Unlike the ethernet, ip, udp, and tcp code, there are no file descriptors in the icmp code. Instead of user processes directly sending icmp packets, functions within the ip code send icmp packets. For example, icmp_snd_time_exceeded() is called by the ip code to send an ICMP_TYPE_TIME_EXCEEDED icmp message if some fragments of the original packet were not received in time to be reassembled by the destination system.

Furthermore, if an icmp packet is received, a user process does not receive the packet (unlike, for example, udp packets). For example, if an ICMP_TYPE_ROUTER_ADVER icmp packet is received, the packet is not passed on to a user process. Instead, the icmp router advertisement packet is used to modify the routing table.

icmp_port

There is one icmp port for each interface. For the following inet.conf file:

eth0 DP8390 0 { default; };
psip1;

there will be 2 icmp ports, one for the ethernet interface and one for the psip interface.

Note that the icmp layer does not have a concept of a file descriptor.

typedef struct icmp_port

{

          int icp_flags;

          int icp_state;

          int icp_ipport;

          int icp_ipfd;

          acc_t *icp_head_queue;

          acc_t *icp_tail_queue;

          acc_t *icp_write_pack;

} icmp_port_t;

int icp_flags:

icp_flags will be of the following:

#define ICPF_EMPTY 0x0
#define ICPF_SUSPEND 0x1
#define ICPF_READ_IP 0x2
#define ICPF_READ_SP 0x4
#define ICPF_WRITE_IP 0x8
#define ICPF_WRITE_SP 0x10

The flags above are self-explanatory.


int icp_state:

icp_state will be one of the following:

#define ICPS_BEGIN 0
#define ICPS_IPOPT 1
#define ICPS_MAIN 2
#define ICPS_ERROR 3

After the network service has been initialized and configured, the state of the icmp port is ICPS_MAIN and does not leave this state unless there is an error or the icmp port is reconfigured.


int icp_ipport:

The icmp port's associated ip port.
int icp_ipfd: The icmp port's associated ip file descriptor.


acc_t *icp_head_queue, *icp_tail_queue, *icp_write_pack:

icp_head_queue/icp_tail_queue is the head and tail of the write queue for the icmp port. Immediately before ip_write() is called, the head of the write queue is placed in icp_write_pack field and then the ip code attempts to send out the icmp packet in this field.

icmp_prep()

icmp_prep() simply allocates space for icmp_port_table[].

icmp_init()

icmp_init() initializes icmp_port_table[] by setting a few fields for each icmp port and then (again for each icmp port) calls icmp_main() to complete the initialization.

icmp_port

There is one icmp port for each interface. For the following inet.conf file:

eth0 DP8390 0 { default; };
psip1;

there will be 2 icmp ports, one for the ethernet interface and one for the psip interface.

Note that the icmp layer does not have a concept of a file descriptor.

typedef struct icmp_port

{

          int icp_flags;

          int icp_state;

          int icp_ipport;

          int icp_ipfd;

          acc_t *icp_head_queue;

          acc_t *icp_tail_queue;

          acc_t *icp_write_pack;

} icmp_port_t;

int icp_flags:

icp_flags will be of the following:

#define ICPF_EMPTY 0x0
#define ICPF_SUSPEND 0x1
#define ICPF_READ_IP 0x2
#define ICPF_READ_SP 0x4
#define ICPF_WRITE_IP 0x8
#define ICPF_WRITE_SP 0x10

The flags above are self-explanatory.


int icp_state:

icp_state will be one of the following:

#define ICPS_BEGIN 0
#define ICPS_IPOPT 1
#define ICPS_MAIN 2
#define ICPS_ERROR 3

After the network service has been initialized and configured, the state of the icmp port is ICPS_MAIN and does not leave this state unless there is an error or the icmp port is reconfigured.


int icp_ipport:

The icmp port's associated ip port.
int icp_ipfd: The icmp port's associated ip file descriptor.


acc_t *icp_head_queue, *icp_tail_queue, *icp_write_pack:

icp_head_queue/icp_tail_queue is the head and tail of the write queue for the icmp port. Immediately before ip_write() is called, the head of the write queue is placed in icp_write_pack field and then the ip code attempts to send out the icmp packet in this field.

Initialize each of the icmp ports. For the following inet.conf file:

eth0 DP8390 0 { default; };
psip1;

there will be 2 icmp ports, one for the ethernet interface and one for the psip interface.

bf_logon()

bf_logon() is used by eth_init(), psip_init(), ip_init(), icmp_init(), tcp_init(), and udp_init() to register their functions for freeing buffers. For example, eth_init() calls bf_logon() with an argument of eth_buffree().

After bf_logon() is finished, freereq[] is configured as follows:

freereq[0]=eth_buffree
freereq[1]=psip_buffree
freereq[2]=ip_buffree
freereq[3]=icmp_buffree
freereq[4]=tcp_buffree
freereq[5]=udp_buffree

icmp_main()

icmp_main() is called during the initialization of the network service to initialize each of the icmp ports on a system. During the initialization of an icmp port, ip_open() is called to acquire an ip file descriptor. ip_ioctl() is then called to initialize this newly-opened ip file descriptor. Finally, icmp_read() is called to read any packets that have arrived at the ip file descriptor.

icmp_main() is called later by icmp_getdata() if, for whatever reason, the initialization steps were not able to complete.

icmp_main()

icmp_main() is called during the initialization of the network service to initialize each of the icmp ports on a system. During the initialization of an icmp port, ip_open() is called to acquire an ip file descriptor. ip_ioctl() is then called to initialize this newly-opened ip file descriptor. Finally, icmp_read() is called to read any packets that have arrived at the ip file descriptor.

icmp_main() is called later by icmp_getdata() if, for whatever reason, the initialization steps were not able to complete.

icp_head_queue is the head of the queue of icmp packets that are waiting to be delivered to their destination (i.e., that have been written).

ip_open()

ip_open() finds an available ip file descriptor in ip_fd_table[], sets a few of the ip file descriptor's fields, and then returns the index of the ip file descriptor within ip_fd_table[]. ip_open() is called by higher-level code (e.g., udp_main()) and the returned ip file descriptor is then associated with a higher-level port (e.g., udp port).



Note that there will only be a few ip file descriptors open at any given time. There will be an ip file descriptor opened for each interface for each client (udp, tcp, and icmp) and there will be one ip file descriptor opened each time the /dev/ip file is opened directly (as opposed to when, for example, the /dev/udp file is opened).

ip_ioctl()

ip_ioctl(fd, req) performs one of several tasks on the ip file descriptor whose index within ip_fd_table[] is fd, the first parameter. The task performed depends on req, the second parameter.

NWIOSIPOPT: Set the options (the if_ipopt field of the ip file descriptor) on the ip file descriptor. For example, during the initialization of a physical udp port, ip_ioctl() is called with req equal to NWIOSIPOPT.

An example of an ip iption (i.e., ip flag) is the NWIO_EN_BROAD flag. This flag is set if the ip file descriptor accepts broadcast packets. The options desired are obtained from the user process. For example, if a udp port opened up the ip file descriptor, udp_get_data() is (indirectly) called to obtain the configuration data.

NWIOGIPOPT: Send the ip file descriptor's options to the user process requesting the information. The information is sent in a struct of type nwio_ipopt_t.

NWIOSIPCONF: Configure the ip port (for example, the ip address can be configured) that corresponds to the ip file descriptor fd. The fields are obtained from the user process. For a detailed description of the different settings, click here.

NWIOGIPCONF: Send the ip address/subnet information (i.e., send a nwio_ipconf_t struct) to the next higher layer. For example, if the next higher layer is udp, ip_ioctl() calls (indirectly) udp_put_data(), which sets the ip address for the udp port (i.e., sets the up_ipaddr field of the corresponding element in udp_port_table[]).

NWIOGIPIROUTE, NWIOSIPIROUTE, NWIOGIPOROUTE, NWIODIPIROUTE, NWIOSIPOROUTE: It is possible to influence the route taken by a packet. These ioctl requests alter the input and output routing tables.

ip_ioctl() will never return NW_SUSPEND for this call.

icmp_read()

icmp_read() repeatedly calls ip_read() until all the valid packets in the read queue of the icmp port's associated ip file descriptor have been processed.

icmp_read() is called during initialization and is also called after an icmp packet has been processed.

icmp_getdata()

During the initialization of the network service, the icmp code calls ip_open() to acquire an ip file descriptor. The third and fourth arguments to ip_open() are pointers to icmp_getdata() and icmp_putdata(). These two values set the if_get_userdata and if_put_userdata fields of the ip file descriptor.

icmp_getdata() is (indirectly) called by ip_ioctl() to configure the ip file descriptor that the icmp code opened and is called by ip_write() to assist in sending out the next icmp packet (e.g., an icmp echo request packet) in the queue of icmp packets waiting to be sent out.

If the icmp code attempts to send out an icmp packet and everything goes well, icmp_getdata() will be called with a non-zero value of count. In this case, bf_cut() is called to trim the icmp packet to size and then return the newly resized packet. If something goes wrong with the write operation, error_reply() calls icmp_getdata() with a value of zero (0) for count.

If called from error_reply(), ip_write() (which called error_reply()) had problems sending out the icmp packet. Therefore, clear out the icp_write_pack field (which contains the problem icmp packet) and, if other icmp packets were suspended, call icmp_write() in an attempt to send these packets out.

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

The ICPF_WRITE_SP flag is never set (see line 30615) so this block is never executed.

icmp_write()

icmp_write() loops through an icmp port's write queue, each time placing the head of the queue into the icp_write_pack field of the icmp port and then calling ip_write() to send this icmp packet out.

After functions build an icmp packet, they call enqueue_pack() to send the icmp packet out rather than call icmp_write() directly. enqueue_pack() enqueues the icmp packet if another icmp packet is currently being sent out.

It is doubtful that the write queue mentioned above will ever be more than a single icmp packet. ip_write() was rewritten and currently only returns NW_OK. If the packet is valid, ip_write() always moves the packet to the ip layer even if the packet isn't immediately sent out the ethernet or the psip interface.

bf_cut()

If a section of a linked list needs to be duplicated, bf_cut(data, offset, length) is called. For example, if a section of length 50 starting at an offset of 75 of the linked list below needs to be duplicated, bf_cut(data, 75, 50) is called:



Note that the original linked list remains unchanged and that acc_linkC for all the accessors in the new linked list is one.

