Network protocol stack and TCP hacking. Network protocols and standards Basic Internet protocol stack


The Internet is a global system of interconnected computer, local and other networks that interact with each other through the TCP/IP protocol stack (Fig. 1).

Figure 1 – Generalized diagram of the Internet

The Internet ensures the exchange of information between all computers connected to it. The type of computer and the operating system it uses does not matter.

The main cells of the Internet are local area networks (LAN – Local Area network). If a local network is directly connected to the Internet, then each workstation on this network can also connect to it. There are also computers that are independently connected to the Internet. They're called host computers(host – owner).

Each computer connected to the network has its own address, at which a subscriber can find it from anywhere in the world.

An important feature of the Internet is that, while connecting various networks, it does not create any hierarchy - all computers connected to the network have equal rights.

Another distinctive feature of the Internet is its high reliability. If some computers and communication lines fail, the network will continue to function. This reliability is ensured by the fact that there is no single control center on the Internet. If some communication lines or computers fail, messages can be transmitted over other communication lines, since there are always several ways to transmit information.

The Internet is not a commercial organization and is not owned by anyone. There are Internet users in almost all countries of the world.

Users connect to the network through computers of special organizations called Internet service providers. The Internet connection can be permanent or temporary. Internet service providers have many lines to connect users and high-speed lines to connect to the rest of the Internet. Often smaller suppliers are connected to larger ones, which in turn are connected to other suppliers.

Organizations connected to each other by the fastest communication lines form the core part of the network, or the spine of the Backbon Internet. If the supplier is connected directly to the ridge, then the speed of information transfer will be maximum.

In reality, the difference between users and Internet service providers is quite arbitrary. Anyone who has connected their computer or their local area network to the Internet and installed the necessary programs can provide network connection services to other users. A single user, in principle, can connect via a high-speed line directly to the backbone of the Internet.

In general, the Internet exchanges information between any two computers connected to the network. Computers connected to the Internet are often called Internet nodes, or sites. , from the English word site, which translates as place, location. Hosts installed at Internet service providers provide users with access to the Internet. There are also nodes that specialize in providing information. For example, many firms create sites on the Internet through which they distribute information about their products and services.

How is information transferred? There are two main concepts used on the Internet: address and protocol. Any computer connected to the Internet has its own unique address. Just as a postal address uniquely identifies a person's location, an Internet address uniquely identifies a computer's location on the network. Internet addresses are the most important part of it, and they will be discussed in detail below.

Data sent from one computer to another using the Internet is broken up into packets. They move between the computers that make up network nodes. Packets of the same message can take different routes. Each package has its own marking, which ensures the correct assembly of the document on the computer to which the message is addressed.

What is a protocol? As previously said, a protocol is the rules of interaction. For example, diplomatic protocol prescribes what to do when meeting foreign guests or holding a reception. The network protocol also prescribes operating rules for computers connected to the network. Standard protocols make different computers "speak the same language." This makes it possible to connect different types of computers running different operating systems to the Internet.

The basic protocols of the Internet are the TCP/IP protocol stack. First of all, it is necessary to clarify that, in the technical understanding of TCP/IP - this is not one network protocol, but two protocols lying at different levels of the network model (this is the so-called protocol stack). TCP protocol - protocol transport level. He controls what how data transfer occurs. IP protocol - address. He belongs network level and determines where the transfer takes place.

Protocol TCP. According to TCP Protocol , the sent data is “cut” into small packets, after which each packet is marked so that it contains the data necessary for the correct assembly of the document on the recipient’s computer.

To understand the essence of the TCP protocol, you can imagine a game of chess by correspondence, when two participants play a dozen games simultaneously. Each move is recorded on a separate card indicating the game number and move number. In this case, between two partners through the same mail channel, there are as many as a dozen connections (one per party). Two computers connected by one physical connection can similarly support multiple TCP connections simultaneously. For example, two intermediate network servers can simultaneously transmit to each other many TCP packets from numerous clients over one communication line in both directions.

When we work on the Internet, we can simultaneously receive documents from America, Australia and Europe over one single telephone line. Packages of each document are received separately, separated in time, and as they are received, they are collected into different documents.

Protocol IP . Now let's look at the address protocol - IP (Internet Protocol). Its essence is that each participant in the World Wide Web must have its own unique address (IP address). Without this, we cannot talk about accurate delivery of TCP packages to the desired workplace. This address is expressed very simply - four numbers, for example: 195.38.46.11. We'll look at the structure of an IP address in more detail later. It is organized in such a way that each computer through which any TCP packet passes can determine from these four numbers which of its closest “neighbors” needs to forward the packet so that it is “closer” to the recipient. As a result of a finite number of transfers, the TCP packet reaches the addressee.

The word “closer” is put in quotation marks for a reason. In this case, it is not geographic “proximity” that is assessed. Communication conditions and line capacity are taken into account. Two computers located on different continents, but connected by a high-performance space communication line, are considered “closer” to each other than two computers from neighboring villages connected by a simple telephone wire. Special tools are used to resolve the issues of what is considered “closer” and what is “further” - routers. The role of routers in a network is usually performed by specialized computers, but these can also be special programs running on the node servers of the network.

TCP/IP protocol stack

TCP/IP protocol stack- a set of network data transfer protocols used in networks, including the Internet. The name TCP/IP comes from the two most important protocols of the family - Transmission Control Protocol (TCP) and Internet Protocol (IP), which were developed and described first in this standard.

Protocols work with each other in a stack. stack, stack) - this means that the protocol located at a higher level works “on top” of the lower one, using encapsulation mechanisms. For example, the TCP protocol runs on top of the IP protocol.

The TCP/IP protocol stack includes four layers:

  • application layer
  • transport layer
  • network layer (internet layer),
  • link layer.

The protocols of these levels fully implement the functionality of the OSI model (Table 1). All user interaction in IP networks is built on the TCP/IP protocol stack. The stack is independent of the physical data transmission medium.

Table 1– Comparison of the TCP/IP protocol stack and the OSI reference model

Application layer

The Application layer is where most network applications operate.

These programs have their own communication protocols, such as HTTP for the WWW, FTP (file transfer), SMTP (email), SSH (secure connection to a remote machine), DNS (mapping symbolic names to IP addresses) and many others.

For the most part, these protocols work on top of TCP or UDP and are tied to a specific port, for example:

  • HTTP to TCP port 80 or 8080,
  • FTP to TCP port 20 (for data transfer) and 21 (for control commands),
  • DNS queries on UDP (less often TCP) port 53,

Transport layer

Transport layer protocols can solve the problem of unguaranteed message delivery (“did the message reach the recipient?”), as well as guarantee the correct sequence of data arrival. In the TCP/IP stack, transport protocols determine which application the data is intended for.

The automatic routing protocols logically represented at this layer (because they run on top of IP) are actually part of the network layer protocols; for example OSPF (IP ID 89).

TCP (IP ID 6) is a “guaranteed” connection-pre-established transport mechanism that provides an application with a reliable data stream, provides confidence that the data received is error-free, re-requests data if lost, and eliminates duplication of data. TCP allows you to regulate the load on the network, as well as reduce the latency of data when transmitting over long distances. Moreover, TCP ensures that the received data was sent in exactly the same sequence. This is its main difference from UDP.

UDP (IP ID 17) connectionless datagram transmission protocol. It is also called an “unreliable” transmission protocol, in the sense of the impossibility of verifying the delivery of a message to the recipient, as well as the possible mixing of packets. Applications that require guaranteed data transfer use the TCP protocol.

UDP is typically used in applications such as video streaming and computer games, where packet loss is acceptable and retrying is difficult or unjustified, or in challenge-response applications (such as DNS queries) where creating a connection takes more resources than Resending.

Both TCP and UDP use a number called a port to identify their upper-layer protocol.

Network layer

The Internet layer was originally designed to transfer data from one (sub)network to another. With the development of the concept of a global network, additional capabilities were added to the layer for transmission from any network to any network, regardless of lower-level protocols, as well as the ability to request data from a remote party, for example in the ICMP protocol (used to transmit diagnostic information of an IP connection) and IGMP (used to manage multicast streams).

ICMP and IGMP are located above IP and should go to the next transport layer, but functionally they are network layer protocols and therefore cannot be fit into the OSI model.

IP network protocol packets may contain code indicating which next-layer protocol to use to extract data from the packet. This number is unique IP protocol number. ICMP and IGMP are numbered 1 and 2, respectively.

Data Link Layer

The Link layer describes how data packets are transmitted through the physical layer, including coding(that is, special sequences of bits that determine the beginning and end of a data packet). Ethernet, for example, contains in the packet header fields an indication of which machine or machines on the network the packet is destined for.

Examples of link layer protocols are Ethernet, Wi-Fi, Frame Relay, Token Ring, ATM, etc.

The data link layer is sometimes divided into 2 sublayers - LLC and MAC.

In addition, the data link layer describes the data transmission medium (be it coaxial cable, twisted pair, optical fiber or radio channel), the physical characteristics of such a medium and the principle of data transmission (channel separation, modulation, signal amplitude, signal frequency, transmission synchronization method, latency response and maximum distance).

Encapsulation

Encapsulation is the packaging, or nesting, of high-level packets (possibly of different protocols) into packets of the same protocol (lower level), including the address.

