< Chap 3: Winsock 2 & Internet Protocols | Winsock2 Main | Name Resolution Routines >


 

Winsock2 and Internet Protocol 3 Part 1

 

What do we have in this chapter 3 part 1?

 

  1. IPv4

  2. Addressing

  3. Unicast

  4. Multicast

  5. Broadcast

  6. IPv4 Management Protocols

  7. Addressing IPv4 from Winsock

  8. IPv6

  9. Addressing

  10. Unicast

  11. Anycast

  12. Multicast

  13. Addressing IPv6 from Winsock

  14. Address and Name Resolution

 

This chapter describes the Internet Protocol (IP). In order to establish communication through Winsock you must understand how to address a workstation for a particular protocol. This chapter covers IPv4 and IPv6. Another chapter will cover the most common protocols available on Windows platforms.

IPv4 is commonly known as the network protocol that the Internet uses. IP is widely available on most computer operating systems and can be used on most LANs, such as a small network in your office, and on WANs, such as the Internet. With the explosion in the number of computers on the Internet, the limitations of IPv4 are becoming apparent, and as a result, the next generation IP was developed, which is known as IPv6.

In this chapter, we will discuss the background, addressing scheme, name resolution, and Winsock specifics for both IPv4 and IPv6. Then, we'll discuss how to write applications that seamlessly operate over either version of IP.

 

IPv4

 

IPv4 was developed by the U.S. Department of Defense's Advanced Research Project Agency (ARPA), which built an experimental packet switching network in the 1960s. The initial network protocols were cumbersome, which led to the development of a better protocol in the mid 1970s. This research eventually led to IPv4 as well as TCP.

 

Addressing

 

In IPv4, computers are assigned an address that is represented as a 32-bit number, formally known as an IPv4 address. IPv4 addresses are typically represented in a dotted decimal format in which each octet (8 bits) of the address is converted to a decimal number and separated by a period (“dots”).

IPv4 addresses are divided into classes that describe the portion of the address assigned to the network and the portion assigned to endpoints. Table 3-1 lists the different classes.

 

Table 3-1 IPv4 Address Classes

 

Class

Network Portion

First Number

Number of Endpoints

A

8 bits

0–127

16,777,216

B

16 bits

128–191

65,536

C

24 bits

192–223

256

D

N/A

224–239

N/A

E

N/A

240–255

N/A

 

In a slash notation, when specifying an IP address, the number of bits indicating the network portion can be appended to the dotted decimal address after a back slash (/). For example, the address 172.31.28.120/16 indicates that the first 16 bits make up the network portion of the address. This is equivalent to a subnet mask of 255.255.0.0.

The last two entries in Table 3-1 are special classes of IPv4 addresses. Class D addresses are reserved for IPv4 multicasting and class E addresses are experimental. Also, there are several blocks of addresses that have been reserved for private use and cannot be used by a system on the Internet. They are the following:

 

  1. 10.0.0.0–10.255.255.255 (10.0.0.0/8)
  2. 172.16.0.0–172.31.255.255 (172.16.0.0/12)
  3. 192.168.0.0–192.168.255.255 (192.168.0.0/16)

 

Finally, there is the loopback address (127.0.0.1), which is a special address that refers to the local computer.

To list the IPv4 addresses assigned to the local interfaces, the IPCONFIG.EXE command can be used to list each network adapter and the IPv4 address(es) assigned to it.

 

The Windows socket/winsock2 IPv4, IPv6 Internet Protocol programming: the ipconfig /all command in action

 

If an application needs to programmatically obtain a list of its IPv4 addresses, it can call WSAIoctl() with the SIO_ADDRESS_LIST_QUERY command. In addition, the IP Helper APIs also provide this function. We've discussed the breakdown of the IPv4 address space, and from within these different address classes there are three types of IPv4 addresses: unicast, multicast, and broadcast. Each address type will be covered in the next sections.

