Introduction
IP is a connectionless protocol. It operates on the link layer (such as Ethernet) that uses packet switching. This agreement will do its best to deliver the data package.
Doing the best effort means: The
IP protocol does not guarantee the reliable transmission of data, there is no flow control mechanism, there is no guarantee of the transmission sequence (meaning that the IP data packets will be out of order during transmission), there is no acknowledgment (ACK) mechanism, and there is no repetition Transmission mechanism.
The main function
IP protocol provides two basic functions address (Address) and fragmentation (Fragmentation) .
Here we first briefly look at the concept, and later will analyze in detail how it is implemented.
Addressing
The IP protocol defines a 32-bit IP address. The IP protocol implementation module will send / forward packets to the destination address based on the destination address in the IP packet header.
- During the process from the source address to the destination address, a data packet may pass through multiple intermediate nodes, and these nodes need to use an appropriate routing protocol to forward the data packet. It is also possible to drop packets.
- The IP protocol implementation module believes that each IP data packet is independent, and there is no connection between any two IP data packets.
The IP protocol also provides the following mechanisms to configure the services provided by the IP protocol:
- Type of Service: Used to ensure the quality of IP protocol services.
- Time to Live: Specify the upper limit of the life cycle of an IP packet. This value is set by the sender. The packet does not pass through an intermediate node. The Time to Live value in the packet decreases by 1, when this value becomes zero And has not reached the destination address, the data packet will be discarded at the intermediate node.
- Options: Some control bits are used in some cases.
- Header Checksum: Used to detect whether an error occurred during the transmission of a data packet. If a data error is found at a certain node, the data will be discarded at that node.
Fragmentation
Because different physical links have different restrictions on the maximum length of data, IP data may be split into multiple smaller data packets for transmission during transmission.
The sender can set the data packet to "don't fragment", this kind of data packet will be discarded when the size of the data packet is greater than the maximum packet limit of the current physical link.
IPv4 Header format
Next, we introduce the meaning of each field one by one:
- Version: 4 bit. Indicates the current IP protocol version.
- IHL: It is the abbreviation of Internet Hander Length, and its length is 4 bits. Its value is an integer that points to the start byte of the actual data carried in the IP packet. The unit is 4 bytes.
- Type of Service: 8 bit. Indicates the type of service expected by the current packet. The meanings of 8 bits are as follows:
- bits 0-2: indicates the priority of the data packet
- bit 3: 0 represents Normal-Delay, 1 represents Low-Delay
- bit 4: 0 for Normal-Throughput, 1 for High-Throughput
- bit 5: 0 for Normal-Reliable, 1 for High-Reliable
- bits 6-7: reserved
This field is rarely used and is for reference only.
- Total Length: 16 bit. Indicates the total length of the current data packet, including the IP header and data. The unit is bytes. The maximum length is 65535 bytes,
- Identification: 16 bit. An id value set by the sender to help integrate the fragmented data packet into a single data packet.
- Flags: 3 bits. The meaning of each bit is as follows:
- bit 0: reserved
- bit 1: (DF) 0 for May Fragment, 1 for Don't Fragment
- bit 2: (MF) 0 for Last Fragment, 1 for More Fragments
- Fragment Offset: 13 bit. Indicates the position of the current fragment in all fragments. The unit is 8 bytes. The value of this field in the first fragment is 0.
- Time to Live: 8 bit.
- Protocol: 8 bit. Indicates the protocol of the data carried in the current IP packet. That is, the protocol above the IP protocol.
- Header Checksum: 16 bit. During data packet transmission, this value will change with the value of the IP header. For example: Time to Live changes, or the IP packet is fragmented, in this case, you need to re Calculate checksum.
- Source Address, Destination Address: 各占 32 bit.
- Options: Variable-length fields. Due to the complexity of Options, detailed description below
- Padding: Variable-length field. Used to fill the IP packet length to an integer multiple of 32 bits. The values of the padded bits are all 0.
Options
This field is optional in the IP header and may or may not appear.
The Optinos field can contain 0 to more options, and its legal format for each option is the following two:
- Use a separate Option-Type as the value of this field
- Option-Type + Option-Length + Option-Data as the value of this field
One byte of Option-Length indicates the length of the subsequent Option-Data. The unit is also bytes.
Option-Type:
The length of this type is 8 bits. The meaning of each bit is as follows:
- bit 0: copied field,
- bit 1-2: option class
- bit 3-7: option number
Copied field:
Indicate whether the Option needs to be copied to each fragment when the original data packet needs to be fragmented.
