On Dec 26, 2013, at 7:53 AM, Stuart Kendrick <stuart.kendrick.sea@xxxxxxxxx> wrote:
> I've found this neat diagram of the functions called as a frame wends its way toward hardware (Figure 4 in Section 2.3 in http://kernelnewbies.org/Networking?action=AttachFile&do=get&target=hacking_the_wholism_of_linux_net.txt) ending in rtl8169_start_xmit()
>
> From the text, I'm guessing that various 'hooks' can dink with the frame: NF_IP_PRE_ROUTING, NF_IP_LOCAL_IN, NF_IP_POST_ROUTING
> nowhere in there do I see where libpcap gets its copy
That's because they're not showing the guts of dev_hard_start_xmit() - in particularly, they're not showing the call to dev_queue_xmit_nit().
> ==> What functions can mess with a frame as it approaches hardware? Obviously, libpcap can register a request for a copy ... what functions can discard the frame after libpcap gets its copy?
Functions called from the device's ndo_start_xmit routine.
Or the routine itself.