Netlink

Last updated
Netlink
Stable release
6.1 [1]   OOjs UI icon edit-ltr-progressive.svg / 11 December 2022;11 days ago (11 December 2022)
Preview release
5.14-rc1 [2]   OOjs UI icon edit-ltr-progressive.svg / 11 July 2021; 18 July 2021; 25 July 2021; 1 August 2021; 8 August 2021; 15 August 2021; 22 August 2021; 12 September 2021; 19 September 2021; 26 September 2021; 3 October 2021; 18 October 2021; 25 October 2021; 14 November 2021; 21 November 2021; 28 November 2021; 5 December 2021; 12 December 2021; 19 December 2021; 26 December 2021; 2 January 2022; 23 January 2022; 30 January 2022; 13 February 2022; 13 March 2022; 3 April 2022; 11 April 2022; 17 April 2022; 24 April 2022; 1 May 2022; 8 May 2022; 16 May 2022; 5 June 2022; 12 June 2022; 19 June 2022; 26 June 2022; 3 July 2022; 10 July 2022; 17 July 2022; 24 July 2022; 14 August 2022; 21 August 2022; 28 August 2022; 4 September 2022; 11 September 2022; 18 September 2022; 25 September 2022; 6 November 2022; 4 December 2022;Error: first parameter cannot be parsed as a date or time. (11 July 2021; 18 July 2021; 25 July 2021; 1 August 2021; 8 August 2021; 15 August 2021; 22 August 2021; 12 September 2021; 19 September 2021; 26 September 2021; 3 October 2021; 18 October 2021; 25 October 2021; 14 November 2021; 21 November 2021; 28 November 2021; 5 December 2021; 12 December 2021; 19 December 2021; 26 December 2021; 2 January 2022; 23 January 2022; 30 January 2022; 13 February 2022; 13 March 2022; 3 April 2022; 11 April 2022; 17 April 2022; 24 April 2022; 1 May 2022; 8 May 2022; 16 May 2022; 5 June 2022; 12 June 2022; 19 June 2022; 26 June 2022; 3 July 2022; 10 July 2022; 17 July 2022; 24 July 2022; 14 August 2022; 21 August 2022; 28 August 2022; 4 September 2022; 11 September 2022; 18 September 2022; 25 September 2022; 6 November 2022; 4 December 2022)
Operating system Linux
Platform Linux kernel
Type Application programming interface
License GNU General Public License
Website wiki.linuxfoundation.org/networking/generic_netlink_howto

Netlink is a socket family used for inter-process communication (IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the Unix domain sockets available on certain Unix-like operating systems, including its original incarnation as a Linux kernel interface, as well as in the form of a later implementation on FreeBSD. [3] Similarly to the Unix domain sockets, and unlike INET sockets, Netlink communication cannot traverse host boundaries. However, while the Unix domain sockets use the file system namespace, Netlink sockets are usually addressed by process identifiers (PIDs). [4]

Contents

Netlink is designed and used for transferring miscellaneous networking information between the kernel space and userspace processes. Networking utilities, such as the iproute2 family and the utilities used for configuring mac80211-based wireless drivers, use Netlink to communicate with the Linux kernel from userspace. Netlink provides a standard socket-based interface for userspace processes, and a kernel-side API for internal use by kernel modules. Originally, Netlink used the AF_NETLINKsocket family.

Netlink is designed to be a more flexible successor to ioctl; RFC 3549 describes the protocol in detail.

History

Netlink was created by Alexey Kuznetsov [5] as a more flexible alternative to the sophisticated but awkward ioctl communication method used for setting and getting external socket options. The Linux kernel continues to support ioctl for backward compatibility.

Netlink was first provided in the 2.0 series of the Linux kernel, implemented as a character device. By 2013, this interface is obsolete, but still forms an ioctl communication method; compare the use of rtnetlink. [6] The Netlink socket interface appeared in 2.2 series of the Linux kernel.

In 2022, experimental support for the Netlink protocol was added to FreeBSD. Initially, only a subset of the NETLINK_ROUTE functionality is supported. [3]

Packet structure

Bit offset0–1516–31
0Message length
32TypeFlags
64Sequence number
96PID
128+ 
Data
 

Unlike BSD sockets using Internet protocols such as TCP, where the message headers are autogenerated, the Netlink message header (available as struct nlmsghdr) must be prepared by the caller. The Netlink socket generally works in a SOCK_RAW-like mode, even if SOCK_DGRAM was used to create it.

