LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-26-2005, 12:48 PM   #1
johnMG
Member
 
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601

Rep: Reputation: 32
few Linux TCP/IP questions from 20,000 feet


1. If a desktop computer has 2 ethernet cards (or some other network adapters for that matter -- like USB dongles) -- (say this computer is acting as a router) -- does the OS run 2 separate TCP/IP stacks? That is, one for each interface?

1.a. How much processing of packets is actually done in hardware by the NIC? (My guess is that the NIC removes the ethernet frame header, checks if the IP datagram is destined for this host, and, if so, hands over the IP datagram to the OS.)

2. Is the TCP/IP stack running as a separate process that I can look at with ps ?

2.a. How much of a host's TCP/IP stack is technically considered a "driver"? (Whereas, maybe the rest is some process I can view with ps ?)

Last edited by johnMG; 03-26-2005 at 12:50 PM.
 
Old 03-26-2005, 01:35 PM   #2
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
Disclaimer: this is just my thoughts on the matter, and they could be totally wrong, so take this as you will

1. Each interface is handled separately, although I think as much code as possible will be shared.

1a. I believe that by default the hardware level is only for transport. This can be affected with ebtables, which does packet filtering at the NIC level.

2. No. The stack is all kernelspace code.

2a. It is essentially all kernelspace. Even iptables is all kernelspace modules. (ie: the filtering portion of iptables, not the user-space program for specifying rules). The only userspace portion is the application layer, which actually does something with the packets (ie: ssh, www, smtp etc...)

Again, this is just my understanding, and could very well be totally wrong.
 
Old 03-26-2005, 01:55 PM   #3
johnMG
Member
 
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601

Original Poster
Rep: Reputation: 32
Quote:
2. No. The stack is all kernelspace code.

2a. It is essentially all kernelspace. Even iptables is all kernelspace modules. (ie: the filtering portion of iptables, not the user-space program for specifying rules). The only userspace portion is the application layer, which actually does something with the packets (ie: ssh, www, smtp etc...)
Ahh... I'm not in front of my GNU/Linux box ATM, but do you have any suggestions regarding where I could start looking for a command that will show me the running kernel modules, much like 'ps' shows me user processes? That way, I could have a look at its ouput with only one NIC installed, and then shutdown/add-a-card/restart and compare.

Also, any pointers to relevant man pages or online docs is much appreciated. Hmm... looks like http://www.netfilter.org/ might have some of what I'm looking for...

Thanks for the info bulliver.
 
Old 03-26-2005, 01:58 PM   #4
johnMG
Member
 
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601

Original Poster
Rep: Reputation: 32
Quote:
1a. I believe that by default the hardware level is only for transport. This can be affected with ebtables, which does packet filtering at the NIC level.
Thanks. I'll read up on it at http://ebtables.sourceforge.net/
 
Old 03-26-2005, 02:38 PM   #5
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
'lsmod' will show all modules currently inserted into the kernel. However, if your 2 nics are the same chipset, then they will share the code, ie: there will not be 2 instances of the module loaded.

Other things you may want to look at are tcpdump and/or ethereal, which are two packet sniffers that display a lot of information at the packet level.

Without knowing your end goal, it is hard to recommend docs for you. However, if this is just for a learning experience then your best bet is to go to the source. The TCP stack is implemented in /usr/src/linux/net/ipv4, in particular, the files tcp.c and tcp_ipv4.c

Are you just looking for a low-level discussion of the Linux TCP stack, or do you have a specific goal here?

Last edited by bulliver; 03-26-2005 at 02:40 PM.
 
Old 03-27-2005, 01:47 AM   #6
johnMG
Member
 
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601

Original Poster
Rep: Reputation: 32
Quote:
'lsmod' will show all modules currently inserted into the kernel.
Thanks. Though, if some package is baked right into the kernel (rather than being loaded dynamically), it won't show up in lsmod, right?

Quote:
Other things you may want to look at are tcpdump and/or ethereal, which are two packet sniffers that display a lot of information at the packet level.
http://www.ethereal.com/
http://www.tcpdump.org/

Bookmarked and apt-gotten. Commencing reading their docs...

Quote:
Without knowing your end goal, it is hard to recommend docs for you.
I'm just learning about how networks and GNU/Linux work. One project I have in-mind is to:

A. use my Debian box to connect to my dialup account via an external 56k modem (which it already does),
B. plug a switch or hub into the ethernet port,
C. plug a 2nd computer into the switch (or hub) and browse the web from that 2nd computer.

But to be able to do all that, I need to understand the basics. The most basic questions to me are what I asked in my original post. I'm not looking for a cookbook on how to accomplish a given task. I'm one of those folks who needs to see the big picture before I can start filling in the details (yes, I majored in physics in college :) ).

So far, the big picture looks to me like this:
  • A TCP/IP stack runs in kernel-mode. It consists of kernel code + an NIC device driver(s). I'm guessing that stuff like iptables is not strictly part of the TCP/IP stack proper, although is extremely useful (packet filtering, NAT, etc.).
  • There's probably only one TCP/IP stack running on the host, though each network interface has its own driver for the stack to talk to. Not sure. XXX
  • hardware frames (if destined for this network interface) get turned into IP datagrams by the NIC/driver, then passed to the kernel's TCP/IP stack.
  • I must learn more about the /sys directory, and especially about /sys/class/net/eth0, which I bet is quite important. If I have more than one network interface, I may have more than one of these eth0 thingies (eth1, eth2,..). Running 'ifconfig' lists a bunch of stuff, and its man page makes it sound like eth0 represents a driver that the kernel is using.

Any clarifications most welcome!

Thanks.
 
Old 03-27-2005, 11:30 AM   #7
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
Quote:
I'm just learning about how networks and GNU/Linux work. One project I have in-mind is to:

A. use my Debian box to connect to my dialup account via an external 56k modem (which it already does),
B. plug a switch or hub into the ethernet port,
C. plug a 2nd computer into the switch (or hub) and browse the web from that 2nd computer.
Well, to do that, all you really need to do is plug in the hub/switch and it will just work. If you want to learn more, and save a couple bucks you can turn your Debian box into the router:

Have a look at the IP Masquerade HOWTO:
http://www.tldp.org/HOWTO/IP-Masquer...WTO/index.html

Also, the Linux Network Administrators Guide might help for general networking issues/background:
http://www.tldp.org/LDP/nag2/index.html

There are also several subject-specific HOWTOs in the networking section that may or may not be of interest to you:
http://www.tldp.org/HOWTO/HOWTO-INDEX/networking.html

Some commands you may want to check out:
(read manpage or search online);
netstat - print network connections
ifconfig - configure a network interface
route - show / manipulate the IP routing table

HTH
 
Old 03-27-2005, 06:56 PM   #8
johnMG
Member
 
Registered: Jul 2003
Location: CT, USA
Distribution: Debian Sarge (server), Etch (work/home)
Posts: 601

Original Poster
Rep: Reputation: 32
Thanks again bulliver. I'll get crackin' on that reading.

---J
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
100,000,000 Firefox downloads! Eerath General 6 10-22-2005 11:20 PM
IS Linspire Best Distro For Getting feet wet with linux? axanico Linspire/Freespire 2 04-16-2005 10:03 PM
1,000,000,000 PCs by 2010 masand Linux - News 4 11-01-2004 01:55 AM
LinuxQuestions.org Surpasses 1,000,000 Posts jeremy LQ Suggestions & Feedback 15 07-21-2004 12:52 AM
Questions on Linux 2.4.20 TCP fast recovery and ECN implementation enjoyzj Linux - Networking 0 07-16-2004 07:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration