When a packet is received, it is cloned several times and sent sequentially to a series of packet handles, which include packet taps and the TCP/IP stack. Normally, each packet handler is invoked once. Under these circumstances, packets that are destined to slices are automatically dropped in the packet sockets handler, because VNET has not had a chance to tag them when they are received. VNET modifies this process in two ways:
This process is called the sknid elevator, where sknid is the socket context (the xid) and elevator refers to its transfer upstream. Since the elevator only runs for packets that are dropped at the boundary of a PACKET socket, it is quite efficient. Unfortunately, it has a side effect. Since we disrupt the natural order of operations, namely, that TCP/IP is called after packet sockets, communications over RAW sockets can get reordered. For example, for an observer that reads the packet stream from user space, a TCP ACK packet may be seen to go out before an incoming TCP SYN packet. This situation can easily be rectified by sorting the packets based on the packet typestamp, as it is recorded by the kernel at the time of reception of each packet.
