/*
* sk_buff 完全注释
* 金伟注释 blog -- http://jinweidavid.cublog.cn 转载请注明
*/
/*
* 本文件取自linux 2.6.13内核的skbuff.c
*/
/*
* Routines having to do with the 'struct sk_buff' memory handlers.
*
* Authors: Alan Cox <iiitac@pyr.swan.ac.uk>
* Florian La Roche <rzsfl@rz.uni-sb.de>
*
* Version: $Id: skbuff.c,v 1.90 2001/11/07 05:56:19 davem Exp $
*
* Fixes:
* Alan Cox : Fixed the worst of the load
* balancer bugs.
* Dave Platt : Interrupt stacking fix.
* Richard Kooijman : Timestamp fixes.
* Alan Cox : Changed buffer format.
* Alan Cox : destructor hook for AF_UNIX etc.
* Linus Torvalds : Better skb_clone.
* Alan Cox : Added skb_copy.
* Alan Cox : Added all the changed routines Linus
* only put in the headers
* Ray VanTassle : Fixed --skb->lock in free
* Alan Cox : skb_copy copy arp field
* Andi Kleen : slabified it.
* Robert Olsson : Removed skb_head_pool
*
* NOTE:
* The __skb_ routines should be called with interrupts
* disabled, or you better be *real* sure that the operation is atomic
* with respect to whatever list is being frobbed (e.g. via lock_sock()
* or via disabling bottom half handlers, etc).
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
/*
* The functions in this file will not compile correctly with gcc 2.4.x
*/
#include <linux/config.h>
#include <linux/module.h>
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/mm.h>
#include <linux/interrupt.h>
#include <linux/in.h>
#include <linux/inet.h>
#include <linux/slab.h>
#include <linux/netdevice.h>
#ifdef CONFIG_NET_CLS_ACT
#include <net/pkt_sched.h>
#endif
#include <linux/string.h>
#include <linux/skbuff.h>
#include <linux/cache.h>
#include <linux/rtnetlink.h>
#include <linux/init.h>
#include <linux/highmem.h>
#include <net/protocol.h>
#include <net/dst.h>
#include <net/sock.h>
#include <net/checksum.h>
#include <net/xfrm.h>
#include <asm/uaccess.h>
#include <asm/system.h>
static kmem_cache_t *skbuff_head_cache;
/*
* Keep out-of-line to prevent kernel bloat.
* __builtin_return_address is not used because it is not always
* reliable.
*/
/**
* skb_over_panic - private function
* @skb: buffer
* @sz: size
* @here: address
*
* Out of line support code for skb_put(). Not user callable.
*/
void skb_over_panic(struct sk_buff *skb, int sz, void *here)
{
printk(KERN_EMERG "skb_over_panic: text:%p len:%d put:%d head:%p "
"data:%p tail:%p end:%p dev:%s/n",
here, skb->len, sz, skb->head, skb->data, skb->tail, skb->end,
skb->dev ? skb->dev->name : "<NULL>");
BUG();
}
/**
* skb_under_panic - private function
* @skb: buffer
* @sz: size
* @here: address
*
* Out of line support code for skb_push(). Not user callable.
*/
void skb_under_panic(struct sk_buff *skb, int sz, void *here)
{
printk(KERN_EMERG "skb_under_panic: text:%p len:%d put:%d head:%p "
"data:%p tail:%p end:%p dev:%s/n",
here, skb->len, sz, skb->head, skb->data, skb->tail, skb->end,
skb->dev ? skb->dev->name : "<NULL>");
BUG();
}
/* Allocate a new skbuff. We do this ourselves so we can fill in a few
* 'private' fields and also do memory statistics to find all the
* [BEEP] leaks.
*
*/
/**
* alloc_skb - allocate a network buffer
* @size: size to allocate
* @gfp_mask: allocation mask
*
* Allocate a new &sk_buff. The returned buffer has no headroom and a
* tail room of size bytes. The object has a reference count of one.
* The return is the buffer. On a failure the return is %NULL.
*
* Buffers may only be allocated from interrupts using a @gfp_mask of
* %GFP_ATOMIC.