- 0 for not copied
- 1 for copied
Option class:
- 0: for Control
- 1: reserved
- 2: 代表 Debugging and measurement
- 3: reserved
Currently available options
| Class | Number | Length | Description |
|---|---|---|---|
| 0 | 0 | - | End of Option list. Occupy one byte. No length |
| 0 | 1 | - | No operation. Occupy one byte. No length |
| 0 | 2 | 11 | Security. |
| 0 | 3 | where. | Loose Source Routing. Use the information provided by the source sender to route the current packet |
| 0 | 9 | where. | Strict Source Routing. Use the information provided by the source sender to route the current packet |
| 0 | 7 | where. | Record Route. Used to track the current packet route |
| 0 | 8 | 4 | Stream ID. Used to include Stream ID |
| 2 | 4 | where. | Internet Timestamp |
Packet capture analysis
Unfragmented IP packets
After the above study, we will try to analyze an IP packet captured by Wireshark. The
original binary data is:
45 00 00 28 fa f1 40 00 32 06 ec 59 a1 75 ff 00
c0 a8 00 66
- The first field is Version, here is the IPv4 protocol, so the first byte is 4.
- The second field is IHL, we see that its value is 5, because the unit of this field is 4 bytes, so the actual data is 20. In other words, the length of our IP packet header is 20 bytes. The minimum length of the IP header is 20 bytes.
- The third field is Type of Service. Obviously the description used by wireshark is different from the definition in RFC. But it does not matter, the value of this field is 0. That is not used.
- The fourth field is Total Length, indicating that the overall length of the current IP packet is 40 bytes. 20 bytes of IP header and 20 bytes of TCP data.
- The fifth field is Identification
- The sixth field is Flags, and its value is 010 (binary), indicating that the current IP packet should not be fragmented, and the current fragment is last frament.
- The seventh field is Fragment Offset. Since the IP packet is not fragmented, we see that the Fragment Offset field is 0.
- The eighth field is Time to Live, and its value is 50.
- The ninth field is Protocol, indicating that the data carried in the current IP packet is a TCP protocol packet.
- The tenth field is Checksum
- The eleventh and twelfth fields represent the source and destination addresses, respectively.
- Padding: Not shown in the screenshot. Because the actual length of the packet is 50 bytes, not an integer multiple of 32 bit, you need to use the Padding field to fill the IP packet. The calculation shows that padding should be 2 bytes , The value is 0x0000.
Fragmented IP packet
Next, let's take a look at the fragmented IP packet.
Here we will see a packet divided into three fragments. Here we only focus on a few fields related to the fragment, other fields refer to the above analysis .
The first fragment
here are the fields we need to pay attention to: Identification, Flags, and Fragment Offset.
And looking at the picture above, this is the first piece of an IP packet divided into three pieces.
- We know that the value of Identification is an Id, and it has no specific meaning, just skip it for now.
- The value of Flags is 001 (binary). According to the definition of Flags, we know:
- The second bit is 0, representing May Fragment, indicating that the packet can be fragmented
- The third bit is 1, representing More Fragment, indicating that the packet is not the last one in the original packet fragment.
- Fragment Offset is 0, which means that the current fragment is the first in the original packet fragment.
Let us look at the next second slice
same current value noted 4. Identification value fragment of the first fragment.
5. The Flags value 001 (binary), we know that the definition Flags:
- a second The bit is 0, representing May Fragment, indicating that the packet can be fragmented
-the third bit is 1, representing More Fragment, indicating that the packet is not the last one in the original packet fragment.
6. Fragment Offset is 1480 . It should be noted here that wireshark displays the calculated value. If you look at the drawing of its original data, you will find that the actual value of this bit is .00010111001 (binary). Since the unit of this field is 8 byte, it is equivalent 00010111001 * 8 is the value shown in wireshark. As you can see from the first picture, the data length in the first fragment is 1480, so the Fragment offset in the second fragment corresponds to the original packet The data at the beginning of the 1480 position is divided. The data length is still 1480.
Next and look at the last shard.
7. Notice that the current shard's Identification value is the same as the first two shards.
8. The value of Flags is 000 (binary). According to the definition of Flags, we know:
-The second bit is 0, representing May Fragment, indicating that the packet can be fragmented
-the third bit is 0, representing Last Fragment, indicating that the packet is the last fragment.
9. Fragment Offset is 2960. Due to the first two points The data length of the slice is 1480, and the data in this slice naturally starts at 2960.
To summarize IP fragmentation:
10. If the Don't Flag flag in the Flags of a packet is set to 1, then the IP packet cannot be fragmented
11. For packets that need fragmentation, fragmentation rules are as follows:
- for the first slice, Framgent Offset is set to 0, to set fragment More
- the intermediate fragments need to set the More fragment, and Frament Offset points before all the data is divided by the length of the sheet 8.
- For the last fragment, the Last Fragment needs to be set, and Fragment Offset is the sum of the lengths of all previous fragment data divided by 8
-IP packets after fragmentation of the same IP packet need to set the same Identification.
END!
