A data structure of each layer of a computer network
The computer network hierarchy is:
| computer network structure |
|---|
| application layer |
| transport layer |
| Network layer |
| data link layer |
| physical layer |
The structure of the Ethernet (data link layer) data frame:
The length of the data segment is 46 to 1500 bytes.
Ethernet data frames do not have a length field. The host computer determines that the Ethernet data frame has been received and relies on the host receiver not feeling the voltage change. When the receiver does not feel the voltage change, it indicates that this frame of data has been received.
Format of IP datagram (network layer):
Data format of UDP protocol:
ARP protocol format:
Express the format of the header file of the above data packet in the form of data structure:
#pragma pack(1) //
#define ETH_ADDR_LENGTH 6
struct ethhdr {
unsigned char h_dst[ETH_ADDR_LENGTH];
unsigned char h_src[ETH_ADDR_LENGTH];
unsigned short h_proto; //表示上一层用什么协议
};
struct iphdr {
unsigned char hdrlen:4,//低位
version:4;//高位
unsigned char tos;
unsigned short totlen;
unsigned short id;
unsigned short flag_offset;
unsigned char ttl;//time to live 默认是64
unsigned char type;
unsigned short check;
unsigned int sip;
unsigned int dip;
};
struct udphdr {
unsigned short sport;
unsigned short dport;
unsigned short length;
unsigned short check;
};
struct udppkt {
struct ethhdr eh;
struct iphdr ip;
struct udphdr udp;
unsigned char data[0];//零长数组,柔性数组 1.不关心它的长度;2.它的内存一开始是被分配好的;3。可以计算出它的长度。
};//sizeof(struct udppkt) == 42
struct arphdr {
unsigned short h_type;
unsigned short h_proto;
unsigned char h_addrlen;
unsigned char h_protolen;
unsigned short oper; //请求/响应
unsigned char smac[ETH_ADDR_LEN];
unsigned int sip;
unsigned char dmac[ETH_ADDR_LEN];
unsigned int dip;
}#pragma pack(1) is used for one-byte alignment. Byte alignment means that in order to make the calculator access variables faster, variables are often stored in addresses whose addresses can be divisible by length. Inside the structure, blank bytes are often automatically filled for byte alignment. One-byte alignment refers to setting the boundary alignment of variables in the structure to 1 byte, that is, all data is stored continuously in memory without padding.
unsigned char data[0]; This is a zero-length array, also called a flexible array. There are three conditions for using a flexible array:
1. Don't care about its length;
2. Its memory is allocated at the beginning;
3. Its length can be calculated from other places in the program.
Two net_map introduction
netmap is an efficient I/O framework for sending and receiving messages, which needs to be compiled and used under Linux. When netmap is running, this framework will take over the graphics card of the host, so that the data of the graphics card is sent to the kernel protocol stack for processing, and then sent to the netmap framework for processing.
When the netmap framework is started, the data in the graphics card is mapped to the memory through mmap. The mapping process of mmap is controlled by DMA. After mapping, users can directly operate the network data in memory.
Key function analysis:
nm_open: Create a file descriptor pointing to the network card.
nm_nextpkt: Receive the data in the network card and return a pointer to the data header.
The data structure of the memory receiving network card data: ringbuffer (ring queue)
The program responds to the arrival of new data from the network card by polling. There are two ways to respond to data, one is polling, and the other is event-driven. The polling method is suitable for responding to large amounts of data. Event-driven is suitable for responding to sparse data.
Three ARP protocol and ARP attack
The ARP protocol is a one-to-one correspondence between ip addresses and mac addresses. Outside the local area network, hosts recognize each other by ip address, and in the local area network, hosts recognize each other by mac address. When the external data packet finds the LAN where the destination host is located through the IP address, it needs to rely on the mac address to find the destination host in the LAN.
When the host intends to send data to another host in the LAN, the host needs to find the corresponding destination mac in the ARP cache queue through the destination IP. If there is no matching destination mac address, the host will automatically run ARP. The steps of ARP are as follows:
1. The ARP process broadcasts an ARP request packet in the local area network, which includes the local IP, MAC, and destination IP;
2. All ARP processes running on all hosts on the local area network receive this ARP request packet;
3. If the IP address of a certain host is the same as the address in the ARP request packet, it accepts the ARP request packet and sends back an ARP response packet, which contains the MAC of the host. For hosts that are inconsistent with the destination IP in the ARP request packet, ignore this request;
4. When the host receives the ARP response packet, it writes the destination IP and destination MAC into the ARP cache queue.
ARP attack refers to that in the local area network, there is a certain host that will reply any ARP request, and the MAC address of the reply is also wrong, resulting in data errors in the ARP cache queue of the host in the local area network and a large number of ARP requests in the local area network , so that the local area network paralyzed.
Reference blog address: Design and implementation of user mode protocol stack - pudn.com intrusion and deletion