If length (the second parameter) is zero, simply duplicate the first accessor in the linked list but set acc_length=0 and acc_next=null. In other words, create a linked list of length one accessor whose acc_length is 0.

bf_cut() is used in a number of scenarios, including cutting a received ethernet packet to size.

For a full description of the network service's buffer management, click here.

If the icmp port is being configured, its state (icp_state) will be ICPS_IPOPT.

If the flags on lines 30209-30212 are unacceptable, icmp_getdata() will be called by reply_thr_get() (which was called by ip_ioctl()) and, therefore, count will be zero. However, since the network service would be unusable if the options were unacceptable, the options are obviously acceptable and so count will never be zero.

icmp_main()

icmp_main() is called during the initialization of the network service to initialize each of the icmp ports on a system. During the initialization of an icmp port, ip_open() is called to acquire an ip file descriptor. ip_ioctl() is then called to initialize this newly-opened ip file descriptor. Finally, icmp_read() is called to read any packets that have arrived at the ip file descriptor.

icmp_main() is called later by icmp_getdata() if, for whatever reason, the initialization steps were not able to complete.

If icmp_getdata() is (indirectly) called by ip_ioctl() to set the options for an icmp port's associated ip file descriptor. Allocate an nwio_ipopt struct, set the struct's nwio_flags and nwio_proto fields to values appropriate for icmp, and return the struct to ip_ioctl() so that ip_ioctl() can use the fields to configure the ip file descriptor.

bf_memreq()

After the buffers have been initialized, accessors[] looks like the following:



bf_memreq() allocates accessors to the caller. For example, if 1514 bytes of buffer space are requested immediately after the network process starts and each buffer is 512 bytes (the default), then accessors[] will look like the following:



Note that three elements of accessors[] have been removed from buf512_freelist and that the head of the chain of the 3 accessors is returned by bf_memreq(). Also note that the acc_linkC and buf_linkC fields have been set to one and acc_length and acc_offset have been set to their appropriate values.

So what happens if there are not enough buffers on the buf512_freelist to satisfy a request? On lines 2280-2290 of buf.c, functions that free buffers for the specific clients (e.g., eth_buffree()) are called until there are enough buffers on buf512_freelist.

For a complete description of the network service's buffer management, click here.

ptr2acc_data()

The macro ptr2acc_data is #define'd in inet/generic/buf.h as:

#define ptr2acc_data(/* acc_t * */ a) (bf_temporary_acc=(a), \
(&bf_temporary_acc->acc_buffer->buf_data_p[bf_temporary_acc-> \
acc_offset]))

ptr2acc_data() simply returns a pointer to the actual data within an accessor.

ptr2acc_data() is usually called so that the fields of a header (e.g., ip header) can be analyzed.

Configure the ip file descriptor with options appropriate for icmp.

icmp_putdata()

During the initialization of the network service, the icmp code calls ip_open() to acquire an ip file descriptor. The third and fourth arguments to the ip_open() call are pointers to icmp_getdata() and icmp_putdata(). These two values set the if_get_userdata and if_put_userdata fields of the ip file descriptor.

The two most significant places that icmp_getdata() is called are in packet2user(). The first time that packet2user() calls icmp_getdata(), icmp_getdata() simply calls process_data() to process the icmp packet that the system received and that packet2user() was processing. The second time that packet2user() calls icmp_getdata(), icmp_getdata() calls icmp_read() to retry any previously suspended icmp read operations.

Attempt to continue previously suspended icmp read operations.

icmp_read()

icmp_read() repeatedly calls ip_read() until all the valid packets in the read queue of the icmp port's associated ip file descriptor have been processed.

icmp_read() is called during initialization and is also called after an icmp packet has been processed.

process_data() / icmp

process_data() is called by icmp_putdata() to handle received icmp packets. The icmp packet is handed off by process_data() to the function responsible for the icmp packet's type (e.g., icmp_dst_unreach() handles icmp packets of type ICMP_TYPE_DST_UNRCH).

icmp_read()

icmp_read() repeatedly calls ip_read() until all the valid packets in the read queue of the icmp port's associated ip file descriptor have been processed.

icmp_read() is called during initialization and is also called after an icmp packet has been processed.

ip_read()

If there are unexpired packets in the ip file descriptor fd's read queue, ip_read(fd, count) passes count (ip_read()'s second parameter) bytes off to the next-higher layer by calling packet2user(). If the packets in the file descriptor's read queue have expired, ip_read() discards the packets.

ip_read() is (indirectly) called by sr_rwio() when a process reads an ip device file (e.g., /dev/ip).

In the udp code, ip_read() is called by read_ip_packets() during the initialization of the udp code. Normally, ip_read() is not called by the udp code after the initialization.

Note that outside of icmp_read(), the ICPF_READ_SP flag will always be set.

icmp_snd_time_exceeded()

icmp_snd_time_exceeded() sends an ICMP_TYPE_TIME_EXCEEDED icmp message. ICMP_TYPE_TIME_EXCEEDED messages are sent when either a packet's TTL timer has expired or if some fragments of the original packet were not received in time to be reassembled by the destination system.

Find the icmp port whose index within icmp_port_table[] is port_nr.

icmp_err_pack()

icmp_err_pack(pack, icmp_hdr) creates an icmp message and encapsulates the message in an ip header.

In order to do this, icmp_err_pack() first cuts out everything except the ip header and the first 8 bytes of data from the ip packet pack, icmp_err_pack()'s first parameter. Next, icmp_err_pack() zeroizes most of the fields (all fields except ih_chksum; the other fields must be set by the calling function) of the icmp header icmp_hdr, icmp_err_pack()'s second parameter, and appends the remains of the ip packet to the icmp header to create an icmp message. Finally, icmp_err_pack() creates an ip header and appends the newly created icmp message to this ip header.

Set the icmp message type to ICMP_TYPE_TIME_EXCEEDED. ICMP_TYPE_TIME_EXCEEDED messages are sent when either a packets's TTL timer has expired or if some fragments of the original packet were not received in time to be reassembled by the destination system.

code, icmp_snd_time_exceeded()'s third parameter, will be one of the following:

define ICMP_TTL_EXC 0
define ICMP_FRAG_REASSEM 1

Recalculate the icmp header's checksum to reflect the new values of the ih_type and ih_code fields. Note that both ih_type and ih_code are 1 byte values and that the recalculation involves 2 bytes.

enqueue_pack()

enqueue_pack enqueues an outgoing icmp packet in an icmp port's write queue and then calls icmp_write() to send the packet out.

It is doubtful that the queue mentioned above will ever be more than a single icmp packet. ip_write() was rewritten and currently only returns NW_OK. If the packet is valid, ip_write() always moves the packet to the ip layer even if the packet isn't immediately sent out the ethernet or the psip interface.

icmp_snd_redirect()

icmp_snd_redirect(port_nr, pack, code) builds an icmp redirect packet (partially using the ip packet pack, icmp_snd_redirect()'s second parameter) and then places the icmp redirect packet in the outgoing queue.

The function first calls icmp_err_pack() to build a generic icmp packet, sets the ih_type field of the icmp header to ICMP_TYPE_REDIRECT and recalibrates the checksum (since the type, code, and gateway fields of the icmp header have changed) of the icmp header before placing the icmp packet in the icmp port's write queue.

icmp_err_pack()

icmp_err_pack(pack, icmp_hdr) creates an icmp message and encapsulates the message in an ip header.

In order to do this, icmp_err_pack() first cuts out everything except the ip header and the first 8 bytes of data from the ip packet pack, icmp_err_pack()'s first parameter. Next, icmp_err_pack() zeroizes most of the fields (all fields except ih_chksum; the other fields must be set by the calling function) of the icmp header icmp_hdr, icmp_err_pack()'s second parameter, and appends the remains of the ip packet to the icmp header to create an icmp message. Finally, icmp_err_pack() creates an ip header and appends the newly created icmp message to this ip header.

The sender should have sent the packet to the gateway gw, icmp_snd_redirect()'s third parameter, rather than this system.

Recalculate the checksum for the icmp header using the new ih_type and ih_code values (which are 1 byte apiece).


oneC_sum()

A checksum is used to determine if errors occurred during the transmission of data. The checksum algorithm used by oneC_sum() (which is also the Internet standard) is described by RFC 1071.

Essentially, the algorithm goes through data and adds all the bytes together (using one's complement addition). The high 16 bits of the resulting 32 bit value is then added to the low 16 bits (again, using one's complement addition). The checksum field is then set to the one's complement of this 16 bit sum. (Recall that the one's complement of 0xF0F0 is 0x0F0F.) Since AND'ing any 16 bit number and its 16 bit one's complement will equal 0xFFFF, the checksum of the packet (without the checksum field) AND'ed with the checksum field will equal 0xFFFF (provided the packet was not corrupted after the checksum field was calculated). For example, the checksum of a udp header (including the checksum field) will equal 0xFFFF if the packet was not corrupted in delivery.


From RFC 1071:

In outline, the Internet checksum algorithm is fairly simple:

(1) Adjacent octets to be checksummed are paired to form 16-bit
integers, and the 1's complement sum of these 16-bit integers is
formed.

(2) To generate a checksum, the checksum field itself is cleared,
the 16-bit 1's complement sum is computed over the octets
concerned, and the 1's complement of this sum is placed in the
checksum field.

(3) To check a checksum, the 1's complement sum is computed over the
same set of octets, including the checksum field. If the result
is all 1 bits (-0 in 1's complement arithmetic), the check
succeeds.

Below is a "C" code algorithm that describes the process above. This algorithm is also from RFC 1071. Note that count is the running count of all the bytes in the data and checksum is the return value.

       {

           /* Compute Internet Checksum for "count" bytes

            *         beginning at location "addr".

            */

       register long sum = 0;



        while( count > 1 )  {

           /*  This is the inner loop */

               sum += * (unsigned short) addr++;

               count -= 2;

       }



           /*  Add left-over byte, if any */

       if( count > 0 )

               sum += * (unsigned char *) addr;



           /*  Fold 32-bit sum to 16 bits */

       while (sum>>16)

           sum = (sum & 0xffff) + (sum >> 16);



       checksum = ~sum;

   }

Recalculate the checksum for the icmp header using the new ihh_gateway value (which is 4 bytes).


oneC_sum()

A checksum is used to determine if errors occurred during the transmission of data. The checksum algorithm used by oneC_sum() (which is also the Internet standard) is described by RFC 1071.

