Ip (struct)
From Wikipedia, the free encyclopedia
- The correct title of this article is ip (struct). The initial letter is shown capitalized due to technical restrictions.
ip is a struct (structure) in the C programming language. The ip struct is used as a template to form an IPv4 header in a raw socket. The structure can be found in the default include files of most Unix distributions. It is most commonly located in the <netinet/ip.h> header file.
[edit] Definition
struct ip { u_int ip_hl:4, /* both fields are 4 bits */ ip_v:4; u_char ip_tos; u_short ip_len; u_short ip_id; u_short ip_off; u_char ip_ttl; u_char ip_p; u_short ip_sum; struct in_addr ip_src,ip_dst; };
[edit] Fields
unsigned int ip_hl:4
IP header length in 32-bit octets (i.e. value set in ip_hl * 4 = header length in bytes)
- Common Defaults: 5; sets header length to 20 bytes (header length without any routing options)
unsigned int ip_v:4
Internet Protocol version
unsigned char ip_tos;
Type of Service controls the priority of the packet. The first 3 bits stand for routing priority, the next 4 bits for the type of service (delay, throughput, reliability and cost).
- Common Defaults: 0x00 (normal)
unsigned short int ip_len;
Total length must contain the total length of the IP datagram. This includes IP, ICMP, TCP or UDP header and payload size in bytes.
unsigned short int ip_id;
The ID sequence number is mainly used for reassembly of fragmented IP datagrams.
- Common Defaults: Single datagrams - arbitrary ID, Multiple datagrams - sequential ID.
unsigned short int ip_off;
The fragment offset is used for reassembly of fragmented datagrams. The first 3 bits are the fragment flags, the first one always 0, the second the do-not-fragment bit (set by ip_off |= 0x4000) and the third the more-flag or more-fragments-following bit (ip_off |= 0x2000). The following 13 bits is the fragment offset, containing the number of 8-byte big packets already sent.
unsigned char ip_ttl;
Time to live is the amount of hops (routers to pass) before the packet is discarded, and an ICMP error message is returned. Can sometimes be used to reverse engineer the client distance from server (e.g. if ttl = 250 at server, client is probably 5 hops away)
- Common Defaults: 64, 255 (max)
unsigned char ip_p;
The transport layer protocol. Can be tcp (6), udp(17), icmp(1), or whatever protocol follows the IP header. Look in /etc/protocols for more.
unsigned short int ip_sum;
The datagram checksum for the whole IP datagram. Every time anything in the datagram changes, it needs to be recalculated, or the packet will be discarded by the next router.
unsigned int ip_src;
Source IP address - must be converted into binary format (suggested function is inet_pton())
unsigned int ip_dst;
Destination IP address - must be converted into binary format (suggested function is inet_pton())