In Part I of this two-part series on the Linux Packet Filter, Gianluca describes a packet's journey through the kernel. Network geeks among you may remember my article, ``Linux Socket Filter: Sniffing Bytes over the Network'', in the June 2001 issue of LJ, regarding the use of the packet filter built inside the Linux kernel.. . .
In Part I of this two-part series on the Linux Packet Filter, Gianluca describes a packet's journey through the kernel. Network geeks among you may remember my article, ``Linux Socket Filter: Sniffing Bytes over the Network'', in the June 2001 issue of LJ, regarding the use of the packet filter built inside the Linux kernel. In that article I provided an overview of the functionality of the packet filter itself; this time, I delve into the depths of the kernel mechanisms that allow the filter to work and share some insights on Linux packet processing internals.

Now we are going to follow the trip of a packet from its very ingress into the computer to its delivery to user land at the socket level. We first consider the general case of a plain (i.e., not PF_PACKET) socket. Our analysis at link layer level is based on Ethernet, since this is the most widespread and representative LAN technology. Cases of other link layer technologies do not present significant differences.

The link for this article located at Linux Journal is no longer available.