Networking 231

reader@hacking:~/booksrc $
$ grep -R "typedef.*be16" /usr/include
/usr/include/linux/types.h:typedef u16 bitwise be16;

$ grep -R "typedef.*u16" /usr/include | grep short
/usr/include/linux/i2o-dev.h:typedef unsigned short u16;
/usr/include/linux/cramfs_fs.h:typedef unsigned short u16;
/usr/include/asm/types.h:typedef unsigned short u16;
$

The include file also defines the Ethernet header length in ETH_HLEN as

14 bytes. This adds up, since the source and destination MAC addresses use

6 bytes each, and the packet type field is a 16-bit short integer that takes up

2 bytes. However, many compilers will pad structures along 4-byte boundaries

for alignment, which means that sizeof(struct ethhdr) would return an

incorrect size. To avoid this, ETH_HLEN or a fixed value of 14 bytes should

be used for the Ethernet header length.

By including <linux/if_ether.h>, these other include files containing

the required __be16 type definition are also included. Since we want to make

our own structures for hacking-network.h, we should strip out references to

unknown type definitions. While we’re at it, let’s give these fields better names.

Added to hacking-network.h

#define ETHER_ADDR_LEN 6
#define ETHER_HDR_LEN 14

struct ether_hdr {
unsigned char ether_dest_addr[ETHER_ADDR_LEN]; // Destination MAC address
unsigned char ether_src_addr[ETHER_ADDR_LEN]; // Source MAC address
unsigned short ether_type; // Type of Ethernet packet
};

We can do the same thing with the IP and TCP structures, using the

corresponding structures and RFC diagrams as a reference.

From /usr/include/netinet/ip.h

struct iphdr
{
#if BYTE_ORDER == __LITTLE_ENDIAN
unsigned int ihl:4;
unsigned int version:4;
#elif BYTE_ORDER == __BIG_ENDIAN
unsigned int version:4;
unsigned int ihl:4;
#else

error "Please fix <bits/endian.h>"

#endif
u_int8_t tos;
u_int16_t tot_len;
u_int16_t id;