The data portion then contains a subsystem-specific message that may be further nested.

The AF_NETLINK family offers multiple protocol subsets. Each interfaces to a different kernel component and has a different messaging subset. The subset is referenced by the protocol field in the socket call:

int socket(AF_NETLINK, SOCK_DGRAM or SOCK_RAW, protocol)

Lacking a standard, SOCK_DGRAM and SOCK_RAW are not guaranteed to be implemented in a given Linux (or other OS) release. Some sources state that both options are legitimate, and the reference below from Red Hat states that SOCK_RAW is always the parameter. However, iproute2 uses both interchangeably.

A non-exhaustive list of the supported protocol entries follows:

NETLINK_ROUTE

NETLINK_ROUTE provides routing and link information. This information is used primarily for user-space routing daemons. Linux implements a large subset of messages:

NETLINK_FIREWALL

NETLINK_FIREWALL provides an interface for a user-space app to receive packets from the firewall.

NETLINK_NFLOG

NETLINK_NFLOG provides an interface used to communicate between Netfilter and iptables.

NETLINK_ARPD

NETLINK_ARPD provides an interface to manage the ARP table from user-space.

NETLINK_AUDIT

NETLINK_AUDIT provides an interface to the audit subsystem found in Linux kernel versions 2.6.6 and later.

NETLINK_IP6_FW

NETLINK_IP6_FW provides an interface to transport packets from netfilter to user-space.

NETLINK_ROUTE6
NETLINK_TAPBASE
NETLINK_NETFILTER
NETLINK_TCPDIAG
NETLINK_XFRM

NETLINK_XFRM provides an interface to manage the IPsec security association and security policy databases - mostly used by key-manager daemons using the Internet Key Exchange protocol.

NETLINK_KOBJECT_UEVENT

NETLINK_KOBJECT_UEVENT provides the interface in which the kernel broadcasts uevents, typically consumed by udev.

NETLINK_GENERIC

One of the drawbacks of the Netlink protocol is that the number of protocol families is limited to 32 (MAX_LINKS).This is one of the main reasons that the generic Netlink family was created—to provide support for adding a higher number of families. It acts as a Netlink multiplexer and works with a single Netlink family NETLINK_GENERIC. The generic Netlink protocol is based on the Netlink protocol and uses its API.

Users can add a Netlink handler in their own kernel routines. This allows the development of additional Netlink protocols to address new kernel modules. [7]

See also

Related Research Articles

In computing, traceroute and tracert are computer network diagnostic commands for displaying possible routes (paths) and measuring transit delays of packets across an Internet Protocol (IP) network. The history of the route is recorded as the round-trip times of the packets received from each successive host in the route (path); the sum of the mean times in each hop is a measure of the total time spent to establish the connection. Traceroute proceeds unless all sent packets are lost more than twice; then the connection is lost and the route cannot be evaluated. Ping, on the other hand, only computes the final round-trip times from the destination point.

Berkeley sockets is an application programming interface (API) for Internet sockets and Unix domain sockets, used for inter-process communication (IPC). It is commonly implemented as a library of linkable modules. It originated with the 4.2BSD Unix operating system, which was released in 1983.

Unix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices.

<span class="mw-page-title-main">Port forwarding</span> Application of network address translation

In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway, by remapping the destination IP address and port number of the communication to an internal host.

Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network address translation, and port translation, which provide the functionality required for directing packets through a network and prohibiting packets from reaching sensitive locations within a network.

Filesystem in Userspace (FUSE) is a software interface for Unix and Unix-like computer operating systems that lets non-privileged users create their own file systems without editing kernel code. This is achieved by running file system code in user space while the FUSE module provides only a bridge to the actual kernel interfaces.

udev is a device manager for the Linux kernel. As the successor of devfsd and hotplug, udev primarily manages device nodes in the /dev directory. At the same time, udev also handles all user space events raised when hardware devices are added into the system or removed from it, including firmware loading as required by certain devices.

