Linux Network Stack Every Operating System which supports networking has some type of Network Stack. Linux is no exception. The Network Stack is what allows the applications to be able to access a network through a physical networking device. Networking devices can be modems, cable modems, ISDN, Wi-Fi devices, Ethernet cards, Token Ring cards, etc. No matter the physical medium being used, the Network Stack remains the same. Figure 1 shows the Linux Network Stack. There are seven layers to the Network Stack. Each layer has a specific job to perform to allow the Linux system to communicate on the network. These jobs being performed are twofold. Always keep in mind that the Network Stack works in two ways. The first way is when a user makes a request to the network, such as for a file from a network server. The second way is when the request is fulfilled, the file is returned to the user. Let’s look at an example such as from a word processor and you open a file from a network location. The request starts from the application, goes down through the various layers to the Physical Hardware. At this point, the request exists as a data packet on the network medium. Once the request is received at the file location, the file is sent back to the requesting system. Once received at the requesting system, the data packets enter the Physical Hardware and go back through the various layers until it reaches the Application Layer. At the Application Layer, the word processor is given the requested file and is then opened for editing. The various layers each exist within a set. There are three sets, the User Space, Kernel Space and the Physical Layer. They are grouped as follows: The top most layer (Application Layer) is part of the User Space. The next five layers are the Kernel Space. The final layer is the Physical Layer. Let’s go over the seven layers one at a time. The User Space is where the applications used by the user reside. For example, on a system with the TCP/IP protocol, the Application Layer is where the applications are used by the user. Applications such as a browser or other application which accesses the Internet works in this layer. Any application which can access a network is on this layer. This can include any application which can open a file or save a file over a network to another system. NOTE: In these cases the Internet is a network just as a network in an office. The Internet is a Wide-Area Network (WAN) where an office has a Local Network. The second layer, the System Call Interface (SCI), is where the call is made from the Application Layer to the Kernel. Let’s continue with the example of using a word processor to request a file from a network location. In this case, we can send a read call to the Kernel from the word processor. The Protocol Agnostic Interface is where the socket is created. The socket is a basic communications that is “talking” or “listening”. Each socket has an ID which is used specifically for an application. For a more familiar example, these are the same as TCP/IP Ports. When a browser makes a request, it is on port 80. When the item being requested is returned, it contains the socket number. When the system receives the packet of data, it can look at the socket number and then send it to the proper application. The Network Protocol is responsible for how the data is sent or received. The layer controls the information for getting data across the network. Specifically, in networks which work over routers, this layer provides the routing information. The Device Agnostic Interface is used to connect the data from/to the Kernel and the network device drivers. The Device Drivers Layer is, of course, the actual device driver of the network device being used. This allows the data to be prepared for transmission over the medium from the network device. The Physical Hardware is the actual network hardware. This is where the data packets are transmitted and received from the network medium being used, whether cable or wireless. So, let’s look at an actual example of requesting data with a browser from an internet web server. Within the browser, you select to open a web site. The application makes a request for the HTML file. The request goes to the System Call Interface which can send a read request. The Protocol Agnostic Interface opens a socket for the request. Let’s assume a socket of 80 is created which for TCP/IP is Port 80. Now the information is sent to the Network Protocol Layer where the TCP/IP address, etc. are all attached to the packet being built. Now the packet is sent to the Device Agnostic Interface where the packet is prepared for submission to leave the Kernel. The Device Drivers prepare the packet further to get it ready for the physical device. Device drivers can prepare the packets by converting them to any form needed. It is here that the MAC address of the network hardware is added to the packet. Next, the physical device is used to transmit the data packet. After the web server receives the request, it creates a packet or packets of data which contain the HTML page. The packets are sent back to the requesting system by routing it through the Internet by using the TCP/IP address on the packet. Once received by the requesting system, the packet is sent from the device to the drivers. Here the MAC address is removed. The packet is sent up to the Device Agnostic Interface. At this point, the packet is sent to the Kernel for processing. At the Network Protocol Layer, the TCP/IP addresses are verified and then removed from the packet. The packet goes on to the Protocol Agnostic Interface. Here the socket is determined from the packet and removed. The packet is then forwarded to the application associated with the socket ID. In this case, the socket ID was 80 and is set for the browser application. The packet is sent to the browser application where numerous packets are received and pieced together into one large HTML file. The browser will then write the HTML file to a temporary directory and open it in the browser to be viewed by the user.