概述
將要從本地發出的數據包,會在構造了ip頭之后,調用ip_local_out函數,該函數設置數據包的總長度和校驗和,然后經過netfilter的LOCAL_OUT鈎子點進行檢查過濾,如果通過,則調用dst_output函數,實際上調用的是ip數據包輸出函數ip_output;
源碼分析
1 int ip_local_out(struct net *net, struct sock *sk, struct sk_buff *skb) 2 { 3 int err; 4 5 /* 設置幾個必要字段,經過NF的LOCAL_OUT鈎子點 */ 6 err = __ip_local_out(net, sk, skb); 7 8 /* NF允許包通過,但需要顯示調用回調函數 */ 9 if (likely(err == 1)) 10 err = dst_output(net, sk, skb); 11 12 return err; 13 }
1 int __ip_local_out(struct net *net, struct sock *sk, struct sk_buff *skb) 2 { 3 struct iphdr *iph = ip_hdr(skb); 4 5 /* 設置總長度 */ 6 iph->tot_len = htons(skb->len); 7 /* 計算校驗和 */ 8 ip_send_check(iph); 9 10 /* if egress device is enslaved to an L3 master device pass the 11 * skb to its handler for processing 12 */ 13 skb = l3mdev_ip_out(sk, skb); 14 if (unlikely(!skb)) 15 return 0; 16 17 /* 設置ip協議 */ 18 skb->protocol = htons(ETH_P_IP); 19 20 /* 經過NF的LOCAL_OUT鈎子點 */ 21 return nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, 22 net, sk, skb, NULL, skb_dst(skb)->dev, 23 dst_output); 24 }
1 static inline int dst_output(struct net *net, struct sock *sk, struct sk_buff *skb) 2 { 3 return skb_dst(skb)->output(net, sk, skb); 4 }