Chapter 12: Networks
The kernel manages the fragments of an originally composite packet in a separate cache known as a
fragment cache. In the cache, fragments that belong together are held in a separate wait queue until all
fragments are present.Theip_findfunction is then invoked. It uses a hashing procedure involving the fragment ID, source
and destination address, and packet protocol identifier to check whether a wait queue has already been
created for the packet. If not, a new queue is created and the packet is placed on it. Otherwise, the address
of the existing queue is returned so thatip_frag_queuecan place the packet on it.^18When all fragments of the packet are in the cache (i.e., the first and last fragment are present and the
data in all the fragments equal the expected total length of the packet), the individual fragments are
reassembled byip_frag_reasm. The socket buffer is then released for further processing.If not all fragments of a packet have arrived,ip_defragreturns a null pointer that terminates packet
processing in the IP layer. Processing is resumed when all fragments are present.Local Delivery to the Transport Layer
Let us go back toip_local_deliver. After packet defragmentation, the netfilter hookNF_IP_LOCAL_IN
is called to resume processing inip_local_deliver_finish.There the packet is passed to a transport layer function that must first be determined by reference to the
protocol identifier. All protocols based on the IP layer have an instance of the structurenet_protocol
that is defined as follows:include/net/protocol.h
struct net_protocol {
int (*handler)(struct sk_buff *skb);
void (*err_handler)(struct sk_buff *skb, u32 info);
...
};❑ handleris the protocol routine to which the packets are passed (in the form of socket buffers) for
further processing.
❑ err_handleris invoked when an ICMP error message is received and needs to be passed to
higher levels.Theinet_add_protocolstandard function is used to store each instance in theinet_protosarray that
maps the protocols onto the individual list positions using a hashing method.Once the IP header has been ‘‘removed‘‘ by means of the usual pointer manipulations in the socket buffer,
all that remains to be done is to invoke the corresponding receive routine of the network access layer
stored in thehandlerfield ofinet_protocol, for example, thetcp_v4_rcvroutine to receive TCP packets
andudp_rcvto receive UDP packets. Section 12.9 examines the implementation of these functions.(^18) The fragment cache uses a timer mechanism to remove fragments from the cache. When it expires, fragments in the cache are
deleted if not all fragments have arrived by then.