参考:
ip头、tcp头、udp头详解及定义,结合Wireshark抓包看实际情况
网络相关的数据结构、函数(比如ntohl等)等的相关定义、声明都在/usr/include下的的net目录或netinet目录下。
一、以太头 (/usr/include/net/ethernet.h)
/* 10Mb/s ethernet header */
struct ether_header
{
u_int8_t ether_dhost[ETH_ALEN]; /* destination eth addr */
u_int8_t ether_shost[ETH_ALEN]; /* source ether addr */
u_int16_t ether_type; /* packet type ID field */
} __attribute__ ((__packed__));
/* Ethernet protocol ID's */ /* ether_type */
#define ETHERTYPE_PUP 0x0200 /* Xerox PUP */
#define ETHERTYPE_SPRITE 0x0500 /* Sprite */
#define ETHERTYPE_IP 0x0800 /* IP */
#define ETHERTYPE_ARP 0x0806 /* Address resolution */
#define ETHERTYPE_REVARP 0x8035 /* Reverse ARP */
#define ETHERTYPE_AT 0x809B /* AppleTalk protocol */
#define ETHERTYPE_AARP 0x80F3 /* AppleTalk ARP */
#define ETHERTYPE_VLAN 0x8100 /* IEEE 802.1Q VLAN tagging */
#define ETHERTYPE_IPX 0x8137 /* IPX */
#define ETHERTYPE_IPV6 0x86dd /* IP protocol version 6 */
#define ETHERTYPE_LOOPBACK 0x9000 /* used to test interfaces */
二、链路层(二层、mac)
arp协议
ARP协议就是用来获取目标IP地址所对应的MAC地址的,也就是说,ARP协议可以动态地在三层IP地址和二层MAC地址之间建立一种映射关系。可以用如下示意图来形象表示其作用。
上面的图示是把ARP协议划分到网络层,也既是认为它是一个网络层的协议,这是出于它为网络层(三层IP)的IP协议提供服务而考虑的。但实际上,由于ARP协议用以解析出IP地址(逻辑地址)所对应数据链路层中的地址(物理地址/硬件地址),所以把其划分在数据链路层(二层mac)也是没有问题的,这并没有严格的定义。
(1) arp协议元素
(2) arp协议结构体
/usr/include/netinet/if_ether.h
struct ether_arp {
struct arphdr ea_hdr; /* fixed-size header */
u_int8_t arp_sha[ETH_ALEN]; /* sender hardware address */
u_int8_t arp_spa[4]; /* sender protocol address */
u_int8_t arp_tha[ETH_ALEN]; /* target hardware address */
u_int8_t arp_tpa[4]; /* target protocol address */
};
/usr/include/net/if_arp.h
struct arphdr
{
unsigned short int ar_hrd; /* Format of hardware address. */
unsigned short int ar_pro; /* Format of protocol address. */
unsigned char ar_hln; /* Length of hardware address. */
unsigned char ar_pln; /* Length of protocol address. */
unsigned short int ar_op; /* ARP opcode (command). */
#if 0
/* Ethernet looks like this : This bit is variable sized
however... */
unsigned char __ar_sha[ETH_ALEN]; /* Sender hardware address. */
unsigned char __ar_sip[4]; /* Sender IP address. */
unsigned char __ar_tha[ETH_ALEN]; /* Target hardware address. */
unsigned char __ar_tip[4]; /* Target IP address. */
#endif
};
三. 网络层(三层,ip)
1. ip头(netinet/ip.h)
struct ip
{
#if __BYTE_ORDER == __LITTLE_ENDIAN
unsigned int ip_hl:4; /* header length */
unsigned int ip_v:4; /* version */
#endif
#if __BYTE_ORDER == __BIG_ENDIAN
unsigned int ip_v:4; /* version */
unsigned int ip_hl:4; /* header length */
#endif
u_int8_t ip_tos; /* type of service */
u_short ip_len; /* total length */
u_short ip_id; /* identification */
u_short ip_off; /* fragment offset field */
#define IP_RF 0x8000 /* reserved fragment flag */
#define IP_DF 0x4000 /* dont fragment flag */
#define IP_MF 0x2000 /* more fragments flag */
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
u_int8_t ip_ttl; /* time to live */
u_int8_t ip_p; /* protocol */
u_short ip_sum; /* checksum */
struct in_addr ip_src, ip_dst; /* source and dest address */
};
struct iphdr
{
#if __BYTE_ORDER == __LITTLE_ENDIAN
unsigned int ihl:4; //首部长度
unsigned int version:4; //版本
#elif __BYTE_ORDER == __BIG_ENDIAN
unsigned int version:4;
unsigned int ihl:4;
#else
# error "Please fix <bits/endian.h>"
#endif
u_int8_t tos; //服务类型
u_int16_t tot_len; //总长度
u_int16_t id; //标志
u_int16_t frag_off; //分片偏移
u_int8_t ttl; //生存时间
u_int8_t protocol; //协议 如ICMP(1)、IGMP(2) 、TCP(6)、UDP(17)等
u_int16_t check; //检验和
u_int32_t saddr; //源IP地址
u_int32_t daddr; //目的IP地址
/*The options start here. */
};
2. icmp协议(ping)
3. igmp协议
四. 传输层(四层,tcp udp)
1.tcp头
//TCP报头结构体
typedef struct tcphdr
{
u_short th_sport;
u_short th_dport;
u_int th_seq;
u_int th_ack;
u_int th_off:4;
u_int th_x2:4;
u_char th_flags;
u_short th_win;
u_short th_sum;
u_short th_urp;
}TCP_HEADER;
2. udp头
//UDP报头结构体*/
typedef struct udphdr
{
u_short uh_sport;
u_short uh_dport;
u_short uh_ulen;
u_short uh_sum;
}UDP_HEADER;