The proc filesystem (procfs) is a special filesystem in Unix-like operating systems that presents information about processes and other system information in a hierarchical file-like structure, providing a more convenient and standardized method for dynamically accessing process data held in the kernel than traditional tracing methods or direct access to kernel memory. Typically, it is mapped to a mount point named /proc at boot time. The proc file system acts as an interface to internal data structures about running processes in the kernel. In Linux, it can also be used to obtain information about the kernel and to change certain kernel parameters at runtime (sysctl).

<span class="mw-page-title-main">Linux kernel interfaces</span> An overview and comparison of the Linux kernal APIs and ABIs.

The Linux kernel provides several interfaces to user-space applications that are used for different purposes and that have different properties by design. There are two types of application programming interface (API) in the Linux kernel that are not to be confused: the "kernel–user space" API and the "kernel internal" API.

libipq is a development library for iptables userspace packet queuing. Libipq provides an API for communicating with ip_queue.

In computer networking, STREAMS is the native framework in Unix System V for implementing character device drivers, network protocols, and inter-process communication. In this framework, a stream is a chain of coroutines that pass messages between a program and a device driver. STREAMS originated in Version 8 Research Unix, as Streams.

In computing, ioctl is a system call for device-specific input/output operations and other operations which cannot be expressed by regular system calls. It takes a parameter specifying a request code; the effect of a call depends completely on the request code. Request codes are often device-specific. For instance, a CD-ROM device driver which can instruct a physical device to eject a disc would provide an ioctl request code to do so. Device-independent request codes are sometimes used to give userspace access to kernel functions which are only used by core system software or still under development.

A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming interface (API) for the networking architecture. Sockets are created only during the lifetime of a process of an application running in the node.

A Unix domain socket aka UDS or IPC socket is a data communications endpoint for exchanging data between processes executing on the same host operating system. It is also referred to by its address family AF_UNIX. Valid socket types in the UNIX domain are:

iproute2 Networking utilities

iproute2 is a collection of userspace utilities for controlling and monitoring various aspects of networking in the Linux kernel, including routing, network interfaces, tunnels, traffic control, and network-related device drivers.

The Berkeley Packet Filter (BPF) is a technology used in certain computer operating systems for programs that need to, among other things, analyze network traffic. It provides a raw interface to data link layers, permitting raw link-layer packets to be sent and received. In addition, if the driver for the network interface supports promiscuous mode, it allows the interface to be put into that mode so that all packets on the network can be received, even those destined to other hosts.

<span class="mw-page-title-main">SocketCAN</span> Open source controller area network drivers and networking stack for the Linux kernel

SocketCAN is a set of open source CAN drivers and a networking stack contributed by Volkswagen Research to the Linux kernel. SocketCAN was formerly known as Low Level CAN Framework (LLCF).

<span class="mw-page-title-main">Network block device</span>

On Linux, network block device (NBD) is a network protocol that can be used to forward a block device from one machine to a second machine. As an example, a local machine can access a hard disk drive that is attached to another computer.

nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. It has been available since Linux kernel 3.13 released on 19 January 2014.

CIFSD is an open-source in-kernel CIFS/SMB server created by Namjae Jeon for the Linux kernel. Initially the goal is to provide improved file I/O performance, but the bigger goal is to have some new features which are much easier to develop and maintain inside the kernel and expose the layers fully. Directions can be attributed to sections where Samba is moving to a few modules inside the kernel to have features like Remote direct memory access (RDMA) to work with actual performance gain.

References

  1. Linus Torvalds. "Linux 6.1".
  2. https://lore.kernel.org/lkml/CAHk-=wjB5XBk4obhMPfrU3mnOakV9VgHAYOo-ZGJnB2X0DnBWA@mail.gmail.com/.
  3. 1 2 "netlink: add netlink support".
  4. "netlink(7) - Linux manual page". man7.org.
  5. "kernel/git/torvalds/linux.git: root/net/core/rtnetlink.c". Linux kernel source tree. kernel.org . Retrieved 2014-05-27.
  6. Crowcroft, Jon; Phillips, Iain, eds. (2002). TCP/IP and Linux protocol implementation: systems code for the Linux Internet. Wiley Networking Council series. Wiley. p. 624. ISBN   9780471408826 . Retrieved 2013-05-21. All rtnetlink messages consist of a netlink message header and appended attributes.
  7. "Kernel Korner - Why and How to Use Netlink Socket | Linux Journal". www.linuxjournal.com.