Essentially, the algorithm goes through data and adds all the bytes together (using one's complement addition). The high 16 bits of the resulting 32 bit value is then added to the low 16 bits (again, using one's complement addition). The checksum field is then set to the one's complement of this 16 bit sum. (Recall that the one's complement of 0xF0F0 is 0x0F0F.) Since AND'ing any 16 bit number and its 16 bit one's complement will equal 0xFFFF, the checksum of the packet (without the checksum field) AND'ed with the checksum field will equal 0xFFFF (provided the packet was not corrupted after the checksum field was calculated). For example, the checksum of a udp header (including the checksum field) will equal 0xFFFF if the packet was not corrupted in delivery.


From RFC 1071:

In outline, the Internet checksum algorithm is fairly simple:

(1) Adjacent octets to be checksummed are paired to form 16-bit
integers, and the 1's complement sum of these 16-bit integers is
formed.

(2) To generate a checksum, the checksum field itself is cleared,
the 16-bit 1's complement sum is computed over the octets
concerned, and the 1's complement of this sum is placed in the
checksum field.

(3) To check a checksum, the 1's complement sum is computed over the
same set of octets, including the checksum field. If the result
is all 1 bits (-0 in 1's complement arithmetic), the check
succeeds.

Below is a "C" code algorithm that describes the process above. This algorithm is also from RFC 1071. Note that count is the running count of all the bytes in the data and checksum is the return value.

       {

           /* Compute Internet Checksum for "count" bytes

            *         beginning at location "addr".

            */

       register long sum = 0;



        while( count > 1 )  {

           /*  This is the inner loop */

               sum += * (unsigned short) addr++;

               count -= 2;

       }



           /*  Add left-over byte, if any */

       if( count > 0 )

               sum += * (unsigned char *) addr;



           /*  Fold 32-bit sum to 16 bits */

       while (sum>>16)

           sum = (sum & 0xffff) + (sum >> 16);



       checksum = ~sum;

   }

enqueue_pack()

enqueue_pack enqueues an outgoing icmp packet in an icmp port's write queue and then calls icmp_write() to send the packet out.

It is doubtful that the queue mentioned above will ever be more than a single icmp packet. ip_write() was rewritten and currently only returns NW_OK. If the packet is valid, ip_write() always moves the packet to the ip layer even if the packet isn't immediately sent out the ethernet or the psip interface.

icmp_snd_unreachable()

icmp_snd_unreachable(port_nr, pack, code) builds an icmp unreachable packet (partially using the ip packet pack, icmp_snd_unreachable()'s second parameter) and then places the icmp unreachable packet in the outgoing queue. Icmp unreachable packets are sent if the network, host, or port number specified by the ip packet pack is unreachable.

The function first calls icmp_err_pack() to build a generic icmp packet, sets the ih_type field of the icmp header to ICMP_TYPE_DST_UNRCH and recalibrates the checksum (since the type and code fields of the icmp header have changed) of the icmp header before placing the packet in the icmp port's write queue.

Find the icmp port whose index within icmp_port_table[] is port_nr.

icmp_err_pack()

icmp_err_pack(pack, icmp_hdr) creates an icmp message and encapsulates the message in an ip header.

In order to do this, icmp_err_pack() first cuts out everything except the ip header and the first 8 bytes of data from the ip packet pack, icmp_err_pack()'s first parameter. Next, icmp_err_pack() zeroizes most of the fields (all fields except ih_chksum; the other fields must be set by the calling function) of the icmp header icmp_hdr, icmp_err_pack()'s second parameter, and appends the remains of the ip packet to the icmp header to create an icmp message. Finally, icmp_err_pack() creates an ip header and appends the newly created icmp message to this ip header.

The checksum needs adjustment since both the ih_type and ih_code fields have changed. Note that both ih_type and ih_code are of type u8_t (i.e., they are 8 bits).


oneC_sum()

A checksum is used to determine if errors occurred during the transmission of data. The checksum algorithm used by oneC_sum() (which is also the Internet standard) is described by RFC 1071.

Essentially, the algorithm goes through data and adds all the bytes together (using one's complement addition). The high 16 bits of the resulting 32 bit value is then added to the low 16 bits (again, using one's complement addition). The checksum field is then set to the one's complement of this 16 bit sum. (Recall that the one's complement of 0xF0F0 is 0x0F0F.) Since AND'ing any 16 bit number and its 16 bit one's complement will equal 0xFFFF, the checksum of the packet (without the checksum field) AND'ed with the checksum field will equal 0xFFFF (provided the packet was not corrupted after the checksum field was calculated). For example, the checksum of a udp header (including the checksum field) will equal 0xFFFF if the packet was not corrupted in delivery.


From RFC 1071:

In outline, the Internet checksum algorithm is fairly simple:

(1) Adjacent octets to be checksummed are paired to form 16-bit
integers, and the 1's complement sum of these 16-bit integers is
formed.

(2) To generate a checksum, the checksum field itself is cleared,
the 16-bit 1's complement sum is computed over the octets
concerned, and the 1's complement of this sum is placed in the
checksum field.

(3) To check a checksum, the 1's complement sum is computed over the
same set of octets, including the checksum field. If the result
is all 1 bits (-0 in 1's complement arithmetic), the check
succeeds.

Below is a "C" code algorithm that describes the process above. This algorithm is also from RFC 1071. Note that count is the running count of all the bytes in the data and checksum is the return value.

       {

           /* Compute Internet Checksum for "count" bytes

            *         beginning at location "addr".

            */

       register long sum = 0;



        while( count > 1 )  {

           /*  This is the inner loop */

               sum += * (unsigned short) addr++;

               count -= 2;

       }



           /*  Add left-over byte, if any */

       if( count > 0 )

               sum += * (unsigned char *) addr;



           /*  Fold 32-bit sum to 16 bits */

       while (sum>>16)

           sum = (sum & 0xffff) + (sum >> 16);



       checksum = ~sum;

   }

enqueue_pack()

enqueue_pack enqueues an outgoing icmp packet in an icmp port's write queue and then calls icmp_write() to send the packet out.

It is doubtful that the queue mentioned above will ever be more than a single icmp packet. ip_write() was rewritten and currently only returns NW_OK. If the packet is valid, ip_write() always moves the packet to the ip layer even if the packet isn't immediately sent out the ethernet or the psip interface.

process_data() / icmp

process_data() is called by icmp_putdata() to handle received icmp packets. The icmp packet is handed off by process_data() to the function responsible for the icmp packet's type (e.g., icmp_dst_unreach() handles icmp packets of type ICMP_TYPE_DST_UNRCH).

Lines 30365-30371 extract the size of the ip header and lines 30379-30388 eliminate this header from the packet so that the icmp header fields may be accessed.

bf_align()

If data is not already packed and aligned, bf_align(acc, size, alignment) packs size (bf_align's second parameter) bytes from acc, bf_align()'s first parameter and a linked list of accessors (i.e., a packet), by calling bf_pack(). This packing is necessary to ensure that all of the fields from a header are easily accessed. For example, the ip code aligns a packet's header contained in the accessors before accessing the various ip header fields.

For a detailed description of the network service's buffer management, click here.

bf_packIffLess()

If the data in a linked list of accessors is less than min_len (the second parameter), bf_packIffLess(pack, min_len) packs the data by calling bf_pack().

bf_packIffLess() is often called to ensure that a packet's header is in a single contiguous buffer so that the individual fields of the header can be easily accessed.

For a detailed description of the network service's buffer management, click here.

ptr2acc_data()

The macro ptr2acc_data is #define'd in inet/generic/buf.h as:

#define ptr2acc_data(/* acc_t * */ a) (bf_temporary_acc=(a), \
(&bf_temporary_acc->acc_buffer->buf_data_p[bf_temporary_acc-> \
acc_offset]))

ptr2acc_data() simply returns a pointer to the actual data within an accessor.

ptr2acc_data() is usually called so that the fields of a header (e.g., ip header) can be analyzed.

The lower 4 bits of the ih_vers_ihl field is the length of the header plus options (if there are any) shifted by 2 bit positions (i.e., its actual length is 4 times as great as the value stored in ih_vers_ihl). An example of an option is a router list that a packet should follow to its destination.

The upper four bits is the version number (e.g., IPv4).

If the header's size according to the ih_vers_ihl field is less than the minimum allowable size of an ip header, there's a problem.

bf_packIffLess()

If the data in a linked list of accessors is less than min_len (the second parameter), bf_packIffLess(pack, min_len) packs the data by calling bf_pack().

bf_packIffLess() is often called to ensure that a packet's header is in a single contiguous buffer so that the individual fields of the header can be easily accessed.

For a detailed description of the network service's buffer management, click here.

ptr2acc_data()

The macro ptr2acc_data is #define'd in inet/generic/buf.h as:

#define ptr2acc_data(/* acc_t * */ a) (bf_temporary_acc=(a), \
(&bf_temporary_acc->acc_buffer->buf_data_p[bf_temporary_acc-> \
acc_offset]))

ptr2acc_data() simply returns a pointer to the actual data within an accessor.

ptr2acc_data() is usually called so that the fields of a header (e.g., ip header) can be analyzed.

bf_bufsize()

bf_bufsize() returns the total buffer size of a linked list of accessors (i.e., the sum of acc_length for the accessors in a linked list).

For a detailed description of the network service's buffer management, click here.

If the size of the packet without the ip header is smaller than the minimum allowable size of an icmp message, there's a problem.

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

bf_cut()

If a section of a linked list needs to be duplicated, bf_cut(data, offset, length) is called. For example, if a section of length 50 starting at an offset of 75 of the linked list below needs to be duplicated, bf_cut(data, 75, 50) is called:



Note that the original linked list remains unchanged and that acc_linkC for all the accessors in the new linked list is one.

If length (the second parameter) is zero, simply duplicate the first accessor in the linked list but set acc_length=0 and acc_next=null. In other words, create a linked list of length one accessor whose acc_length is 0.

bf_cut() is used in a number of scenarios, including cutting a received ethernet packet to size.

For a full description of the network service's buffer management, click here.

bf_packIffLess()

If the data in a linked list of accessors is less than min_len (the second parameter), bf_packIffLess(pack, min_len) packs the data by calling bf_pack().

bf_packIffLess() is often called to ensure that a packet's header is in a single contiguous buffer so that the individual fields of the header can be easily accessed.

For a detailed description of the network service's buffer management, click here.

ptr2acc_data()

The macro ptr2acc_data is #define'd in inet/generic/buf.h as:

#define ptr2acc_data(/* acc_t * */ a) (bf_temporary_acc=(a), \
(&bf_temporary_acc->acc_buffer->buf_data_p[bf_temporary_acc-> \
acc_offset]))

ptr2acc_data() simply returns a pointer to the actual data within an accessor.

ptr2acc_data() is usually called so that the fields of a header (e.g., ip header) can be analyzed.

