ip(struct)

ip is a struct (structure) in the C programming language. The ip struct is used as a template to form an IPv4 header in a raw socket. The structure can be found in the default include files of most Unix distributions. It is most commonly located in the <netinet/ip.h> header file.

[edit]Definition

struct ip {
   unsigned int   ip_hl:4; /* both fields are 4 bits */
   unsigned int   ip_v:4;
   uint8_t        ip_tos;
   uint16_t       ip_len;
   uint16_t       ip_id;
   uint16_t       ip_off;
   uint8_t        ip_ttl;
   uint8_t        ip_p;
   uint16_t       ip_sum;
   struct in_addr ip_src;
   struct in_addr ip_dst;
};

[edit]Fields

unsigned int ip_hl:4

IP header length expressed as a multiple of 32-bit octets or DWORDS (i.e. header length in bytes = value set in ip_hl x 4 [each # counts for 4 octets]). From the hex dump of an IP header this can be read off the value of an unsigned character at offset 0. Typically it will read 45 where 5 is a common default for ip_hl and 4 is ip_v.

Common Defaults: 5; sets header length to 20 bytes (header length without any routing options)

unsigned int ip_v:4

Internet Protocol version

Common Defaults: usually 4 (IPv4) or 6 (IPv6)

unsigned char ip_tos;

Type of Service controls the priority of the packet. The first 3 bits stand for routing priority, the next 4 bits for the type of service (delay, throughput, reliability and cost).

Common Defaults: 0x00 (normal)

unsigned short int ip_len;

Total length must contain the total length of the IP datagram. This includes IP, ICMP, TCP or UDP header and payload size in bytes.

unsigned short int ip_id;

The ID sequence number is mainly used for reassembly of fragmented IP datagrams.

Common Defaults: Single datagrams - arbitrary ID, Multiple datagrams - sequential ID.

unsigned short int ip_off;

The fragment offset is used for reassembly of fragmented datagrams. The first 3 bits are the fragment flags, the first one always 0, the second the do-not-fragment bit (set by ip_off |= 0x4000) and the third the more-flag or more-fragments-following bit (ip_off |= 0x2000). The following 13 bits is the fragment offset, containing the number of 8-byte big packets already sent.

unsigned char ip_ttl;

Time to live is the amount of hops (routers to pass) before the packet is discarded, and an ICMP error message is returned. Can sometimes be used to reverse engineer the client distance from server (e.g. if ttl = 250 at server, client is probably 5 hops away)

Common Defaults: 64, 255 (max)

unsigned char ip_p;

The transport layer protocol. Can be tcp (6), udp(17), icmp(1), or whatever protocol follows the IP header. Look in /etc/protocols for more.

unsigned short int ip_sum;

The header checksum. Every time anything in the header changes, it needs to be recalculated, or the packet will be discarded by the next router.

struct     in_addr ip_src;

Source IP address - must be converted into binary format (suggested function is inet_pton())

struct     in_addr ip_dst;

Destination IP address - must be converted into binary format (suggested function is inet_pton())