TL;DR（总结）

Special thanks（特别感谢）

General advice on monitoring and tuning the Linux networking stack（监控和调优 Linux 网络栈的一般建议）

Overview（概述）

Detailed Look（详细分析）

Network Device Driver（网络设备驱动程序）

Initialization（初始化）

PCI initialization（PCI 初始化）

PCI configuration space

PCI configuration space is the underlying way that the Conventional PCI, PCI-X and PCI Express perform auto configuration of the cards inserted into their bus.

https://en.wikipedia.org/wiki/PCI_configuration_space#Standardized_registers

static DEFINE_PCI_DEVICE_TABLE(igb_pci_tbl) = {
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I354_BACKPLANE_1GBPS) },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I354_SGMII) },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I354_BACKPLANE_2_5GBPS) },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I211_COPPER), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_COPPER), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_FIBER), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_SERDES), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_SGMII), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_COPPER_FLASHLESS), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_SERDES_FLASHLESS), board_82575 },

  /* ... */
};
MODULE_DEVICE_TABLE(pci, igb_pci_tbl);

static struct pci_driver igb_driver = {
  .name     = igb_driver_name,
  .id_table = igb_pci_tbl,
  .probe    = igb_probe,
  .remove   = igb_remove,

  /* ... */
};

PCI probe（PCI 探测）

A peek into PCI initialization（PCI 初始化窥探）

err = pci_enable_device_mem(pdev);

/* ... */

err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64));

/* ... */

err = pci_request_selected_regions(pdev, pci_select_bars(pdev,
           IORESOURCE_MEM),
           igb_driver_name);

pci_enable_pcie_error_reporting(pdev);

pci_set_master(pdev);
pci_save_state(pdev);

More Linux PCI driver information（更多 Linux PCI 驱动程序信息）

Network device initialization（网络设备初始化）

struct net_device_ops

static int igb_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
{
  /* ... */

  netdev->netdev_ops = &igb_netdev_ops;

static const struct net_device_ops igb_netdev_ops = {
  .ndo_open               = igb_open,
  .ndo_stop               = igb_close,
  .ndo_start_xmit         = igb_xmit_frame,
  .ndo_get_stats64        = igb_get_stats64,
  .ndo_set_rx_mode        = igb_set_rx_mode,
  .ndo_set_mac_address    = igb_set_mac,
  .ndo_change_mtu         = igb_change_mtu,
  .ndo_do_ioctl           = igb_ioctl,

  /* ... */

ethtool registration（ethtool 注册）

static int igb_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
{
  /* ... */

  igb_set_ethtool_ops(netdev);

void igb_set_ethtool_ops(struct net_device *netdev)
{
  SET_ETHTOOL_OPS(netdev, &igb_ethtool_ops);
}

static const struct ethtool_ops igb_ethtool_ops = {
  .get_settings           = igb_get_settings,
  .set_settings           = igb_set_settings,
  .get_drvinfo            = igb_get_drvinfo,
  .get_regs_len           = igb_get_regs_len,
  .get_regs               = igb_get_regs,
  /* ... */

IRQs（中断）

NAPI

NAPI initialization in the igb driver（igb 驱动程序中的 NAPI 初始化）

static int igb_alloc_q_vector(struct igb_adapter *adapter,
                              int v_count, int v_idx,
                              int txr_count, int txr_idx,
                              int rxr_count, int rxr_idx)
{
  /* ... */

  /* allocate q_vector and rings */
  q_vector = kzalloc(size, GFP_KERNEL);
  if (!q_vector)
          return -ENOMEM;

  /* initialize NAPI */
  netif_napi_add(adapter->netdev, &q_vector->napi, igb_poll, 64);

  /* ... */

Bringing a network device up（启用网络设备）

Preparing to receive data from the network（准备从网络接收数据）

Enable NAPI（启用 NAPI）

for (i = 0; i < adapter->num_q_vectors; i++)
  napi_enable(&(adapter->q_vector[i]->napi));

Register an interrupt handler（注册中断处理程序）

static int igb_request_irq(struct igb_adapter *adapter)
{
  struct net_device *netdev = adapter->netdev;
  struct pci_dev *pdev = adapter->pdev;
  int err = 0;

  if (adapter->msix_entries) {
    err = igb_request_msix(adapter);
    if (!err)
      goto request_done;
    /* fall back to MSI */

    /* ... */
  }

  /* ... */

  if (adapter->flags & IGB_FLAG_HAS_MSI) {
    err = request_irq(pdev->irq, igb_intr_msi, 0,
          netdev->name, adapter);
    if (!err)
      goto request_done;

    /* fall back to legacy interrupts */

    /* ... */
  }

  err = request_irq(pdev->irq, igb_intr, IRQF_SHARED,
        netdev->name, adapter);

  if (err)
    dev_err(&pdev->dev, "Error %d getting interrupt\n", err);

request_done:
  return err;
}

Enable Interrupts（启用中断）

static void igb_irq_enable(struct igb_adapter *adapter)
{

  /* ... */

    wr32(E1000_IMS, IMS_ENABLE_MASK | E1000_IMS_DRSTA);
    wr32(E1000_IAM, IMS_ENABLE_MASK | E1000_IMS_DRSTA);

  /* ... */
}

The network device is now up（网络设备现已启动）

Monitoring network devices（监控网络设备）

Using ethtool -S（使用 ethtool -S）

$ sudo ethtool -S eth0
NIC statistics:
     rx_packets: 597028087
     tx_packets: 5924278060
     rx_bytes: 112643393747
     tx_bytes: 990080156714
     rx_broadcast: 96
     tx_broadcast: 116
     rx_multicast: 20294528
     ....

