit sign in the middle indicates whether there are new slice after the slice. The three tags constitute all the information of the IP segment, and the receiver can use this information to re-organize the IP data (even if the subsequent parts are first served than the previous parts, this information is sufficient ).
Due to the frequent use of the sharding technology on the network, software and people who forge IP sharding packets for rogue attacks are also emerging.
You can use the trancdroute program to perform simple MTU detection. Please refer to the teaching materials.
3. interactive use between UDP and ARP
This is a detail that is not often noticed. It is intended for some system implementations. When the ARP cache is still empty. Before sending a UDP packet, you must send an ARP request to obtain the MAC address of the target host. If the UDP packet is large enough, it must be split to the IP layer, imagine that the first shard of the UDP packet will send an ARP query request, and all the shards will be sent after the query is complete. Is that actually true?
As a result, some systems send an ARP query for each shard. All shards are waiting, but when the first response is received, the host only sends the last data piece and discards others. This is incredible. In this way, because the fragmented data cannot be assembled in time, the accept host will discard IP data packets that will never be assembled within a period of time, and send the assembled timeout ICMP packet (in fact, many systems do not produce this error), to ensure that the receiving host's own acceptor cache is not filled with fragments that will never be assembled.
4. ICMP Origin Site suppression Error
When the processing speed of the target host cannot keep up with the data receiving speed, the host sends an ICMP message "I cannot stand" because the IP layer cache of the host is full.
5. UDP Server Design
Some features of UDP will affect the design of our server program, which is summarized as follows:
- About the customer IP address and address: the server must be able to determine whether the data packet is valid based on the customer IP address and port number (this seems to require every server to have)
- Target address: the server must be able to filter broadcast addresses.
- About data input: Generally, every port number in the server system corresponds to an input buffer. Incoming input is waiting for processing by the server based on the principle of first-in-last-in. Therefore, the buffer overflow is inevitable, in this case, UDP packets may be discarded, but the application server itself does not know this problem.
- The server should restrict the local IP address, that is, it should be able to bind itself to a port of a network interface.
TCP/IP Study Notes (7)-broadcast and multicast, IGMP Protocol 1. unicast, multicast, broadcast 1. Unicast (unicast)
Unicast means data transmission to a specific host. For example, an IP packet is sent to a host. At this time, the data link layer is given in the Data header is very specific destination address, for Ethernet, is the nic mac address (not FF-FF-FF-FF-FF-FF such address ). The current host with the routing function should be able to distribute unicast data in a targeted manner, while the network interface of the target host can filter out data inconsistent with its own MAC address.
1. 2. Broadcast (unicast)
Broadcast is a packet sent by a host to all hosts on a network. This network may be a network, a subnet, or all subnets. If it is a network, for example, the broadcast of a type of web site is netid.255.255.255. If it is a subnet, It is netid. netid. subnetid.255; for all subnets (Class B IP addresses), it is netid. netid.255.255. The MAC address FF-FF used by the broadcast. All hosts in the network will receive the broadcast data, the network card as long as the MAC address for the FF-FF-FF-FF-FF-FF of the data to the kernel can be. Generally, ARP or the route protocol rip should be broadcast.
1. 3. Multicasting)
Broadcast is a special case of multicast. multicast sends data to a specific host (multicast group, the data broadcast range is smaller (in fact, the broadcast range is not smaller). The multicast MAC address is the lowest of the highest byte, for example, 01-00-00-00-00-00. The multicast group address is a Class d ip address, which must be 224.0.0.0-239.255.255.255.
Although multicasting is special, the principle is that multicast data must be bound to MAC addresses through the data link layer and then sent. Therefore, after an Ethernet Card is bound to a multicast IP address, it must be bound to a multicast MAC address so that it can work like unicast. This multicast IP address and multicast MAC address have a corresponding algorithm between the p133 and P134 of the book. We can see that this is not a one-to-one correspondence. The host still needs to filter multicast data.
My opinion: the nature of broadcast and multicast is the same. The router puts the data in the LAN, and then the NIC filters the data and only obtains the data you want, for example, multicast data that you are interested in and multicast data that you are interested in. When a host runs a process that processes a multicast IP address, the process binds a virtual multicast MAC address to the NIC and creates a multicast IP address. In this way, the NIC will allow the data with the multicast MAC address to communicate, and those hosts that do not listen to the data will filter out the data. In other words, multicast makes the kernel of the host easy, and nic. Sorry, you are tired.
Some articles also confirm this idea. The most obvious thing is the principle, implementation and prevention of LAN listening.
2. Some validation experiments
These experiments are not very complex. We just need to ping a normal IP address and a broadcast address. First, ping a host in its subnet:
Reply from 192.168.11.1: bytes = 32 time <1 ms TTL = 255
Reply from 192.168.11.1: bytes = 32 time <1 ms TTL = 255
Reply from 192.168.11.1: bytes = 32 time <1 ms TTL = 255
Reply from 192.168.11.1: bytes = 32 time = 1 ms TTL = 255
We can see that the machine returns a response from a host, and then speculate that what if I ping a broadcast address? The result is as follows:
Reply from 192.168.11.9: bytes = 32 time = 1 ms TTL = 255
Reply from 192.168.11.174: bytes = 32 time <1 ms TTL = 64
Reply from 192.168.11.174: bytes = 32 time <1 ms TTL = 64
Reply from 192.168.11.174: bytes = 32 time <1 ms TTL = 64
Reply from 192.168.11.218: bytes = 32 time <1 ms TTL = 64
Reply from 192.168.11.174: bytes = 32 time <1 ms TTL = 64
Ping returns some random IP addresses, all of which are in the same subnet as the host. We can see that the broadcast actually sends messages to all IP addresses in the subnet.
