Hi all:
My questions are as follows.
///////////////////< code from linux-2.6.35.4
/*
* Free an skbuff by memory without cleaning the state.
*/
static void kfree_skbmem(struct sk_buff *skb)
{
struct sk_buff *other;
atomic_t *fclone_ref;
switch (skb->fclone) {
case SKB_FCLONE_UNAVAILABLE:
kmem_cache_free(skbuff_head_cache, skb);
break;
case SKB_FCLONE_ORIG:
fclone_ref = (atomic_t *) (skb + 2);
///////////////////////////< question here
if (atomic_dec_and_test(fclone_ref))
kmem_cache_free(skbuff_fclone_cache, skb);
break;
case SKB_FCLONE_CLONE:
fclone_ref = (atomic_t *) (skb + 1);
/////////////////////////////< question here
other = skb - 1;
/* The clone portion is available for
* fast-cloning again.
*/
skb->fclone = SKB_FCLONE_UNAVAILABLE;
if (atomic_dec_and_test(fclone_ref))
kmem_cache_free(skbuff_fclone_cache, other);
break;
}
}
skb->|--------------------|
|struct sk_buff *next|
|--------------------|
|struct sk_buff *prev|
|--------------------|
| ...... |
|--------------------|
| automic_t users |
skb+1->|--------------------| fclone_ref = (atomic_t *) (skb + 1);
|struct sk_buff *next|
|--------------------|
|struct sk_buff *prve|
|--------------------|
| ...... |
|--------------------|
| automic_t users |
skb+2->|--------------------| fclone_ref = (atomic_t *) (skb + 2);
|struct sk_buff *next|
|--------------------|
|struct sk_buff *prve|
|--------------------|
| ...... |
|--------------------|
| automic_t users |
|--------------------|
typedef struct {
int counter;
} atomic_t;
so when skb+1, it poins to the member next. if we use "(atomic_t *) (skb +
1);", what the hell result is? and how can we visit the member "counter" of
atomic_t?
Thanks
Huangqiang Zhou
------------------
2010-09-19
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to [email protected]
Please read the FAQ at http://kernelnewbies.org/FAQ