Verify that the checksum of the icmp message is correct.


icmp_pack_oneCsum()

icmp_pack_oneCsum() computes the checksum of an icmp message (icmp header plus the ip header of the problem ip packet plus the first 8 bytes of the problem packet). It accomplishes this by computing the checksum (by calling oneC_sum()) of each of the message's buffers.

Note that a checksum is used to determine if errors occurred during the transmission of data.

icmp_pack_oneCsum() is very similar to udp's pack_oneCsum(). The two functions should have been consolidated into one.

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

From freesoft.org:

"Ping is implemented using the required ICMP Echo function, documented in RFC 792 that all hosts should implement. Of course, administrators can disable ping messages (this is rarely a good idea, unless security considerations dictate that the host should be unreachable anyway), and some implementations have (gasp) even been known not to implement all required functions. However, ping is usually a better bet than almost any other network software."

It's somewhat surprising that the ping service is not implemented in the Minix network service.

icmp_dst_unreach()

icmp_dest_unreach() is called by process_data() to handle either host-unreachable or a network-unreachable icmp packets that are received from routers.

If the icmp message is valid, ipr_destunch() is called to mark the appropriate entry in the output routing table as unreachable.

Icmp source quench messages are ignored, which may be the best policy for handling them (and certainly the easiest).

icmp_redirect()

icmp_redirect() is called by process_data() to handle icmp redirect messages that are received. If the icmp redirect is properly constructed, ipr_redirect() is called to update the routing table for the destination host or network.

icmp_echo_request()

icmp_echo_request() is called by process_data() to handle echo requests (pings) that have been received by the system.

If the icmp message is valid, an icmp echo reply packet is assembled and enqueued in the outgoing queue.

icmp_router_advertisement()

icmp_router_advertisement() is called by process_data() to handle router advertisement messages.

If the icmp message is valid, ipr_add_oroute() is called to insert each of the routes into the output routing table.

A router advertisement message has the following format:

       0                   1                   2                   3

       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |     Type=9    |     Code=0    |           Checksum            |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |   Num Addrs   |Addr Entry Size|           Lifetime            |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                       Router Address[1]                       |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                      Preference Level[1]                      |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                       Router Address[2]                       |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                      Preference Level[2]                      |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                               .                               |

      |                               .                               |

      |                               .                               |

A routing daemon (misspelling above) is a background process which is responsible for routing. Minix uses irdpd (Internet Router Discovery Protocol Daemon) to find routers on the network. For Linux and FreeBSD, the most common routing daemon is "routed", which uses the RIP routing protocol.

icmp_time_exceeded()

icmp_time_exceeded() is called by process_data() to handle time-exceeded icmp messages.

If the icmp message is valid, ipr_ttl_exc() is called to either increase the ttl of the appropriate entry in the output routing table or mark the entry as unreachable.

The icmp packet is no longer needed. Free the icmp packet.

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

icmp_echo_request()

icmp_echo_request() is called by process_data() to handle echo requests (pings) that have been received by the system.

If the icmp message is valid, an icmp echo reply packet is assembled and enqueued in the outgoing queue.

The code for an icmp echo request message is always 0.

icmp_id_seq_t is a sequence number present in icmp echo request and reply messages (ping) to differentiate messages.

Line 30473 creates the ip header for the icmp echo reply message and lines 30474-30492 create the icmp header. Line 30493 then extracts the payload of the icmp echo request message and appends this data to the icmp header just created.

make_repl_ip()

make_repl_ip() is called by icmp_echo_request(), which is called by process_data() to handle echo requests (ping). make_repl_ip() simply creates the ip header for the icmp echo reply message.

bf_memreq()

After the buffers have been initialized, accessors[] looks like the following:



bf_memreq() allocates accessors to the caller. For example, if 1514 bytes of buffer space are requested immediately after the network process starts and each buffer is 512 bytes (the default), then accessors[] will look like the following:



Note that three elements of accessors[] have been removed from buf512_freelist and that the head of the chain of the 3 accessors is returned by bf_memreq(). Also note that the acc_linkC and buf_linkC fields have been set to one and acc_length and acc_offset have been set to their appropriate values.

So what happens if there are not enough buffers on the buf512_freelist to satisfy a request? On lines 2280-2290 of buf.c, functions that free buffers for the specific clients (e.g., eth_buffree()) are called until there are enough buffers on buf512_freelist.

For a complete description of the network service's buffer management, click here.

Lines 30484-30489 determine the checksum of the icmp echo reply message. Since only the ih_type field of the icmp header has changed (from ICMP_TYPE_ECHO_REQ to ICMP_TYPE_ECHO_REPL), only the change to this field must be considered.

bf_cut()

If a section of a linked list needs to be duplicated, bf_cut(data, offset, length) is called. For example, if a section of length 50 starting at an offset of 75 of the linked list below needs to be duplicated, bf_cut(data, 75, 50) is called:



Note that the original linked list remains unchanged and that acc_linkC for all the accessors in the new linked list is one.

If length (the second parameter) is zero, simply duplicate the first accessor in the linked list but set acc_length=0 and acc_next=null. In other words, create a linked list of length one accessor whose acc_length is 0.

bf_cut() is used in a number of scenarios, including cutting a received ethernet packet to size.

For a full description of the network service's buffer management, click here.

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

enqueue_pack()

enqueue_pack enqueues an outgoing icmp packet in an icmp port's write queue and then calls icmp_write() to send the packet out.

It is doubtful that the queue mentioned above will ever be more than a single icmp packet. ip_write() was rewritten and currently only returns NW_OK. If the packet is valid, ip_write() always moves the packet to the ip layer even if the packet isn't immediately sent out the ethernet or the psip interface.

icmp_pack_oneCsum()

icmp_pack_oneCsum() computes the checksum of an icmp message (icmp header plus the ip header of the problem ip packet plus the first 8 bytes of the problem packet). It accomplishes this by computing the checksum (by calling oneC_sum()) of each of the message's buffers.

Note that a checksum is used to determine if errors occurred during the transmission of data.

icmp_pack_oneCsum() is very similar to udp's pack_oneCsum(). The two functions should have been consolidated into one.

Add the checksums of the buffers.

The trickiest part of this loop is handling the (possible) odd byte at the end of a buffer. If there is an odd number of bytes in a buffer, the odd byte at the end is checksummed with the first byte of the next buffer and then the remaining bytes of the buffer are checksummed together.

ptr2acc_data()

The macro ptr2acc_data is #define'd in inet/generic/buf.h as:

#define ptr2acc_data(/* acc_t * */ a) (bf_temporary_acc=(a), \
(&bf_temporary_acc->acc_buffer->buf_data_p[bf_temporary_acc-> \
acc_offset]))

ptr2acc_data() simply returns a pointer to the actual data within an accessor.

ptr2acc_data() is usually called so that the fields of a header (e.g., ip header) can be analyzed.

oneC_sum()

A checksum is used to determine if errors occurred during the transmission of data. The checksum algorithm used by oneC_sum() (which is also the Internet standard) is described by RFC 1071.

Essentially, the algorithm goes through data and adds all the bytes together (using one's complement addition). The high 16 bits of the resulting 32 bit value is then added to the low 16 bits (again, using one's complement addition). The checksum field is then set to the one's complement of this 16 bit sum. (Recall that the one's complement of 0xF0F0 is 0x0F0F.) Since AND'ing any 16 bit number and its 16 bit one's complement will equal 0xFFFF, the checksum of the packet (without the checksum field) AND'ed with the checksum field will equal 0xFFFF (provided the packet was not corrupted after the checksum field was calculated). For example, the checksum of a udp header (including the checksum field) will equal 0xFFFF if the packet was not corrupted in delivery.


From RFC 1071:

In outline, the Internet checksum algorithm is fairly simple:

(1) Adjacent octets to be checksummed are paired to form 16-bit
integers, and the 1's complement sum of these 16-bit integers is
formed.

(2) To generate a checksum, the checksum field itself is cleared,
the 16-bit 1's complement sum is computed over the octets
concerned, and the 1's complement of this sum is placed in the
checksum field.

(3) To check a checksum, the 1's complement sum is computed over the
same set of octets, including the checksum field. If the result
is all 1 bits (-0 in 1's complement arithmetic), the check
succeeds.

Below is a "C" code algorithm that describes the process above. This algorithm is also from RFC 1071. Note that count is the running count of all the bytes in the data and checksum is the return value.

       {

           /* Compute Internet Checksum for "count" bytes

            *         beginning at location "addr".

            */

       register long sum = 0;



        while( count > 1 )  {

           /*  This is the inner loop */

               sum += * (unsigned short) addr++;

               count -= 2;

       }



           /*  Add left-over byte, if any */

       if( count > 0 )

               sum += * (unsigned char *) addr;



           /*  Fold 32-bit sum to 16 bits */

       while (sum>>16)

           sum = (sum & 0xffff) + (sum >> 16);



       checksum = ~sum;

   }

oneC_sum()

A checksum is used to determine if errors occurred during the transmission of data. The checksum algorithm used by oneC_sum() (which is also the Internet standard) is described by RFC 1071.

Essentially, the algorithm goes through data and adds all the bytes together (using one's complement addition). The high 16 bits of the resulting 32 bit value is then added to the low 16 bits (again, using one's complement addition). The checksum field is then set to the one's complement of this 16 bit sum. (Recall that the one's complement of 0xF0F0 is 0x0F0F.) Since AND'ing any 16 bit number and its 16 bit one's complement will equal 0xFFFF, the checksum of the packet (without the checksum field) AND'ed with the checksum field will equal 0xFFFF (provided the packet was not corrupted after the checksum field was calculated). For example, the checksum of a udp header (including the checksum field) will equal 0xFFFF if the packet was not corrupted in delivery.


From RFC 1071:

In outline, the Internet checksum algorithm is fairly simple:

(1) Adjacent octets to be checksummed are paired to form 16-bit
integers, and the 1's complement sum of these 16-bit integers is
formed.

(2) To generate a checksum, the checksum field itself is cleared,
the 16-bit 1's complement sum is computed over the octets
concerned, and the 1's complement of this sum is placed in the
checksum field.

(3) To check a checksum, the 1's complement sum is computed over the
same set of octets, including the checksum field. If the result
is all 1 bits (-0 in 1's complement arithmetic), the check
succeeds.