 

Unicast

 

Unicast addresses are those addresses that are assigned to an individual computer interface. Only one interface may be assigned that address. If another computer is configured with the same address on the network, then that is an error that will result in data being delivered incorrectly. Classes A, B, and C comprise the unicast address space for IPv4.

Typically, an interface on a host is assigned an IPv4 (unicast) address either statically or by a configuration protocol like Dynamic Host Configuration Protocol (DHCP). If a DHCP server cannot be reached, the system automatically assigns an address in the range of 169.254.0.0/16 using Automatic Private IP Addressing (APIPA).

To prevent having to memorize numeric IP addresses, an IPv4 address can be associated to the host computer name by using the Domain Name System (DNS). Later, we will discuss how to resolve the host name to its IPv4 address (and its IPv6 address as well).

 

Multicast

 

Multicast addresses are not assigned to a specific interface. Instead, multiple computers may “join” a multicast group listening on a particular multicast address. Everyone joined to that group will receive any data destined to that address. Multicast addresses are class D addresses. One of the greatest benefits to multicasting is the capability to deliver multicast data to only those machines that are interested in that data.

 

Broadcast

 

IPv4 supports broadcasting data. This means that data sent to the limited broadcast address, 255.255.255.255, will be received and processed by every machine on the local network. This is generally considered a bad practice because even those computers that are not interested in the broadcast data must process the packet.

If applications require broadcasting, it is better to use subnet directed broadcasts. This is still broadcasting data, but as the name implies it is directed to machines on a specific subnet only. For example, a datagram sent to 172.31.28.255 will be received by every machine on only that same subnet.

 

IPv4 Management Protocols

 

The IPv4 protocol relies on several other protocols to function. The three support protocols we are most interested in is the Address Resolution Protocol (ARP), the Internet Control Message Protocol (ICMP), and the Internet Group Management Protocol (IGMP).

ARP is used to resolve the 32-bit IPv4 address into a physical or hardware address so the IPv4 packet can be wrapped in the appropriate media frame (such as an Ethernet frame). In Windows you can invoke the ARP tool using arp command.

 

The Windows socket/winsock2 IPv4, IPv6 Internet Protocol programming: the ARP command in action

 

A host must resolve the next-hop IPv4 address to its corresponding hardware address before sending data on the wire. If the destination address is on the local network, the ARP request is made for the destination's physical address. If one or more routers separate the source from the destination, an ARP request is made for the default gateway and the packet is forwarded to it. The IP Helper API contains some ARP routines that we can use.

ICMP is designed to send status and error messages between IPv4 hosts. The types of messages include echo requests and replies, destination unreachable, and time exceeded. ICMP is also used to discover nearby routers. We will go into more detail on ICMP and will illustrate how to send your own ICMP messages in another chapter. As an example, the ping command is based on the ICMP protocol.

 

The Windows socket/winsock2 IPv4, IPv6 Internet Protocol programming: the PING command in action

 

The Windows socket/winsock2 IPv4, IPv6 Internet Protocol programming: the IPv6 ping6 command

 

IGMP is used to manage multicast group membership. When applications on a host join multicast group, the host sends out IGMP membership reports, which inform routers on the network segment which multicast groups data is to be received on. Routers need this information to forward multicast packets destined to these multicast groups to network segments only when there are receivers interested in it.

 

Addressing IPv4 from Winsock

 

In Winsock, applications specify IPv4 addresses and service port information through the SOCKADDR_IN structure, which is defined as:

 

struct sockaddr_in

{

    short           sin_family;

    u_short         sin_port;

    struct in_addr  sin_addr;

    char            sin_zero[8];

};

 

The sin_family field must be set to AF_INET, which tells Winsock you are using the IP address family. The sin_port field defines which TCP or UDP communication port will be used to identify a server service. Note that the port number does not actually apply to the IPv4 protocol but is a property of the transport layer protocol(s) encapsulated within an IPv4 header, such as TCP or UDP.

Applications should be particularly careful in choosing a port because some of the available port numbers are reserved for well-known services, such as FTP and HTTP. The ports that well-known services use are controlled and assigned by the Internet Assigned Numbers Authority (IANA) and are listed on its Web page at IANA port number assignment. Essentially, the port numbers are divided into the following three ranges: well-known, registered, and dynamic and/or private ports.

 

  1. 0–1023 are controlled by IANA and are reserved for well-known services.
  2. 1024–49151 are registered ports listed by IANA and can be used by ordinary user processes or programs executed by ordinary users.
  3. 49152–65535 are dynamic and/or private ports.

 

Ordinary user applications should choose the registered ports in the range 1024–49151 to avoid the possibility of using a port already in use by another application or a system service. Ports in the range 49152–65535 can also be used freely because no services are registered on these ports with IANA. If, when using the bind() API function, your application binds to a port that is already in use by another application on your host, the system will return the Winsock error WSAEADDRINUSE. Also, it is valid for clients to send or connect without explicitly binding to a local address and port. In this case, the system will implicitly bind the socket to a local port from the range of 1024 to 5000. This is the same behavior that occurs if an application explicitly binds the socket but specifies a local port of zero.

The sin_addr field of the SOCKADDR_IN structure is used for storing an IPv4 address as a four-byte, network-byte-ordered quantity, which is an unsigned long integer data type. Depending on how this field is used, it can represent a local or a remote IP address. IP addresses are normally specified in Internet standard dotted notation as “a.b.c.d.” Each letter represents a number for each byte and is assigned, from left to right, to the four bytes of the unsigned long integer. The final field, sin_zero, functions only as padding to make the SOCKADDR_IN structure the same size as the SOCKADDR structure.

All fields of this and every other socket address structure need to be in network byte order. However, if applications use the name resolution and assignment APIs discussed later in this chapter, the necessary conversion is automatically performed. It is only when an application explicitly assigns or retrieves values from the structure members that the byte order conversion is required.

 

IPv6

 

With the explosion in the number of computers on the Internet, the limitations of IPv4 are becoming apparent. First and foremost, the number of available IPv4 addresses is being exhausted. This has led to the use of network address translators (NATs), which map multiple private addresses to a single public IP addresses. NATs are useful for client-server applications but can be problematic when connecting two organizations that use the private address space. Also, NATs must sometimes be aware of the underlying protocols to perform the appropriate address translation.

Second, IPv4 addressing is not entirely hierarchical, which means that the Internet backbone routers must maintain vast routing tables to deliver IPv4 packets correctly to any location on the Internet.

Another incentive for developing IPv6 is to provide simpler configuration. With IPv4, addresses must be assigned statically or via a configuration protocol such as DHCP. Ideally, hosts would not have to rely upon the administration of a DHCP infrastructure. Instead, they will be able to auto configure themselves based on the network segment on which they are located.

A developer-release version of IPv6 is provided with Windows XP. For Windows 2000, a technology preview IPv6 protocol is available for download from Microsoft IPv6 info. For Windows NT 4.0, a Microsoft Research IPv6 protocol may also be obtained from IPv6 protocol.

In this section, we will cover the different types of IPv6 addresses, the support protocols that IPv6 uses, and how IPv6 addresses are handled from Winsock. Although we will discuss addressing and name resolution, we will not cover all aspects of IPv6, such as routing or setting up an IPv6 network. More info on this thing can be found at Internet protocol version 6 info.

 

Addressing

 

The most noticeable difference between IPv4 and IPv6 addresses is that an IPv6 address is 128 bits, which is four times larger than an IPv4 address. One reason for such a large address space is to subdivide the available addresses into a hierarchy of routing domains that reflect the Internet's topology. Table 3-2 lists a portion of how the address space is allocated and lists the address prefix for each portion. The address prefix denotes the high order bits of an IPv6 address. IPv6 addressing is described in RFC 2373.

