Netlink
Encyclopedia
Netlink is a socket-like mechanism for IPC
between the kernel and user space
processes, as well as between user space processes alone (like e.g., unix sockets) or a mixture of multiple user space and kernel space processes. However, unlike INET sockets, it cannot traverse host boundaries, as it addresses processes by their (inherently local) PID
s.
Netlink was designed for and is used to transfer miscellaneous networking information between the Linux kernel
space and user space processes. Many networking utilities use Netlink to communicate with the Linux kernel from user space, for example iproute2
. Netlink consists of a standard socket
-based interface for user space processes and an internal kernel API
for kernel modules. It is designed to be a more flexible successor to ioctl
. Originally, Netlink uses the AF_NETLINK socket family.
RFC 3549 describes netlink protocol in detail.
error = ioctl(ip_socket, ioctl_type, &value_result);
Netlink was first provided in Linux 2.0 as a character device. This interface is obsolete, but as ioctl it can still be used too.
The Netlink socket interface appeared in the 2.2 Linux kernel.
The data portion then contains a subsystem-specific message that may be further nested.
int socket(AF_NETLINK, SOCK_DGRAM or SOCK_RAW, protocol)
Unfortunately, it seems that there is no standard, and it is unclear as to whether or not SOCK_DGRAM and SOCK_RAW are implemented on a given Linux (or other OS) release. Some sources state that both options are legitimate, and the reference below from Red Hat states that SOCK_RAW is always the parameter, however iproute2 uses both interchangeably.
This may change anytime as there is no "standard" to which the Linux development community sticks. However, a non-exhaustive list of the supported protocol entries follows:
implements:
security association
and security policy databases. It is mostly used by Key Manager daemons when they are used in Internet Key Exchange
protocol.
Inter-process communication
In computing, Inter-process communication is a set of methods for the exchange of data among multiple threads in one or more processes. Processes may be running on one or more computers connected by a network. IPC methods are divided into methods for message passing, synchronization, shared...
between the kernel and user space
User space
A conventional computer operating system usually segregates virtual memory into kernel space and user space. Kernel space is strictly reserved for running the kernel, kernel extensions, and most device drivers...
processes, as well as between user space processes alone (like e.g., unix sockets) or a mixture of multiple user space and kernel space processes. However, unlike INET sockets, it cannot traverse host boundaries, as it addresses processes by their (inherently local) PID
Process identifier
In computing, the process identifier is a number used by most operating system kernels to uniquely identify a process...
s.
Netlink was designed for and is used to transfer miscellaneous networking information between the Linux kernel
Linux kernel
The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....
space and user space processes. Many networking utilities use Netlink to communicate with the Linux kernel from user space, for example iproute2
Iproute2
iproute2 is a collection of utilities for controllingTCP and UDP IP networking and traffic control in Linux, in both IPv4 and IPv6 networks. It is currently maintained by Stephen Hemminger...
. Netlink consists of a standard socket
Internet socket
In computer networking, an Internet socket or network socket is an endpoint of a bidirectional inter-process communication flow across an Internet Protocol-based computer network, such as the Internet....
-based interface for user space processes and an internal kernel API
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
for kernel modules. It is designed to be a more flexible successor to ioctl
Ioctl
In computing, ioctl, short for input/output control, is a system call for device-specific operations and other operations which cannot be expressed by regular system calls. It takes a parameter specifying a request code; the effect of a call depends completely on the request code. Request codes are...
. Originally, Netlink uses the AF_NETLINK socket family.
RFC 3549 describes netlink protocol in detail.
History
As mentioned earlier, Netlink was created as a more flexible alternative to the sophisticated and awkward ioctl communication method which was used for setting and getting external socket options. Sockets ioctl interface is still supported by the Linux kernel for backward compatibility however. It can be used as follows:error = ioctl(ip_socket, ioctl_type, &value_result);
Netlink was first provided in Linux 2.0 as a character device. This interface is obsolete, but as ioctl it can still be used too.
The Netlink socket interface appeared in the 2.2 Linux kernel.