For example, when an application needs to send a message using TCP, the following sequence of actions is performed (Fig. 2):

Figure 2 – Encapsulation process

  • first of all, the application fills out a special data structure in which it indicates information about the recipient (network protocol, IP address, TCP port);
  • transmits the message, its length and structure with information about the recipient to the TCP protocol handler (transport layer);
  • the TCP handler generates a segment in which the message is the data, and the headers contain the recipient's TCP port (as well as other data);
  • the TCP handler passes the generated segment to the IP handler (network layer);
  • the IP handler treats the TCP transmitted segment as data and precedes it with its header (which, in particular, contains the recipient's IP address, taken from the same application data structure, and the upper protocol number;
  • The IP handler transmits the received packet to the data link layer, which again considers this packet as “raw” data;
  • the link-level handler, similar to previous handlers, adds its header to the beginning (which also indicates the upper-level protocol number, in our case it is 0x0800(IP)) and, in most cases, adds the final checksum, thereby forming a frame;
  • Then the received frame is transmitted to the physical layer, which converts the bits into electrical or optical signals and sends them to the transmission medium.

On the receiving side, the reverse process (bottom-up), called decapsulation, is performed to unpack the data and present it to the application.

Related information:



2015-2020 lektsii.org -

Network protocol stack and TCP hacking

Alexander Antipov

The networking protocol stack, which forms the pipelining and transfer of data between hosts, is designed for the best possible interaction between different network layers. In this article, we will try to describe the movement of data through the layers located in the stack and will try to implement a Linux kernel module that helps us capture and display data passing through the TCP layer. Below is a program showing how to install a new entry in the proc file system. And most importantly, this program breaks the TCP protocol, monitors all data passing through the tcp layer and displays it in /proc/TCPdata.


Shyamikh, translation by Alexey Antipov

The networking protocol stack, which forms the pipelining and transfer of data between hosts, is designed for the best possible interaction between different network layers. In this article, we will try to describe the movement of data through the layers located in the stack and will try to implement a Linux kernel module that helps us capture and display data passing through the TCP layer. Since a discussion of all types of network connections is beyond the scope of this article, we will focus on TCP/IP connections.

Network protocol stack

Network devices form the base layer of the protocol stack. To communicate with other devices and transmit and receive traffic, they use a data link protocol (usually Ethernet). The interface provided by network device drivers copies packets from the physical medium, performs some error checking, and then places the packets in the network layer. Output interfaces receive packets from the network layer, perform some error checking, and forward them to the physical medium. We will discuss IP (Internet Protocol), which is a standard network layer protocol. The main functions of IP are routing, checking incoming packets to determine whether these packets are directed to a given host or whether they need further forwarding. At the same time, if necessary, packets are defragmented and delivered to transport protocols. Such protocols have a dynamic database of routes for outgoing packets, address and fragment them before sending them to the communication layer.

TCP and UDP are the most commonly used transport layer protocols. UDP provides a framework for addressing packets within a host, while TCP supports more complex connection operations such as lost packet recovery and traffic control.

Moving through the transport layer, we can find the INET layer, which forms an intermediate layer between the transport layer and application sockets. The INET layer supports application-owned sockets. All socket-specific operations are performed in this layer.

BSD is an abstract data structure containing INET sockets. An application's connection request, reading or writing over a socket, is converted to INET operations using BSD.

General package structure. The data is wrapped in a general data structure called sk_buff. All layers use this data structure. Immediately after data is copied from user space to kernel space, it is placed in sk_buff and moved to various levels. In turn, the level adds its own headers to this structure. Sk_buff contains links to all information about the packet, its socket, device, route, data location, etc.

Linux Networking Features

For the normal network programmer, the network services front end is accessible through the following C library routines.

socket(), bind(), listen(), connect(), accept(), send(), sendto(), recv(), recvfrom(), getsockopt(), and setsockopt().

The socket() function is used to create a new socket. All operations with various protocols occur using sockets. Since the socket() function returns the value of a file descriptor, it can be accessed by standard file operations such as read(), write().

The bind() function is used to bind the created socket to a port. The port, along with the IP address of the network interface, is used to uniquely identify the socket.

The listen() function is used to program the server. After creating a socket and connecting it to a port, the listen() function sets the socket to the listening state. This means that the socket is waiting for connections from other hosts.

When the accept() function is called on the server, a continuous polling of the socket occurs until a connection request is received from another host. Once the connection is established, the server program wakes up and allows the process to process a request from the foreign host. On the client side, the connect() function is used to indicate to the server that the client wants to open a connection on the socket and send a request.

Required Data Structures

This structure is the basis for implementing the BSD socket interface. This structure is installed and initialized using the socket() system call.

sk_buff:

This structure manages individual connection packets coming and going from the host. This causes I/O buffering.

This structure manages various network-specific parts of sockets. It is required for TCP, UDP and RAW sockets.

This structure contains a number of operations that are the same for all protocols.

Sockaddr (sockaddr_in):

This structure is necessary to support different address formats.

Linux kernel modules

Linux kernels are made up of modules. Some parts of the kernel reside in memory permanently (such as the scheduler), and some are loaded when needed. For example, the VFAT file system for reading disks is loaded only when necessary. This feature of the Linux kernel allows the kernel space to take up little space.

So the essential thing is to design your protocol, drivers, and any kind of kernel software as kernel modules and insert them into the kernel from user space. Once inserted, a module becomes unmovable until it is removed from kernel space. You only need to be a privileged user to insert or remove modules. This is the common kernel module notation format.

#define MODULE #include /* ... other required header files ... */ /* * ... module declarations and functions ... */ int init_module() ( /* code kernel will call when installing module */ ) void cleanup_module() ( /* code kernel will call when removing module */)

Project of a hacker module for the TCP protocol.

Our kernel module is very simple, it is virtually placed between the socket operations interface for forwarding TCP packets and the TCP layer. Now all data packets passing through a socket registered with the TCP protocol will be intercepted by our kernel module. This data will be transferred to /proc/TCPdata.

Data structures used

tcp_prot -> Contains pointers to all TCP operations performed

struct msghdr -> Contains data sent by the application as well as other fields to identify the socket address

Struct msg_iov -> is located in msghdr, it contains pointers to data

Before we start coding, let's understand the significance of the /proc file system. The proc file system is so named because it is located in the /proc directory on most Linux machines. The system is a powerful tool often used by applications. This is part of the mechanism by which the kernel communicates with user space and vice versa. Although it is designed as a file system with a directory structure and inodes, it is actually a component of registered functions that provide information to important variables.

When a file is created in /proc, it is immediately registered with a set of functions that tell the kernel what to do when opening or writing to the file. Most files are read-only, and only a few are write-only.

Now we will start coding

/* tcpdata.c. Below is a program showing how to install a new entry in the proc file system. And most importantly, this program breaks the TCP protocol, monitors all data passing through the tcp layer and displays it in /proc/TCPdata. */ #define MODULE #define __KERNEL__ /*we are doing kernel work*/ #include #include #include /*for registering proc entry*/ #include #include #include #include #include #include #include static struct proc_dir_entry *test_entry ; struct msghdr *msg_moniter; struct iovec *iovec_moniter; static char *tcp="Tcp monitered data"; int (*orginalSend)(struct sock *, struct msghdr *,int); /* show_tcp_stats This function is what the /proc FS will call when anything tries to read /proc/TCPstat you could see last 200 bytes move out of the sockets through tcp connections */ static int show_tcp_stats(char *buf,char **start ,off_t offset,int len,int unused) ( len += sprintf(buf+len,"%s\n",tcp); return len; ) /* This is a handler function that captures tcp sendmsg requests */ int moniter_tcp(struct sock *sk, struct msghdr *msg,int len) ( int size; char *temp; printk("I am dangerously monitoring your tcp data \n"); msg_moniter=(struct msghdr *)kmalloc(sizeof(struct msghdr), GFP_KERNEL); memcpy(msg_moniter,msg,sizeof(struct msghdr)); originalSend(sk,msg,len); iovec_moniter=msg_moniter->msg_iov; size=sizeof(tcp); printk("sizeof TCPdat is %d \n ",size); (sizeiov_base):strcpy(tcp,"Tcp monitered data"); kfree(msg_moniter); return len; ) /* init_module This function installs the module; it simply registers the new directory in /proc and creates a pointer. */ int init_module() ( test_entry=create_proc_entry("TCPdata",S_IRUGO,NULL); test_entry->read_proc=show_tcp_stats; originalSend=tcp_prot.sendmsg; /* printk("the address of send send mes is %x \n" ,tcp_prot.sendmsg); printk("the address of hack mes is %x \n",orginalSend); */ tcp_prot.sendmsg=moniter_tcp; /* printk("the address of send send mes after hacking %x \n" ,tcp_prot.sendmsg); printk("the address of send send mes after hacking %x \n",moniter_tcp); */ return 0; ) /* init_module */ /* cleanup_module This function deletes a module; It removes the directory entry registration from /proc FS */ void cleanup_module() ( /* put the pointer back to tcp"s original message sender */ tcp_prot.sendmsg=orginalSend; /* unregister the function from the proc FS */ remove_proc_entry( "TCPdata",NULL); ) /* cleanup_module */ MODULE_AUTHOR("shyamjithe.c.s "); /*macros*/ MODULE_DESCRIPTION("moniter tcp data"); MODULE_LICENSE("GPL");

This program has been tested on the 2.4 kernel, so you can compile it using:

Gcc -O6 -Wall -c tcpdata.c -I /usr/src/linux-2.4.20-8/include/ this will produce tcpdata.o now insmod tcpdata.o open some tcp applications cat /proc/TCPdata to remove the module use rmmod tcpdata Now, in order to understand this code, I will give some explanations. The whole program is just a clever way to use function pointers. But you need to be careful when using your own handlers, because incorrect function pointer placement can cause the system to hang. As stated, this is the minimum way to crack TCP. You can form a new layer above the TCP layer like this that will interfere with all types of jobs done by TCP. The same can be done with UDP.

