Deep Dive into Linux veth Pairs: Usage, Kernel Implementation, and Network Communication

This article explores the Linux virtual Ethernet (veth) pair, a fundamental component of container network virtualization used extensively in Docker environments. It explains how veth simulates physical network cables and paired network interfaces to enable communication between virtualized network namespaces.

The author demonstrates practical usage by creating a veth pair using the ip link command, assigning IP addresses, bringing interfaces up, and configuring reverse path filtering to enable successful ping communication between the paired devices.

At the kernel level, veth initialization registers link operations via veth_init:

//file: drivers/net/veth.c
static __init int veth_init(void)
{
 return rtnl_link_register(&veth_link_ops);
}

The veth_link_ops structure defines callbacks for creation, validation, and deletion. The core creation function veth_newlink allocates two network devices and links them through a private peer pointer:

//file: drivers/net/veth.c
static int veth_newlink(struct net *src_net, struct net_device *dev,
    struct nlattr *tb[], struct nlattr *data[])
{
 ...
 //创建
 peer = rtnl_create_link(net, ifname, &veth_link_ops, tbp);

 //注册
 err = register_netdevice(peer);
 err = register_netdevice(dev);
 ...

 //把两个设备关联到一起
 priv = netdev_priv(dev); 
 rcu_assign_pointer(priv->peer, peer);

 priv = netdev_priv(peer); 
 rcu_assign_pointer(priv->peer, dev);
}

During device setup, veth_setup assigns veth_netdev_ops to the device, mapping the transmission function ndo_start_xmit to veth_xmit.

The network communication workflow closely mirrors the loopback device process. When transmitting, the kernel invokes veth_xmit, which retrieves the peer device and forwards the socket buffer using dev_forward_skb:

//file: drivers/net/veth.c
static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev)
{
 struct veth_priv *priv = netdev_priv(dev);
 struct net_device *rcv;

 //获取 veth 设备的对端
 rcv = rcu_dereference(priv->peer);

 //调用 dev_forward_skb 向对端发包
 if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) {
 }
}

This function updates the device context and triggers a soft interrupt via netif_rx and ____napi_schedule to enqueue the packet for reception. Upon receiving the soft interrupt, the kernel executes process_backlog to deliver the packet up the network stack. The article concludes that veth operates similarly to the loopback interface but is specifically designed for virtualization by pairing interfaces, making container networking straightforward once the underlying kernel mechanisms are understood.