Linux2.4.0IP层转发流程
Email:getmoon@163.com QQ:505333 欲?明月
下载地址:http://linuxsouce.home.sohu.com/download/ipforward.zip
其他文档下载:http://linuxsouce.home.sohu.com/download/index.html
/*关于本地接收到一个数据包是本地发送还是转发的分流,请看我画的IP层数据流程*/
/*转发一个数据包*/
/*所有的选项都没有没有细节到每个选项里面*/
int ip_forward(struct sk_buff *skb)
{
struct net_device *dev2; /* Output device */
struct iphdr *iph; /* Our header */
struct rtable *rt; /* Route we use */
struct ip_options * opt = &(IPCB(skb)->opt);
unsigned short mtu;
if (IPCB(skb)->opt.router_alert && ip_call_ra_chain(skb))
return NET_RX_SUCCESS;
if (skb->pkt_type != PACKET_HOST)/*广播报,多播,混杂模式得到的包不允许转发*/
goto drop;
/*
* According to the RFC, we must first decrease the TTL field. If
* that reaches zero, we must reply an ICMP control message telling
* that the packet's lifetime expired.
*/
iph = skb->nh.iph;
rt = (struct rtable*)skb->dst; /*到这里,这个包的skb->dst肯定是有内容的*/
if (iph->ttl <= 1) /*TTL值太小了。*/
goto too_many_hops;
if (opt->is_strictroute && rt->rt_dst != rt->rt_gateway) /*如果路由选出的源路由包的下一站不是网关,丢弃这个包*/
goto sr_failed;
/*
* Having picked a route we can now send the frame out
* after asking the firewall permission to do so.
*/
skb->priority = rt_tos2priority(iph->tos); /*优先级*/
dev2 = rt->u.dst.dev; /*通过这个设备发送出去*/
mtu = rt->u.dst.pmtu; /*得到这个设备连接网络的mtu*/
/*
* We now generate an ICMP HOST REDIRECT giving the route
* we calculated.
*/
/*路由重新定向且没有源路由选项的时候,必须产生一个重定向的icmp包*/
if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr)
/*重新定向*/
ip_rt_send_redirect(skb);
/* We are about to mangle packet. Copy it! */
if ((skb = skb_cow(skb, dev2->hard_header_len)) == NULL) /*重新组织这个SKBUFF结构*/
return NET_RX_DROP;
iph = skb->nh.iph;
opt = &(IPCB(skb)->opt);
/* Decrease ttl after skb cow done */
/*减少ttl,当然也要重新计算校验和*/
ip_decrease_ttl(iph);
/*
* We now may allocate a new buffer, and copy the datagram into it.
* If the indicated interface is up and running, kick it.
*/
if (skb->len > mtu && (ntohs(iph->frag_off) & IP_DF)) /*如果设置了不分片,但是这个包需要分片,发送icmp包*/
goto frag_needed;
#ifdef CONFIG_IP_ROUTE_NAT
if (rt->rt_flags & RTCF_NAT) { /*如果编译了nat转换且这条路由是要NAT转换的*/
if (ip_do_nat(skb)) { /*NAT地址转换处理*/
kfree_skb(skb);
return NET_RX_BAD;
}
}
#endif
/*转发检测点,检测完后若不丢弃,调用ip_forward_finish*/
return NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, dev2,
ip_forward_finish);
frag_needed:
/*设置了DF,而需要分片的时候到这里处理*/
IP_INC_STATS_BH(IpFragFails);
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
goto drop;
sr_failed:
/*
* Strict routing permits no gatewaying
*/
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_SR_FAILED, 0);
goto drop;
too_many_hops:
/* Tell the sender its packet died... */
icmp_send(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0);
drop:
kfree_skb(skb);
return NET_RX_DROP;
}
static inline int ip_forward_finish(struct sk_buff *skb)
{
struct ip_options * opt = &(IPCB(skb)->opt); /*opt指向选项*/
IP_INC_STATS_BH(IpForwDatagrams);
if (opt->optlen == 0) {
#ifdef CONFIG_NET_FASTROUTE
struct rtable *rt = (struct rtable*)skb->dst;
if (rt->rt_flags&RTCF_FAST && !netdev_fastroute_obstacles) {
struct dst_entry *old_dst;
unsigned h = ((*(u8*)&rt->key.dst)^(*(u8*)&rt->key.src))&NETDEV_FASTROUTE_HMASK;
write_lock_irq(&skb->dev->fastpath_lock);
old_dst = skb->dev->fastpath[h];
skb->dev->fastpath[h] = dst_clone(&rt->u.dst);
write_unlock_irq(&skb->dev->fastpath_lock);
dst_release(old_dst);
}
#endif
return (ip_send(skb));
}
ip_forward_options(skb); /*转发时候的选项处理*/
return (ip_send(skb)); /*发送包*/
}
static inline int ip_send(struct sk_buff *skb)
{
if (skb->len > skb->dst->pmtu) /*判断是否需要分片*/
return ip_fragment(skb, ip_finish_output); /*分片发送,ip_finish_output是分片完以后的回调函数*/
else
return ip_finish_output(skb); /*转发处理结束,发送出去*/
}
__inline__ int ip_finish_output(struct sk_buff *skb)
{
struct net_device *dev = skb->dst->dev;
skb->dev = dev; /*设置发送的设备*/
skb->protocol = __constant_htons(ETH_P_IP); /*发送包的协议类型*/
/*发送之前的检测,如果没有丢弃,调用ip_finish_output2*/
return NF_HOOK(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev,
ip_finish_output2);
}
static inline int ip_finish_output2(struct sk_buff *skb)
{
struct dst_entry *dst = skb->dst;
struct hh_cache *hh = dst->hh;
#ifdef CONFIG_NETFILTER_DEBUG
nf_debug_ip_finish_output2(skb);
#endif /*CONFIG_NETFILTER_DEBUG*/
if (hh) { /*有硬件缓存结构*/
read_lock_bh(&hh->hh_lock);
memcpy(skb->data - 16, hh->hh_data, 16);
read_unlock_bh(&hh->hh_lock);
skb_push(skb, hh->hh_len);
return hh->hh_output(skb); /*实际上是调用dev_queue_xmit*/
} else if (dst->neighbour)
return dst->neighbour->output(skb); /*neigh_resolve_output,在硬件地址解析结束后,都是调用dev_queue_xmit*/
printk(KERN_DEBUG "khm\n");
kfree_skb(skb);
return -EINVAL;
}
