Review: Understanding Linux Network Internals [LWN.net]

The net/ directory tree in the Linux kernel source is an intimidating place. We all use the kernel's networking features, but even experienced kernel hackers often hesitate to wander into the code which implements those features. To many, the networking stack is a black box, maintained by a distinct set of developers who keep many of their secrets to themselves. There is little documentation on how Linux networking is implemented, adding to the challenge of understanding how it all works.

[Cover] Your editor had been told that O'Reilly had a book on the networking stack - a sort of companion to Understanding The Linux Kernel - in the works. But it was still a nice surprise to see the end result - a book by Christian Benvenuti entitled Understanding Linux Network Internals - show up on the doorstep. A couple of weeks later, after having read much of the book, your editor is ready to share some comments. The short version would be: this book is a welcome addition to the (short) list of books about the kernel. It is not as good a book as it could have been, however, and leaves some significant gaps.

Let's get one pet peeve out of the way immediately: any kernel book should disclose, on the cover, which version of the kernel is covered. As LWN readers know well, things change quickly in the kernel. A book which covers one version will likely be obsolete in many places a few versions later. If a kernel book does not include version information, there is no way to know which reality it matches or whether it will be even remotely relevant to current kernels.

In the case of this book, there is no word anywhere regarding which version is covered. It is clearly a 2.6 book, but that is all we know. Your editor has come to the conclusion from his reading that the book was a long time in the writing (not surprising: the subject matter is complex, and the book is over 1,000 pages long), and that, if an effort was made to make it consistently current for a specific kernel version, that effort was incomplete. The section on interrupts, for example, presents the old prototype for interrupt handlers last seen in the 2.5.68 kernel. Other parts are much more current. The book is a bit of a patchwork in that regard.

And in other regards as well. Some parts of the book seem to want to be a programming manual - to the point that the slab cache functions (kmem_cache_create() and friends) are presented on page 4. Page 13 talks about the likely() and unlikely() constructs. Yet, in other areas, detail is much more scarce, and there is no complete discussion of how to write code for the kernel. And (another pet peeve of your editor's) the issues of concurrency and race conditions are passed over almost completely.

Similarly, the section on network device drivers offers a great deal of information on device registration, queueing discipline bits, notifiers, power management, ethtool, dealing with the PCI bus, module initialization, and more. There is even a section on how bottom halves worked in the 2.2 kernel. But there is almost no information on how to write transmit and receive functions. At one point the author writes "This chapter does not strive to be a guide on how to write NIC device drivers." No problem, there are (ahem) other books which cover that ground. But then why bother with things like PCI device registration?

This book does contain a great deal of information. It may pass over driver transmit and receive functions, but it does cover packet transmission and reception in the higher levels of the networking stack in some detail - and that is just what one would want. There is a long section on IPv4 and ICMP, and quite a bit of information on the complicated "neighbor" code (the ARP protocol and such). The last major section is on routing. Stuffed into the middle is a 110-page section on the bridging subsystem.

Networking is a large area, and a large part of the kernel, so it is hard to cover everything even in a 1000-page book. So some important things were left out of Understanding Linux Network Internals. These include TCP, IPv6, IPsec, netfilter, traffic control, and several other topics. And that leads to your editor's last, and perhaps biggest complaint. The inconsistent focus and somewhat irregular choice of topics seen at the lower levels is also present in the large scale. Your editor would have happily traded the four chapters on bridging for a solid overview of how the TCP protocol works in Linux, and your editor suspects that he is not alone. Netfilter and traffic control, perhaps, merit a book of their own, but maybe some of the other chapters could have been tightened up enough to make room for an introduction to IPv6 or IPsec.

So it is hard to recommend this book in an unreserved fashion. That said, there is a great deal of useful information to be found in Understanding Linux Network Internals, and your editor is glad to have it on his bookshelf. It has already come in useful a couple of times while trying to figure out how parts of networking-related patches work. So this book is a welcome addition to the body of kernel-related documentation, even if it is not everything one might wish it would be.

(Log in to post comments)