Using sysfs（使用 sysfs）

$ cat /sys/class/net/eth0/statistics/rx_dropped
2

Using /proc/net/dev（使用 /proc/net/dev）

$ cat /proc/net/dev
Inter-|   Receive                                                                                                               |  Transmit
 face |                   bytes         packets errs drop fifo frame compressed     multicast |                   bytes           packets errs drop fifo colls carrier compressed
  eth0:    110346752214   597737500     0      2    0        0                    0  20963860   990024805984 6066582604     0       0    0      0         0                    0
       lo: 428349463836 1579868535     0      0    0        0                    0                  0    428349463836  1579868535     0       0    0      0         0                    0

Tuning network devices（调整网络设备）

Check the number of RX queues being used（检查正在使用的 RX 队列数量）

$ sudo ethtool -l eth0
Channel parameters for eth0:
Pre-set maximums:
RX:   0
TX:   0
Other:    0
Combined: 8
Current hardware settings:
RX:   0
TX:   0
Other:    0
Combined: 4

$ sudo ethtool -l eth0
Channel parameters for eth0:
Cannot get device channel parameters
: Operation not supported

Adjusting the number of RX queues（调整 RX 队列数量）

$ sudo ethtool -L eth0 combined 8

$ sudo ethtool -L eth0 rx 8

Adjusting the size of the RX queues（调整 RX 队列大小）

$ sudo ethtool -g eth0
Ring parameters for eth0:
Pre-set maximums:
RX:   4096
RX Mini:  0
RX Jumbo: 0
TX:   4096
Current hardware settings:
RX:   512
RX Mini:  0
RX Jumbo: 0
TX:   512

$ sudo ethtool -G eth0 rx 4096

Adjusting the processing weight of RX queues（调整 RX 队列的处理权重）

$ sudo ethtool -x eth0
RX flow hash indirection table for eth3 with 2 RX ring(s):
0: 0 1 0 1 0 1 0 1
8: 0 1 0 1 0 1 0 1
16: 0 1 0 1 0 1 0 1
24: 0 1 0 1 0 1 0 1

$ sudo ethtool -X eth0 equal 2

$ sudo ethtool -X eth0 weight 6 2

Adjusting the rx hash fields for network flows（调整网络流的 rx 哈希字段）

$ sudo ethtool -n eth0 rx-flow-hash udp4
UDP over IPV4 flows use these fields for computing Hash flow key:
IP SA
IP DA

$ sudo ethtool -N eth0 rx-flow-hash udp4 sdfn

ntuple filtering for steering network flows（ntuple 过滤以引导网络流）

$ sudo ethtool -k eth0
Offload parameters for eth0:
...
ntuple-filters: off
receive-hashing: on

$ sudo ethtool -K eth0 ntuple on

$ sudo ethtool -u eth0
40 RX rings available
Total 0 rules

$ sudo ethtool -U eth0 flow-type tcp4 dst-port 80 action 2

SoftIRQs（软中断）

What is a softirq?（什么是软中断？）

ksoftirqd

static struct smp_hotplug_thread softirq_threads = {
  .store              = &ksoftirqd,
  .thread_should_run  = ksoftirqd_should_run,
  .thread_fn          = run_ksoftirqd,
  .thread_comm        = "ksoftirqd/%u",
};

static __init int spawn_ksoftirqd(void)
{
  register_cpu_notifier(&cpu_nfb);

  BUG_ON(smpboot_register_percpu_thread(&softirq_threads));

  return 0;
}
early_initcall(spawn_ksoftirqd);

__do_softirq

Monitoring（监控）

/proc/softirqs

$ cat /proc/softirqs
                    CPU0       CPU1       CPU2       CPU3
          HI:          0          0          0          0
       TIMER: 2831512516 1337085411 1103326083 1423923272
      NET_TX:   15774435     779806     733217     749512
      NET_RX: 1671622615 1257853535 2088429526 2674732223
       BLOCK: 1800253852    1466177    1791366     634534
BLOCK_IOPOLL:          0          0          0          0
     TASKLET:         25          0          0          0
       SCHED: 2642378225 1711756029  629040543  682215771
     HRTIMER:    2547911    2046898    1558136    1521176
         RCU: 2056528783 4231862865 3545088730  844379888

Linux network device subsystem（Linux 网络设备子系统）

Initialization of network device subsystem（网络设备子系统的初始化）

Initialization of struct softnet_data structures（struct softnet_data 结构的初始化）

Initialization of softirq handlers（软中断处理程序的初始化）

static int __init net_dev_init(void)
{
  /* ... */

  open_softirq(NET_TX_SOFTIRQ, net_tx_action);
  open_softirq(NET_RX_SOFTIRQ, net_rx_action);