Conclusion

The most important takeaway from the above program is that it is not always necessary to change the kernel source code when we do any protocol-related modification. It is an object-oriented implementation of the Linux kernel that allows us to manipulate data objects within the kernel.

From sockets to device drivers

Introduction to Protocols

While the formal introduction to networking refers to the Open Systems Interconnection (OSI) model, this introduction to the core Linux networking stack uses a four-layer model known as the Internet model (see Figure 1). .

Figure 1. Internet model of the network stack

At the bottom of the stack is the data link layer. Data Link Layer refers to device drivers that provide access to the physical layer, which may consist of multiple media such as serial links or Ethernet devices. Above the channel is network layer, which is responsible for directing packets to their destination. The next level called transport responsible for peer-to-peer communications (for example, within a host). The network layer manages communications between hosts, and the transport layer manages communications between endpoints within those hosts. Finally there is application layer, which is usually semantic and understands the moved data. For example, the Hypertext Transfer Protocol (HTTP) moves requests and responses for Web content between a server and a client.

In essence, the layers of the network stack go under more recognizable names. At the data link layer you'll find Ethernet, the most common high-speed medium. Older link-layer protocols include serial protocols such as Serial Line Internet Protocol (SLIP), Compressed SLIP (CSLIP), and Point-to-Point Protocol (PPP). The most common network layer protocol is Internet Protocol (IP), but there are others that serve other needs, such as Internet Control Message Protocol (ICMP) and Address Resolution Protocol (ARP). At the transport layer, these are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). Finally, the application layer includes many of the protocols we are familiar with, including HTTP, a standard Web protocol, and SMTP (Simple Mail Transfer Protocol), an email transfer protocol.

Core Network Architecture

Now let's move on to the architecture of the Linux networking stack and see how it implements the Internet model. Figure 2 shows a high-level view of the Linux networking stack. At the top is the user space level or application layer, which defines the users of the network stack. Below are physical devices, which provide the ability to connect to networks (serial or high-speed networks like Ethernet). In the center, or in kernel space, is the network subsystem that is the focus of this article. Running through the backend of the networking stack are socket buffers (sk_buffs) that move packet data between sources and destinations. The structure of sk_buff will be briefly shown.

Figure 2. High-level architecture of the Linux networking stack

First, you'll be given a quick overview of the basic elements of the Linux networking subsystem, with more detail in the following sections. At the top (see Figure 2) is a system called the system call interface. It simply provides a way for user space applications to access the kernel's networking subsystem. Next comes the protocol agnostic layer, which provides a general way to work with lower transport layer protocols. Next come the actual protocols, which on Linux include the built-in protocols TCP, UDP, and of course IP. The next one is another independent layer that provides a common interface to and from the individual available device drivers, followed at the end by those drivers themselves.

System call interface

The system call interface can be described from two perspectives. When a network call is made by the user, it is multiplexed via a system call to the kernel. This ends up as a call to sys_socketcall in ./net/socket.c, which then demultiplexes the call to the intended target. Another perspective on the system call interface is to use normal file operations for network input/output (I/O). For example, normal read and write operations can be performed on a network socket (which is represented by a file descriptor as a normal file). So while there are operations specific to networking (creating a socket with a call to socket , associating it with a handle with a call to connect , and so on), there are also a number of standard file operations that apply to network objects as if they were regular files. Finally, the system call interface provides a means for transferring control between a user-space application and the kernel.

Protocol agnostic interface

The socket layer is a protocol agnostic interface that provides a set of standard functions to support a number of different protocols. This layer not only supports the usual TCP and UDP protocols, but also IP, raw Ethernet, and other transport protocols such as Stream Control Transmission Protocol (SCTP).

Communication through the network stack occurs via a socket. The socket structure in Linux is struct sock, defined in linux/include/net/sock.h. This large structure contains all the necessary state for an individual socket, including the specific protocol the socket uses and the operations that can be performed on it.

The network subsystem knows about the available protocols from a special structure that defines its capabilities. Each protocol contains a structure called proto (found in linux/include/net/sock.h). This structure defines the individual socket operations that can be performed from the socket layer to the transport layer (for example, how to create a socket, how to establish a connection to a socket, how to close a socket, etc.).

Network protocols

The network protocols section defines the individual network protocols available (such as TCP, UDP, and so on). They are initialized at the beginning of the day in the inet_init function in linux/net/ipv4/af_inet.c (since TCP and UDP are in the inet family of protocols). The inet_init function registers each of the built-in protocols that use the proto_register function. This function is defined in linux/net/core/sock.c, and in addition to adding a protocol to the list of valid ones, it can allocate one or more slab caches if required.

You can see how individual protocols identify themselves through the proto structure in the files tcp_ipv4.c, udp.c and raw.c, in linux/net/ipv4/. Each of these protocol structures is mapped as a type and protocol to an inetsw_array, which assigns the built-in protocols to their operations. The structure of inetsw_array and its connections are shown in Figure 3. Each of the protocols in this array is initialized at the beginning of the day in inetsw by calling inet_register_protosw from inet_init . The inet_init function also initializes various inet modules such as ARP, ICMP, IP modules, and TCP and UDP modules.

Figure 3. Internet protocol array structure

Socket and protocol correlation

Recall that when a socket is created, it defines a type and a protocol, for example, my_sock = socket(AF_INET, SOCK_STREAM, 0) . AF_INET specifies an Internet address family with a stream socket defined as SOCK_STREAM (as shown here in inetsw_array).

Data movement for sockets occurs using a basic structure called the socket buffer (sk_buff). sk_buff contains packet data and state data that spans multiple layers of the protocol stack. Every packet sent or received is represented in sk_buff. The structure of sk_buff is defined in linux/include/linux/skbuff.h and is shown in Figure 4.

Figure 4. Socket buffer and its connections to other structures

As you can see, multiple sk_buff structures for a given connection can be chained together. Each of them identifies the structure of the device (net_device) to which the packet is sent or received. Since each packet is represented in sk_buff , the packet headers are conveniently defined by a set of pointers ( th , iph , and mac for the Media Access Control (MAC) header. Since sk_buff structures are central to the organization of socket data, a number of support functions: There are functions for creating, destroying, cloning, and managing the sk_buff queue.

Socket buffers are designed to communicate with each other for a given socket and include a large amount of information, including references to protocol headers, timestamps (when the packet was sent or received), and the corresponding device.

Device agnostic interface

Below the protocol layer is another independent interface layer that links protocols to different physical device drivers with different capabilities. This layer provides a standard set of functions that are used by low-level network devices to be able to interact with the high-level protocol stack.

First of all, device drivers can register and unregister themselves with the kernel by calling register_netdevice or unregister_netdevice . The calling command first populates the net_device structure and then passes it along for registration. The kernel calls its init function (if defined), performs a few health checks, creates a sysfs entry, and then adds the new device to the device list (a linked list of devices active in the kernel). The net_device structure can be found in linux/include/linux/netdevice.h. Some functions are in linux/net/core/dev.c.

The dev_queue_xmit function is used to send sk_buff from the protocol layer to the device. It queues sk_buff for possible forwarding by the appropriate device driver (the device defined by net_device or the sk_buff->dev pointer in sk_buff). The dev structure contains a method called hard_start_xmit that stores a driver function to initialize the sk_buff transfer.

Receiving the packet is done traditionally using netif_rx . When a lower-level device driver receives a packet (contained inside an allocated sk_buff), sk_buff goes up to the network layer using a call to netif_rx . This function then queues sk_buff to a higher protocol level for further processing using netif_rx_schedule . The dev_queue_xmit and netif_rx functions are located in linux/net/core/dev.c.

Finally, a new application program interface (NAPI) was introduced into the kernel to interface with the device-independent (dev) layer. Some drivers use it, but the vast majority are still using the older frame acquisition interface (roughly six out of seven). NAPI can give better performance under heavy workloads while avoiding interruptions on every incoming frame.

Device Drivers

At the bottom of the networking stack are device drivers, which control physical network devices. Examples of devices at this level would be a SLIP driver over a serial interface or an Ethernet driver over an Ethernet device.

During initialization, the device driver allocates space for the net_device structure and then initializes it with the necessary routines. One of them, called dev->hard_start_xmit, specifies how the top layer should queue sk_buff for transmission. It is passed sk_buff . How this function works depends on the hardware, but typically the packet described in sk_buff is moved to what is called a "hardware ring" or "queue". Frame arrival, as described at the device-independent layer, uses the netif_rx or netif_receive_skb interface to the NAPI-compatible network driver. The NAPI driver imposes limitations on the capabilities of the underlying hardware. See the section for details.

After a device driver has configured its interfaces in the dev structure, a call to register_netdevice makes it available for use. In linux/drivers/net you can find drivers specific to network devices.

Go ahead

Linux source code is a great way to learn about driver design for many types of devices, including network device drivers. You will find differences in the design and use of the available kernel APIs, but each will be useful either as instructions or as a starting point for a new driver. The rest of the code in the network stack is standard and is used until a new protocol is required. But even then, implementations of TCP (for a streaming protocol) or UDP (for a message-passing protocol) serve as useful models for starting new development.

