16

I am trying to understand how the network is working, i'm doing some test, sending some package... anyway

My point is that i can't find the real difference between "protocol" structure and "protocol header" structure.

For the ip structure, they both sized 20 bytes. but for exemple:

  • struct ip and struct iphdr sized 20 bytes
  • struct icmp sized 28 bytes
  • struct icmphdr sized 8 bytes

I'm guessing that the struct icmp include a struct ip/iphdr? ?

And there is the same kind of structure with every protocol i have seen. struct udp / struct udphdr,

Is it link to IP_HDRINCL set on with setsockopt() ?

So my question is What is the real difference between them ? And When use the good one.

ip and iphdr struct:

struct iphdr {
    #if defined(__LITTLE_ENDIAN_BITFIELD)
        __u8    ihl:4,
                version:4;
    #elif defined (__BIG_ENDIAN_BITFIELD)
        __u8    version:4,
                ihl:4;
    #else
        #error  "Please fix <asm/byteorder.h>"
    #endif
         __u8   tos;
         __u16  tot_len;
         __u16  id;
         __u16  frag_off;
         __u8   ttl;
         __u8   protocol;
         __u16  check;
         __u32  saddr;
         __u32  daddr;
         /*The options start here. */
};

And IP HDR

struct ip {
#if BYTE_ORDER == LITTLE_ENDIAN 
    u_char  ip_hl:4,        /* header length */
        ip_v:4;         /* version */
#endif
#if BYTE_ORDER == BIG_ENDIAN 
    u_char  ip_v:4,         /* version */
        ip_hl:4;        /* header length */
#endif
    u_char  ip_tos;         /* type of service */
    short   ip_len;         /* total length */
    u_short ip_id;          /* identification */
    short   ip_off;         /* fragment offset field */
#define IP_DF 0x4000            /* dont fragment flag */
#define IP_MF 0x2000            /* more fragments flag */
    u_char  ip_ttl;         /* time to live */
    u_char  ip_p;           /* protocol */
    u_short ip_sum;         /* checksum */
    struct  in_addr ip_src,ip_dst;  /* source and dest address */
};

ICMP structure code here : https://www.cymru.com/Documents/ip_icmp.h

albttx
  • 3,444
  • 4
  • 23
  • 42
  • Why are not the 2 codes using the same type names? Note that bit-field types other than `_Bool, int, signed int, unsigned int`, like the above, is implementation defined behavior. – chux - Reinstate Monica Mar 16 '17 at 17:29
  • chux, i didn't create the structure, they're both defined in netinet/ip.h, – albttx Mar 16 '17 at 17:31
  • 3
    The _minimum IPv4 header size is 20 octets, but options can make that larger. ICMP is a protocol that is encapsulated as the payload of IP, and its header is not the IP header. – Ron Maupin Mar 16 '17 at 17:43
  • IP *pseudo header* google is your friend. – wildplasser Mar 16 '17 at 17:53
  • @wildplasser Thank ! i didn't know that ! – albttx Mar 16 '17 at 18:02
  • Really? Google is *everybody's* friend! – John Bollinger Mar 16 '17 at 18:03
  • And if i asked on SO, is because i didn't find on google, AND SO... @wildplasser – albttx Mar 16 '17 at 18:09
  • http://stackoverflow.com/questions/359045/what-is-the-significance-of-pseudo-header-used-in-udp-tcp (or read Comer) – wildplasser Mar 16 '17 at 18:47
  • @wildplasser i know how to use google.. so when you said "pseudo header" i found it ! i just never saw "pseudo header" in my search – albttx Mar 16 '17 at 18:48
  • The situation now seems to be a little different.When I opened the /usr/include/netinet/ip.h file in centos 7, I found that the definitions of struct iphdr and struct ip exist in the file at the same time. – Chuancey Nov 13 '21 at 05:33

1 Answers1

28

struct ip and struct iphdr are two different definitions of the same underlying structure, brought in from different places.

struct ip is defined in <netinet/ip.h>, which is a reasonably standard header on UNIX systems.

struct iphdr is defined in <linux/ip.h>. This header (and structure) are Linux-specific, and will not be present in other operating systems.

If you're not sure which one to use, use struct ip; code which uses this structure is more likely to be portable to non-Linux systems.

struct icmp and struct icmphdr are a messier situation:

  • <netinet/icmp.h> defines both struct icmp and struct icmphdr.
  • <linux/icmp.h> also defines struct icmphdr, with a similar structure (but, as usual, different field names) as the definition from <netinet/icmp.h>.

First: Don't include <linux/icmp.h> unless you have a very good reason. You cannot include both headers -- they will conflict -- and most software will expect the netinet definition.

Second: struct icmphdr is, as the name implies, the header. struct icmp defines the contents of a structured ICMP message, like a destination unreachable message.