*/
struct sk_buff *alloc_skb(unsigned int size, int gfp_mask)
{
struct sk_buff *skb;
u8 *data;
/* Get the HEAD */
/* 从cache缓冲池中获取内存 */
skb = kmem_cache_alloc(skbuff_head_cache,
gfp_mask & ~__GFP_DMA);
if (!skb)
goto out;
/* Get the DATA. Size must match skb_add_mtu(). */
/* 对其size */
size = SKB_DATA_ALIGN(size);
/* 分配的缓冲长度包含skb_shared_info的长度 */
data = kmalloc(size + sizeof(struct skb_shared_info), gfp_mask);
if (!data)
goto nodata;
/*
* offsetof是一个编译器宏或者是自定义的宏,用于计算member在struct中的偏移量。
* 把在truesize前面的field全部清零。
*/
memset(skb, 0, offsetof(struct sk_buff, truesize));
/* truesize是广义SKB的大小,包含了4个部分的长度:skb自身,header,page frags,frag list */
skb->truesize = size + sizeof(struct sk_buff);
/* users初始化成1 */
atomic_set(&skb->users, 1);
/* 初始化所有数据指针 */
skb->head = data;
skb->data = data;
skb->tail = data;
skb->end = data + size;
/*
* skb_shinfo是个宏,#define skb_shinfo(SKB) ((struct skb_shared_info *)((SKB)->end))
* 所以用这个宏的时候必须等skb->end已经初始化。
* skb_shinfo 接在skb->end指向的内存空间后面。
*/
/* 初始化skb_shared_info结构体 */
atomic_set(&(skb_shinfo(skb)->dataref), 1);
skb_shinfo(skb)->nr_frags = 0;
skb_shinfo(skb)->tso_size = 0;
skb_shinfo(skb)->tso_segs = 0;
skb_shinfo(skb)->frag_list = NULL;
out:
return skb;
nodata:
kmem_cache_free(skbuff_head_cache, skb);
skb = NULL;
goto out;
}
/**
* alloc_skb_from_cache - allocate a network buffer
* @cp: kmem_cache from which to allocate the data area
* (object size must be big enough for @size bytes + skb overheads)
* @size: size to allocate
* @gfp_mask: allocation mask
*
* Allocate a new &sk_buff. The returned buffer has no headroom and
* tail room of size bytes. The object has a reference count of one.
* The return is the buffer. On a failure the return is %NULL.
*
* Buffers may only be allocated from interrupts using a @gfp_mask of
* %GFP_ATOMIC.
*/
struct sk_buff *alloc_skb_from_cache(kmem_cache_t *cp,
unsigned int size, int gfp_mask)
{
struct sk_buff *skb;
u8 *data;
/* Get the HEAD */
skb = kmem_cache_alloc(skbuff_head_cache,
gfp_mask & ~__GFP_DMA);
if (!skb)
goto out;
/* Get the DATA. */
size = SKB_DATA_ALIGN(size);
/* 这个函数和上面函数不同的地方就在下面这句,不用kmalloc,而用kmem_cache_alloc。 */
data = kmem_cache_alloc(cp, gfp_mask);
if (!data)
goto nodata;
memset(skb, 0, offsetof(struct sk_buff, truesize));
skb->truesize = size + sizeof(struct sk_buff);
atomic_set(&skb->users, 1);
skb->head = data;
skb->data = data;
skb->tail = data;
skb->end = data + size;
atomic_set(&(skb_shinfo(skb)->dataref), 1);
skb_shinfo(skb)->nr_frags = 0;
skb_shinfo(skb)->tso_size = 0;
skb_shinfo(skb)->tso_segs = 0;
skb_shinfo(skb)->frag_list = NULL;
out:
return skb;
nodata:
kmem_cache_free(skbuff_head_cache, skb);
skb = NULL;
goto out;
}
/* 这个函数是用来释放当前skb的frag_list区的 */
static void skb_drop_fraglist(struct sk_buff *skb)
{
struct sk_buff *list = skb_shinfo(skb)->frag_list;
skb_shinfo(skb)->frag_list = NULL;
/* 循环前进,直到没有为止。 */
do {
struct sk_buff *this = list;
list = list->next;
kfree_skb(this);
} while (list);
}
static void skb_clone_fraglist(struct sk_buff *skb)
{
struct sk_buff *list;
/* 对当前skb的frag_list区链上的每个skb增加引用计数。 */
for (list = skb_shinfo(skb)->frag_list; list; list = list->next)
skb_get(list);
}
void skb_release_data(struct sk_buff *skb)
{
/* 查看skb是否被clone?skb_shinfo的dataref是否为0?
* 如果是,那么就释放skb非线性区域和线性区域。 */
if (!skb->cloned ||
!atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
&skb_shinfo(skb)->dataref)) {
/* 释放page frags区 */
if (skb_shinfo(skb)->nr_frags) {
int i;
for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
put_page(skb_shinfo(skb)->frags[i].page);
}
/* 释放frag_list区 */
if (skb_shinfo(skb)->frag_list)
skb_drop_fraglist(skb);
/* 释放线性区域 */
kfree(skb->head);
}
}
/*
* Free an skbuff by memory without cleaning the state.
*/
/* 把skb自身和线性,非线性区域全部释放 */
void kfree_skbmem(struct sk_buff *skb)
{
skb_release_data(skb);
kmem_cache_free(skbuff_head_cache, skb);
}
/**
* __kfree_skb - private function
* @skb: buffer
*
* Free an sk_buff. Release anything attached to the buffer.