This article will cover the basics of the TCP/IP model. For better understanding, the main protocols and services are described. The main thing is to take your time and try to understand each thing step by step. They are all interconnected and without understanding one, it will be difficult to understand the other. The information contained here is very superficial, so this article can easily be called “a TCP/IP protocol stack for dummies.” However, many things here are not as difficult to understand as they might seem at first glance.

TCP/IP

The TCP/IP stack is a network model for data transmission on a network; it determines the order in which devices interact. Data enters the data link layer and is processed in turn by each layer above. The stack is represented as an abstraction that explains the principles of processing and receiving data.

The TCP/IP network protocol stack has 4 levels:

  1. Channel (Link).
  2. Network (Internet).
  3. Transport.
  4. Application.

Application layer

The application layer provides the ability to interact between the application and other layers of the protocol stack, analyzes and converts incoming information into a format suitable for software. Is closest to the user and interacts with him directly.

  • HTTP;
  • SMTP;

Each protocol defines its own order and principles for working with data.

HTTP (HyperText Transfer Protocol) is designed for data transfer. It sends, for example, documents in HTML format that serve as the basis of a web page. In a simplified way, the work scheme is presented as “client - server”. The client sends a request, the server accepts it, processes it properly and returns the final result.

Serves as a standard for transferring files over the network. The client sends a request for a certain file, the server searches for this file in its database and, if found successfully, sends it as a response.

Used to transmit email. The SMTP operation includes three sequential steps:

  1. Determining the sender's address. This is necessary to return letters.
  2. Recipient definition. This step can be repeated a number of times when specifying multiple recipients.
  3. Determining message content and sending. Data about the type of message is transmitted as service information. If the server confirms its readiness to accept the packet, then the transaction itself is completed.

Header

The header contains service data. It is important to understand that they are intended only for a specific level. This means that as soon as the packet is sent to the recipient, it will be processed there according to the same model, but in reverse order. The embedded header will carry special information that can only be processed in a certain way.

For example, a header nested at the transport layer can only be processed by the transport layer on the other side. Others will simply ignore it.

Transport layer

At the transport layer, the received information is processed as a single unit, regardless of the content. Received messages are divided into segments, a header is added to them, and the whole thing is sent downstream.

Data transfer protocols:

The most common protocol. It is responsible for guaranteed data transfer. When sending packets, their checksum, the transaction process, is controlled. This means that the information will arrive “safe and sound” regardless of the conditions.

UDP (User Datagram Protocol) is the second most popular protocol. It is also responsible for data transfer. Its distinctive feature lies in its simplicity. The packets are simply sent without creating any special connection.

TCP or UDP?

Each of these protocols has its own scope. It is logically determined by the characteristics of the work.

The main advantage of UDP is its transmission speed. TCP is a complex protocol with many checks, while UDP appears to be more simplified and therefore faster.

The disadvantage lies in the simplicity. Due to the lack of checks, data integrity is not guaranteed. Thus, the information is simply sent, and all checks and similar manipulations remain with the application.

UDP is used, for example, to watch videos. For a video file, the loss of a small number of segments is not critical, while loading speed is the most important factor.

However, if you need to send passwords or bank card details, then the need to use TCP is obvious. Losing even the smallest piece of data can have catastrophic consequences. Speed ​​in this case is not as important as safety.

Network layer

The network layer forms packets from the received information and adds a header. The most important part of the data is the IP and MAC addresses of the senders and recipients.

IP address (Internet Protocol address) - the logical address of the device. Contains information about the device's location on the network. Example entry: .

MAC address (Media Access Control address) - the physical address of the device. Used for identification. Assigned to network equipment at the manufacturing stage. Presented as a six-byte number. For example: .

The network layer is responsible for:

  • Determination of delivery routes.
  • Transferring packets between networks.
  • Assignment of unique addresses.

Routers are network layer devices. They pave the way between the computer and the server based on the received data.

The most popular protocol at this level is IP.

IP (Internet Protocol) is an Internet protocol designed for addressing on the network. Used to build routes along which packets are exchanged. Does not have any means of checking and confirming integrity. To provide delivery guarantees, TCP is used, which uses IP as its transport protocol. Understanding the principles of this transaction explains much of the basis of how the TCP/IP protocol stack works.

Types of IP addresses

There are two types of IP addresses used in networks:

  1. Public.
  2. Private.

Public (Public) are used on the Internet. The main rule is absolute uniqueness. An example of their use is routers, each of which has its own IP address for interacting with the Internet. This address is called public.

Private (Private) are not used on the Internet. In the global network, such addresses are not unique. An example is a local network. Each device is assigned a unique IP address within a given network.

Interaction with the Internet is carried out through a router, which, as mentioned above, has its own public IP address. Thus, all computers connected to the router appear on the Internet under the name of one public IP address.

IPv4

The most common version of the Internet protocol. Predates IPv6. The recording format is four eight-bit numbers separated by dots. The subnet mask is indicated through the fraction sign. The address length is 32 bits. In the vast majority of cases, when we talk about an IP address, we mean IPv4.

Recording format: .

IPv6

This version is intended to solve problems with the previous version. The address length is 128 bits.

The main problem that IPv6 solves is the exhaustion of IPv4 addresses. The prerequisites began to appear already in the early 80s. Despite the fact that this problem entered an acute stage already in 2007-2009, the implementation of IPv6 is very slowly gaining momentum.

The main advantage of IPv6 is a faster Internet connection. This is because this version of the protocol does not require address translation. Simple routing is performed. This is less expensive and, therefore, access to Internet resources is provided faster than in IPv4.

Example entry: .

There are three types of IPv6 addresses:

  1. Unicast.
  2. Anycast.
  3. Multicast.

Unicast is a type of IPv6 unicast. When sent, the packet reaches only the interface located at the corresponding address.

Anycast refers to IPv6 multicast addresses. The sent packet will go to the nearest network interface. Only used by routers.

Multicast are multicast. This means that the sent packet will reach all interfaces that are in the multicast group. Unlike broadcast, which is “broadcast to everyone,” multicast broadcasts only to a specific group.

Subnet mask

The subnet mask determines the subnet and host number from the IP address.

For example, an IP address has a mask. In this case, the recording format will look like this. The number "24" is the number of bits in the mask. Eight bits equal one octet, which can also be called a byte.

In more detail, the subnet mask can be represented in the binary number system as follows: . It has four octets and the entry consists of "1" and "0". If we add up the number of units, we get a total of “24”. Fortunately, you don’t have to count by one, because there are 8 values ​​in one octet. We see that three of them are filled with ones, add them up and get “24”.

If we talk specifically about the subnet mask, then in binary representation it has either ones or zeros in one octet. In this case, the sequence is such that the bytes with ones come first, and only then with zeros.

Let's look at a small example. There is an IP address and a subnet mask. We count and write down: . Now we match the mask with the IP address. Those mask octets in which all values ​​are equal to one (255) leave their corresponding octets in the IP address unchanged. If the value is zeros (0), then the octets in the IP address also become zeros. Thus, in the value of the subnet address we get.

Subnet and host

The subnet is responsible for the logical separation. Essentially, these are devices that use the same local network. Determined by a range of IP addresses.

Host is the address of the network interface (network card). Determined from the IP address using a mask. For example: . Since the first three octets are the subnet, it remains. This is the host number.

The range of host addresses is from 0 to 255. The host numbered “0” is, in fact, the address of the subnet itself. And the host number “255” is a broadcaster.

Addressing

There are three types of addresses used for addressing in the TCP/IP protocol stack:

  1. Local.
  2. Network.
  3. Domain names.

MAC addresses are called local. They are used for addressing in local network technologies such as Ethernet. In the context of TCP/IP, the word "local" means that they operate only within a subnet.

The network address in the TCP/IP protocol stack is the IP address. When sending a file, the recipient's address is read from its header. With its help, the router learns the host number and subnet and, based on this information, creates a route to the end node.

Domain names are human-readable addresses for websites on the Internet. Web servers on the Internet are accessible via a public IP address. It is successfully processed by computers, but it seems too inconvenient for people. To avoid such complications, domain names are used, which consist of areas called “domains”. They are arranged in a strict hierarchy, from top level to bottom.

A top-level domain represents specific information. Generic (.org, .net) are not limited by any strict boundaries. The opposite situation is with local ones (.us, .ru). They are usually localized.

Low-level domains are everything else. It can be any size and contain any number of values.

For example, "www.test.quiz.sg" is a correct domain name, where "sg" is a local first (top) level domain, "quiz.sg" is a second level domain, "test.quiz.sg" is a third level domain . Domain names may also be called DNS names.

DNS (Domain Name System) establishes a mapping between domain names and the public IP address. When you type a domain name into your browser, DNS will detect the corresponding IP address and report it to the device. The device will process this and return it as a web page.

Data Link Layer

At the link layer, the relationship between the device and the physical transmission medium is determined and a header is added. Responsible for encoding data and preparing frames for transmission over the physical medium. Network switches operate at this level.

The most common protocols:

  1. Ethernet.
  2. WLAN.

Ethernet is the most common wired LAN technology.

WLAN is a local network based on wireless technologies. Devices interact without physical cable connections. An example of the most common method is Wi-Fi.

Configuring TCP/IP to use a static IPv4 address

A static IPv4 address is assigned directly in the device settings or automatically when connecting to the network and is permanent.

To configure the TCP/IP protocol stack to use a permanent IPv4 address, enter the ipconfig/all command into the console and find the following data.