 

Table 3-2 IPv6 Address Allocation

 

Allocation

Address Prefix

Fraction of Address Space

Reserved

0000 0000

1/256

Reserved for NSAP allocation

0000 001

1/128

Aggregatable global unicast addresses

001

1/8

Link-local unicast addresses

1111 1110 10

1/1024

Site-local unicast addresses

1111 1110 11

1/1024

Multicast addresses

1111 1111

1/256

 

An IPv6 address is typically expressed in 16-bit chunks displayed as hexadecimal numbers separated by colons. The following is an example of an IPv6 address:

 

21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A

 

Leading zeroes within each 16-bit block may be removed, as seen here:

 

21DA:D3:0:2F3B:2AA:FF:FE28:9C5A

 

Many IPv6 addresses contain long sequences of zeroes, which may be compressed by substituting two colons for the block of zeros. For example, the following address:

 

FE80:0:0:0:12:0:34:56

 

can be compressed to:

 

FE80::12:0:34:56

 

Note that only a single contiguous sequence of 16-bit zero blocks may be compressed.

If you computer is IPv6 enabled, you can view the information using the IPCONFIG command.

 

-----------------------------------------------

The Windows socket/winsock2 IPv4, IPv6 Internet Protocol programming: the ipconfig sample output

 

Depending on the platform, you can use other two methods to obtain a list of the IPv6 addresses assigned to a computer's interfaces. For the Microsoft Research and Windows 2000 Technology Preview stacks downloaded from the Web as well as Windows XP Home Edition and Windows XP Professional, the IPV6 command is used. To enumerate the IPv6 interfaces, execute IPV6 if at the command prompt.

 

The Windows socket/winsock2 IPv4, IPv6 Internet Protocol programming: the ipv6 command options/switches

 

If there is no ipv6 command at your command prompt, you need to check whether the protocol has been installed or not. This can be accessed through the Local Area Connection property page.

 

The Windows socket/winsock2 IPv4, IPv6 Internet Protocol programming: the TCP/IP version 6 protocol seen in LOcal Area Connection properties page

 

If there is no Microsoft TCP/IP version 6 item, then you can install it using the Install button.

 

The Windows socket/winsock2 IPv4, IPv6 Internet Protocol programming: invoking the install page of the IPv6 protocol

 

Select Protocol as the type of network component to install. Then click Add button and select Microsoft TCP/IP version 6. If you cannot find the item, then you need to install the Windows networking component.

 

The Windows socket/winsock2 IPv4, IPv6 Internet Protocol programming: selecting the protocol item to be installed

 

For all versions of Windows 2000 and Windows XP (including the latest versions of Windows releases), the NETSH command may also be used.

 

The Windows socket/winsock2 IPv4, IPv6 Internet Protocol programming: the netsh command options/switches

 

The command syntax is: NETSH interface IPv6 show interface.

 

The Windows socket/winsock2 IPv4, IPv6 Internet Protocol programming: the netsh interface ipv6 command

 

You can also use the ipv6 tool to install/uninstall the ipv6 protocol.

 

 

To programmatically obtain the configuration of local interfaces, the SIO_ADDRESS_LIST_QUERY ioctl and the IP Helper API can be used. There are three basic types of IPv6 addresses: unicast, anycast, and multicast. Note that IPv6 does not define a broadcast address (multicasting is used instead). In the following sections, we will discuss each address type.

 

Unicast

 

A unicast address identifies a single interface. With IPv6, however, an interface will most likely have more than one unicast address assigned to it. There are four types of unicast addresses that you will likely encounter:

 

  1. Link-local addresses.
  2. Site-local addresses.
  3. Global addresses.
  4. Compatibility addresses.

 

An interface will always have a link-local address assigned to it, each physical network interface is auto configured with one. A link-local address is used to communicate only with other nodes on the same link. Link-local address always begins with an fe80::/64 prefix. Also, because no routing information is kept for link-local addresses, the interface index is often displayed with the address. Every physical interface on the system is assigned an adapter index number (also known as a scope ID). When a link-local address is assigned to an interface, the link number is appended to the address. The following address is the link-local address assigned to the physical adapter whose interface index number is five.

