Hi,
I have been tracing the way tcpdump works and I figured out how it
registers a PACKET socket with a ETH_P_ALL protocol. Hence the first
loop in net_bh() for ptype_all sends a clone of the packet to
packet_rcv() in /net/packet/af_packet.c. Then the second loop in
net_bh() for ptype_base is entered and it sends another clone of the
packet to ip_rcv().
Hence we have two clones of the packet (actually copies of the pointers
in sk_buff) pointing to the same data (head, data, tail, end pointers).
Is this understanding right?
Now packet_rcv() puts the packet into the PACKET socket's receive queue
where it waits for the userspace application (tcpdump) to read it using
the recvfrom() system call.
Meanwhile the other clone (still pointing to the same data) travels
through ip_rcv(). Does ip_rcv() confirm the "shared" status of the
skbuff before manipulating it? If so, where?
TIA.
Regards,
Amit
--
I'm an angel!!! Honest!
The horns are just there to hold the halo up straight.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
Amit Kucheria
EECS Grad. Research Assistant
University of Kansas @ Lawrence
(R): +1-785-830-8521 ||| (C): +1-785-760-2871
____________________________________________________
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