Configuring TCP/IP to use a dynamic IPv4 address

A dynamic IPv4 address is used for a while, rented, and then changed. Assigned to the device automatically when connected to the network.

To configure the TCP/IP protocol stack to use a non-permanent IP address, you need to go to the properties of the desired connection, open the IPv4 properties and check the boxes as indicated.

Data transfer methods

Data is transmitted through the physical medium in three ways:

  • Simplex.
  • Half-duplex.
  • Full Duplex.

Simplex is a one-way communication. Transmission is carried out by only one device, while the other only receives the signal. We can say that information is transmitted in only one direction.

Examples of simplex communication:

  • Television broadcasting.
  • Signal from GPS satellites.

Half-duplex is two-way communication. However, only one node can transmit a signal at a time. With this type of communication, two devices cannot use the same channel at the same time. Full two-way communication may not be physically possible or may result in collisions. It is said that they conflict over the transmission medium. This mode is used when using coaxial cable.

An example of half-duplex communication is communication via walkie-talkie on one frequency.

Full Duplex - full two-way communication. Devices can simultaneously broadcast a signal and receive. They do not conflict over the transmission medium. This mode is used when using Fast Ethernet technology and a twisted pair connection.

An example is telephone communication via a mobile network.

TCP/IP vs OSI

The OSI model defines the principles of data transmission. The layers of the TCP/IP protocol stack directly correspond to this model. Unlike the four-layer TCP/IP, it has 7 layers:

  1. Physical.
  2. Channel (Data Link).
  3. Network.
  4. Transport.
  5. Session.
  6. Presentation.
  7. Application.

There is no need to delve too deeply into this model at this time, but at least a superficial understanding is necessary.

The application layer in the TCP/IP model corresponds to the top three OSI layers. They all work with applications, so you can clearly see the logic of this combination. This generalized structure of the TCP/IP protocol stack makes the abstraction easier to understand.

The transport layer remains unchanged. Performs the same functions.

The network layer is also unchanged. Performs exactly the same tasks.

The data link layer in TCP/IP corresponds to the last two OSI layers. The data link layer establishes protocols for transmitting data over the physical medium.

Physical represents the actual physical connection - electrical signals, connectors, etc. In the TCP/IP protocol stack, it was decided to combine these two layers into one, since they both deal with the physical medium.

An agreed upon set of protocols at different levels, sufficient to organize internetworking, is called protocol stack. For each level, a set of query functions is defined for interaction with the higher level, which is called interface. The rules for interaction between two machines can be described as a set of procedures for each level, which are called protocols.

There are many protocol stacks that are widely used in networks. These are stacks that are international and national standards, and proprietary stacks that have become widespread due to the prevalence of equipment from a particular company. Examples of popular protocol stacks include Novell's IPX/SPX stack, the TCP/IP stack used on the Internet and many UNIX-based networks, the International Standards Organization's OSI stack, Digital Equipment Corporation's DECnet stack, and several others.

Protocol stacks are divided into three levels:

    transport;

    applied.

Network protocols

Network protocols provide the following services: addressing and routing information, checking for errors, requesting retransmission, and establishing rules for interaction in a specific network environment. Below are the most popular network protocols.

    DDP(DatagramDeliveryProtocol). The Apple data transfer protocol used in AppleTalk.

    IP(Internet Protocol - Internet Protocol). A TCP/IP stack protocol that provides addressing and routing information.

    IPX(InternetworkPacketeXchange) in NWLink. A NovelNetWare protocol used to route and forward packets.

    NetBEUI(NetBIOSExtendedUserInterface – extended user interface of the basic network input/output system) . Developed jointly by IBM and Microsoft, this protocol provides transport services for NetBIOS.

Transport protocols

Transport protocols provide the following services for reliably transporting data between computers. Below are the most popular transport protocols.

    ATP(AppleTalkProtocol – AppleTalk Transaction Protocol) and NBP(NameBindingProtocol – Name binding protocol). AppleTalk session and transport protocols.

    NetBIOS ( Basic network I/O system) . NetBIOS Establishes a connection between computers, and NetBEUI provides data services for this connection.

    SPX(SequencedPacketeXchange – Sequential packet exchange) in NWLink.NovelNetWare protocol used to ensure data delivery.

    TCP(TransmissionControlProtocol – Transmission Control Protocol). A protocol of the TCP/IP stack responsible for reliable data delivery.

Application protocols

Application protocols are responsible for how applications communicate. Below are the most popular application protocols.

    AFP(Apple Talk File Protocol - Apple Talk File Protocol). Macintosh remote file management protocol.

    FTP(File Transfer Protocol - File Transfer Protocol). A TCP/IP stack protocol used to provide file transfer services.

    NCP(NetWare Core Protocol - NetWare Basic Protocol). NovelNetWare client shell and redirectors.

    SNMP(SimpleNetworkManagementProtocol). A TCP/IP stack protocol used to manage and monitor network devices.

    HTTP(HyperTextTransferProtocol) – hypertext transfer protocol and other protocols.

The Internet protocol suite provides end-to-end data communications, defining how data is packaged, processed, transmitted, routed, and received. This functionality is organized into four abstraction layers that classify all associated protocols according to the scope of the networks involved. Lowest to highest layer is the communication layer containing communication methods for data that remains within a single network segment (link); Internet layer, which provides internetworking between independent networks; transport layer, which handles communication between hosts; and the application layer, which provides inter-process communication for applications.

The development of Internet architecture and protocols in the TCP/IP model is carried out by the open international community of designers IETF.

Story

TCP/IP protocol stack was created based on NCP (Network Control Protocol) by a group of developers led by Vinton Cerf in 1972. In July 1976, Vint Cerf and Bob Kahn first demonstrated data transmission using TCP over three different networks. The package followed the following route: San Francisco - London - University of Southern California. By the end of its journey, the package had traveled 150 thousand km without losing a single bit. In 1978, Cerf, Jon Postel, and Danny Cohen decided to create two separate functions in TCP: TCP and IP (English Internet Protocol, internetwork protocol). TCP was responsible for breaking the message into datagrams and connecting them at the final sending point. IP was responsible for the transmission (with control of receipt) of individual datagrams. This is how the modern Internet protocol was born. And on January 1, 1983, ARPANET switched to a new protocol. This day is considered to be the official birth date of the Internet.

Layers of the TCP/IP stack

The TCP/IP protocol stack includes four layers:

The protocols at these levels fully implement the functionality of the OSI model. All user interaction in IP networks is built on the TCP/IP protocol stack. The stack is independent of the physical data transmission medium, which, in particular, ensures completely transparent interaction between wired and wireless networks.

Distribution of protocols by levels of the TCP/IP model
Applied
(Application layer)		 e.g. HTTP, RTSP, FTP, DNS
Transport

Transport layer

Network (internet) level

Data Link Layer

In addition, the data link layer describes the data transmission medium (be it coaxial cable, twisted pair, optical fiber or radio channel), the physical characteristics of such a medium and the principle of data transmission (channel separation, modulation, signal amplitude, signal frequency, transmission synchronization method, latency response and maximum distance).

When designing a protocol stack at the link level, noise-resistant coding is considered - making it possible to detect and correct errors in data due to the impact of noise and interference on the communication channel.

Comparison with the OSI model

The top three layers in the OSI model, that is, the application layer, presentation layer and session layer, are not separately distinguished in the TCP/IP model, which only has an application layer above the transport layer. Although some pure OSI protocol applications, such as X.400, also combine them, there is no requirement that the TCP/IP protocol stack must overlay a monolithic architecture above the transport layer. For example, the NFS application protocol operates through the External Data Representation (XDR) protocol, which in turn operates through the Remote Procedure Call (RPC) protocol. RPC provides reliable data transfer so it can safely use best-effort UDP transport.

Various authors have interpreted the TCP/IP model in different ways and do not agree that the link layer or the entire TCP/IP model captures OSI Layer 1 (physical layer) concerns or assumes that the hardware layer is below the link layer.

Several authors have attempted to incorporate layers 1 and 2 of the OSI model into the TCP/IP model, since they are commonly referred to in modern standards (eg IEEE and ITU). This often results in a five-layer model, where the communication layer or network access layer is divided into layers 1 and 2 of the OSI model.

The IETF protocol development efforts are not about strict layering. Some of its protocols may not follow the pure OSI model, although RFCs sometimes reference it and often use older OSI layer numbers. The IETF has repeatedly stated that Internet protocol and architecture design should not conform to OSI requirements. RFC 3439, which addresses Internet architecture, contains a section entitled "Layer Considered Harmful".

For example, the session and presentation layers of the OSI packet are considered to be included in the application layer of the TCP/IP packet. Session layer functionality can be found in protocols such as HTTP and SMTP, and is more evident in protocols such as Telnet and Session Initiation Protocol (SIP). Session layer functionality is also implemented with port numbering for the TCP and UDP protocols, which span the transport layer in the TCP/IP suite. Presentation layer functions are implemented in TCP/IP applications with the MIME standard for data exchange.

Conflicts are also evident in the original OSI model, ISO 7498, when appendices to that model, such as the ISO 7498/4 Management Framework or ISO 8648 Internal Organization of the Network layer (IONL), are not addressed. When the IONL and Management Framework documents are reviewed, ICMP and IGMP are defined as layer control protocols for the network layer. Similarly, IONL provides a framework for "subnet-dependent convergence objects" such as ARP and RARP.

IETF protocols can be encapsulated recursively, as evidenced by tunneling protocols such as General Routing Encapsulation (GRE). GRE uses the same mechanism that OSI uses for tunneling at the network layer. There is disagreement about how to fit the TCP/IP model into the OSI model because the layers in these models are not the same.

In addition, the OSI model does not use an additional layer - "Internetworking" - between the data link and network layers. An example of a controversial protocol would be ARP or STP.

Here's how TCP/IP protocols traditionally fit into the OSI model:

Distribution of protocols by levels of the OSI model
TCP/IP OSI
7 Applied Applied e.g. HTTP, SMTP, SNMP, FTP, Telnet, SSH, SCP, SMB, NFS, RTSP, BGP
6 Representation e.g. XDR, AFP, TLS, SSL
5 Session e.g. ISO 8327 / CCITT X.225, RPC, NetBIOS, PPTP, L2TP, ASP
4 Transport Transport e.g. TCP, UDP, SCTP, SPX, ATP, DCCP, GRE
3 Network Network e.g. ICMP, IGMP, CLNP, OSPF, RIP, IPX, DDP, ARP
2 Duct Duct e.g. Ethernet, Token ring, HDLC, PPP, X.25, Frame relay, ISDN, ATM, SPB, MPLS
1 Physical e.g. electrical cables, radio communications, fiber optic cables, infrared radiation

Typically, in the TCP/IP stack, the top 3 layers of the OSI model (application, presentation and session) are combined into one - application. Since such a stack does not provide a unified data transfer protocol, the functions of determining the data type are transferred to the application.

Description of the TCP/IP model in technical literature

Notes

  1. OSI and TCP/IP models. Knowledge base osLogic.ru
  2. TCP/IP and OSI network models. Cisco Learning
  3. Vasiliev A. A., Telina I. S., Izbachkov Yu. S., Petrov V. N. Information systems: Textbook for universities. - St. Petersburg. : Peter, 2010. - 544 p. - ISBN 978-5-49807-158-9.
  4. Andrew Krowczyk, Vinod Kumar, Noman Laghari and others..NET network programming for professionals / trans. from English V. Streltsov. - M.: Lori, 2005. - 400 p. - ISBN 1-86100-735-3. - ISBN 5-85582-170-2.

Transport Layer (TL) defines the rules for transporting packets over the network. The transport layer monitors the end-to-end delivery of individual packets; it does not take into account any dependencies between these packets (even those belonging to the same message). It treats each packet as if each part belonged to a separate message, regardless of whether it actually is or not. Transport layer protocols ensure that all messages arrive at their destination intact and that packets are ordered in their original order. At the transport layer, information violation control and error control are carried out, as well as flow control along the entire source-destination path.

The transport layer performs the following tasks:

  • Service point addressing. Computers often run multiple programs at the same time. For this reason, source-destination delivery means delivery not only from one computer to the next, but also from a given process (running program) on one computer to a given process (running program) on another. Therefore, the transport layer header must include an address type called a service point address (or port address). The network layer delivers each packet to the correct computer address; The transport layer delivers the complete message to the correct process on that computer.
  • Segmentation and reassembly. The message is divided into transportable segments, each segment containing a sequence number. These numbers enable the transport layer, after reaching its destination, to correctly reassemble the message and replace packets that were lost in transmission.
  • Connection management. The transport layer can be connection-oriented (connectionless transfer) or connection-oriented transfer (datagram mode). The connectionless transport layer (over a pre-established virtual connection) processes each segment as an independent packet and delivers it to the transport layer at the destination machine. The connection-oriented transport layer first establishes a connection to the transport layer on the destination computer before delivering packets. After all data has been transferred, the connection ends.

    In connectionless mode, the transport layer is used to transmit single datagrams without guaranteeing their reliable delivery. Connection-oriented mode is used for reliable data delivery.

  • Flow control. Like the data link layer, the transport layer is responsible for flow control. However, flow control at this level is done end-to-end.
  • Error Control. Like the data link layer, the transport layer is responsible for error control. The transmit transport layer ensures that the complete message reaches the receive transport layer without error (damage, loss, or duplication). Error correction usually occurs through retransmission.

Session Layer SL- network dialogue controller. It establishes, maintains and synchronizes interactions between communicating systems.

Using the Session Layer, a dialogue is organized between the parties, it is recorded which party is the initiator, which party is active and how the dialogue ends.

The session layer tasks are as follows:

  • Dialogue management. Session layer allows two systems to enter into dialogue. It allows the exchange of messages between two processes. In this case, the following modes are possible: either half-duplex (one path at a time) or full-duplex (two paths at the same time). For example, the dialogue between the terminal and the mainframe may be half-duplex.
  • Synchronization. Session layer Allows a process to add checkpoints (synchronization points) to a data stream. For example, if the system sends a file of 2,000 pages, it is desirable to insert checkpoints after every 100 pages to ensure that each 100-page module is received and recognized independently. In this case, if a violation occurs during the transmission of page 523, the only page that is required and will be sent again after the system recovery is page 501 (the first page of the fifth hundred)

Presentation Layer deals with the form of providing information to lower levels, for example, recoding or encrypting information.

The tasks of the presentation layer are:

  • Recoding information. Processes (running programs) on the two systems typically exchange information in the form of character strings, numbers, and so on. Information must be changed into bit streams before being transmitted. Since different computers use different encoding systems, presentation layer is responsible for the interoperability between these different encoding methods. Presentation layer at the transmitter changes information from a transmitter-specific form to a general form. Presentation layer in the receiving computer replaces the common format with the format of its receiver.
  • Encryption. To deliver sensitive information, the system must provide secrecy. Encryption means that the transmitter converts the original information to another form and sends the resulting message over the network. The decoding must be the exact opposite of the original process in order to transform the message back to its original form.
  • Compression. Data compression reduces the number of bits contained in the information. Data compression becomes especially important in the transmission of multimedia such as text, audio and video.

Application Layer (AL) is a set of protocols exchanged between remote nodes implementing the same task (program). Application layer allows the user (person or software) to access the network. It provides user interfaces and support for services such as email, remote access and funds transfer, public database management, and other types of distributed information services.

Examples of services provided by the application layer:

  • Network virtual terminal. A network virtual terminal is a software version of a physical terminal, it allows the user to log into a remote host. To do this, the application creates a software emulation of a terminal on the remote host. The user's computer communicates with the software terminal, which, in turn, communicates with the host, and vice versa. The remote host defines this connection as a connection with one of its own terminals and allows entry.
  • File transfer, access and management. This application allows the user to access files on a remote host to modify or read data, retrieve files from a remote computer for use on a local computer, and administer or manage files on a remote computer.
  • Postal services. This application provides a base for sending and storing email.
  • Directory services. This application provides distributed database sources and access to global information about various objects and services.

Internet protocol stack

The Internet2 protocol stack was developed before the OSI model. Therefore, the layers in the Internet protocol stack do not correspond to the corresponding layers in the OSI model. The Internet protocol stack consists of five layers: physical, data link, network, transport and application. The first four layers provide physical standards, network interface, internetworking, and transport functions that correspond to the first four layers of the OSI model. The top three layers in the OSI model are represented in the Internet protocol stack by a single layer called the application layer. 1.3.

Rice. 1.3.

ARP Address Resolution Protocol Address Finding Protocol
ATM Asynchronous Transfer Mode Asynchronous transfer mode
BGP Border Gateway Protocol Edge Routing Protocol
DNS Domain Name System Domain Name System
Ethernet Ethernet Network Ethernet network
FDDI Fiber Distributed Data Interface Fiber Optic Distributed Data Interface
HTTP Hyper Text Transfer Protocol Hypertext Transfer Protocol
FTP File transfer Protocol File Transfer Protocol
ICMP Internet Control Message Protocol Control Message Protocol
IGMP Internet Group Management Protocol Internet Group (User) Management Protocol
IP Internet Protocol Internet Protocol
NFS Network File System Network File System Access Protocol
OSPF Open Shortest Path First Open Shortest Channel Preference Protocol
PDH Plesiochronous Digital Hierarchy Plesiochronic digital hierarchy
PPP Point-to-Point Protocol Point-to-point communication protocol

In the modern world, information spreads in a matter of seconds. The news has just appeared, and a second later it is already available on some website on the Internet. The Internet is considered one of the most useful developments of the human mind. To enjoy all the benefits that the Internet provides, you need to connect to this network.

Few people know that the simple process of visiting web pages involves a complex system of actions, invisible to the user. Each click on a link activates hundreds of different computational operations at the heart of the computer. These include sending requests, receiving responses, and much more. The so-called TCP/IP protocols are responsible for every action on the network. What are they?

Any Internet protocol TCP/IP operates at its own level. In other words, everyone does their own thing. The entire TCP/IP protocol family does a tremendous amount of work simultaneously. And the user at this time sees only bright pictures and long lines of text.

The concept of a protocol stack

The TCP/IP protocol stack is an organized set of basic network protocols, which is hierarchically divided into four levels and is a system for transport distribution of packets over a computer network.

TCP/IP is the most famous network protocol stack in use today. The principles of the TCP/IP stack apply to both local and wide area networks.

Principles of using addresses in the protocol stack

The TCP/IP network protocol stack describes the paths and directions in which packets are sent. This is the main task of the entire stack, performed at four levels that interact with each other using a logged algorithm. To ensure that the packet is sent correctly and delivered exactly to the point that requested it, IP addressing was introduced and standardized. This was due to the following tasks:

  • Addresses of different types must be consistent. For example, converting a website domain to a server's IP address and back, or converting a host name to an address and back. In this way, it becomes possible to access the point not only using the IP address, but also by its intuitive name.
  • Addresses must be unique. This is because in some special cases the packet must reach only one specific point.
  • The need to configure local area networks.

