The most complex functionality in VNET+ is the support for PACKET sockets (aka the PF_PACKET protocol family). PACKET sockets are a special type of RAW sockets that are known to be fast and that support the BPF packet filtering library in the kernel. They are the default packet capture facilty used by libpcap, and hence by tcpdump.
PACKET sockets are implemented as packet taps and are executed for every incoming and outgoing packet before the TCP/IP stack gets a chance to act on them. This introduces the biggest problematic of supporting such sockets, because they operate on packets independent of Netfilter, which is central to the functioning of VNET. Figure illustrates how VNET deals with packet sockets.
The rest of this section gives the design and implementation of PACKET socket support.