* Clean the state. This is an internal helper function. Users should
* always call kfree_skb
*/
/* 这个函数应该也能算是一个wrapper函数 */
void __kfree_skb(struct sk_buff *skb)
{
BUG_ON(skb->list != NULL);
dst_release(skb->dst);
#ifdef CONFIG_XFRM
secpath_put(skb->sp);
#endif
if (skb->destructor) {
WARN_ON(in_irq());
skb->destructor(skb);
}
#ifdef CONFIG_NETFILTER
nf_conntrack_put(skb->nfct);
#ifdef CONFIG_BRIDGE_NETFILTER
nf_bridge_put(skb->nf_bridge);
#endif
#endif
/* XXX: IS this still necessary? - JHS */
#ifdef CONFIG_NET_SCHED
skb->tc_index = 0;
#ifdef CONFIG_NET_CLS_ACT
skb->tc_verd = 0;
skb->tc_classid = 0;
#endif
#endif
kfree_skbmem(skb);
}
/**
* skb_clone - duplicate an sk_buff
* @skb: buffer to clone
* @gfp_mask: allocation priority
*
* Duplicate an &sk_buff. The new one is not owned by a socket. Both
* copies share the same packet data but not structure. The new
* buffer has a reference count of 1. If the allocation fails the
* function returns %NULL otherwise the new buffer is returned.
*
* If this function is called from an interrupt gfp_mask() must be
* %GFP_ATOMIC.
*/
struct sk_buff *skb_clone(struct sk_buff *skb, int gfp_mask)
{
/* 从cache池中分配一个skb */
struct sk_buff *n = kmem_cache_alloc(skbuff_head_cache, gfp_mask);
if (!n)
return NULL;
/* 这个C(x) 就是clone的意思 */
#define C(x) n->x = skb->x
n->next = n->prev = NULL;
n->list = NULL;
n->sk = NULL;
/* 把skb中各个成员都clone过去 */
C(stamp);
C(dev);
C(real_dev);
C(h);
C(nh);
C(mac);
C(dst);
dst_clone(skb->dst);
C(sp);
#ifdef CONFIG_INET
secpath_get(skb->sp);
#endif
memcpy(n->cb, skb->cb, sizeof(skb->cb));
C(len);
C(data_len);
C(csum);
C(local_df);
/* 新分配的skb是clone的 */
n->cloned = 1;
n->nohdr = 0;
C(pkt_type);
C(ip_summed);
C(priority);
C(protocol);
C(security);
n->destructor = NULL;
#ifdef CONFIG_NETFILTER
C(nfmark);
C(nfcache);
C(nfct);
nf_conntrack_get(skb->nfct);
C(nfctinfo);
#ifdef CONFIG_NETFILTER_DEBUG
C(nf_debug);
#endif
#ifdef CONFIG_BRIDGE_NETFILTER
C(nf_bridge);
nf_bridge_get(skb->nf_bridge);
#endif
#endif /*CONFIG_NETFILTER*/
#if defined(CONFIG_HIPPI)
C(private);
#endif
#ifdef CONFIG_NET_SCHED
C(tc_index);
#ifdef CONFIG_NET_CLS_ACT
n->tc_verd = SET_TC_VERD(skb->tc_verd,0);
n->tc_verd = CLR_TC_OK2MUNGE(skb->tc_verd);
n->tc_verd = CLR_TC_MUNGED(skb->tc_verd);
C(input_dev);
C(tc_classid);
#endif
#endif
C(truesize);
/* 新skb的users初始化为1 */
atomic_set(&n->users, 1);
C(head);
C(data);
C(tail);
C(end);
/* 增加被clone的skb的数据引用 */
atomic_inc(&(skb_shinfo(skb)->dataref));
/* 设置原skb也是被clone了 */
skb->cloned = 1;
return n;
}
static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
{
/*
* Shift between the two data areas in bytes
*/
/* 为了等一下要给网络各层的指针赋值,现在要先算出两个data的偏移量 */
unsigned long offset = new->data - old->data;
new->list = NULL;
new->sk = NULL;
new->dev = old->dev;
new->real_dev = old->real_dev;
new->priority = old->priority;
new->protocol = old->protocol;
new->dst = dst_clone(old->dst);
#ifdef CONFIG_INET
new->sp = secpath_get(old->sp);
#endif
/* 用上面算出来的offset来算 */
new->h.raw = old->h.raw + offset;
new->nh.raw = old->nh.raw + offset;
new->mac.raw = old->mac.raw + offset;
/* 拷贝control block */
memcpy(new->cb, old->cb, sizeof(old->cb));
new->local_df = old->local_df;
new->pkt_type = old->pkt_type;
new->stamp = old->stamp;
new->destructor = NULL;
new->security = old->security;
#ifdef CONFIG_NETFILTER
new->nfmark = old->nfmark;
new->nfcache = old->nfcache;
new->nfct