Packet structure
Unlike the BSD socket access to Internet protocols like TCP/etc. where the headers specifying flags and destination are autogenerated, the Netlink message header (available as struct nlmsghdr) must be prepared by the program itself, as the socket generally works in a SOCK_RAW-like mode, even if SOCK_DGRAM was used to create it.bit offset | 0–15 | 16-31 | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | Message length | |||||||||||||||||||||||||||||||
32 | Type | Flags | ||||||||||||||||||||||||||||||
64 | Sequence number | |||||||||||||||||||||||||||||||
96 | PID | |||||||||||||||||||||||||||||||
128+ | Data |
The data portion then contains a subsystem-specific message that may be further nested.
Netlink Socket Families
For the AF_NETLINK family, there are multiple protocol subsets. Each of these interfaces to a different kernel component and has a different messaging subset. The following protocol is referenced in the field below:int socket(AF_NETLINK, SOCK_DGRAM or SOCK_RAW, protocol)
Unfortunately, it seems that there is no standard, and it is unclear as to whether or not SOCK_DGRAM and SOCK_RAW are implemented on a given Linux (or other OS) release. Some sources state that both options are legitimate, and the reference below from Red Hat states that SOCK_RAW is always the parameter, however iproute2 uses both interchangeably.
This may change anytime as there is no "standard" to which the Linux development community sticks. However, a non-exhaustive list of the supported protocol entries follows:
NETLINK_ROUTE
NETLINK_ROUTE provides routing and link information. This information is used primarily for user-space routing daemons. There is a large subset of messages that LinuxLinux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
implements:
- Link Layer: RTM_NEWLINK, RTM_DELLINK, RTM_GETLINK, RTM_SETLINK
- Address Settings: RTM_NEWADDR, RTM_DELADDR, RTM_GETADDR
- Routing Tables: RTM_NEWROUTE, RTM_DELROUTE, RTM_GETROUTE
- Neighbor Cache: RTM_NEWNEIGH, RTM_DELNEIGH, RTM_GETNEIGH
- Routing Rules: RTM_NEWRULE, RTM_DELRULE, RTM_GETRULE
- Queuing Discipline Settings: RTM_NEWQDISC, RTM_DELQDISC, RTM_GETQDISC
- Traffic Classes used with Queues: RTM_NEWTCLASS, RTM_DELTCLASS, RTM_GETTCLASS
- Traffic filters: RTM_NEWTFILTER, RTM_DELTFILTER, RTM_GETTFILTER
- Others: RTM_NEWACTION, RTM_DELACTION, RTM_GETACTION, RTM_NEWPREFIX, RTM_GETPREFIX, RTM_GETMULTICAST, RTM_GETANYCAST, RTM_NEWNEIGHTBL,RTM_GETNEIGHTBL, RTM_SETNEIGHTBL
NETLINK_FIREWALL
NETLINK_FIREWALL provides an interface for a user-space app to receive packets from the firewall.NETLINK_NFLOG
NETLINK_NFLOG provides an interface used to communicate between used Netfilter and iptables.NETLINK_ARPD
NETLINK_ARPD provides an interface to manage the ARP table from user space.NETLINK_AUDIT
NETLINK_AUDIT provides an interface to the audit subsystem found in kernel versions 2.6.6 and later.NETLINK_XFRM
NETLINK_XFRM provides an interface to manage the IPsecIPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
security association
Security association
A Security Association is the establishment of shared security attributes between two network entities to support secure communication. An SA may include attributes such as: cryptographic algorithm and mode; traffic encryption key; and parameters for the network data to be passed over the...
and security policy databases. It is mostly used by Key Manager daemons when they are used in Internet Key Exchange
Internet key exchange
Internet Key Exchange is the protocol used to set up a security association in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP...
protocol.
User-defined Netlink protocol
The user can add a netlink handler in their own kernel routines. This allows additional Netlink protocols to be developed to address new kernel modules. The Linux Journal article Why and How to Use Netlink Sockets provides some guidance on how to create Netlink sockets on the kernel side.External links
- Pablo Neira Ayuso, Rafael M. Gasca, Laurent Lefèvre. Communicating between the kernel and user-space in Linux using Netlink sockets. Software: Practice and Experience, 40(9):797-810, August 2010
- Why and How to Use Netlink Sockets
- RFC 3549
- http://netfilter.org/projects/libmnl — “Minimalist Library for Netlink” — userspace library for construction and parsing of Netlink messages
- Manipulating the Networking Environment Using RTNETLINK
- Netlink Sockets - Overview