laforge@gnumonks.org
At the time I wanted to know more about the Linux network stack, I always wanted a document like this to exist. But unfortunately I never found one. After I gained some basic knowledge about the Linux network stack internals, I wrote one.
I'm happy if this document is of any use for other people trying to learn about the Linux kernel.
Please let me know of any bugs in this document. It should resemble kernel revision 2.4.0-test4
skbuffs are the buffers in which the linux kernel handles network packets. The packet is received by the network card, put into a skbuff and then passed to the network stack, which uses the skbuff all the time.
The struct sk_buff is defined in <linux/skbuff.h> as follows:
next buffer in list
previous buffer in list
list we are on
socket we belong to
timeval we arrived at
device we are leaving by
device we arrived at
transport layer header (tcp,udp,icmp,igmp,spx,raw)
network layer header (ip,ipv6,arp,ipx,raw)
link layer header
FIXME:
control buffer, used internally
length of actual data
checksum
FIXME: data moved to user and not MSG_PEEK
we are a clone
head may be cloned
packet class
driver fed us ip checksum
packet queuing priority
user count
packet protocol from driver
security level of packet
real size of the buffer
pointer to head of buffer
data head pointer
tail pointer
end pointer
destructor function
netfilter mark
netfilter internal caching info
associated connection, if any
traffic control index
There are a bunch of skb support functions provided by the sk_buff layer. I briefly describe the most important ones in this section.
This function allocates a new skb. This is provided by the skb layer to initialize some privat data and do memory statistics. The returned buffer has no headroom and a tailroom of /size/ bytes.
Decrement the skb's usage count by one and free the skb if no references left.
Increments the skb's usage count by one and returns a pointer to it.
This function clones a skb. Both copies share the packet data but have their own struct sk_buff. The new copy is not owned by any socket, reference count is 1.
Makes a real copy of the skb, including packet data. This is needed, if You wish to modify the packet data. Reference count of the new skb is 1.
Make a copy of the skb, including packet data. Additionally the new skb has a haedroom of /new_headroom/ bytes size and a tailroom of /new_tailroom/ bytes.
Is the skb a clone?
Is this skb shared? (is the reference count > 1)?
peek a skb from front of the list; does not remove skb from the list
peek a skb from tail of the list; does not remove sk from the list
return the length of the given skb list
enqueue a skb at the head of a given list
enqueue a skb at the end of a given list.
struct sk_buff *skb_dequeue(struct sk_buff_head *list_)
dequeue a skb from the head of the given list.
struct sk_buff *sbk_dequeue_tail(struct sk_buff_head *list_)
dequeue a skb from the tail of the given list
extends the data area of the skb. if the total size exceeds the size of the skb, the kernel will panic. A pointer to the first byte of new data is returned.
extends the data area of the skb. if the total size exceeds the size of the skb, the kernel will panic. A pointer to the first byte of new data is returned.
remove data from the start of a buffer, returning the bytes to headroom. A pointr to the next data in the buffer is returned.
return the amount of bytes of free space at the head of skb
return the amount of bytes of free space at the end of skb
if the buffer passed lacks sufficient headroom or is a clone it is copied and additional headroom made available.