Dealing with network packets

Posted on 2003-02-21
Medium Priority
Last Modified: 2012-06-27
Dear Experts,

In the Linux networking stack , we know that when there is a packet "enter" the network interface card (NIC), the packet will be parse and eventually reach a function called "netif_rx()". And from there, the packet will keep on "traverse" to the upper protocol level and different processing on the packet will be carried out by the kernel depending on its packet protocol types before it is being sent out on the reverse way (correct me if I am wrong in concept, thanks :) )...

Currently I am doing a project on linux networking stack. I was required to "intercept" the packets whenever they are received and reach the "netif_rx()", processing them, and send them out again. May I know, if I am to do this task in the application level, what should I do? I know socket programming can get the packets for me into the application level, but where does actually socket programming "intercept" the packets from? If not using socket programming, any other way that I can "divert" those packet to the application level? And would also like to know how can i send those packets out from application level, other than socket programming.

Hope you guys can give me some advice or hint. :)
Thanks a lot :)

Question by:EJ13
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 7993174

1) "before it is being sent out on the reverse way"

Well, actually, packets received are usually not sent out
(except when the host is requested to forward ip traffic,
i.e. is a router or a gateway).

2) There are 2 ways to capture packet from user-land
(application level)
- linux specific : create a packet socket (see man packet)
  then use recvfrom/sendto.
- platform independant : use libpcap (see man pcap on linux)
  tutorial here : http://www.tcpdump.org/pcap.htm

3) Depending on what you want to do, the user-land approch
may not be possible. For example, do you want to implement
you own protocol (using your own protocol-type code) or do
you want to intercept packets for a std protocol (eg IP) ?
Also, do you want to modify/filter the packets
or just read them ? If you want to modify packets, you
need to have a kernel implementation (well, at least
I think so).

4) Anyway, are you sure you can't use an existing mecanism
to solve your problem ? What is your problem exactly ?
Linux already addresses most of the needs concerning
security, routing, etc...



Expert Comment

ID: 7995757
Actually, the packet socket (and libpcap library, which uses a packet socket) don't intercept the packets.  It just gets copies of them.  The packets still go wherever they would have otherwise gone.

The very wording of the problem -- intercepting packets at netif_rx() -- says to me this is kernel code.  netif_rx() is inside the kernel.  Deep inside.

The packet reaches netif_rx() as soon as it has left the device driver.  This is before Linux knows it is an IP packet, for example.

I guess intercepting at the netif_rx() level means writing a replacement protocol driver for the IP protocol driver (which you find in the directory net/ipv4 in the Linux kernel source tree).  That's a pretty heavy-duty job.


Author Comment

ID: 7997924
For my project, it is just a simple implementation of a MPLS router on the linux platform. Only the forwarding is to be done (just for a demo purposes). Basically what I need to do is just to receive the Eth packets, append an appropriate MPLS header (and of course a new L2 header), and forward them to an output port.

So, can I instead do it in this way (in the kernel level):
In the netif_rx(), i "divert" the packets received to a kernel module that I implemented. And in that kernel module, I perform those things that I need to perform on a packet. When everything is done, I send the packet out through the ip_send().

Since I only dealing with forwarding, there is no need for non-ip processing (routing protocol, ICMP, ARP ...etc)(in fact is just for a demo purposes), so I decide to divert the path of the packet to
netif_rx() -> ( processing on packets in my own kernel module) -> ip_send()

Can this achieve what I want? If this model is workable, for my project purposes, then can advice me on what I should becareful with (memory, interrupt, etc)?? I am a beginner in kernel programming with minimun knowledge in kernel programming.

Please guide me. Thanks :)

Tutorials alone can't teach real engineering

So we built better training tools.

-Hands-on Labs
-Instructor Mentoring
-Scenario-Based Tests
-Dedicated Cloud Servers

All at your fingertips. What are you waiting for?


Author Comment

ID: 7998017
By the way, is socket the only way to deal with packets in the application level (since libpcap library also using packet socket) ?? No other way(s)?


Expert Comment

ID: 7999568
So it is very similar to a traditional IP router. An IP router is implemented in the IP protocol driver, which is the code in net/ipv4 in the Linux source tree.  To do this in the kernel, you would just make something analogous to that.

By the way, as you will see in the ipv4 code, you don't divert the packets within netif_rx().  The protocol driver calls netif_rx() to fetch a packet from the network.  Whoever calls netif_rx() gets the packet.

I don't see why you would use ip_send().  It's MPLS, not IP.

At application (user) level, a socket is the only way to get and send network packets.  I don't know why you'd want anything else, though.

Author Comment

ID: 8003733
Dear bryanh,

Does kernel 2.4.18 support MPLS ? For example, is there any mpls_send() ?

I roughly browse through the sk_buff structure, it seems that there is no room for MPLS header. So if I am to do it at the kernel level, does it mean that I have to modified the sk_buff (for my project purposes)?

And for the sending part, I no idea to call which function to send out my MPLS packet. Can you give me some hint?

Thanks a million :)


Accepted Solution

bryanh earned 200 total points
ID: 8004248
>Does kernel 2.4.18 support MPLS ? For example, is there any mpls_send() ?

No, that's what you'd have to write.

>And for the sending part, I have no idea to call which function to send out my MPLS packet. Can you give me some hint?

A protocol driver sends a packet on a network interface by calling dev_queue_xmit()

By the way, I see the comments in the code are incorrect and my earlier statement about how netif_rx() works is wrong.  The device driver calls netif_rx() and netif_rx() causes it to get delivered to the protocol driver's receive routine.

>I roughly browse through the sk_buff structure, it
>seems that there is no room for MPLS header. So if I am
>to do it at the kernel level, does it mean that I have
>to modified the sk_buff (for my project purposes)?

The header doesn't go in the sk_buff structure.  Only pointers to it.  Maybe you're referring to the fact that pointers exist in the structure for various specific protocols' headers, but none for MPLS.  Just use the "raw" pointers and a C type cast.  Define your own structures for MPLS headers.  It was poor programming practice for the author of skbuff.h to put that protocol-specific stuff in there anyway.

It occurs to me that if you want to learn how low level protocol drivers work, you should look at the packet protocol driver (in net/packet/af_packet.c) rather than the IP protocol driver.  It is much simpler.

Author Comment

ID: 8009636
Thanks a million. At least now I know where should I begin from :)

Thanks Thanks Thanks :)
LVL 20

Expert Comment

ID: 9983462
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: bryanh {http:#8004248}

Please leave any comments here within the next seven days.

EE Cleanup Volunteer

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question