 /* ... */
}

Data arrives（数据到达）

Interrupt handler（中断处理程序）

static irqreturn_t igb_msix_ring(int irq, void *data)
{
  struct igb_q_vector *q_vector = data;

  /* Write the ITR value calculated from the previous interrupt. */
  igb_write_itr(q_vector);

  napi_schedule(&q_vector->napi);

  return IRQ_HANDLED;
}

NAPI and napi_schedule

/**
 * __napi_schedule - schedule for receive
 * @n: entry to schedule
 *
 * The entry's receive function will be scheduled to run
 */
void __napi_schedule(struct napi_struct *n)
{
  unsigned long flags;

  local_irq_save(flags);
  ____napi_schedule(&__get_cpu_var(softnet_data), n);
  local_irq_restore(flags);
}
EXPORT_SYMBOL(__napi_schedule);

/* Called with irq disabled */
static inline void ____napi_schedule(struct softnet_data *sd,
                                     struct napi_struct *napi)
{
  list_add_tail(&napi->poll_list, &sd->poll_list);
  __raise_softirq_irqoff(NET_RX_SOFTIRQ);
}

A note about CPU and network data processing（关于 CPU 和网络数据处理的说明）

Monitoring network data arrival（监控网络数据到达）

$ cat /proc/interrupts
            CPU0       CPU1       CPU2       CPU3
   0:         46          0          0          0 IR-IO-APIC-edge      timer
   1:          3          0          0          0 IR-IO-APIC-edge      i8042
  30: 3361234770          0          0          0 IR-IO-APIC-fasteoi   aacraid
  64:          0          0          0          0 DMAR_MSI-edge      dmar0
  65:          1          0          0          0 IR-PCI-MSI-edge      eth0
  66:  863649703          0          0          0 IR-PCI-MSI-edge      eth0-TxRx-0
  67:  986285573          0          0          0 IR-PCI-MSI-edge      eth0-TxRx-1
  68:         45          0          0          0 IR-PCI-MSI-edge      eth0-TxRx-2
  69:        394          0          0          0 IR-PCI-MSI-edge      eth0-TxRx-3
 NMI:    9729927    4008190    3068645    3375402  Non-maskable interrupts
 LOC: 2913290785 1585321306 1495872829 1803524526  Local timer interrupts

Tuning network data arrival（调整网络数据到达）

Interrupt coalescing（中断合并）

$ sudo ethtool -c eth0
Coalesce parameters for eth0:
Adaptive RX: off  TX: off
stats-block-usecs: 0
sample-interval: 0
pkt-rate-low: 0
pkt-rate-high: 0
...

$ sudo ethtool -C eth0 adaptive-rx on

Adjusting IRQ affinities（调整 IRQ 亲和力）

$ sudo bash -c 'echo 1 > /proc/irq/8/smp_affinity'

Network data processing begins（网络数据处理开始）

net_rx_action processing loop（net_rx_action 处理循环）

1. By keeping track of a work budget (which can be adjusted), and

2. Checking the elapsed time

• 跟踪一个工作budget（可以调整）。

• 检查经过的时间。在net/core/dev.c中：

  while (!list_empty(&sd->poll_list)) {
    struct napi_struct *n;
    int work, weight;

    /* If softirq window is exhausted then punt.
     * Allow this to run for 2 jiffies since which will allow
     * an average latency of 1.5/HZ.
     */
    if (unlikely(budget <= 0 || time_after_eq(jiffies, time_limit)))
      goto softnet_break;

NAPI poll function and weight（NAPI poll 函数和 weight）

  /* initialize NAPI */
  netif_napi_add(adapter->netdev, &q_vector->napi, igb_poll, 64);

weight = n->weight;

work = 0;
if (test_bit(NAPI_STATE_SCHED, &n->state)) {
        work = n->poll(n, weight);
        trace_napi_poll(n);
}

WARN_ON_ONCE(work > weight);

budget -= work;

1. You are using a weight of 64 from your driver (all drivers were hardcoded with this value in Linux 3.13.0), and

2. You have your budget set to the default of 300

1. The igb_poll function was called at most 5 times (less if no data to process as we’ll see next), OR

2. At least 2 jiffies of time have elapsed.

• 你使用的驱动程序中的权重为 64（在 Linux 3.13.0 中，所有驱动程序都将此值硬编码为此）。

• 你的budget设置为默认的 300。

• igb_poll函数最多被调用 5 次（如果没有数据要处理，调用次数会更少，我们接下来会看到）。

• 至少经过了 2 个 jiffies 的时间。

The NAPI / network device driver contract（NAPI / 网络设备驱动程序约定）

Finishing the net_rx_action loop（完成 net_rx_action 循环）

/* Drivers must not modify the NAPI state if they
 * consume the entire weight.  In such cases this code
 * still "owns" the NAPI instance and therefore can
 * move the instance around on the list at-will.
 */
if (unlikely(work == weight)) {
  if (unlikely(napi_disable_pending(n))) {
    local_irq_enable();
    napi_complete(n);
    local_irq_disable();
  } else {
    if (n->gro_list) {
      /* flush too old packets
       * If HZ < 1000, flush all packets.
       */
      local_irq_enable();
      napi_gro_flush(n, HZ >= 1000);
      local_irq_disable();
    }
    list_move_tail(&n->poll_list, &sd->poll_list);
  }
}

