Design and Implementation of kernel ARP in Linux

Linux Kernel ARP design implementation method-general Linux technology-Linux programming and kernel information. The following is a detailed description. ARP (Address Resolution Protocol) is used to convert an IP Address into the physical IP Address (hardware Address) of the machine's Nic ). When a machine sends an IP packet to another physically connected machine, it first checks its ARP cache and tries to find the hardware address of the other machine. If not, put the IP packet to be sent into the waiting queue, and then send an ARP request. When receiving the ARP response, construct the ethernet header (destination hardware address, source hardware address) of the IP packet that was waiting for, and then send the IP packet out.

Linux's ARP implementation is quite complicated, in part because Linux not only supports ethernet, but also supports other types of networks. In addition, the implementation of ARP is actually related to routing, so it is not easy to understand.

First, let's talk about the ARP function calling process:

(1) when the system is initialized, arp_init is called to initialize the ARP cache (arp_tbl) and the ARP receiving function is registered.

(2) When the NIC driver receives a packet, it will allocate a sk_buff (skb) to copy the data to the buffer zone, then, call netif_rx to put the skb in the waiting queue (input_pkt_queue) and generate a Soft Interrupt. When the system handles this soft interrupt, it will call net_rx_action, which calls the corresponding receiving function based on the network package type. If it is an ARP packet, arp_rcv is called.

(3) arp_rcv checks whether the arp request asks the hardware address of the local machine or the local proxy. If yes, arp_send is called to send back the arp response. In addition, arp_rcv also tries its best to retain the mac addres of the target machine.

(4) arp_send allocates a sk_buff (skb), fills in the arp packet type, source hardware address, source IP address, destination hardware address, and destination IP address, and then calls the dev_queue_xmit arp packet to send it out.

Next, describe the main data structure of ARP:

(1) neigh_table

Neigh_table is a hash table used to describe the information of physically connected machines. ARP cache arp_tbl is such a neigh_table. All the neigh_tables in the system are connected together. The following are some main domains: + struct neighbor * hash_buckets [NEIGH_HASHMASK + 1]; hash_buckets stores information of all neighbors (physically connected machines). There are 32 buckets in total, each bucket stores a neighbor linked list.

+ Struct pneigh_entry * phash_buckets [PNEIGH_HASHMASK + 1]; phash_buckets stores all proxy arp entries. Each entry consists of the NIC device and IP address, specifies the mac address of the ip proxy of the NIC device. A total of 16 buckets. + int family;

Network type, AF_INET

Int entry_size; Size: sizeof (struct neighbor) + 4

Int key_len; key length, 4


+ _ U32 (* hash) (const void * pkey, const struct net_device *);
Int (* constructor) (struct neighbor *);
Int (* pconstructor) (struct pneigh_entry *);


These are ARP hash functions, neighbor and pneigh_entry constructor,

+ Struct neigh_parms parms;

Some parameters of ARP cache, including ARP packet transmission time, retransmission time, queue length, and proxy queue length.


+ Int gc_interval;
Int gc_thresh1;
Int gc_thresh2;
Int gc_thresh3;
Unsigned long last_flush;
Struct timer_list gc_timer;


ARP cache has a collection mechanism (garbage collection), which is used to set the recovery frequency and threshold value.

+ Struct sk_buff_head proxy_queue;

Sometimes the proxy arp does not immediately send back the response, so the arp packet is temporarily placed in this queue.

(2) neighbor

Neighbor contains information about neighbors (physically connected machines). The following is the domain it only needs:

+ Struct net_device * dev;

A network device (Network Card) connected to a neighbor ).

+ _ U8 nud_state; neighbor status, including NUD_INCOMPLETE (unfinished), NUD_REACHABLE (inaccessible), NUD_STALE (obsolete), and NUD_FAILED (failed.

+ Unsigned char ha [(MAX_ADDR_LEN + sizeof (unsigned long)-1 )&~ (Sizeof (unsigned long)-1)]; hardware address of the neighbor.

+ Struct hh_cache * hh; the header cache of the ethernet package, used to speed up sending to neighbors. Linux's efforts to improve efficiency can be seen :-).

+ Struct sk_buff_head arp_queue; wait for the IP packet queue of the hardware address of this neighbor.

+ Struct neigh_ops * ops; A set of function pointers for neighbor operations. It is a bit like a member function of the c ++ class.

+ U8 primary_key [0]; hash table primary key, generally IP address.