Now we will look at how packets are constructed, how the different layers we always study in college translate to packets on the wire, in the OS(kernel) and the userland.
We will also find out how TCP works, determines bandwidth of a physical channel and how the handshake happens. I have done a lot of low level network coding both in the kernel for packet header manipulation and also in userland for sockets. A packet on the network looks like a train. The engine is the packet header. Then the different layers are like the compartments and the Ethernet trailer is like the guard compartment. Obviously without the engine the train is useless. Packet headers are lot more important from a coding/routing point of view than the packet contents/payload. And it is like this: ethernet header -> ip header -> tcp header -> application data And this is the packet on the wire. When an e-mail is sent for example, the construction of the packet happens in the reverse sequence. application(e-mail text) -> tcp header -> ip header -> ethernet header Now the packet is pushed into the wire. Confused? Just think, you will know. And the packets are handled in each layer step by step. I took ethernet as an example. In WiFi it is different. In the case of ADSL I think it is very similar to Ethernet. In the case of packets on the Internet WAN path, packets are small. Normally 256 bytes or something to account for the MTUs of the physical links. Anyway this is somewhat basic. Now from a coding perspective I have constructed checksums with a simple IP layer code, I have done IPsec ESP encapsulation and decapsulation, done some firewall coding and so on. Basically at the coding level things get more detailed and challenging. But the above idea is maintained. There is this concept of mbufs in the BSD world. Similar to skbuffs in the Linux duniya. A packet header is of a variable size. It is not always 20 bytes or 14 bytes. Packet payloads are stored in a linked list. No copying is done as it is expensive. Instead pointers to offsets are stored and processed at high speed in the kernel. Now we stop this topic and get on to the TCP world. UDP is very much like IP. Almost like a transparent layer. But TCP is a full implementation of a state machine with flow control. There is SCTP but who has implemented it? socat has it. How TCP figures out the bandwidth is by a trial and error method. It tries to transmit at a high speed which keeps increasing till packet losses are detected. Then it cuts down by half and finally figures out what speed is good. Kind of like we business guys spend money. ;) And every TCP connection involves 3 packet exchanges before the first byte of payload is sent. Syn, ACK and ACK ACK or something. I have seen with netcat that whenever there is a port forwarding, NAT or some other issue, the handshake fails. This is a very useful idea. In the IP world there are plenty of ICMP traffic redirection and error reporting going on. I have not properly played with it, but for understanding proper firewall rules and for solving problems in networking understanding what i wrote above is a must. -Girish -- Gayatri Hitech http://gayatri-hitech.com _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
