Once a packet (respectively, the corresponding socket buffer with appropriately set pointers) has been forwarded to ip_rcv, the information received must be checked to ensure that it is correct. The main check is that the checksum calculated matches that stored in the header. Other checks include, for example, whether the packet has at least the size of an IP header and whether the packet is actually IP Version 4 (IPv6 employs its own receive routine).
After these checks have been made, the kernel does not immediately continue with packet processing but allows a netfilter hook to be invoked so that the packet data can be manipulated in userspace. A netfilter hook is a kind of ''hook'' inserted at defined points in the kernel code to enable packets to be manipulated dynamically. Hooks are present at various points in the network subsystem, and each one has a special (label) — for example, nf_ip_post_routing.16
When the kernel arrives at a hook, the routines registered for the label are invoked in userspace. Kernel-side processing (possibly with a modified packet) is then continued in a further kernel function. Section 12.8.6 below discusses the implementation of the netfilter mechanism.
In the next step, the received IP packets arrive at a crossroads where a decision is made as to whether they are intended for the local system or for a remote computer. Depending on the answer, they must either be forwarded to one of the higher layers or transferred to the output path of the IP level (I don't bother with the third option — delivery of packets to a group of computers by means of multicast).
ip_route_input is responsible for choosing the route. This relatively complex decision is discussed in detail in Section 12.8.5. The result of the routing decision is that a function for further packet processing is chosen. Available functions are ip_local_deliver and ip_forward. Which is selected depends on whether the packet is to be delivered to local routines of the next higher protocol layer or is to be forwarded to another computer in the network.
Continue reading here: Defragmentation
Was this article helpful?