[net] Hacking the wholism of GNU/Linux net*

Jeff Haran jharan at bytemobile.com
Mon Aug 1 14:42:13 EDT 2011


> -----Original Message-----
> From: kernelnewbies-bounces+jharan=bytemobile.com at kernelnewbies.org
> [mailto:kernelnewbies-
> bounces+jharan=bytemobile.com at kernelnewbies.org] On Behalf Of Shawn
> Sent: Monday, August 01, 2011 7:22 AM
> To: kernelnewbies at kernelnewbies.org
> Subject: [net] Hacking the wholism of GNU/Linux net*
> 
> hi guys,
> 
>    I have written an article[1] for newbies who are willing to learn
> networking stuff in linux kernel. I hope this introduction-level
> article can help you understand the mechanism of netfilter and NIC
> driver.
> 
> For this article, any critical comments are welcomed!
> 
> 
> [1] http://hfg-
> resources.googlecode.com/files/hacking_the_wholism_of_linux_net.txt
> 

I personally welcome all attempts to document this perplexing Linux
kernel feature and applaud your attempt to do so.

Couple of suggestions for improvement:

"Your hook function's prototype is like below:

typedef unsigned int nf_hookfn(unsigned int hooknum,
			       struct sk_buff *skb,
			       const struct net_device *in,
			       const struct net_device *out,
			       int (*okfn)(struct sk_buff *));"

It would be nice if the document defined what the purpose of the okfn
parameter that is passed to the above function is. What is it for and
what does a hook function need to do with it? What do the "in" and "out"
parameters point to and under which conditions are they valid? For
instance, what is "out" going to point to during a PREROUTING hook?

"The hook functions will return some values to tell Netfilter what to
do then, when the hook functions are done. These values are displayed
in the Table below:

Table 3: Return code of hook function

Return Code          Meaning
  NF_DROP        Discard the packet.
  NF_ACCEPT      Keep the packet.
  NF_STOLEN      Forget about the packet.
  NF_QUEUE       Queue packet for userspace.
  NF_REPEAT      Call this hook function again."

Likewise, it would be nice if the document provided some more
explanation of the above return codes. For instance, what's the
difference between NF_DROP and NF_STOLEN and when should your hook
function return one vs. the other? If you return NF_REPEAT, when does
the hook function get called again for the given packet and under what
kind of circumstances would you want to return NF_REPEAT? If you return
NF_QUEUE, how is the NF queue number that the packet will get queued to
determined?

"Finally, I thank my beautiful wife for proofreading the article and
helping me fix the grammar errors."

Not to cast aspersions on your wife, but  you might want to pass this
document through a spelling checker. It contains numerous spelling
errors. For example, the word "firstable" that begins section 2.4.1 does
not exist in the English language.

Thanks,

Jeff Haran






More information about the Kernelnewbies mailing list