tcphdr
From Wikipedia, the free encyclopedia
 |
This article does not cite any references or sources. (October 2007) Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed. |
tcphdr is a struct (structure) in the C programming language. The tcphdr struct is used as a template to form a TCP header in a raw socket. The structure can be found in the default include files of most Unix distributions. It is most commonly located in the <netinet/tcp.h> header file. The tcphdr struct is unique in that it was written in two different formats, a BSD format and a Linux format. If you have a hybrid Linux/BSD header file, to use the BSD format, add #define __USE_BSD at the very top of your definitions and #define __FAVOR_BSD directly before the line #include <netinet/tcp.h> (otherwise the format will default to Linux).
Contents |
[edit] Definition
[edit] Linux Format
struct tcphdr { unsigned short source; unsigned short dest; unsigned long seq; unsigned long ack_seq; unsigned short doff:4; unsigned char flags; unsigned short window; unsigned short check; unsigned short urg_ptr; };
[edit] BSD Format
struct tcphdr { u_short th_sport; u_short th_dport; tcp_seq th_seq; tcp_seq th_ack; u_int th_x2:4, th_off:4; u_char th_flags; u_short th_win; u_short th_sum; u_short th_urp; };
[edit] Fields
u_short th_sport unsigned short source
The source port.
u_short th_dport unsigned short dest;
The destination port.
tcp_seq th_seq unsigned long seq
The sequence number is used to enumerate the TCP segments. The data in a TCP connection can be contained in any amount of segments (=single tcp datagrams), which will be put in order and acknowledged. For example, if you send 3 segments, each containing 32 bytes of data, the first sequence would be (N+)1, the second one (N+)33 and the third one (N+)65. "N+" because the initial sequence is random.
tcp_seq th_ack unsigned long ack_seq
Every packet that is sent and a valid part of a connection is acknowledged with an empty TCP segment with the ACK flag set (see below), and the th_ack field containing the previous the_seq number.
u_int th_x2
Variable in 4 byte blocks. The x2 variable is deprecated, it should be set to all binary zeros.
u_int th_off unsigned short doff
The segment offset specifies the length of the TCP header in 32bit/4byte blocks. Without tcp header options, the value is 5.
u_char th_flags unsigned char flags
This field consists of six binary flags. Using bsd headers, they can be combined like this: th_flags = FLAG1 | FLAG2 | FLAG3...
- TH_URG: Urgent. Segment will be routed faster, used for termination of a connection or to stop processes (using telnet protocol).
- TH_ACK: Acknowledgement. Used to acknowledge data and in the second and third stage of a TCP connection initiation (see IV.).
- TH_PUSH: Push. The systems IP stack will not buffer the segment and forward it to the application immediately (mostly used with telnet).
- TH_RST: Reset. Tells the peer that the connection has been terminated.
- TH_SYN: Synchronization. A segment with the SYN flag set indicates that client wants to initiate a new connection to the destination port.
- TH_FIN: Final. The connection should be closed, the peer is supposed to answer with one last segment with the FIN flag set as well.
u_short th_win unsigned short window
The TCP window - the amount of bytes that can be sent before the data should be acknowledged with an ACK before sending more segments.
u_short th_sum unsigned short check
The checksum of pseudo header, tcp header and payload. The pseudo is a structure containing IP source and destination address, 1 byte set to zero, the protocol (1 byte with a decimal value of 6), and 2 bytes (unsigned short) containing the total length of the tcp segment.
u_short th_urp unsigned short urg_ptr
Urgent pointer. Only used if the urgent flag is set, else zero. It points to the end of the payload data that should be sent with priority.
