Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1. If a desktop computer has 2 ethernet cards (or some other network adapters for that matter -- like USB dongles) -- (say this computer is acting as a router) -- does the OS run 2 separate TCP/IP stacks? That is, one for each interface?
1.a. How much processing of packets is actually done in hardware by the NIC? (My guess is that the NIC removes the ethernet frame header, checks if the IP datagram is destined for this host, and, if so, hands over the IP datagram to the OS.)
2. Is the TCP/IP stack running as a separate process that I can look at with ps ?
2.a. How much of a host's TCP/IP stack is technically considered a "driver"? (Whereas, maybe the rest is some process I can view with ps ?)
Disclaimer: this is just my thoughts on the matter, and they could be totally wrong, so take this as you will
1. Each interface is handled separately, although I think as much code as possible will be shared.
1a. I believe that by default the hardware level is only for transport. This can be affected with ebtables, which does packet filtering at the NIC level.
2. No. The stack is all kernelspace code.
2a. It is essentially all kernelspace. Even iptables is all kernelspace modules. (ie: the filtering portion of iptables, not the user-space program for specifying rules). The only userspace portion is the application layer, which actually does something with the packets (ie: ssh, www, smtp etc...)
Again, this is just my understanding, and could very well be totally wrong.
2a. It is essentially all kernelspace. Even iptables is all kernelspace modules. (ie: the filtering portion of iptables, not the user-space program for specifying rules). The only userspace portion is the application layer, which actually does something with the packets (ie: ssh, www, smtp etc...)
Ahh... I'm not in front of my GNU/Linux box ATM, but do you have any suggestions regarding where I could start looking for a command that will show me the running kernel modules, much like 'ps' shows me user processes? That way, I could have a look at its ouput with only one NIC installed, and then shutdown/add-a-card/restart and compare.
Also, any pointers to relevant man pages or online docs is much appreciated. Hmm... looks like http://www.netfilter.org/ might have some of what I'm looking for...
1a. I believe that by default the hardware level is only for transport. This can be affected with ebtables, which does packet filtering at the NIC level.
'lsmod' will show all modules currently inserted into the kernel. However, if your 2 nics are the same chipset, then they will share the code, ie: there will not be 2 instances of the module loaded.
Other things you may want to look at are tcpdump and/or ethereal, which are two packet sniffers that display a lot of information at the packet level.
Without knowing your end goal, it is hard to recommend docs for you. However, if this is just for a learning experience then your best bet is to go to the source. The TCP stack is implemented in /usr/src/linux/net/ipv4, in particular, the files tcp.c and tcp_ipv4.c
Are you just looking for a low-level discussion of the Linux TCP stack, or do you have a specific goal here?
Bookmarked and apt-gotten. Commencing reading their docs...
Quote:
Without knowing your end goal, it is hard to recommend docs for you.
I'm just learning about how networks and GNU/Linux work. One project I have in-mind is to:
A. use my Debian box to connect to my dialup account via an external 56k modem (which it already does), B. plug a switch or hub into the ethernet port, C. plug a 2nd computer into the switch (or hub) and browse the web from that 2nd computer.
But to be able to do all that, I need to understand the basics. The most basic questions to me are what I asked in my original post. I'm not looking for a cookbook on how to accomplish a given task. I'm one of those folks who needs to see the big picture before I can start filling in the details (yes, I majored in physics in college :) ).
So far, the big picture looks to me like this:
A TCP/IP stack runs in kernel-mode. It consists of kernel code + an NIC device driver(s). I'm guessing that stuff like iptables is not strictly part of the TCP/IP stack proper, although is extremely useful (packet filtering, NAT, etc.).
There's probably only one TCP/IP stack running on the host, though each network interface has its own driver for the stack to talk to. Not sure. XXX
hardware frames (if destined for this network interface) get turned into IP datagrams by the NIC/driver, then passed to the kernel's TCP/IP stack.
I must learn more about the /sys directory, and especially about /sys/class/net/eth0, which I bet is quite important. If I have more than one network interface, I may have more than one of these eth0 thingies (eth1, eth2,..). Running 'ifconfig' lists a bunch of stuff, and its man page makes it sound like eth0 represents a driver that the kernel is using.
I'm just learning about how networks and GNU/Linux work. One project I have in-mind is to:
A. use my Debian box to connect to my dialup account via an external 56k modem (which it already does),
B. plug a switch or hub into the ethernet port,
C. plug a 2nd computer into the switch (or hub) and browse the web from that 2nd computer.
Well, to do that, all you really need to do is plug in the hub/switch and it will just work. If you want to learn more, and save a couple bucks you can turn your Debian box into the router:
Some commands you may want to check out:
(read manpage or search online);
netstat - print network connections
ifconfig - configure a network interface
route - show / manipulate the IP routing table
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.