Linux network interface is divided into four parts: network device interface, network interface core, network protocol family, network interface socket layer.
Refer to:
http://lxr.linux.no/linux+v2.6.30.4/net/ The
network device interface part is mainly responsible for receiving and sending data from the physical medium. The implemented files are under the linu/driver/net directory.
The core part of the network interface is the key part of the entire network interface. It provides a unified transmission interface for the network protocol, shields various physical media, and is responsible for delivering packets from the lower layer to the appropriate protocol. It is the central part of the network interface. Its main implementation files are in the linux/net/core directory, and linux/net/core/dev.c is the main management file.
The part of the network protocol family is the part where various specific protocols are implemented. Linux supports protocols such as TCP/IP, IPX, X.25, AppleTalk, etc. The source code of each specific protocol implementation is under the corresponding name in the linux/net/ directory. The TCP/IP (IPv4) protocol is mainly discussed here. The source code of the implementation is in linux/net/ipv4, among which linux/net/ipv4/af_inet.c is the main management file.
Network interface Socket layer provides a programming interface for network services for users. The main source code is in linux/net/socket.c
send:
The application calls the system call, sends the data to the socket
socket to check the data type, calls the corresponding send function
send function to check the socket status and protocol type, and sends it to the transport layer
tcp/udp (transport layer protocol) to create a data structure for these data, and add Protocol headers, such as port number, checksum, are passed to the lower layer (network layer)
ip (network layer protocol) to add ip headers, such as ip address, checksum,
if the packet size exceeds mtu (maximum packet size), then divide Chip; ip transmits these data packets to the link layer. The
link layer writes to the network card queue. The
network card calls the response interrupt driver and sends it to the network
receive:
Data packets arrive at the network card from the network, the network card receives the frame, puts it into the network card buffer, and sends an interrupt request to the system. The
CPU calls the corresponding interrupt function. These interrupt handlers are in the network card driver. The
interrupt processing function is read from the network card into the memory and handed to the link layer.
The link layer puts the packet into its own queue and sets the soft interrupt flag bit. The
process scheduler sees the flag bit and schedules the corresponding process.
The process takes the packet out of the queue and matches the corresponding protocol, usually the ip protocol, and then passes the packet to The protocol receiving function
ip layer performs error detection on the packet. If there is no error, the routing
result, the packet is forwarded or continues to be passed to the upper layer.
If sent to the local machine, enter the link layer and
link layer to perform error detection and find the corresponding port association Socket, the packet is put into the corresponding socket receiving queue. The
socket wakes up the process that owns the socket. The process returns from the system call read, copies the data to its own buffer, and returns to the user state.
DNS request process
1. To access www.google.com, PC1 needs to know the corresponding IP address.
The domain name only serves as a mnemonic, and Internet access is done through IP.
For example, DNS is the citizen identity information database, ip is the ID number, and the domain name is the name of the person corresponding to the ID number.
Of course, this analogy is not very appropriate. The domain name must also be unique and correspond to the ip.
2. Therefore, PC1 needs to look up the ip corresponding to www.google.com like a DNS request, that is, send a dns request:
PC1 looks up dns and finds that it is not in the same network, and different network segments need to be forwarded by gateway.
However, PC1 needs to be sent to the gateway first, and the gateway ip needs to be known first.
The gateway is used to connect different networks and has its own IP. PC1 needs to know the gateway IP. Then, through the ARP request, like the intranet broadcast gateway ip, the gateway replies to the mac address.
PC1 obtains the mac address of the gateway, encapsulates the ip packet into an Ethernet frame, and sends it to the gateway.
3. The gateway receives the Ethernet frame and needs to forward it to the dns server.
Similarly, the gateway may need to send an ARP request to get the mac address of the dns.
4. The dns server receives the request and sends the ip of www.google.com to the gateway, and the gateway converts the destination ip to PC1 according to the NAT session table entry, and then sends it to PC1 (this process may also require an ARP request).
5. After PC1 receives the destination ip, it can send the request in a similar way to the above (the destination ip can then directly fill in the obtained ip).
Among them:
ARP ==> broadcast the ip, the destination host responds, and feeds back the mac address.
NAT==>Customize legal ip address within a network. Each host in the internal network communicates through the internal network; and the external network is converted into a legal ip on the external network through NAT conversion. In this way, the internal network is separated from the external network, and each network has its own IP, which can be overlapped, and can communicate with the external network through a few IPs, which saves a lot in modern times when there is a large lack of IP.
Reprinted, original link: https://blog.csdn.net/hilyoo/article/details/4455031