Below is a "C" code algorithm that describes the process above. This algorithm is also from RFC 1071. Note that count is the running count of all the bytes in the data and checksum is the return value.

       {

           /* Compute Internet Checksum for "count" bytes

            *         beginning at location "addr".

            */

       register long sum = 0;



        while( count > 1 )  {

           /*  This is the inner loop */

               sum += * (unsigned short) addr++;

               count -= 2;

       }



           /*  Add left-over byte, if any */

       if( count > 0 )

               sum += * (unsigned char *) addr;



           /*  Fold 32-bit sum to 16 bits */

       while (sum>>16)

           sum = (sum & 0xffff) + (sum >> 16);



       checksum = ~sum;

   }

oneC_sum()

A checksum is used to determine if errors occurred during the transmission of data. The checksum algorithm used by oneC_sum() (which is also the Internet standard) is described by RFC 1071.

Essentially, the algorithm goes through data and adds all the bytes together (using one's complement addition). The high 16 bits of the resulting 32 bit value is then added to the low 16 bits (again, using one's complement addition). The checksum field is then set to the one's complement of this 16 bit sum. (Recall that the one's complement of 0xF0F0 is 0x0F0F.) Since AND'ing any 16 bit number and its 16 bit one's complement will equal 0xFFFF, the checksum of the packet (without the checksum field) AND'ed with the checksum field will equal 0xFFFF (provided the packet was not corrupted after the checksum field was calculated). For example, the checksum of a udp header (including the checksum field) will equal 0xFFFF if the packet was not corrupted in delivery.


From RFC 1071:

In outline, the Internet checksum algorithm is fairly simple:

(1) Adjacent octets to be checksummed are paired to form 16-bit
integers, and the 1's complement sum of these 16-bit integers is
formed.

(2) To generate a checksum, the checksum field itself is cleared,
the 16-bit 1's complement sum is computed over the octets
concerned, and the 1's complement of this sum is placed in the
checksum field.

(3) To check a checksum, the 1's complement sum is computed over the
same set of octets, including the checksum field. If the result
is all 1 bits (-0 in 1's complement arithmetic), the check
succeeds.

Below is a "C" code algorithm that describes the process above. This algorithm is also from RFC 1071. Note that count is the running count of all the bytes in the data and checksum is the return value.

       {

           /* Compute Internet Checksum for "count" bytes

            *         beginning at location "addr".

            */

       register long sum = 0;



        while( count > 1 )  {

           /*  This is the inner loop */

               sum += * (unsigned short) addr++;

               count -= 2;

       }



           /*  Add left-over byte, if any */

       if( count > 0 )

               sum += * (unsigned char *) addr;



           /*  Fold 32-bit sum to 16 bits */

       while (sum>>16)

           sum = (sum & 0xffff) + (sum >> 16);



       checksum = ~sum;

   }

make_repl_ip()

make_repl_ip() is called by icmp_echo_request(), which is called by process_data() to handle echo requests (ping). make_repl_ip() simply creates the ip header for the icmp echo reply message.

Allocate a buffer for the ip header which will encapsulate the icmp echo reply message.


bf_memreq()

After the buffers have been initialized, accessors[] looks like the following:



bf_memreq() allocates accessors to the caller. For example, if 1514 bytes of buffer space are requested immediately after the network process starts and each buffer is 512 bytes (the default), then accessors[] will look like the following:



Note that three elements of accessors[] have been removed from buf512_freelist and that the head of the chain of the 3 accessors is returned by bf_memreq(). Also note that the acc_linkC and buf_linkC fields have been set to one and acc_length and acc_offset have been set to their appropriate values.

So what happens if there are not enough buffers on the buf512_freelist to satisfy a request? On lines 2280-2290 of buf.c, functions that free buffers for the specific clients (e.g., eth_buffree()) are called until there are enough buffers on buf512_freelist.

For a complete description of the network service's buffer management, click here.

Some of the fields of the echo reply message are copied from the icmp echo request message just received.

The source of the icmp echo request message becomes the destination of the icmp echo reply message.

enqueue_pack()

enqueue_pack enqueues an outgoing icmp packet in an icmp port's write queue and then calls icmp_write() to send the packet out.

It is doubtful that the queue mentioned above will ever be more than a single icmp packet. ip_write() was rewritten and currently only returns NW_OK. If the packet is valid, ip_write() always moves the packet to the ip layer even if the packet isn't immediately sent out the ethernet or the psip interface.

icp_head_queue and icp_tail_queue are the head and tail of the write queue for the icmp layer.

icmp_write()

icmp_write() loops through an icmp port's write queue, each time placing the head of the queue into the icp_write_pack field of the icmp port and then calling ip_write() to send this icmp packet out.

After functions build an icmp packet, they call enqueue_pack() to send the icmp packet out rather than call icmp_write() directly. enqueue_pack() enqueues the icmp packet if another icmp packet is currently being sent out.

It is doubtful that the write queue mentioned above will ever be more than a single icmp packet. ip_write() was rewritten and currently only returns NW_OK. If the packet is valid, ip_write() always moves the packet to the ip layer even if the packet isn't immediately sent out the ethernet or the psip interface.

icmp_write()

icmp_write() loops through an icmp port's write queue, each time placing the head of the queue into the icp_write_pack field of the icmp port and then calling ip_write() to send this icmp packet out.

After functions build an icmp packet, they call enqueue_pack() to send the icmp packet out rather than call icmp_write() directly. enqueue_pack() enqueues the icmp packet if another icmp packet is currently being sent out.

It is doubtful that the write queue mentioned above will ever be more than a single icmp packet. ip_write() was rewritten and currently only returns NW_OK. If the packet is valid, ip_write() always moves the packet to the ip layer even if the packet isn't immediately sent out the ethernet or the psip interface.

icp_head_queue and icp_tail_queue are the head and tail of the write queue for the icmp layer.

An icmp write is in progress. The flag is cleared on line 30622 if the write operation is successful.

Since ip_write() never returns NW_SUSPEND (see line 30617), icmp_write() never returns without clearing the icmp port's ICPF_WRITE_IP flag (and icmp_write() will never set the ICPF_WRITE_SP flag).


ip_write()

ip_write() simply gets an ip packet from a higher layer and then calls ip_send().

For example, after assembling an ip packet and placing the packet in the write queue of the appropriate udp port, udp's restart_write_fd() calls ip_write(), which then calls udp_get_data() to get the packet from the queue.

For a write to a udp file descriptor, ip_write()'s position in the big picture is as follows:

It is important to note that ip_write() ALWAYS RETURNS NW_OK! In previous versions of the network service, ip_write() returned other values (including NW_SUSPEND).


bf_bufsize()

bf_bufsize() returns the total buffer size of a linked list of accessors (i.e., the sum of acc_length for the accessors in a linked list).

For a detailed description of the network service's buffer management, click here.

Prepare for the next icmp packet in the icp_head_queue queue.

icmp_buffree()

icmp_buffree(priority) is called by bf_memreq() if bf_memreq() does not have enough accessors to satisfy a buffer request.

If priority, icmp_buffree()'s only parameter, is ICMP_PRI_QUEUE (#define'd as 1), all icmp packets in the write queue of an icmp port are freed. If priority is any other value, icmp_buffree() will do nothing.

Note that there is not likely to be more than a single icmp packet in the write queue of any icmp port

Free the icmp packets in each of the icmp port's write queues.

Note that there is not likely to be more than a single icmp packet in the write queue of any icmp port.

icmp_dst_unreach()

icmp_dest_unreach() is called by process_data() to handle either host-unreachable or a network-unreachable icmp packets that are received from routers.

If the icmp message is valid, ipr_destunch() is called to mark the appropriate entry in the output routing table as unreachable.

Lines 30688-30690 extract the ip header of the ip packet whose destination was unreachable.

bf_cut()

If a section of a linked list needs to be duplicated, bf_cut(data, offset, length) is called. For example, if a section of length 50 starting at an offset of 75 of the linked list below needs to be duplicated, bf_cut(data, 75, 50) is called:



Note that the original linked list remains unchanged and that acc_linkC for all the accessors in the new linked list is one.

If length (the second parameter) is zero, simply duplicate the first accessor in the linked list but set acc_length=0 and acc_next=null. In other words, create a linked list of length one accessor whose acc_length is 0.

bf_cut() is used in a number of scenarios, including cutting a received ethernet packet to size.

For a full description of the network service's buffer management, click here.

bf_packIffLess()

If the data in a linked list of accessors is less than min_len (the second parameter), bf_packIffLess(pack, min_len) packs the data by calling bf_pack().

bf_packIffLess() is often called to ensure that a packet's header is in a single contiguous buffer so that the individual fields of the header can be easily accessed.

For a detailed description of the network service's buffer management, click here.

ptr2acc_data()

The macro ptr2acc_data is #define'd in inet/generic/buf.h as:

#define ptr2acc_data(/* acc_t * */ a) (bf_temporary_acc=(a), \
(&bf_temporary_acc->acc_buffer->buf_data_p[bf_temporary_acc-> \
acc_offset]))

ptr2acc_data() simply returns a pointer to the actual data within an accessor.

ptr2acc_data() is usually called so that the fields of a header (e.g., ip header) can be analyzed.

Verify that this system did indeed send out the ip packet whose destination was unreachable.

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

The icp_ipport field of an icmp port is the associated ip port number of the icmp port.

A message with this code is likely sent by a core router that cannot find the destination network in its routing table.

ip_get_netmask()

ip_get_netmask(hostaddr) simply returns the natural subnet mask of hostaddr, the only parameter to ip_get_netmask().

For a class A network, the subnet mask is 255.000.000.000 (0xff000000);
for a class B network, the subnet mask is 255.255.000.000 (0xffff0000);
for a class C network, the subnet mask is 255.255.255.000 (0xffffff00);
for a zero network type (0.xx.xx.xx), the subnet mask is (0x00000000).

ipr_destunrch()

ipr_destunrch(port_nr, dest, netmask, timeout) searches for a route in the output routing table and, if one is found, changes the distance of the route to ORTD_UNREACHABLE (#define'd as 512 - a very large number).

ipr_destunrch() is called from icmp_dst_unreach().

A message with this code is sent by a destination router that cannot find the destination ip address in its arp table.

ipr_destunrch()

ipr_destunrch(port_nr, dest, netmask, timeout) searches for a route in the output routing table and, if one is found, changes the distance of the route to ORTD_UNREACHABLE (#define'd as 512 - a very large number).

ipr_destunrch() is called from icmp_dst_unreach().

