PF_PACKET and IP layer concurrent packet access?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have been tracing the way tcpdump works and I figured out how it
registers a PACKET socket with a ETH_P_ALL protocol. Hence the first
loop in net_bh() for ptype_all sends a clone of the packet to
packet_rcv() in /net/packet/af_packet.c. Then the second loop in
net_bh() for ptype_base is entered and it sends another clone of the
packet to ip_rcv().

Hence we have two clones of the packet (actually copies of the pointers
in sk_buff) pointing to the same data (head, data, tail, end pointers).  

Is this understanding right?

Now packet_rcv() puts the packet into the PACKET socket's receive queue 
where it waits for the userspace application (tcpdump) to read it using 
the recvfrom() system call.

Meanwhile the other clone (still pointing to the same data) travels 
through ip_rcv(). Does ip_rcv() confirm the "shared" status of the 
skbuff before manipulating it? If so, where?

TIA.
Regards,
Amit

-- 
I'm an angel!!! Honest!
The horns are just there to hold the halo up straight.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
                  Amit Kucheria
          EECS Grad. Research Assistant
         University of Kansas @ Lawrence
   (R): +1-785-830-8521 ||| (C): +1-785-760-2871
____________________________________________________


-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux