ip is a struct (structure) in the C programming language. The ip struct is used as a template to form an IPv4 header in a raw socket. The structure can be found in the default include files of most Unix distributions. It is most commonly located in the <netinet/ip.h> header file. [edit]Definitionstruct ip { unsigned int ip_hl:4; /* both fields are 4 bits */ unsigned int ip_v:4; uint8_t ip_tos; uint16_t ip_len; uint16_t ip_id; uint16_t ip_off; uint8_t ip_ttl; uint8_t ip_p; uint16_t ip_sum; struct in_addr ip_src; struct in_addr ip_dst; }; [edit]Fieldsunsigned int ip_hl:4 IP header length expressed as a multiple of 32-bit octets or DWORDS (i.e. header length in bytes = value set in ip_hl x 4 [each # counts for 4 octets]). From the hex dump of an IP header this can be read off the value of an unsigned character at offset 0. Typically it will read 45 where 5 is a common default for ip_hl and 4 is ip_v.
unsigned int ip_v:4 Internet Protocol version unsigned char ip_tos; Type of Service controls the priority of the packet. The first 3 bits stand for routing priority, the next 4 bits for the type of service (delay, throughput, reliability and cost).
unsigned short int ip_len; Total length must contain the total length of the IP datagram. This includes IP, ICMP, TCP or UDP header and payload size in bytes. unsigned short int ip_id; The ID sequence number is mainly used for reassembly of fragmented IP datagrams.
unsigned short int ip_off; The fragment offset is used for reassembly of fragmented datagrams. The first 3 bits are the fragment flags, the first one always 0, the second the do-not-fragment bit (set by ip_off |= 0x4000) and the third the more-flag or more-fragments-following bit (ip_off |= 0x2000). The following 13 bits is the fragment offset, containing the number of 8-byte big packets already sent. unsigned char ip_ttl; Time to live is the amount of hops (routers to pass) before the packet is discarded, and an ICMP error message is returned. Can sometimes be used to reverse engineer the client distance from server (e.g. if ttl = 250 at server, client is probably 5 hops away)
unsigned char ip_p; The transport layer protocol. Can be tcp (6), udp(17), icmp(1), or whatever protocol follows the IP header. Look in /etc/protocols for more. unsigned short int ip_sum; The header checksum. Every time anything in the header changes, it needs to be recalculated, or the packet will be discarded by the next router. struct in_addr ip_src; Source IP address - must be converted into binary format (suggested function is inet_pton()) struct in_addr ip_dst; Destination IP address - must be converted into binary format (suggested function is inet_pton()) |
|