sk_buff is the main networking structure representing
Basic sk_buff geometry¶
struct sk_buff itself is a metadata structure and does not hold any packet
data. All the data is held in associated buffers.
sk_buff.head points to the main “head” buffer. The head buffer is divided
into two parts:
data buffer, containing headers and sometimes payload; this is the part of the skb operated on by the common helpers such as
shared info (struct skb_shared_info) which holds an array of pointers to read-only data in the (page, offset, length) format.
skb_shared_info.frag_list may point to another skb.
Basic diagram may look like this:
--------------- | sk_buff | --------------- ,--------------------------- + head / ,----------------- + data / / ,----------- + tail | | | , + end | | | | v v v v ----------------------------------------------- | headroom | data | tailroom | skb_shared_info | ----------------------------------------------- + [page frag] + [page frag] + [page frag] + [page frag] --------- + frag_list --> | sk_buff | ---------
dataref and headerless skbs¶
Transport layers send out clones of payload skbs they hold for
retransmissions. To allow lower layers of the stack to prepend their headers
skb_shared_info.dataref into two halves.
The lower 16 bits count the overall number of references.
The higher 16 bits indicate how many of the references are payload-only.
skb_header_cloned() checks if skb is allowed to add / write the headers.
The creator of the skb (e.g. TCP) marks its skb as
__skb_header_release()). Any clone created from marked skb will get
sk_buff.hdr_len populated with the available headroom.
If there’s the only clone in existence it’s able to modify the headroom
at will. The sequence of calls inside the transport layer is:
<alloc skb> skb_reserve() __skb_header_release() skb_clone() // send the clone down the stack
This is not a very generic construct and it depends on the transport layers doing the right thing. In practice there’s usually only one payload-only skb. Having multiple payload-only skbs with different lengths of hdr_len is not possible. The payload-only skbs should never leave their owner.
The interface for checksum offload between the stack and networking drivers is as follows…
Checksumming of received packets by device¶
Indication of checksum verification is set in
Possible values are:
Device did not checksum this packet e.g. due to lack of capabilities. The packet contains full (though not verified) checksum in packet but not in skb->csum. Thus, skb->csum is undefined in this case.
The hardware you’re dealing with doesn’t calculate the full checksum (as in
CHECKSUM_COMPLETE), but it does parse headers and verify checksums for specific protocols. For such packets it will set
CHECKSUM_UNNECESSARYif their checksums are okay.
sk_buff.csumis still undefined in this case though. A driver or device must never modify the checksum field in the packet even if checksum is verified.
CHECKSUM_UNNECESSARYis applicable to following protocols:
TCP: IPv6 and IPv4.
UDP: IPv4 and IPv6. A device may apply CHECKSUM_UNNECESSARY to a zero UDP checksum for either IPv4 or IPv6, the networking stack may perform further validation in this case.
GRE: only if the checksum is present in the header.
SCTP: indicates the CRC in SCTP header has been validated.
FCOE: indicates the CRC in FC frame has been validated.
sk_buff.csum_levelindicates the number of consecutive checksums found in the packet minus one that have been verified as
CHECKSUM_UNNECESSARY. For instance if a device receives an IPv6->UDP->GRE->IPv4->TCP packet and a device is able to verify the checksums for UDP (possibly zero), GRE (checksum flag is set) and TCP,
sk_buff.csum_levelwould be set to two. If the device were only able to verify the UDP checksum and not GRE, either because it doesn’t support GRE checksum or because GRE checksum is bad, skb->csum_level would be set to zero (TCP checksum is not considered in this case).
This is the most generic way. The device supplied checksum of the _whole_ packet as seen by
netif_rx()and fills in
sk_buff.csum. This means the hardware doesn’t need to parse L3/L4 headers to implement this.
Even if device supports only some protocols, but is able to produce skb->csum, it MUST use CHECKSUM_COMPLETE, not CHECKSUM_UNNECESSARY.
CHECKSUM_COMPLETE is not applicable to SCTP and FCoE protocols.
A checksum is set up to be offloaded to a device as described in the output description for CHECKSUM_PARTIAL. This may occur on a packet received directly from another Linux OS, e.g., a virtualized Linux kernel on the same host, or it may be set in the input path in GRO or remote checksum offload. For the purposes of checksum verification, the checksum referred to by skb->csum_start + skb->csum_offset and any preceding checksums in the packet are considered verified. Any checksums in the packet that are after the checksum being offloaded are not considered to be verified.
Checksumming on transmit for non-GSO¶
The stack requests checksum offload in the
sk_buff.ip_summed for a packet.
The driver is required to checksum the packet as seen by hard_start_xmit() from
sk_buff.csum_startup to the end, and to record/write the checksum at offset
sk_buff.csum_offset. A driver may verify that the csum_start and csum_offset values are valid values given the length and offset of the packet, but it should not attempt to validate that the checksum refers to a legitimate transport layer checksum – it is the purview of the stack to validate that csum_start and csum_offset are set correctly.
When the stack requests checksum offload for a packet, the driver MUST ensure that the checksum is set correctly. A driver can either offload the checksum calculation to the device, or call skb_checksum_help (in the case that the device does not support offload for a particular checksum).
NETIF_F_IPV6_CSUMare being deprecated in favor of
NETIF_F_HW_CSUM. New devices should use
NETIF_F_HW_CSUMto indicate checksum offload capability. skb_csum_hwoffload_help() can be called to resolve
CHECKSUM_PARTIALbased on network device checksumming capabilities: if a packet does not match them, skb_checksum_help() or skb_crc32c_help() (depending on the value of
sk_buff.csum_not_inet, see Non-IP checksum (CRC) offloads) is called to resolve the checksum.
The skb was already checksummed by the protocol, or a checksum is not required.
This has the same meaning as CHECKSUM_NONE for checksum offload on output.
Not used in checksum output. If a driver observes a packet with this value set in skbuff, it should treat the packet as if
Non-IP checksum (CRC) offloads¶
This feature indicates that a device is capable of
offloading the SCTP CRC in a packet. To perform this offload the stack
will set csum_start and csum_offset accordingly, set ip_summed to
This feature indicates that a device is capable of offloading the FCOE
CRC in a packet. To perform this offload the stack will set ip_summed
Checksumming on output with GSO¶
In the case of a GSO packet (skb_is_gso() is true), checksum offload
is implied by the SKB_GSO_* flags in gso_type. Most obviously, if the
SKB_GSO_TCPV6, TCP checksum offload as
part of the GSO operation is implied. If a checksum is being offloaded
with GSO then ip_summed is
CHECKSUM_PARTIAL, and both csum_start and
csum_offset are set to refer to the outermost checksum being offloaded
(two offloaded checksums are possible with UDP encapsulation).