1. The network device should be shutdown (e.g. because the user ran ifconfig eth0 down),
1. 网络设备应该关闭（例如，因为用户运行了ifconfig eth0 down命令）。

2. If the device is not being shutdown, check if there’s a generic receive offload (GRO) list. If the timer tick rate is >= 1000, all GRO’d network flows that were recently updated will be flushed. We’ll dig into GRO in detail later. Move the NAPI structure to the end of the list for this CPU so the next iteration of the loop will get the next NAPI structure registered.
1. 如果设备没有关闭，检查是否有通用接收卸载（GRO）列表。如果定时器滴答率<1000，所有最近更新的GRO网络流将被刷新。我们稍后会深入研究GRO。将NAPI结构移动到该CPU列表的末尾，以便循环的下一次迭代可以获取注册的下一个NAPI结构。

Exiting the loop when limits are reached（达到限制时退出循环）

• The poll list registered for this CPU has no more NAPI structures (!list_empty(&sd->poll_list)), or
• 为该CPU注册的轮询列表中没有更多NAPI结构（!list_empty(&sd->poll_list)）。

• The remaining budget is <= 0, or
• 剩余预算<= 0。

• The time limit of 2 jiffies has been reached
• 达到 2 个 jiffies 的时间限制。

/* If softirq window is exhausted then punt.
 * Allow this to run for 2 jiffies since which will allow
 * an average latency of 1.5/HZ.
 */
if (unlikely(budget <= 0 || time_after_eq(jiffies, time_limit)))
  goto softnet_break;

softnet_break:
  sd->time_squeeze++;
  __raise_softirq_irqoff(NET_RX_SOFTIRQ);
  goto out;

NAPI poll

igb_poll

/**
 *  igb_poll - NAPI Rx polling callback, NAPI Rx轮询回调函数
 *  @napi: napi polling structure, napi轮询结构
 *  @budget: count of how many packets we should handle, 我们应该处理的数据包数量
 **/
static int igb_poll(struct napi_struct *napi, int budget)
{
        struct igb_q_vector *q_vector = container_of(napi,
                                                     struct igb_q_vector,
                                                     napi);
        bool clean_complete = true;

#ifdef CONFIG_IGB_DCA
        if (q_vector->adapter->flags & IGB_FLAG_DCA_ENABLED)
                igb_update_dca(q_vector);
#endif

        /* ... */

        if (q_vector->rx.ring)
                clean_complete &= igb_clean_rx_irq(q_vector, budget);

        /* If all work not completed, return budget and keep polling */
        if (!clean_complete)
                return budget;

        /* If not enough Rx work done, exit the polling mode */
        napi_complete(napi);
        igb_ring_irq_enable(q_vector);

        return 0;
}

Monitoring network data processing(监控网络数据处理)

  seq_printf(seq,
       "%08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x\n",
       sd->processed, sd->dropped, sd->time_squeeze, 0,
       0, 0, 0, 0, /* was fastroute */
       sd->cpu_collision, sd->received_rps, flow_limit_count);

$ cat /proc/net/softnet_stat
6dcad223 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000
6f0e1565 00000000 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000
660774ec 00000000 00000003 00000000 00000000 00000000 00000000 00000000 00000000 00000000
61c99331 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
6794b1b3 00000000 00000005 00000000 00000000 00000000 00000000 00000000 00000000 00000000
6488cb92 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000

Tuning network data processing(调整网络数据处理)

$ sudo sysctl -w net.core.netdev_budget=600

Generic Receive Offloading (GRO)(通用接收卸载（GRO）)

Tuning: Adjusting GRO settings with ethtool(调整：使用 ethtool 调整 GRO 设置)

$ ethtool -k eth0 | grep generic-receive-offload
generic-receive-offload: on

$ sudo ethtool -K eth0 gro on

napi_gro_receive

dev_gro_receive

list_for_each_entry_rcu(ptype, head, list) {
  if (ptype->type != type || !ptype->callbacks.gro_receive)
    continue;

  skb_set_network_header(skb, skb_gro_offset(skb));
  skb_reset_mac_len(skb);
  NAPI_GRO_CB(skb)->same_flow = 0;
  NAPI_GRO_CB(skb)->flush = 0;
  NAPI_GRO_CB(skb)->free = 0;

  pp = ptype->callbacks.gro_receive(&napi->gro_list, skb);
  break;
}

if (pp) {
  struct sk_buff *nskb = *pp;

  *pp = nskb->next;
  nskb->next = NULL;
  napi_gro_complete(nskb);
  napi->gro_count--;
}

if (NAPI_GRO_CB(skb)->flush || napi->gro_count >= MAX_GRO_SKBS)
  goto normal;

napi->gro_count++;
NAPI_GRO_CB(skb)->count = 1;
NAPI_GRO_CB(skb)->age = jiffies;
skb_shinfo(skb)->gso_size = skb_gro_len(skb);
skb->next = napi->gro_list;
napi->gro_list = skb;
ret = GRO_HELD;

napi_skb_finish

Receive Packet Steering (RPS)(接收数据包导向（RPS）)

Tuning: Enabling RPS（调优：启用 RPS）

Receive Flow Steering (RFS)（接收流转向（RFS））

Tuning: Enabling RFS（调优：启用RFS ）

$ sudo sysctl -w net.core.rps_sock_flow_entries=32768

$ sudo bash -c 'echo 2048 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt'

Hardware accelerated Receive Flow Steering (aRFS)硬件加速接收流转向（aRFS）

Tuning: Enabling accelerated RFS (aRFS)调优：启用加速 RFS (aRFS)

Moving up the network stack with netif_receive_skb 通过 netif_receive_skb 提升网络堆栈

Tuning: RX packet timestamping（调优：RX 数据包时间戳）

$ sudo sysctl -w net.core.netdev_tstamp_prequeue=0

netif_receive_skb

Without RPS (default setting)

With RPS enabled

cpu = get_rps_cpu(skb->dev, skb, &rflow);

if (cpu >= 0) {
  ret = enqueue_to_backlog(skb, cpu, &rflow->last_qtail);
  rcu_read_unlock();
  return ret;
}

enqueue_to_backlog

qlen = skb_queue_len(&sd->input_pkt_queue);
if (qlen <= netdev_max_backlog && !skb_flow_limit(skb, qlen)) {

• If the queue is empty: check if NAPI has been started on the remote CPU. If not, check if an IPI is queued to be sent. If not, queue one and start the NAPI processing loop by calling ____napi_schedule. Proceed to queuing the data.
• 如果队列为空，则检查远程CPU上的NAPI是否已启动。如果没有启动，则检查是否已排队待发送的 IPI 中断请求。如果没有，则排队一个并调用____napi_schedule启动NAPI处理循环。然后继续排队数据。

• If the queue is not empty, or the previously described operation has completed, enqueue the data.
• 如果队列不为空，或者前面描述的操作已完成，则将数据入队。

  if (skb_queue_len(&sd->input_pkt_queue)) {
enqueue:
         __skb_queue_tail(&sd->input_pkt_queue, skb);
         input_queue_tail_incr_save(sd, qtail);
         rps_unlock(sd);
         local_irq_restore(flags);
         return NET_RX_SUCCESS;
 }

 /* Schedule NAPI for backlog device
  * We can use non atomic operation since we own the queue lock
  */
 if (!__test_and_set_bit(NAPI_STATE_SCHED, &sd->backlog.state)) {
         if (!rps_ipi_queued(sd))
                 ____napi_schedule(sd, &sd->backlog);
 }
 goto enqueue;

Flow limits

if (qlen <= netdev_max_backlog && !skb_flow_limit(skb, qlen)) {

Monitoring: Monitor drops due to full input_pkt_queue or flow limit

Tuning

$ sudo sysctl -w net.core.netdev_max_backlog=3000

$ sudo sysctl -w net.core.dev_weight=600

$ sudo sysctl -w net.core.flow_limit_table_len=8192

backlog queue NAPI poller 后端队列NAPI轮询器

sd->backlog.poll = process_backlog;
sd->backlog.weight = weight_p;
sd->backlog.gro_list = NULL;
sd->backlog.gro_count = 0;

process_backlog

__netif_receive_skb_core delivers data to packet taps and protocol layers

Packet tap delivery（数据包捕获传输）

list_for_each_entry_rcu(ptype, &ptype_all, list) {
  if (!ptype->dev || ptype->dev == skb->dev) {
    if (pt_prev)
      ret = deliver_skb(skb, pt_prev, orig_dev);
    pt_prev = ptype;
  }
}

Protocol layer delivery

type = skb->protocol;
list_for_each_entry_rcu(ptype,
                &ptype_base[ntohs(type) & PTYPE_HASH_MASK], list) {
        if (ptype->type == type &&
            (ptype->dev == null_or_dev || ptype->dev == skb->dev ||
             ptype->dev == orig_dev)) {
                if (pt_prev)
                        ret = deliver_skb(skb, pt_prev, orig_dev);
                pt_prev = ptype;
        }
}

struct list_head ptype_base[PTYPE_HASH_SIZE] __read_mostly;

static inline struct list_head *ptype_head(const struct packet_type *pt)
{
        if (pt->type == htons(ETH_P_ALL))
                return &ptype_all;
        else
                return &ptype_base[ntohs(pt->type) & PTYPE_HASH_MASK];
}

Protocol layer registration（协议层注册）

IP protocol layer

dev_add_pack(&ip_packet_type);

static struct packet_type ip_packet_type __read_mostly = {
        .type = cpu_to_be16(ETH_P_IP),
        .func = ip_rcv,
};

ip_rcv

return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, dev, NULL, ip_rcv_finish);

netfilter and iptables

ip_rcv_finish

if (sysctl_ip_early_demux && !skb_dst(skb) && skb->sk == NULL) {
  const struct net_protocol *ipprot;
  int protocol = iph->protocol;

  ipprot = rcu_dereference(inet_protos[protocol]);
  if (ipprot && ipprot->early_demux) {
    ipprot->early_demux(skb);
    /* must reload iph, skb->head might have changed */
    iph = ip_hdr(skb);
  }
}

$ sudo sysctl -w net.ipv4.ip_early_demux=0

ip_local_deliver

/*
 *      Deliver IP Packets to the higher protocol layers.
 */
int ip_local_deliver(struct sk_buff *skb)
{
        /*
         *      Reassemble IP fragments.
         */

        if (ip_is_fragment(ip_hdr(skb))) {
                if (ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER))
                        return 0;
        }

        return NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_IN, skb, skb->dev, NULL,
                       ip_local_deliver_finish);
}

ip_local_deliver_finish

Monitoring: IP protocol layer statistics

$ cat /proc/net/snmp
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip:                   1           64 25922988125                0                    0             15771700                            0           0 25898327616 22789396404 12987882                    51
                       1       10129840     2196520                  1              0              0                    0
...

enum
{
  IPSTATS_MIB_NUM = 0,
/* frequently written fields in fast path, kept in same cache line */
  IPSTATS_MIB_INPKTS,     /* InReceives */
  IPSTATS_MIB_INOCTETS,     /* InOctets */
  IPSTATS_MIB_INDELIVERS,     /* InDelivers */
  IPSTATS_MIB_OUTFORWDATAGRAMS,   /* OutForwDatagrams */
  IPSTATS_MIB_OUTPKTS,      /* OutRequests */
  IPSTATS_MIB_OUTOCTETS,      /* OutOctets */

  /* ... */

$ cat /proc/net/netstat | grep IpExt
IpExt: InNoRoutes InTruncatedPkts InMcastPkts OutMcastPkts InBcastPkts OutBcastPkts InOctets OutOctets InMcastOctets OutMcastOctets InBcastOctets OutBcastOctets InCsumErrors InNoECTPkts InECT0Pktsu InCEPkts
IpExt: 0 0 0 0 277959 0 14568040307695 32991309088496 0 0 58649349 0 0 0 0 0

• InReceives: The total number of IP packets that reached ip_rcv before any data integrity checks.
• InReceives：在进行任何数据完整性检查之前到达 ip_rcv 的 IP 数据包总数。

• InHdrErrors: Total number of IP packets with corrupted headers. The header was too short, too long, non-existent, had the wrong IP protocol version number, etc.
• InHdrErrors：包含损坏报头的 IP 数据包总数。报头太短、太长、不存在、IP 协议版本号错误等。

• InAddrErrors: Total number of IP packets where the host was unreachable.
• InAddrErrors：主机无法访问的 IP 数据包总数。

• ForwDatagrams: Total number of IP packets that have been forwarded.
• ForwDatagrams：已转发的 IP 数据包总数。

• InUnknownProtos: Total number of IP packets with unknown or unsupported protocol specified in the header.
• InUnknownProtos：报头中指定的未知或不支持协议的 IP 数据包总数。

• InDiscards: Total number of IP packets discarded due to memory allocation failure or checksum failure when packets are trimmed.
• InDiscards：由于内存分配失败或数据包修剪时校验和失败而被丢弃的 IP 数据包总数。

• InDelivers: Total number of IP packets successfully delivered to higher protocol layers. Keep in mind that those protocol layers may drop data even if the IP layer does not.
• InDelivers：成功传递到更高协议层的 IP 数据包总数。请记住，即使 IP 层没有丢弃数据，这些协议层也可能丢弃数据。

• InCsumErrors: Total number of IP Packets with checksum errors.
• InCsumErrors：校验和错误的 IP 数据包总数。

Higher level protocol registration

static const struct net_protocol tcp_protocol = {
        .early_demux    =       tcp_v4_early_demux,
        .handler        =       tcp_v4_rcv,
        .err_handler    =       tcp_v4_err,
        .no_policy      =       1,
        .netns_ok       =       1,
};

static const struct net_protocol udp_protocol = {
        .early_demux =  udp_v4_early_demux,
        .handler =      udp_rcv,
        .err_handler =  udp_err,
        .no_policy =    1,
        .netns_ok =     1,
};

static const struct net_protocol icmp_protocol = {
        .handler =      icmp_rcv,
        .err_handler =  icmp_err,
        .no_policy =    1,
        .netns_ok =     1,
};

 /*
  *      Add all the base protocols.
  */

 if (inet_add_protocol(&icmp_protocol, IPPROTO_ICMP) < 0)
         pr_crit("%s: Cannot add ICMP protocol\n", __func__);
 if (inet_add_protocol(&udp_protocol, IPPROTO_UDP) < 0)
         pr_crit("%s: Cannot add UDP protocol\n", __func__);
 if (inet_add_protocol(&tcp_protocol, IPPROTO_TCP) < 0)
         pr_crit("%s: Cannot add TCP protocol\n", __func__);

UDP protocol layer

udp_rcv

__udp4_lib_rcv

sk = skb_steal_sock(skb);
if (sk) {
  struct dst_entry *dst = skb_dst(skb);
  int ret;

  if (unlikely(sk->sk_rx_dst != dst))
    udp_sk_rx_dst_set(sk, dst);

  ret = udp_queue_rcv_skb(sk, skb);
  sock_put(sk);
  /* a return value > 0 means to resubmit the input, but
   * it wants the return to be -protocol, or 0
   */
  if (ret > 0)
    return -ret;
  return 0;
} else {

ret = udp_queue_rcv_skb(sk, skb);
sock_put(sk);

