Now we will look at how packets are constructed, how the different
layers we always study in college
translate to packets on the wire, in the OS(kernel) and the userland.
We will also find out how TCP works, determines bandwidth of a
physical channel and how the
handshake happens.
I have done a lot of low level network coding both in the kernel for
packet header manipulation and
also in userland for sockets.
A packet on the network looks like a train.
The engine is the packet header. Then the different layers are like
the compartments and the Ethernet trailer
is like the guard compartment.
Obviously without the engine the train is useless.
Packet headers are lot more important from a coding/routing point of
view than the packet contents/payload.
And it is like this:
ethernet header -> ip header -> tcp header -> application data
And this is the packet on the wire.
When an e-mail is sent for example, the construction of the packet
happens in the
reverse
sequence.
application(e-mail text) -> tcp header -> ip header -> ethernet header
Now the packet is pushed into the wire.
Confused?
Just think, you will know.
And the packets are handled in each layer step by step.
I took ethernet as an example.
In WiFi it is different. In the case of ADSL I think it is very
similar to Ethernet.
In the case of packets on the Internet WAN path, packets are small.
Normally 256 bytes
or something to account for the MTUs of the physical links.
Anyway this is somewhat basic.
Now from a coding perspective I have constructed checksums with a
simple IP layer
code, I have done IPsec ESP encapsulation and decapsulation, done some
firewall coding and so on.
Basically at the coding level things get more detailed and challenging.
But the above idea is maintained.
There is this concept of mbufs in the BSD world.
Similar to skbuffs in the Linux duniya.
A packet header is of a variable size. It is not always 20 bytes or 14 bytes.
Packet payloads are stored in a linked list. No copying is done as it
is expensive.
Instead pointers to offsets are stored and processed at high speed in
the kernel.
Now we stop this topic and get on to the TCP world.
UDP is very much like IP. Almost like a transparent layer.
But TCP is a full implementation of a state machine with flow control.
There is SCTP but who has implemented it?
socat has it.
How TCP figures out the bandwidth is by a trial and error method.
It tries to transmit at a high speed which keeps increasing till
packet losses are detected.
Then it cuts down by half and finally figures out what speed is good.
Kind of like we business guys spend money. ;)
And every TCP connection involves 3 packet exchanges before the first
byte of payload
is sent.
Syn, ACK and ACK ACK or something.
I have seen with netcat that whenever there is a port forwarding, NAT
or some other
issue, the handshake fails.
This is a very useful idea.
In the IP world there are plenty of ICMP traffic redirection and error
reporting going on.
I have not properly played with it, but for understanding proper
firewall rules and for
solving problems in networking understanding what i wrote above is a must.
-Girish
--
Gayatri Hitech
http://gayatri-hitech.com