 

fe80::250:8bff:fea0:92ed%5

 

In Winsock, if a connection is being established using link-local addresses, then the interface index must be present to indicate which link the remote host is reachable from. An IPv6 link-local address is synonymous with an IPv4 APIPA address discussed earlier in the chapter.

For example, consider host A, which has the link-local address fe80::250:8bff:fea0:92ed%5 and host B, which has the link-local address fe80::250:daff:fec3:9e34%4. If host A issues a connect to host B, it would use the destination address of B with its own scope ID that can reach host B. The address to connect to would be fe80::250:daff:fec3:9e34%5.

Site-local addresses are IPv6 addresses that are reachable only on the local network environment, such as the corporate network at a particular site. These addresses are comparable to the IPv4 private address space because they cannot be reached from other sites or the Internet and routers on the private network do not forward this traffic beyond the local site. Site-local addresses use the prefix fec0::/48. Site-local addresses must be assigned from either an IPv6 router or via DHCPv6. IPv6-enabled routers will send Router Advertisement (RA) messages, which advertise the network portion of the address (such as the first 64 bits of the address consisting of the 48-bit site-local prefix and a 16-bit subnet ID), which the host will then use to assign a site-local address to the interface on which the RA was received.

Global addresses are just that: globally reachable on IPv6 Internet. Global addresses begin with 001. The remaining 61 bits of the first 64 bits are used to establish a routing hierarchy, and the last 64 bits comprise the interface identifier that uniquely identifies a network interface on a subnet. Global addresses are also assigned via router advertisements or by using DHCPv6.

The last type of unicast addresses are compatibility addresses, which are designed to aid in the transition from IPv4 to IPv6. There are four kinds of compatibility addresses that Windows supports:

 

  1. Intrasite Automatic Tunnel Addressing Protocol (ISATAP)
  2. 6to4
  3. 6over4 and
  4. IPv4 compatible

 

ISATAP addresses can be derived from any IPv6 unicast address, such as link-local, site-local, and global addresses. Most often you will see an ISATAP address derived from a link-local address. These addresses also contain an embedded IPv4 address. For example, the ISATAP address fe80::5efe:172.17.7.2 is a link-local address and contains the IPv4 address of the host (172.17.7.2). When data is sent from this interface, the IPv6 packet is encapsulated within an IPv4 header. The IPv4 destination address is obtained from the v4 address embedded within the IPv6 ISATAP destination address. The v4 address must be globally reachable for two endpoints to communicate via automatic tunneling. ISATAP addresses are currently an Internet Engineering Task Force (IETF) draft which is RFC 5214.

The second type of compatibility address is called 6to4 and is described in RFC 3056. 6to4 addresses use the global prefix 2002:WWXX:YYZZ::/48, in which WWXX:YYZZ is the hexadecimal-colon representation of w.x.y.z, a public IPv4 address. 6to4 allows IPv6/IPv4 hosts to communicate over an IPv4 routing infrastructure.

Windows XP provides a 6to4 service. This service allows hosts to communicate with other 6to4 hosts within the same site, 6to4 hosts connected to the Internet, 6to4 hosts in other sites across the IPv4 Internet, as well as with hosts on the IPv6 Internet using a 6to4 relay router. On Windows XP, the 6to4 service is configured to run automatically. If there is a public IPv4 address assigned to an interface, a 6to4 Tunneling Interface (interface index 3) is created and assigned the 6to4 address(es).

The third type of compatibility address is 6over4, which is a tunneling technique using IPv4 multicasting. It allows IPv4 and IPv6 nodes to communicate using IPv6 over an IPv4 infrastructure. This technique is described in RFC 2529.