/* No socket. Drop packet silently, if checksum is wrong */
if (udp_lib_checksum_complete(skb))
        goto csum_error;

UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);

/*
 * Hmm.  We got an UDP packet to a port to which we
 * don't wanna listen.  Ignore it.
 */
kfree_skb(skb);
return 0;

udp_queue_rcv_skb

1. Determine if the socket associated with the datagram is an encapsulation socket. If so, pass the packet up to that layer’s handler function before proceeding.
1. 确定与数据报关联的套接字是否为封装套接字。如果是，则在继续之前将数据包传递给该层的处理函数。

2. Determine if the datagram is a UDP-Lite datagram and do some integrity checks.
1. 确定数据报是否为 UDP-Lite 数据报并执行一些完整性检查。

3. Verify the UDP checksum of the datagram and drop it if the checksum fails.
1. 验证数据报的 UDP 校验和，如果校验和失败则丢弃数据报。

if (sk_rcvqueues_full(sk, skb, sk->sk_rcvbuf))
  goto drop;

sk_rcvqueues_full

/*
 * Take into account size of receive queue and backlog queue
 * Do not take into account this skb truesize,
 * to allow even a single big packet to come.
 */
static inline bool sk_rcvqueues_full(const struct sock *sk, const struct sk_buff *skb,
                                     unsigned int limit)
{
        unsigned int qsize = sk->sk_backlog.len + atomic_read(&sk->sk_rmem_alloc);

        return qsize > limit;
}

$ sudo sysctl -w net.core.rmem_max=8388608

$ sudo sysctl -w net.core.rmem_default=8388608

udp_queue_rcv_skb

bh_lock_sock(sk);
if (!sock_owned_by_user(sk))
  rc = __udp_queue_rcv_skb(sk, skb);
else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) {
  bh_unlock_sock(sk);
  goto drop;
}
bh_unlock_sock(sk);

return rc;

__udp_queue_rcv_skb

rc = sock_queue_rcv_skb(sk, skb);
if (rc < 0) {
  int is_udplite = IS_UDPLITE(sk);

  /* Note that an ENOMEM error is charged twice */
  if (rc == -ENOMEM)
    UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,is_udplite);

  UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
  kfree_skb(skb);
  trace_udp_fail_queue_rcv_skb(rc, sk);
  return -1;
}

Monitoring: UDP protocol layer statistics

• /proc/net/snmp

• /proc/net/udp

$ cat /proc/net/snmp | grep Udp\:
Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors
Udp: 16314 0 0 17161 0 0

• InDatagrams: Incremented when recvmsg was used by a userland program to read datagram. Also incremented when a UDP packet is encapsulated and sent back for processing.
• InDatagrams：当用户程序使用recvmsg读取数据报时增加。当UDP数据包被封装并返回处理时也会增加。

• NoPorts: Incremented when UDP packets arrive destined for a port where no program is listening.
• NoPorts：当UDP数据包到达一个没有程序监听的端口时增加。

• InErrors: Incremented in several cases: no memory in the receive queue, when a bad checksum is seen, and if sk_add_backlog fails to add the datagram.
• InErrors：在几种情况下增加：接收队列内存不足、看到坏校验和以及sk_add_backlog无法添加数据报时。

• OutDatagrams: Incremented when a UDP packet is handed down without error to the IP protocol layer to be sent.
• OutDatagrams：当UDP数据包无误地传递到IP协议层以发送时增加。

• RcvbufErrors: Incremented when sock_queue_rcv_skb reports that no memory is available; this happens if sk->sk_rmem_alloc is greater than or equal to sk->sk_rcvbuf.
• RcvbufErrors：当sock_queue_rcv_skb报告内存不足时增加；这种情况发生在sk->sk_rmem_alloc大于或等于sk->sk_rcvbuf时。

• SndbufErrors: Incremented if the IP protocol layer reported an error when trying to send the packet and no error queue has been setup. Also incremented if no send queue space or kernel memory are available.
• SndbufErrors：如果IP协议层在尝试发送数据包时报告错误且未设置错误队列时增加。如果没有发送队列空间或内核内存可用时也会增加。

• InCsumErrors: Incremented when a UDP checksum failure is detected. Note that in all cases I could find, InCsumErrors is incrememnted at the same time as InErrors. Thus, InErrors - InCsumErros should yield the count of memory related errors on the receive side.
• InCsumErrors：当检测到UDP校验和失败时增加。需要注意的是，在我找到的所有情况下，InCsumErrors都会与InErrors同时增加。因此，InErrors - InCsumErrors应该给出接收端内存相关错误的数量。

$ cat /proc/net/udp
  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode ref pointer drops
  515: 00000000:B346 00000000:0000 07 00000000:00000000 00:00000000 00000000   104        0 7518 2 0000000000000000 0
  558: 00000000:0371 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 7408 2 0000000000000000 0
  588: 0100007F:038F 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 7511 2 0000000000000000 0
  769: 00000000:0044 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 7673 2 0000000000000000 0
  812: 00000000:006F 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 7407 2 0000000000000000 0