In small networks where several dozen nodes are used, all these tasks are performed simply, using the simplest solutions: compiling a table describing the ownership of the machine and its corresponding IP address, or you can manually distribute IP addresses to all network adapters. However, for large networks with a thousand or two thousand machines, the task of manually issuing addresses does not seem so feasible.

That is why a special approach was invented for TCP/IP networks, which became a distinctive feature of the protocol stack. The concept of scalability was introduced.

Layers of the TCP/IP protocol stack

There is a certain hierarchy here. The TCP/IP protocol stack has four layers, each of which handles its own set of protocols:

Application layer: created to enable the user to interact with the network. At this level, everything that the user sees and does is processed. The layer allows the user to access various network services, for example: access to databases, the ability to read a list of files and open them, send an email message or open a web page. Along with user data and actions, service information is transmitted at this level.

Transport layer: This is a pure packet transmission mechanism. At this level, neither the contents of the package nor its affiliation with any action matter at all. At this level, only the address of the node from which the packet is sent and the address of the node to which the packet should be delivered matters. As a rule, the size of fragments transmitted using different protocols can change, therefore, at this level, blocks of information can be split up at the output and assembled into a single whole at the destination. This causes possible data loss if, at the time of transmission of the next fragment, a short-term connection break occurs.

The transport layer includes many protocols, which are divided into classes, from the simplest ones, which simply transmit data, to complex ones, which are equipped with the functionality of acknowledging receipt, or re-requesting a missing block of data.

This level provides the higher (application) level with two types of services:

  • Provides guaranteed delivery using the TCP protocol.
  • Delivers via UDP whenever possible .

To ensure guaranteed delivery, a connection is established according to the TCP protocol, which allows packets to be numbered at the output and confirmed at the input. The numbering of packets and confirmation of reception is the so-called service information. This protocol supports transmission in "Duplex" mode. In addition, thanks to the well-thought-out regulations of the protocol, it is considered very reliable.

The UDP protocol is intended for moments when it is impossible to configure transmission via the TCP protocol, or you have to save on the network data transmission segment. Also, the UDP protocol can interact with higher-level protocols to increase the reliability of packet transmission.

Network layer or "Internet layer": the base layer for the entire TCP/IP model. The main functionality of this layer is identical to the layer of the same name in the OSI model and describes the movement of packets in a composite network consisting of several smaller subnets. It links adjacent layers of the TCP/IP protocol.

The network layer is the connecting layer between the higher transport layer and the lower level of network interfaces. The network layer uses protocols that receive a request from the transport layer, and through regulated addressing, transmit the processed request to the network interface protocol, indicating to which address to send the data.

The following TCP/IP network protocols are used at this level: ICMP, IP, RIP, OSPF. The main and most popular at the network level is, of course, the IP (Internet Protocol). Its main task is to transmit packets from one router to another until a unit of data reaches the network interface of the destination node. The IP protocol is deployed not only on hosts, but also on network equipment: routers and managed switches. The IP protocol operates on the principle of best-effort, non-guaranteed delivery. That is, there is no need to establish a connection in advance to send a packet. This option leads to saving traffic and time on the movement of unnecessary service packets. The packet is routed towards its destination, and it is possible that the node remains unreachable. In this case, an error message is returned.

Network interface level: is responsible for ensuring that subnetworks with different technologies can interact with each other and transmit information in the same mode. This is accomplished in two simple steps:

  • Encoding a packet into an intermediate network data unit.
  • Converts the destination information into the required subnet standards and sends the data unit.

This approach allows us to constantly expand the number of supported networking technologies. As soon as a new technology appears, it immediately falls into the TCP/IP protocol stack and allows networks with older technologies to transfer data to networks built using more modern standards and methods.

Units of data transferred

During the existence of such a phenomenon as the TCP/IP protocols, standard terms were established for the units of transmitted data. Data during transmission can be fragmented in different ways, depending on the technologies used by the destination network.

To have an idea of ​​what is happening with the data and at what point in time, it was necessary to come up with the following terminology:

  • Data stream- data that arrives at the transport layer from protocols of a higher application layer.
  • A segment is a fragment of data into which a stream is divided according to TCP protocol standards.
  • Datagram(especially illiterate people pronounce it as “Datagram”) - units of data that are obtained by splitting a stream using connectionless protocols (UDP).
  • Plastic bag- a unit of data produced via the IP protocol.
  • The TCP/IP protocols package IP packets into blocks of data transmitted over composite networks, called personnel or frames.

Types of TCP/IP protocol stack addresses

Any TCP/IP data transfer protocol uses one of the following address types to identify hosts:

  • Local (hardware) addresses.
  • Network addresses (IP addresses).
  • Domain names.

Local addresses (MAC addresses) - used in most local area network technologies to identify network interfaces. When talking about TCP/IP, the word local means an interface that operates not in a composite network, but within a separate subnet. For example, the subnet of an interface connected to the Internet will be local, and the Internet network will be composite. A local network can be built on any technology, and regardless of this, from the point of view of a composite network, a machine located in a separately dedicated subnet will be called local. Thus, when a packet enters the local network, its IP address is then associated with the local address, and the packet is sent to the MAC address of the network interface.

Network addresses (IP addresses). TCP/IP technology provides its own global addressing of nodes to solve a simple problem - combining networks with different technologies into one large data transmission structure. IP addressing is completely independent of the technology used on the local network, but an IP address allows a network interface to represent a machine on a composite network.

As a result, a system was developed in which hosts are assigned an IP address and a subnet mask. The subnet mask shows how many bits are allocated to the network number, and how many to the host number. An IP address consists of 32 bits, divided into blocks of 8 bits.

When a packet is transmitted, it is assigned information about the network number and the node number to which the packet should be sent. First, the router forwards the packet to the desired subnet, and then a host is selected that is waiting for it. This process is carried out by the Address Resolution Protocol (ARP).

Domain addresses on TCP/IP networks are managed by a specially designed Domain Name System (DNS). To do this, there are servers that match the domain name, presented as a string of text, with the IP address, and send the packet in accordance with global addressing. There is no correspondence between a computer name and an IP address, so in order to convert a domain name to an IP address, the sending device must access the routing table that is created on the DNS server. For example, we write the site address in the browser, the DNS server matches it with the IP address of the server on which the site is located, and the browser reads the information, receiving a response.

In addition to the Internet, it is possible to issue domain names to computers. Thus, the process of working on a local network is simplified. There is no need to remember all IP addresses. Instead, you can give each computer any name and use it.

IP address. Format. Components. Subnet mask

An IP address is a 32-bit number, which in traditional representation is written as numbers from 1 to 255, separated by dots.

Type of IP address in various recording formats:

  • Decimal IP address: 192.168.0.10.
  • Binary form of the same IP address: 11000000.10101000.00000000.00001010.
  • Address entry in hexadecimal number system: C0.A8.00.0A.

There is no separator between the network ID and the point number in the entry, but the computer is able to separate them. There are three ways to do this:

  1. Fixed border. With this method, the entire address is conditionally divided into two parts of a fixed length, byte by byte. Thus, if we give one byte for the network number, then we will get 2 8 networks of 2 24 nodes each. If the border is moved another byte to the right, then there will be more networks - 2 16, and fewer nodes - 2 16. Today, the approach is considered obsolete and is not used.
  2. Subnet mask. The mask is paired with an IP address. The mask has a sequence of values ​​"1" in those bits that are allocated to the network number, and a certain number of zeros in those places of the IP address that are allocated to the node number. The boundary between ones and zeros in the mask is the boundary between the network ID and the host ID in the IP address.
  3. Address classes method. Compromise method. When using it, network sizes cannot be selected by the user, but there are five classes - A, B, C, D, E. Three classes - A, B and C - are intended for various networks, and D and E are reserved for special-purpose networks . In a class system, each class has its own boundary of network number and node ID.

IP Address Classes

TO class A These include networks in which the network is identified by the first byte, and the remaining three are the node number. All IP addresses that have a first byte value from 1 to 126 in their range are class A networks. There are very few class A networks in quantity, but each of them can have up to 2 24 points.

Class B- networks in which the two highest bits are equal to 10. In them, 16 bits are allocated for the network number and point identifier. As a result, it turns out that the number of class B networks is quantitatively different from the number of class A networks, but they have a smaller number of nodes - up to 65,536 (2 16) units.

On networks class C- there are very few nodes - 2 8 in each, but the number of networks is huge, due to the fact that the network identifier in such structures takes up three bytes.

Networks class D- already belong to special networks. It starts with the sequence 1110 and is called a multicast address. Interfaces with class A, B and C addresses can be part of a group and receive, in addition to the individual address, a group address.

Addresses class E- in reserve for the future. Such addresses begin with the sequence 11110. Most likely, these addresses will be used as group addresses when there is a shortage of IP addresses on the global network.

Setting up the TCP/IP protocol

Setting up the TCP/IP protocol is available on all operating systems. These are Linux, CentOS, Mac OS X, Free BSD, Windows 7. The TCP/IP protocol only requires a network adapter. Of course, server operating systems are capable of more. The TCP/IP protocol is very widely configured using server services. IP addresses on regular desktop computers are set in the network connection settings. There you configure the network address, the gateway - the IP address of the point that has access to the global network, and the addresses of the points where the DNS server is located.