The last type of compatibility address is the IPv4 compatible address. These addresses take the form of 0:0:0:0:0:0:w.x.y.z (or ::w.x.y.z) in which w.x.y.z is the dotted decimal representation of a public IPv4 address. When an IPv4 compatible address is used by an application as the destination, the IPv6 traffic is automatically encapsulated within an IPv4 header and sent to the destination over the IPv4 network.

 

Anycast

 

Anycast is an address that identifies multiple interfaces. The purpose of these addresses is to route packets destined to an anycast address to the nearest interface assigned that anycast address. A good scenario for anycast addresses is when there are several nodes on the network that provide a certain service. Each machine can be assigned the same anycast address and clients interested in contacting that service will be routed to the nearest member. This is different from multicast because this communication is one to one of many instead of one to many. Currently however, anycast addresses are assigned to routers only.

 

Multicast

 

Multicasting in IPv6 is similar to IPv4 multicasting. A process joins a multicast group on a particular interface and data destined to that multicast address is received. IPv6 multicast addresses begin with 1111 1111 (FF).

 

IPv6 Management Protocols

 

IPv6 requires only a single helper protocol: Internet Control Message Protocol for IPv6 (ICMPv6), which is defined in RFC 2463. ICMPv6 provides the same types of services that ICMP does, such as destination unreachable, echo and echo reply, but also provides a mechanism for Multicast Listener Discovery (MLD) and Neighbor Discovery (ND). MLD replaces IGMP and ND replaces ARP.

 

Addressing IPv6 from Winsock

 

To specify IPv6 addresses in Winsock applications, the following structure is used.

 

struct sockaddr_in6 {

                        short                sin6_family;

                        u_short                       sin6_port;

                        u_long             sin6_flowinfo;

                        struct in6_addr sin6_addr;

                        u_long             sin6_scope_id;

};

 

The first field simply identifies the address family, which is AF_INET6, and the second is the port number. All fields within this structure must be in network byte order. Note that all the information discussed about port numbers in the IPv4 section apply equally to IPv6 because the port number is a property of the encapsulated protocols, such as TCP and UDP, which are also available from IPv6. The third field, sin6_flowinfo, is used to mark the traffic for the connection but is not implemented in the Microsoft IPv6 stack. The fourth field is a 16-byte structure that contains the binary IPv6 address. The last member, sin6_scope_id, indicates the interface index (or scope ID) on which the address is located. Remember that for link-local addresses, the local scope ID on which the destination is located must be specified and the sin6_scope_id field is used for this. Site-local addresses may reference the site number as the scope ID. Global addresses do not contain a scope ID. One last item to note is that the SOCKADDR_IN6 structure is 28 bytes in length and the SOCKADDR and SOCKADDR_IN structures are only 16 bytes long.

 

Address and Name Resolution

 

In this section, we'll cover how to assign both literal string addresses and resolve names to the address specific structures for both IP protocols. First, we will cover the new name resolution APIs: getaddrinfo() and getnameinfo(). These APIs have replaced the IPv4 specific routines. Then we'll cover the generic Winsock APIs for converting between string literal addresses and socket address structure. These APIs are WSAAddressToString() and WSAStringToAddress(). Note that these functions perform only address conversion and assignment, not name resolution.

Next, the IPv4 specific legacy routines will be described. We include the legacy API descriptions in case legacy code needs to be maintained, but any new projects should use the newer API functions. By using the newer functions it will be trivial to write an application that can seamlessly operate over both IPv4 and IPv6, which is the topic of the last section in this chapter.

Finally, note that all the name resolution functions covered in this chapter deal only with resolving names and not registering a name with an address. This is accomplished by the Winsock Registration and Name Resolution (RNR) APIs, discussed in other chapter.

 

 

 


< Chap 3: Winsock 2 & Internet Protocols | Winsock2 Main | Name Resolution Routines >