• sl: Kernel hash slot for the socket
• sl：套接字的内核哈希槽

• local_address: Hexadecimal local address of the socket and port number, separated by :.
• 本地地址：套接字的十六进制本地地址和端口号，以冒号分隔。

• rem_address: Hexadecimal remote address of the socket and port number, separated by :.
• 远程地址：套接字的十六进制远程地址和端口号，以冒号分隔。

• st: The state of the socket. Oddly enough, the UDP protocol layer seems to use some TCP socket states. In the example above, 7 is TCP_CLOSE.
• 状态：套接字的状态。奇怪的是，UDP协议层似乎使用了一些TCP套接字的状态。在上面的例子中，7表示TCP_CLOSE。

• tx_queue: The amount of memory allocated in the kernel for outgoing UDP datagrams.
• 发送队列：内核为传出UDP数据报分配的内存大小。

• rx_queue: The amount of memory allocated in the kernel for incoming UDP datagrams.
• 接收队列：内核为传入UDP数据报分配的内存大小。

• tr, tm->when, retrnsmt: These fields are unused by the UDP protocol layer.
• tr、tm->when、retrnsmt：这些字段未被UDP协议层使用。

• uid: The effective user id of the user who created this socket.
• 用户ID：创建此套接字的用户的有效用户ID。

• timeout: Unused by the UDP protocol layer.
• 超时：UDP协议层未使用。

• inode: The inode number corresponding to this socket. You can use this to help you determine which user process has this socket open. Check /proc/[pid]/fd, which will contain symlinks to socket[:inode].
• 索引节点：与此套接字对应的索引节点号。您可以使用它来帮助您确定哪个用户进程打开了此套接字。检查/proc/[pid]/fd，其中包含指向socket[:inode]的符号链接。

• ref: The current reference count for the socket.
• 引用计数：套接字当前的引用计数。

• pointer: The memory address in the kernel of the struct sock.
• 指针：内核中struct sock的内存地址。

• drops: The number of datagram drops associated with this socket. Note that this does not include any drops related to sending datagrams (on corked UDP sockets or otherwise); this is only incremented in receive paths as of the kernel version examined by this blog post.
• 丢弃：与此套接字关联的数据报丢弃数量。请注意，这不包括与发送数据报相关的任何丢弃（无论是通过corked UDP套接字还是其他方式）；仅在接收路径中增加，截至本博客文章所检查的内核版本。

Queuing data to a socket(将数据排队到套接字)

1. The socket’s allocated memory is checked to determine if it has exceeded the receive buffer size. If so, the drop count for the socket is incremented.
1. 检查套接字分配的内存是否已超过接收缓冲区大小。如果是，则增加该套接字的丢弃计数。

2. Next sk_filter is used to process any Berkeley Packet Filter filters that have been applied to the socket.
1. 接下来使用 sk_filter 处理已应用于该套接字的 Berkeley 数据包过滤器。

3. sk_rmem_schedule is run to ensure sufficient receive buffer space exists to accept this datagram.
1. 运行 sk_rmem_schedule，以确保有足够的接收缓冲区空间来接受此数据报。

4. Next the size of the datagram is charged to the socket with a call to skb_set_owner_r. This increments sk->sk_rmem_alloc.
1. 然后通过调用 skb_set_owner_r 向该套接字收取数据报的大小。这会增加 sk->sk_rmem_alloc。

5. The data is added to the queue with a call to __skb_queue_tail.
1. 通过调用 __skb_queue_tail 将数据添加到队列中。

6. Finally, any processes waiting on data to arrive in the socket are notified with a call to the sk_data_ready notification handler function.
1. 最后，通过调用 sk_data_ready 通知处理程序函数，通知任何正在等待数据到达该套接字的进程。

Extras

Timestamping

$ sudo ethtool -T eth0
Time stamping parameters for eth0:
Capabilities:
  software-transmit     (SOF_TIMESTAMPING_TX_SOFTWARE)
  software-receive      (SOF_TIMESTAMPING_RX_SOFTWARE)
  software-system-clock (SOF_TIMESTAMPING_SOFTWARE)
PTP Hardware Clock: none
Hardware Transmit Timestamp Modes: none
Hardware Receive Filter Modes: none

Busy polling for low latency sockets

Netpoll: support for networking in critical contexts

static int __netif_receive_skb_core(struct sk_buff *skb, bool pfmemalloc)
{

  /* ... */

  /* if we've gotten here through NAPI, check netpoll */
  if (netpoll_receive_skb(skb))
    goto out;

  /* ... */
}

SO_INCOMING_CPU

DMA Engines

Intel’s I/O Acceleration Technology (IOAT)

Direct cache access (DCA)

Monitoring IOAT DMA engine

$ cat /sys/class/dma/dma0chan0/memcpy_count
123205655

$ cat /sys/class/dma/dma0chan0/bytes_transferred
131791916307

Tuning IOAT DMA engine

$ sudo sysctl -w net.ipv4.tcp_dma_copybreak=2048

Conclusion