The network is up and the destination host is up but the port is unreachable. This message is sent by the destination host.

No need to keep the ip packet containing the icmp message. The information has been processed by ipr_destunrch().


bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

icmp_time_exceeded()

icmp_time_exceeded() is called by process_data() to handle time-exceeded icmp messages.

If the icmp message is valid, ipr_ttl_exc() is called to either increase the ttl of the appropriate entry in the output routing table or mark the entry as unreachable.

When an ip packet has been sent back due to an expired ttl, the ip header of the expired ip packet is sent back to the destination. The icmp header fields make up the remaining 8 bytes.

Lines 30750-30752 extract the ip header of the expired ip packet.

bf_cut()

If a section of a linked list needs to be duplicated, bf_cut(data, offset, length) is called. For example, if a section of length 50 starting at an offset of 75 of the linked list below needs to be duplicated, bf_cut(data, 75, 50) is called:



Note that the original linked list remains unchanged and that acc_linkC for all the accessors in the new linked list is one.

If length (the second parameter) is zero, simply duplicate the first accessor in the linked list but set acc_length=0 and acc_next=null. In other words, create a linked list of length one accessor whose acc_length is 0.

bf_cut() is used in a number of scenarios, including cutting a received ethernet packet to size.

For a full description of the network service's buffer management, click here.

bf_packIffLess()

If the data in a linked list of accessors is less than min_len (the second parameter), bf_packIffLess(pack, min_len) packs the data by calling bf_pack().

bf_packIffLess() is often called to ensure that a packet's header is in a single contiguous buffer so that the individual fields of the header can be easily accessed.

For a detailed description of the network service's buffer management, click here.

ptr2acc_data()

The macro ptr2acc_data is #define'd in inet/generic/buf.h as:

#define ptr2acc_data(/* acc_t * */ a) (bf_temporary_acc=(a), \
(&bf_temporary_acc->acc_buffer->buf_data_p[bf_temporary_acc-> \
acc_offset]))

ptr2acc_data() simply returns a pointer to the actual data within an accessor.

ptr2acc_data() is usually called so that the fields of a header (e.g., ip header) can be analyzed.

Verify that this system did indeed send out the ip packet that expired.

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

The icp_ipport field of an icmp port is the associated ip port number of the icmp port.

ipr_ttl_exc()

ipr_ttl_exc(port_nr, dest, netmask, timeout) finds a route in the output routing table whose destination is dest, ipr_ttl_exc()'s second parameter, and, if a route is found, increases the distance of the route by a multiple of 2 if the result is less than IP_MAX_TTL (#define'd as 255) and increases the distance by one if the result is greater than IP_MAX_TTL.

ipr_ttl_exc() is called by icmp_time_exceeded() upon receipt of a time-exceeded icmp message.

Time-exceeded icmp messages with this code are sent by the destination if the maximum allowable time to reassemble a fragmented packet has been exceeded. Since this doesn't indicate a total breakdown of network reachability (it is likely a less significant problem), the time-exceeded icmp message is ignored.

No need to keep the ip packet containing the icmp message. The information has been processed by ipr_ttl_exc() (if appropriate).


bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

icmp_router_advertisement()

icmp_router_advertisement() is called by process_data() to handle router advertisement messages.

If the icmp message is valid, ipr_add_oroute() is called to insert each of the routes into the output routing table.

A router advertisement message has the following format:

       0                   1                   2                   3

       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |     Type=9    |     Code=0    |           Checksum            |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |   Num Addrs   |Addr Entry Size|           Lifetime            |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                       Router Address[1]                       |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                      Preference Level[1]                      |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                       Router Address[2]                       |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                      Preference Level[2]                      |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                               .                               |

      |                               .                               |

      |                               .                               |

A router advertisement icmp message will consist of at least the ih_type, ih_code, ih_chksum, and ihh_ram fields. These fields total 8 bytes. The size of the router advertisements themselves must also be accounted for (see lines 30808-30812 and lines 30822-30822).

As specified in RFC 1256, the code for router advertisements is always 0.

The iram_na (Icmp Router Advertisement Message _ Number of Addresses) field holds the number of router addresses in the router advertisement message. The iram_aes (Address Entry Size) field holds the size of each router address entry in bytes (the first 4 bytes is the router address and the second 4 bytes is the preference).

There is no point to having a router advertisement message with 0 entries.

An entry must have at least 8 bytes; 4 bytes for the router address and 4 bytes for the preference.

A router advertisement icmp message will consist of the ih_type, ih_code, ih_chksum, and ihh_ram fields (which total 8 bytes) plus the router advertisements. Verify that the icmp message is at least this size.

It would appear that this test and the test on line 30792 could have been combined.

The iram_lt (LifeTime) field of the router advertisement message specifies the lifetime of the router advertisements.


htons() / ntohs() / htonl() / ntohl()

From htons(3):

"htons() converts a 16-bit quantity from host byte order to network byte order."

Different CPU architectures group multiple bytes differently. For example, on a "little-endian" machine (an example of which is the Intel CPU), the value 0x1234 is stored in memory as 0x3412. However, on a "big-endian" machine, the value 0x1234 is stored in memory as 0x1234.

It is important that values in a header are sent across a network in a consistent manner independent of the architecture of the sending or receiving system. For this reason, a standard was chosen. The standard chosen was big-endian although it could have just as well been little-endian.

htons() is defined in /include/net/hton.h, as:
#define htons(x) (_tmp=(x), ((_tmp>>8) & 0xff) | ((_tmp<<8) & 0xff00))

ntohs() converts a 16-bit quantity from network byte order to host byte order, the reverse of htons().

htonl() and ntohl() are identical to htons() and ntohs() except that they convert 32-bit quantities instead of 16-bit quantities.

Processes generally supply header information when sending packets. The data in these fields is converted to the network format (i.e., big-endian) by the process before the process copies the data to the network service.

As specified in RFC 1256, the maximum allowable lifetime for a router advertisement is 9000 seconds.

Add an output routing table entry for each entry in the router advertisement message.

ipr_add_oroute()

ipr_add_oroute() adds an output route to the main output routing table and, if successful, returns a reference to the new entry in the last parameter (if not NULL). ipr_add_oroute() finds either an empty entry, an expired entry, an entry with the same port, network, subnet mask, and smaller distance, or the oldest entry to use for a new dynamic route. Only an empty entry, an expired entry, or the oldest entry can be used for a new static route.

For a detailed description of the layout of the main output routing table (and specifically, the nextnw, nextgw, and nextdist fields), click here.

The icmp packet icmp_pack should probably be freed here.

icmp_redirect()

icmp_redirect() is called by process_data() to handle icmp redirect messages that are received. If the icmp redirect is properly constructed, ipr_redirect() is called to update the routing table for the destination host or network.

bf_cut()

If a section of a linked list needs to be duplicated, bf_cut(data, offset, length) is called. For example, if a section of length 50 starting at an offset of 75 of the linked list below needs to be duplicated, bf_cut(data, 75, 50) is called:



Note that the original linked list remains unchanged and that acc_linkC for all the accessors in the new linked list is one.

If length (the second parameter) is zero, simply duplicate the first accessor in the linked list but set acc_length=0 and acc_next=null. In other words, create a linked list of length one accessor whose acc_length is 0.

bf_cut() is used in a number of scenarios, including cutting a received ethernet packet to size.

For a full description of the network service's buffer management, click here.

bf_packIffLess()

If the data in a linked list of accessors is less than min_len (the second parameter), bf_packIffLess(pack, min_len) packs the data by calling bf_pack().

bf_packIffLess() is often called to ensure that a packet's header is in a single contiguous buffer so that the individual fields of the header can be easily accessed.

For a detailed description of the network service's buffer management, click here.

ptr2acc_data()

The macro ptr2acc_data is #define'd in inet/generic/buf.h as:

#define ptr2acc_data(/* acc_t * */ a) (bf_temporary_acc=(a), \
(&bf_temporary_acc->acc_buffer->buf_data_p[bf_temporary_acc-> \
acc_offset]))

ptr2acc_data() simply returns a pointer to the actual data within an accessor.

ptr2acc_data() is usually called so that the fields of a header (e.g., ip header) can be analyzed.

An icmp redirect message can either instruct the system that there is a more direct path to a network or a host.

ip_get_netmask()

ip_get_netmask(hostaddr) simply returns the natural subnet mask of hostaddr, the only parameter to ip_get_netmask().

For a class A network, the subnet mask is 255.000.000.000 (0xff000000);
for a class B network, the subnet mask is 255.255.000.000 (0xffff0000);
for a class C network, the subnet mask is 255.255.255.000 (0xffffff00);
for a zero network type (0.xx.xx.xx), the subnet mask is (0x00000000).

ipr_redirect()

ipr_redirect(port_nr, dest, netmask, old_gateway, new_gateway, timeout) attempts to find a route for the destination dest, ipr_redirect()'s second parameter, in the output routing table. If a dynamic route whose gateway is old_gateway (ipr_redirect()'s fourth parameter) is found, this route is marked as unreachable and a new route with values of port_nr, dest, netmask, new_gateway, and timeout is added to the output routing table.

ipr_redirect()

ipr_redirect(port_nr, dest, netmask, old_gateway, new_gateway, timeout) attempts to find a route for the destination dest, ipr_redirect()'s second parameter, in the output routing table. If a dynamic route whose gateway is old_gateway (ipr_redirect()'s fourth parameter) is found, this route is marked as unreachable and a new route with values of port_nr, dest, netmask, new_gateway, and timeout is added to the output routing table.

No need to keep the ip packet containing the icmp message. The information has been processed by ipr_redirect().


bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

icmp_err_pack()

icmp_err_pack(pack, icmp_hdr) creates an icmp message and encapsulates the message in an ip header.

In order to do this, icmp_err_pack() first cuts out everything except the ip header and the first 8 bytes of data from the ip packet pack, icmp_err_pack()'s first parameter. Next, icmp_err_pack() zeroizes most of the fields (all fields except ih_chksum; the other fields must be set by the calling function) of the icmp header icmp_hdr, icmp_err_pack()'s second parameter, and appends the remains of the ip packet to the icmp header to create an icmp message. Finally, icmp_err_pack() creates an ip header and appends the newly created icmp message to this ip header.

