Linux network programming - ether_header & iphdr & tcphdr

struct ether_header

struct ether_headerIs a data structure used to represent the header of an Ethernet frame. This structure <netinet/if_ether.h>is defined in the header file. When we process or analyze Ethernet frames, we can use this structure to access and interpret the various fields of the Ethernet header.

Here are struct ether_headersome of the main fields of :

1. ether_dhost : Destination MAC address, a 6-byte array.

2. ether_shost : Source MAC address, a 6-byte array.

3. ether_type : Frame type or Ethernet protocol. This field indicates the type/protocol of the payload. For example, if the value is 0x0800, the payload is an IPv4 packet; if the value is 0x0806, the payload is an ARP request or response.

This structure is the header of the Ethernet frame. The total length of an Ethernet frame is 14 bytes, which includes two 6-byte MAC addresses and a 2-byte type field.

We may encounter this structure when we process raw packets, especially when using raw sockets or the pcap library to capture and send packets. Through it, we can parse the Ethernet frame, understand its source and destination addresses, and what type of protocol its payload is.

In struct ether_header *ethhdr = (struct ether_header *)buf;, we bufobtain a pointer to the Ethernet frame header from the buffer. This enables access and parsing of fields in the Ethernet header.

---

struct iphdr

struct iphdrIs a data structure used to represent the IPv4 header. This structure <netinet/ip.h>is defined in the header file. When we process or analyze IPv4 packets, this structure allows us to access and interpret the various fields of the IP header.

Here are struct iphdrsome of the main fields of :

1. version : IP version number. For IPv4, this value is always 4.

2. ihl : IP header length, usually in 32-bit words.

3. tos : Type of Service, used for QoS (Quality of Service).

4. tot_len : Total length, including IP header and data.

5. id : The unique identifier of the IP packet.

6. frag_off : Fragment offset.

7. ttl : Time To Live. Each time a packet passes through a router, the value is decremented by 1 until it reaches 0, at which point the packet is dropped.

8. protocol : transport layer protocol. For example, TCP is 6 and UDP is 17.

9. check : Checksum of IP header.

10. saddr : source IP address.

11. daddr : Destination IP address.

Note that struct iphdrits values ​​are usually stored in network byte order, so when parsing or setting fields, we may need to use the ntohs(), ntohl(), htons()and htonl()functions to convert the byte order.

In struct iphdr *ip_addr = (struct iphdr *)buf;, we bufget a pointer to the IP header from the buffer. This allows access and parsing of IP header fields. This method is typically used when processing raw packets, such as when using raw sockets to receive data.

---

struct tcphdr

struct tcphdrIs a data structure used to represent the TCP header, which is <netinet/tcp.h>defined in the header file. This structure provides access to various fields in the TCP header.

Here are struct tcphdrsome of the main fields of :

1. th_sport : source port number (source port)
2. th_dport : destination port number (destination port)
3. th_seq : sequence number
4. th_ack : confirmation number (acknowledgment number)
5. th_off : data offset, also often called header length. This tells us how long the TCP header is, usually in 32-bit words.
6. th_flags : Various control flags. For example:
   • TH_FIN : End the connection
   • TH_SYN : synchronization sequence number
   • TH_RST : Reset connection
   • TH_PUSH : Push function
   • TH_ACK : Confirm that the field is valid
   • TH_URG : Emergency pointer field is valid
7. th_win : window size, used for flow control.
8. th_sum : checksum (checksum)
9. th_urp : urgent pointer

When we process TCP packets in network programming, we can use this structure to access and modify various fields of the TCP header. This is usually done in low-level network tools and analyzers, such as when capturing and sending packets using raw sockets or the pcap library.

In struct tcphdr *tcp_addr = (struct tcphdr *)addr;, we can get a pointer to the TCP header, so that we can access and parse the various fields of the TCP header. This is usually done when parsing raw packets, such as when using raw sockets to receive data.