The TCP/IP Internet protocol can be configured manually. Although this is not always necessary. You can receive TCP/IP protocol parameters from the server's dynamic distribution address automatically. This method is used in large corporate networks. On a DHCP server, you can map a local address to a network address, and as soon as a machine with a given IP address appears on the network, the server will immediately give it a pre-prepared IP address. This process is called reservation.

TCP/IP Address Resolution Protocol

The only way to establish a relationship between a MAC address and an IP address is by maintaining a table. If there is a routing table, each network interface is aware of its addresses (local and network), but the question arises of how to properly organize the exchange of packets between nodes using the TCP/IP 4 protocol.

Why was Address Resolution Protocol (ARP) invented? In order to link the TCP/IP family of protocols and other addressing systems. An ARP mapping table is created on each node and is populated by polling the entire network. This happens every time the computer is turned off.

ARP table

This is what an example of a compiled ARP table looks like.

Protocol stacks

A protocol stack is a hierarchically organized set of network protocols at various levels, sufficient to organize and ensure the interaction of nodes in the network. Currently, networks use a large number of communication protocol stacks. The most popular stacks are: TCP/IP, IPX/SPX, NetBIOS/SMB, Novell NetWare, DECnet, XNS, SNA and OSI. All of these stacks, except for SNA, at the lower levels - physical and data link - use the same well-standardized protocols Ethemet, Token Ring, FDDI and some others, which allow the same equipment to be used in all networks. But at the upper levels, all stacks operate according to their own protocols. These protocols often do not conform to the layering recommended by the OSI model. In particular, the functions of the session and presentation layers are typically combined with the application layer. This discrepancy is due to the fact that the OSI model appeared as a result of a generalization of already existing and actually used stacks, and not vice versa.

All protocols included in the stack were developed by one manufacturer, that is, they are able to work as quickly and efficiently as possible.

An important point in the operation of network equipment, in particular a network adapter, is the binding of protocols. It allows you to use different protocol stacks when servicing one network adapter. For example, you can use TCP/IP and IPX/SPX stacks simultaneously. If suddenly an error occurs when trying to establish a connection with the recipient using the first stack, then a switch to using the protocol from the next stack will automatically occur. An important point in this case is the binding order, since it clearly affects the use of one or another protocol from different stacks.

Regardless of how many network adapters are installed in the computer, binding can be carried out either “one to several” or “several to one”, that is, one protocol stack can be tied to several adapters at once or several stacks to one adapter.

NetWare is a network operating system and a set of network protocols that are used in this system to interact with client computers connected to the network. The system's network protocols are based on the XNS protocol stack. NetWare currently supports TCP/IP and IPX/SPX protocols. Novell NetWare was popular in the 80s and 90s due to its greater efficiency compared to general purpose operating systems. This is now an outdated technology.

The XNS (Xerox Network Services Internet Transport Protocol) protocol stack was developed by Xerox for transmitting data over Ethernet networks. Contains 5 levels.

Level 1 - transmission medium - implements the functions of the physical and data link layers in the OSI model:

* manages data exchange between the device and the network;

* routes data between devices on the same network.

Layer 2 - internetwork - corresponds to the network layer in the OSI model:

* manages data exchange between devices located on different networks (provides datagram service in terms of the IEEE model);

* describes the way data flows through the network.

Layer 3 - transport - corresponds to the transport layer in the OSI model:

* provides end-to-end communication between the data source and destination.

Level 4 - control - corresponds to the session and representative levels in the OSI model:

* controls the presentation of data;

* manages control over device resources.

Level 5 - application - corresponds to the highest levels in the OSI model:

* provides data processing functions for application tasks.

The TCP/IP (Transmission Control Protocol/Internet Protocol) protocol stack is the most common and functional today. It works in local networks of any size. This stack is the main stack on the global Internet. Stack support was implemented in computers running the UNIX operating system. As a result, the popularity of the TCP/IP protocol has increased. The TCP/IP protocol stack includes quite a lot of protocols operating at different levels, but it got its name thanks to two protocols - TCP and IP.

TCP (Transmission Control Protocol) is a transport protocol designed to control data transmission in networks using the TCP/IP protocol stack. IP (Internet Protocol) is a network layer protocol designed to deliver data over a composite network using one of the transport protocols, such as TCP or UDP.

The lower level of the TCP/IP stack uses standard data transfer protocols, which makes it possible to use it in networks using any network technology and on computers with any operating system.

The TCP/IP protocol was originally developed for use in global networks, which is why it is extremely flexible. In particular, thanks to the ability to fragment packets, data, despite the quality of the communication channel, in any case reaches the addressee. In addition, thanks to the presence of the IP protocol, data transfer between dissimilar network segments becomes possible.

The disadvantage of the TCP/IP protocol is the complexity of network administration. Thus, for the normal functioning of the network, additional servers are required, such as DNS, DHCP, etc., maintaining the operation of which takes up most of the system administrator’s time. Limoncelli T., Hogan K., Cheylap S. - System and network administration. 2nd ed. year 2009. 944с

The IPX/SPX (Internetwork Packet Exchange/Sequenced Packet Exchange) protocol stack is developed and owned by Novell. It was developed for the needs of the Novell NetWare operating system, which until recently occupied one of the leading positions among server operating systems.

The IPX and SPX protocols operate at the network and transport layers of the ISO/OSI model, respectively, and therefore complement each other perfectly.

The IPX protocol can transmit data using datagrams using network routing information. However, in order to transmit data along the found route, a connection must first be established between the sender and the recipient. This is what the SPX protocol or any other transport protocol that works in tandem with IPX does.

Unfortunately, the IPX/SPX protocol stack is initially designed to serve small networks, so its use in large networks is ineffective: excessive use of broadcasting on low-speed communication lines is unacceptable.

At the physical and data link layers, the OSI stack supports the Ethernet, Token Ring, FDDI protocols, as well as the LLC, X.25 and ISDN protocols, that is, it uses all the popular lower-layer protocols developed outside the stack, like most other stacks. The network layer includes the relatively rarely used Connectionoriented Network Protocol (CONP) and Connectionless Network Protocol (CLNP). The routing protocols of the OSI stack are ES-IS (End System -- Intermediate System) between end and intermediate systems and IS-IS (Intermediate System -- Intermediate System) between intermediate systems. The transport layer of the OSI stack hides the differences between connection-oriented and connectionless network services so that users receive the desired quality of service regardless of the underlying network layer. To provide this, the transport layer requires the user to specify the desired quality of service. Application layer services provide file transfer, terminal emulation, directory services, and mail. Of these, the most popular are directory service (X.500 standard), electronic mail (X.400), virtual terminal protocol (VTP), file transfer, access and management (FTAM) protocol, forwarding and job management protocol (JTM).

A fairly popular protocol stack developed by IBM and Microsoft, respectively, aimed at use in the products of these companies. Like TCP/IP, standard protocols such as Ethernet, Token Ring and others operate at the physical and data link levels of the NetBIOS/SMB stack, which makes it possible to use it in conjunction with any active network equipment. At the upper levels, the NetBIOS (Network Basic Input/Output System) and SMB (Server Message Block) protocols operate.

The NetBIOS protocol was developed in the mid-80s of the last century, but was soon replaced by the more functional NetBEUI (NetBIOS Extended User Interface) protocol, which allows for very efficient information exchange in networks consisting of no more than 200 computers.

To exchange data between computers, logical names are used that are assigned to computers dynamically when they are connected to the network. In this case, the name table is distributed to each computer on the network. It also supports working with group names, which allows you to transfer data to several recipients at once.

The main advantages of the NetBEUI protocol are speed and very low resource requirements. If you need to organize fast data exchange in a small network consisting of a single segment, there is no better protocol for this. In addition, an established connection is not a mandatory requirement for message delivery: if there is no connection, the protocol uses the datagram method, where the message is equipped with the address of the recipient and the sender and “takes off”, moving from one computer to another.

However, NetBEUI also has a significant drawback: it is completely devoid of the concept of packet routing, so its use in complex composite networks does not make sense. Pyatibratov A.P., Gudyno L.P., Kirichenko A.A. Computers, networks and telecommunication systems Moscow 2009. 292s

As for the SMB (Server Message Block) protocol, it is used to organize network operation at the three highest levels - session, presentation and application levels. It is when you use it that access to files, printers and other network resources becomes possible. This protocol has been improved several times (three versions have been released), which makes it possible to use it even in modern operating systems such as Microsoft Vista and Windows 7. The SMB protocol is universal and can work in tandem with almost any transport protocol, such as TCP/IP and SPX.

The DECnet (Digital Equipment Corporation net) protocol stack contains 7 layers. Despite the difference in terminology, the DECnet layers are very similar to the OSI model layers. DECnet implements the DNA (Digital Network Architecture) concept of network architecture, developed by DEC, according to which heterogeneous computing systems (computers of different classes), operating under different operating systems, can be combined into geographically distributed information and computing networks.

IBM's SNA (System Network Architecture) protocol is designed for remote communication with large computers and contains 7 layers. SNA is based on the host machine concept and provides remote terminal access to IBM mainframes. The main distinguishing feature of SNA is the ability of each terminal to access any application program of the host computer. The system network architecture is implemented on the basis of a virtual telecommunication access method (VTAM) in the host computer. VTAM manages all communications links and terminals, with each terminal having access to all application programs.


2024 gtavrl.ru.