An understanding of the ip header fields is critical to understanding this function.


ip_hdr_t

struct ip_hdr_t is the structure of an ip header. "ih" (e.g., ih_src, ih_dst) stands for "Ip Header".

ip_hdr_t is declared in /include/net/gen/ip_hdr.h:

typedef struct ip_hdr

{

         u8_t ih_vers_ihl, ih_tos;

         u16_t ih_length, ih_id, ih_flags_fragoff;

         u8_t ih_ttl, ih_proto;

         u16_t ih_hdr_chk;

         ipaddr_t ih_src, ih_dst;

} ip_hdr_t;

ih_vers_ihl: The lower 4 bits is the length of the header plus options (if there are any) shifted by 2 bit positions (i.e., its actual length is 4 times as great as the value stored in ih_vers_ihl). An example of an option is a router list that a packet should follow to its destination.

The upper four bits is the version number (e.g., IPv4).


ih_tos: tos stands for "Type Of Service" and is the priority of the ip packet. A value of zero is the lowest priority. Both UDP and TCP have a default TOS of zero.

#define TCP_DEF_TOS 0
#define UDP_TOS 0


ih_length: The length of the entire ip packet, including the ip header.


ih_id: The value of ih_id for the first packet sent out is determined by ip_init() and is equal to the number of clock ticks since reboot (i.e., the value returned by get_time) and is incremented for each packet sent out. This value is used to combine fragments at the receiving end if fragmentation has occurred.


ih_flags_fragoff: ih_flags_fragoff is a combination of flags and a (possible) fragmentation offset ("fragoff").

If the packet should not be fragmented, ih_flags_fragoff is set to IH_DONT_FRAG. If there are additional fragments (e.g., the 3rd fragment of 4 fragments), ih_flags_fragoff is set to IH_MORE_FRAGS.

If the packet is indeed just a fragment of a packet, this value indicates the starting byte position (in 8 byte increments) of the original ip packet's data. So for example, if an ip packet of data size (not including the ip header) is broken up into two fragments of 1496 and 504 bytes each, the first fragment would have a fragmentation offset of 0 bytes and the second fragment would have a fragmentation offset of 1496 bytes and ih_flags_fragoff is therefore 187 (1496 / 8 = 187).


ih_ttl: "Time to live" for the packet. As a packet is routed to the destination, each router decrements the packet's ttl. When the ttl reaches 0, the router sends an "icmp unreachable" packet to the source. The ttl is designed to prevent packets that can't reach their destination from indefinitely bouncing around between routers. UDP's default TTL is 30:

#define UDP_TTL 30

Note that the Minix code also uses this value as a timeout value (in seconds). This code was written before the ttl field was redefined to be strictly a hope count. The original IP RFC defines the ttl field as the time to live in seconds.


ih_proto: The protocol of the ip packet. For example, if the packet is a udp packet, ih_proto will be 17. If the packet is a tcp packet, ih_proto will be 6.


ih_hdr_chk: Checksum for the header.


ih_src, ih_dst: Source and destination ip address of the ip packet.

             IP HEADER (as given by RFC 791)           

   



    0                   1                   2                   3   

    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |Version|  IHL  |Type of Service|          Total Length         |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |         Identification        |Flags|      Fragment Offset    |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   | Time to Live  |   Protocol    |   Header Checksum             |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |                       Source Address                          |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |                    Destination Address                        |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |                    Options                    |    Padding    |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

bf_packIffLess()

If the data in a linked list of accessors is less than min_len (the second parameter), bf_packIffLess(pack, min_len) packs the data by calling bf_pack().

bf_packIffLess() is often called to ensure that a packet's header is in a single contiguous buffer so that the individual fields of the header can be easily accessed.

For a detailed description of the network service's buffer management, click here.

ptr2acc_data()

The macro ptr2acc_data is #define'd in inet/generic/buf.h as:

#define ptr2acc_data(/* acc_t * */ a) (bf_temporary_acc=(a), \
(&bf_temporary_acc->acc_buffer->buf_data_p[bf_temporary_acc-> \
acc_offset]))

ptr2acc_data() simply returns a pointer to the actual data within an accessor.

ptr2acc_data() is usually called so that the fields of a header (e.g., ip header) can be analyzed.

As stated in RFC 1122, if the problem packet was one of the following:

1) an icmp packet
2) a fragment but was not the first fragment
3) a packet that had a loopback or non-specific (broadcast or multicast) address

do not send an icmp packet back to the problem packet's source. Lines 30910-30930 check for these cases.

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

ip_nettype()

ip_nettype(ipaddr) returns the network type (which will be of type nettype_t) of ipaddr, the only parameter to ip_nettype().

The nettype_t enum typedef is declared in inet/generic/ip_int.h. Each type's associated ip address range is included in the comments.

 typedef enum nettype

 {

          IPNT_ZERO,                 /* 0.xx.xx.xx */

          IPNT_CLASS_A,              /* 1.xx.xx.xx .. 126.xx.xx.xx */

          IPNT_LOCAL,                /* 127.xx.xx.xx */

          IPNT_CLASS_B,              /* 128.xx.xx.xx .. 191.xx.xx.xx */

          IPNT_CLASS_C,              /* 192.xx.xx.xx .. 223.xx.xx.xx */

          IPNT_CLASS_D,              /* 224.xx.xx.xx .. 239.xx.xx.xx */

          IPNT_CLASS_E,              /* 240.xx.xx.xx .. 247.xx.xx.xx */

          IPNT_MARTIAN,              /* 248.xx.xx.xx .. 254.xx.xx.xx +  */

          IPNT_BROADCAST             /* 255.255.255.255 */

 } nettype_t;

ip_netmask()

ip_netmask() returns a nettype's associated subnet mask.

For a class A network, the subnet mask is 255.000.000.000 (0xff000000);
for a class B network, the subnet mask is 255.255.000.000 (0xffff0000);
for a class C network, the subnet mask is 255.255.255.000 (0xffffff00);
for a zero network type (0.xx.xx.xx), the subnet mask is (0x00000000).

Note that the returned subnet mask is in network format.

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

An icmp message has the following format:



The message is encapsulated within an ip packet.

The ih_length field of an ip header is the length of the header plus the data.


htons() / ntohs() / htonl() / ntohl()

From htons(3):

"htons() converts a 16-bit quantity from host byte order to network byte order."

Different CPU architectures group multiple bytes differently. For example, on a "little-endian" machine (an example of which is the Intel CPU), the value 0x1234 is stored in memory as 0x3412. However, on a "big-endian" machine, the value 0x1234 is stored in memory as 0x1234.

It is important that values in a header are sent across a network in a consistent manner independent of the architecture of the sending or receiving system. For this reason, a standard was chosen. The standard chosen was big-endian although it could have just as well been little-endian.

htons() is defined in /include/net/hton.h, as:
#define htons(x) (_tmp=(x), ((_tmp>>8) & 0xff) | ((_tmp<<8) & 0xff00))

ntohs() converts a 16-bit quantity from network byte order to host byte order, the reverse of htons().

htonl() and ntohl() are identical to htons() and ntohs() except that they convert 32-bit quantities instead of 16-bit quantities.

Processes generally supply header information when sending packets. The data in these fields is converted to the network format (i.e., big-endian) by the process before the process copies the data to the network service.

The lower 4 bits of ih_vers_ihl is the length of the ip header plus options (if there are any) shifted by 2 bit positions (i.e., the actual length is 4 times as great as the value stored in ih_vers_ihl). An example of an option is a router list that a packet should follow to its destination.

IH_IHL_MASK is #define'd in /include/net/gen/ip_hdr.h:

#define IH_IHL_MASK 0xf

The length of the header as specified in the header should be less than the length of the header plus the data as specified in the header. Otherwise, there's a problem.

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

Extract the ip header plus the first 8 bytes of data. This becomes the new packet. The original packet is no longer needed.

bf_cut()

If a section of a linked list needs to be duplicated, bf_cut(data, offset, length) is called. For example, if a section of length 50 starting at an offset of 75 of the linked list below needs to be duplicated, bf_cut(data, 75, 50) is called:



Note that the original linked list remains unchanged and that acc_linkC for all the accessors in the new linked list is one.

If length (the second parameter) is zero, simply duplicate the first accessor in the linked list but set acc_length=0 and acc_next=null. In other words, create a linked list of length one accessor whose acc_length is 0.

bf_cut() is used in a number of scenarios, including cutting a received ethernet packet to size.

For a full description of the network service's buffer management, click here.

bf_afree()

After a chain of accessors is no longer needed, the chain (and not simply the single accessor passed as the parameter) can be freed by calling bf_free(). However, if either acc_linkC or buf_linkC of one of the accessors in the linked list is not equal to one (1), the entire chain will not be freed. For example, if buf_afree(acc1) is called for the following chain:



Then the resulting chain will be:



bf_afree() returns acc1 (accessors[63]) to acc_freelist (recall that acc_freelist is the linked list of acc_t's without an associated buffer). However, buffers512[127] cannot be freed because acc2 (accessors[64]) still references it.

bf_afree() is called after an accessor's associated data is no longer needed (for example, after a packet has been sent off by the ethernet driver).

An understanding of the icmp header is helpful to understanding the rest of this function.


icmp_hdr_t

An icmp header has the following structure:

typedef struct icmp_hdr

{

	u8_t ih_type, ih_code;

	u16_t ih_chksum;

	union

	{

		u32_t ihh_unused;

		icmp_id_seq_t ihh_idseq;

		ipaddr_t ihh_gateway;

		icmp_ram_t ihh_ram;

		icmp_pp_t ihh_pp;

	} ih_hun;

	union

	{

		icmp_ip_id_t ihd_ipid;

		u8_t uhd_data[1];

	} ih_dun;

} icmp_hdr_t;

Note that the "union" keyword specifies that only one field within the block will be used. For example, for router advertisements, only the ihh_ram field from the first union and the uhd_data[1] field from the second union are used.

ih_type, ih_code: ih_type, as the name suggests, is the type of icmp message. ih_code is a code that is specific to the messages type. Below are the possible types and their associates codes (note that the codes are indented):

#define ICMP_TYPE_ECHO_REPL       0

#define ICMP_TYPE_DST_UNRCH       3

#       define ICMP_NET_UNRCH                   0

#       define ICMP_HOST_UNRCH                  1

#       define ICMP_PROTOCOL_UNRCH              2

#       define ICMP_PORT_UNRCH                  3

#       define ICMP_FRAGM_AND_DF                4

#       define ICMP_SOURCE_ROUTE_FAILED         5

#define ICMP_TYPE_SRC_QUENCH       4

#define ICMP_TYPE_REDIRECT         5

#       define ICMP_REDIRECT_NET              0

#       define ICMP_REDIRECT_HOST             1

#       define ICMP_REDIRECT_TOS_AND_NET      2

#       define ICMP_REDIRECT_TOS_AND_HOST     3

#define ICMP_TYPE_ECHO_REQ       8

#define ICMP_TYPE_ROUTER_ADVER   9

#define ICMP_TYPE_ROUTE_SOL      10

#define ICMP_TYPE_TIME_EXCEEDED  11

#       define ICMP_TTL_EXC               0

#       define ICMP_FRAG_REASSEM          1

Most of these are self-explanatory. It is unclear what function the ICMP_TYPE_ROUTE_SOL icmp message performs.