Another example of multicasting is that it is not easy to implement this multicasting, because I don't know how many multicast groups are in the network, we had to use several special multicast addresses for verification.
For multicast addresses, several special multicast addresses are occupied. They are
- 224.0.0.1 -- all system groups in this subnet.
- 224.0.0.2 -- all routers in this subnet.
- 224.0.1.1 -- the network implements the dedicated ntp ip.
- 224.0.0.9 -- r00002 private IP Address
Therefore, you only need to ping these IP addresses, for example, Ping 224.0.0.2.
Reply from 192.168.11.1: bytes = 32 time <1 ms TTL = 255
Reply from 192.168.11.1: bytes = 32 time <1 ms TTL = 255
Reply from 192.168.11.1: bytes = 32 time <1 ms TTL = 255
Reply from 192.168.11.1: bytes = 32 time <1 ms TTL = 255
Reply from 192.168.11.1: bytes = 32 time <1 ms TTL = 255
Reply from 192.168.11.1: bytes = 32 time <1 ms TTL = 255
Reply from 192.168.11.1: bytes = 32 time <1 ms TTL = 255
We can see that this ping only returns a response from one IP address. This is the address of my gateway, which also verifies that 224.0.0.2 is the multicast (Multicast) address of all routers.
3. IGMP Protocol
The role of IGMP is to let all other hosts and routers that need to know which multicast group they are in know their statuses. Generally, a multicast Router does not need to know how many hosts are in a multicast group, but only needs to know whether there are hosts in a multicast group in its subnet. As long as a multicast group has another host, the multicast router will transmit the data so that the receiver can obtain the desired data through the NIC filter function. To know multicast group information, the multicast router needs to regularly send IGMP queries. The IGMP format can be used to read books. The hosts in each multicast group need to reply to their statuses based on the query. The vro determines which multicast groups you want to send data.
The TTL of this query response datagram is generally 1, and no ICMP error is generated even if an error occurs (not required)
TCP/IP study notes (8)-DNS domain name system
As mentioned above, accessing a machine depends on the IP address and MAC address. The MAC address can be obtained through the ARP Protocol. Therefore, this is transparent to users, but the IP address cannot be used, in any case, users need to use a specified IP address to access a computer, and the IP address is not easy to remember, so a DNS system appears.
1. DNS SYSTEM INTRODUCTION
The full name of DNS is domain name system. It is responsible for translating the FQDN (the name ending with ".") into an IP address. The initial dnssystem uses a huge hosts.txt file (surprised, how can this be used ?), However, the development requires that the data warehouse be replaced by the hosts.txt file, and finally the distributed database is developed.
From the 143 page of the book, we can see that the DNS system is a huge tree with an unsung root at the top. The next layer is ARPA, COM, Edu, Gov, Int, Mil, us, CN. Among them, Arpa is the top of the domain name anti-resolution tree, while com, Edu, and other domain names are originally used only in the United States (this is the technical privilege), but now almost all over the world; us, CN, and so on are called country domains. The domain names in this tree are not centrally managed. The Network Information Center (NIS) is responsible for assigning top-level domains to authorization institutions in other designated regions.
An independently managed DNS subtree is calledZoneThe most common area is the second-level domain name, such as .com.cn. We can also divide this second-level domain name into smaller areas, such as sina.com.cn.
The DNS system is a distributed database. When a database finds that it does not have the data required for a query, it forwards the query, and the forwarding destination is usually the root server, the root server forwards queries from top to bottom until the target is found. Another feature of DNS is its high-speed cache. DNS caches the queried data somewhere for use in the next query.
2. DNS protocol
A dns message defines a message format that can be queried or responded. For specific formats, see p145. The fields are briefly described as follows:
- The first 16 bits uniquely identify the problem number, which is used by the query end to differentiate itself from the query.
- The next 16 bits can be further subdivided to indicate the nature and details of the message, such as querying or responding to the message, whether or not recursive query is required (generally, the server supports recursive query without any settings. This is the case for BIND)
- Query problems are followed by query types, including a, NS, cname, PTR, HINFO, and MX. If you are familiar with bind, you will know in Zong's configuration file, each record records its own type. For example, a is an IP address, and NS is a name server.
- Response packets can reply to multiple IP addresses, that is, the domain name can correspond to multiple IP addresses, and there are many cname.
3. Reverse Query
Forward query refers to the query of the IP address obtained through the domain name, and reverse query refers to the query of the domain name obtained through the IP address. For exampleHostCommand,Host IPYou can get the Domain Name of the server,Host domainnameThe IP address is obtained.
People who know a little about the data structure can realize that reverse queries are performed in the forward query domain. The only way to do this is to traverse the entire data set-for DNS, that is, traverse the entire database, this will bring a huge burden, so DNS adopts another method, using another subtree to maintain the corresponding table of IP-> domain name. The root node of this subtree is a in-addr.arpa, And the DNS address of an IP such as 192.168.11.2 is 2.11.168.192.in-ADDR. ARPA (IP inversion ). In the DNS system, a reverse address corresponds to a PTR record (corresponding to a record), So reverse query is also called a pointer (PTR) query.
4. Other questions 4.1.dns high-speed cache
Bind9 is a high-speed cache server by default. It transfers all the queries to the root server, and then obtains the results and places them in the local buffer to speed up the query. If you are interested, install bind9 and try it. The custom zone can specify the cache time, usually one day (1d in the configuration file ).
4. 2. Use UDP or TCP
The DNS server supports both TCP and UDP protocols, and the port number is 53. Most of the queries are UDP queries. Generally, TCP queries are required in two cases:
- When the data size is so large that data truncation (TC mark 1) occurs, you need to use the TCP fragment capability for data transmission (see the relevant chapter of TCP ).
- When the master Server communicates with the slave server, the slave server obtains the zone information of the master server.
End