u16_t ih_chksum: The checksum of the icmp message.


icmp_id_seq_t ihh_idseq:

typedef struct icmp_id_seq

{

	u16_t	iis_id, iis_seq;

} icmp_id_seq_t;

u16_t iis_id, iis_seq:

The iis_id and the iis_seq fields are used to match echo replies to echo requests.


ipaddr_t ihh_gateway: The redirect gateway.


icmp_ram_t ihh_ram:

typedef struct icmp_ram		/* RFC 1256 */

{

	u8_t	iram_na;

	u8_t	iram_aes;

	u16_t	iram_lt;

} icmp_ram_t;

Note that "ram" stands for "Router Advertisement Message". Only router advertisement icmp messages use this struct.

u8_t iram_na: (Number of Addresses) The number of router addresses advertised in the message.

u8_t iram_aes: (Address Entry Size) The number of 32-bit words of information per router address (2 in the diagram below; the first 32-bits is for the router address and the second 32-bits is the preference of the router).

u16_t iram_lt: (LifeTime) Lifetime of the router address in seconds.


icmp_pp_t ihh_pp: Not used by the network service.
icmp_ip_id_t ihd_ipid: Not used by the network service.


u8_t uhd_data[1]: Although this field shows that it has a length of a single byte, as much data as necessary may be placed here. This field is the location of the router advertisements (see figure below) as well as the ip header of returned ip packets and may be as long as necessary .

ICMP Router Advertisement Message



       0                   1                   2                   3

       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |     Type      |     Code      |           Checksum            |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |   Num Addrs   |Addr Entry Size|           Lifetime            |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                       Router Address[1]                       |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                      Preference Level[1]                      |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                       Router Address[2]                       |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                      Preference Level[2]                      |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |                               .                               |

      |                               .                               |

      |                               .                               |

bf_memreq()

After the buffers have been initialized, accessors[] looks like the following:



bf_memreq() allocates accessors to the caller. For example, if 1514 bytes of buffer space are requested immediately after the network process starts and each buffer is 512 bytes (the default), then accessors[] will look like the following:



Note that three elements of accessors[] have been removed from buf512_freelist and that the head of the chain of the 3 accessors is returned by bf_memreq(). Also note that the acc_linkC and buf_linkC fields have been set to one and acc_length and acc_offset have been set to their appropriate values.

So what happens if there are not enough buffers on the buf512_freelist to satisfy a request? On lines 2280-2290 of buf.c, functions that free buffers for the specific clients (e.g., eth_buffree()) are called until there are enough buffers on buf512_freelist.

For a complete description of the network service's buffer management, click here.

On line 30946, everything except the ip header and the first 8 bytes of data were cut off the packet pack. Append the new packet to the icmp header.


bf_append()

bf_append() appends one accessor linked list to another accessor linked list. For example, if the payload of an ethernet packet (1500 bytes) is appended to an ethernet header (14 bytes):



the resulting linked list is as follows:

The size is now the length of the icmp header plus the length of the ip header plus the 8 bytes.

bf_packIffLess()

If the data in a linked list of accessors is less than min_len (the second parameter), bf_packIffLess(pack, min_len) packs the data by calling bf_pack().

bf_packIffLess() is often called to ensure that a packet's header is in a single contiguous buffer so that the individual fields of the header can be easily accessed.

For a detailed description of the network service's buffer management, click here.

All fields of the icmp header except ih_chksum will be filled in by the calling function (e.g., icmp_snd_unreachable()).


ptr2acc_data()

The macro ptr2acc_data is #define'd in inet/generic/buf.h as:

#define ptr2acc_data(/* acc_t * */ a) (bf_temporary_acc=(a), \
(&bf_temporary_acc->acc_buffer->buf_data_p[bf_temporary_acc-> \
acc_offset]))

ptr2acc_data() simply returns a pointer to the actual data within an accessor.

ptr2acc_data() is usually called so that the fields of a header (e.g., ip header) can be analyzed.

An understanding of the ip header is necessary to understand the remainder of this function.


ip_hdr_t

struct ip_hdr_t is the structure of an ip header. "ih" (e.g., ih_src, ih_dst) stands for "Ip Header".

ip_hdr_t is declared in /include/net/gen/ip_hdr.h:

typedef struct ip_hdr

{

         u8_t ih_vers_ihl, ih_tos;

         u16_t ih_length, ih_id, ih_flags_fragoff;

         u8_t ih_ttl, ih_proto;

         u16_t ih_hdr_chk;

         ipaddr_t ih_src, ih_dst;

} ip_hdr_t;

ih_vers_ihl: The lower 4 bits is the length of the header plus options (if there are any) shifted by 2 bit positions (i.e., its actual length is 4 times as great as the value stored in ih_vers_ihl). An example of an option is a router list that a packet should follow to its destination.

The upper four bits is the version number (e.g., IPv4).


ih_tos: tos stands for "Type Of Service" and is the priority of the ip packet. A value of zero is the lowest priority. Both UDP and TCP have a default TOS of zero.

#define TCP_DEF_TOS 0
#define UDP_TOS 0


ih_length: The length of the entire ip packet, including the ip header.


ih_id: The value of ih_id for the first packet sent out is determined by ip_init() and is equal to the number of clock ticks since reboot (i.e., the value returned by get_time) and is incremented for each packet sent out. This value is used to combine fragments at the receiving end if fragmentation has occurred.


ih_flags_fragoff: ih_flags_fragoff is a combination of flags and a (possible) fragmentation offset ("fragoff").

If the packet should not be fragmented, ih_flags_fragoff is set to IH_DONT_FRAG. If there are additional fragments (e.g., the 3rd fragment of 4 fragments), ih_flags_fragoff is set to IH_MORE_FRAGS.

If the packet is indeed just a fragment of a packet, this value indicates the starting byte position (in 8 byte increments) of the original ip packet's data. So for example, if an ip packet of data size (not including the ip header) is broken up into two fragments of 1496 and 504 bytes each, the first fragment would have a fragmentation offset of 0 bytes and the second fragment would have a fragmentation offset of 1496 bytes and ih_flags_fragoff is therefore 187 (1496 / 8 = 187).


ih_ttl: "Time to live" for the packet. As a packet is routed to the destination, each router decrements the packet's ttl. When the ttl reaches 0, the router sends an "icmp unreachable" packet to the source. The ttl is designed to prevent packets that can't reach their destination from indefinitely bouncing around between routers. UDP's default TTL is 30:

#define UDP_TTL 30

Note that the Minix code also uses this value as a timeout value (in seconds). This code was written before the ttl field was redefined to be strictly a hope count. The original IP RFC defines the ttl field as the time to live in seconds.


ih_proto: The protocol of the ip packet. For example, if the packet is a udp packet, ih_proto will be 17. If the packet is a tcp packet, ih_proto will be 6.


ih_hdr_chk: Checksum for the header.


ih_src, ih_dst: Source and destination ip address of the ip packet.

             IP HEADER (as given by RFC 791)           

   



    0                   1                   2                   3   

    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |Version|  IHL  |Type of Service|          Total Length         |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |         Identification        |Flags|      Fragment Offset    |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   | Time to Live  |   Protocol    |   Header Checksum             |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |                       Source Address                          |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |                    Destination Address                        |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |                    Options                    |    Padding    |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The ip header will be the minimum length since the header will include no ip options.

bf_memreq()

After the buffers have been initialized, accessors[] looks like the following:



bf_memreq() allocates accessors to the caller. For example, if 1514 bytes of buffer space are requested immediately after the network process starts and each buffer is 512 bytes (the default), then accessors[] will look like the following:



Note that three elements of accessors[] have been removed from buf512_freelist and that the head of the chain of the 3 accessors is returned by bf_memreq(). Also note that the acc_linkC and buf_linkC fields have been set to one and acc_length and acc_offset have been set to their appropriate values.

So what happens if there are not enough buffers on the buf512_freelist to satisfy a request? On lines 2280-2290 of buf.c, functions that free buffers for the specific clients (e.g., eth_buffree()) are called until there are enough buffers on buf512_freelist.

For a complete description of the network service's buffer management, click here.

ptr2acc_data()

The macro ptr2acc_data is #define'd in inet/generic/buf.h as:

#define ptr2acc_data(/* acc_t * */ a) (bf_temporary_acc=(a), \
(&bf_temporary_acc->acc_buffer->buf_data_p[bf_temporary_acc-> \
acc_offset]))

ptr2acc_data() simply returns a pointer to the actual data within an accessor.

ptr2acc_data() is usually called so that the fields of a header (e.g., ip header) can be analyzed.

As described above, the "tos" stands for "Type Of Service" and is the priority of a packet. Icmp packets have low priorities.

htons() / ntohs() / htonl() / ntohl()

From htons(3):

"htons() converts a 16-bit quantity from host byte order to network byte order."

Different CPU architectures group multiple bytes differently. For example, on a "little-endian" machine (an example of which is the Intel CPU), the value 0x1234 is stored in memory as 0x3412. However, on a "big-endian" machine, the value 0x1234 is stored in memory as 0x1234.

It is important that values in a header are sent across a network in a consistent manner independent of the architecture of the sending or receiving system. For this reason, a standard was chosen. The standard chosen was big-endian although it could have just as well been little-endian.

htons() is defined in /include/net/hton.h, as:
#define htons(x) (_tmp=(x), ((_tmp>>8) & 0xff) | ((_tmp<<8) & 0xff00))

ntohs() converts a 16-bit quantity from network byte order to host byte order, the reverse of htons().

htonl() and ntohl() are identical to htons() and ntohs() except that they convert 32-bit quantities instead of 16-bit quantities.

Processes generally supply header information when sending packets. The data in these fields is converted to the network format (i.e., big-endian) by the process before the process copies the data to the network service.

dest was set to the ip address of the problem ip packet on line 30916.

Append the icmp message to the ip header. In other words, the icmp message becomes the payload (data) of the ip packet. The newly created ip packet is then returned.