Transcription of Understanding And Programming With Netlink Sockets
1 Understanding And Programming WithNetlink SocketsNeil HormanVersion 6, 20041 Contents1 Introduction32 The Netlink Address Socket Creation .. Sending and Receiving Datagrams .. The Netlink Socket Address Structure .. 53 The Netlink Message The Netlink Header .. Netlink Utility Macros .. A Visual Overview .. 104 The NETLINKFIREWALL Creation and Use .. Message Types .. IPQMMODE .. IPQMPACKET .. IPQMVERDICT .. Example use of the NETLINKFILTER protocol .. 165 The NETLINKROUTE Creation and Use.
2 The NETLINKROUTE message macros .. Another Visual Overview .. Message Types .. The LINK messages .. The ADDR messages .. The ROUTE messages .. The NEIGH messages .. The RULE messages .. The QDISC messages .. The CLASS messages .. The FILTER messages .. 246 Adding Netlink Protocols in the Kernel251 List of Figures1 Netlink message layout and Netlink macro interaction .. 102 Netlink route protocol message layout and macro interaction . 2021 IntroductionNetwork configuration in Linux, and in various implementations of Unix ingeneral, has always been something of an afterthought from the programmerspoint of view.
3 Adding routes, neighbor table entries, or interface configura-tion options required a somewhat haphazard combination of raw Sockets ,ioctl calls and specialized pseudo-network protocols. In the Linux ker-nel, developers began an effort to create a more standard interface for theconfiguration of the networkcontrol plane1. This configuration interface andprotocol, known asnetlink socketsaims to create a communication frame-work suitable for setting all aspects of the network control plane. While thebuild out of the Netlink system is not complete, it is clearly the new methodfor network configuration, and the infrastructure is reasonably solidified andoperational.
4 This paper aims to document the format and use of both thenetlink socket family and its currently implemented whitepaper is intended to be used as a Programming guide andreference. It assumes that the reader has a prior familiarity both with Cprogramming, and with socket logical subsection of network communication responsible for controlling the de-vices which forward network data32 The Netlink Address Socket CreationThe Netlink address family uses the standard BSD socket API as its interfacebetween user-space programs and various kernel components.
5 The creationof a Netlink socket is preformed in the exact same way as any other networksocket,via thesocketlibrary call:socketfd=socket(AFNETLINK,SOCKRAW,p rotocol);The address family is always given as AFNETLINK, and its type is alwaysgiven as SOCKRAW. The only variation in the creation of a Netlink socketis the protocol provided. The list of available protocols is and will continueto change as configuration aspects of the Linux network stack add in theirconfigurability. As of this writing, the list of available protocols is as follows: NETLINKARPD NETLINKFIREWALL NETLINKIP6FW NETLINKNFLOG NETLINKROUTE NETLINKROUTE6 NETLINKTAPBASE NETLINKTCPDIAG NETLINKXFRMEach of these protocols is individually described in its own Sending and Receiving DatagramsNetlink Sockets are connectionless, and operate in much the same way UDP2sockets do.
6 Messages are sent to recipients on an open Netlink socket via thesendtoandsendmsglibrary calls. Messages are received by therecvfromandrecvmsglibrary calls. Note that messages are notexchanged with the2 User Datagram Protocol4sendandrecvlibrary calls. This is because Netlink Sockets are connection-less. Much like UDP Sockets , Netlink messages are transferred in such there is no guarantee of delivery between socket endpoints, althoughthere are mechanisms in the Netlink message header which are designed tohelp the programmer add a level of reliability to the protocol for those ap-plications which require The Netlink Socket Address StructureThe Netlink socket address address structure, namedstruct sockaddrnlispassed to all calls which send or receive Netlink Sockets .
7 This structure bothinforms the kernel networking stack of a datagrams destination, and informsa user-space program of a received frames source. The strucutre is definedas follows:struct sockaddrnl{safamilyt nlfamily;unsigned short nlpad;u32 nlpid;u32 nlgroups;} nlfamily- This field defines the address family of the message beingsent over the socket. This should always be set to AFNETLINK. nlpad- This field is unused and should always be set to zero. nlpid- This field is PID3of the process that should receive the framebeing sent, or the process which sent the frame being received.
8 Set thisvalue to the PID of the process you wish to recieve the frame, or tozero for a multicast message or to have the kernel process the message. nlgroups- This field is used for sending multicast messages overnetlink. Each Netlink protocol family has 32 multicast groups whichprocesses can send and receive messages on. To subscribe to a particu-lar group, thebindlibrary call is used, and the nlgroups field is set tothe appropriate bitmask. Sending multicast frames works in a simmilarfashion, by setting the nlgroups field to an appropriate set of valueswhen callingsendtoorsendmsg.
9 Each protocol uses the multicastgroups differently, if at all, and their use is defined by Identifier5 Thesockaddrnlstructure is cast to a standardsockaddrstructureand passed in as the appropriate parameter to thesendandrecvfamiles oflibrary The Netlink Message FormatIn the same way that every IP4message has an standard IP header, netlinkmessages all have an identical header on each message sent and other protocols however, the programmer is required to build thisheader for each frame. This header is used to store metadata about eachnetlink message and forms the base infrastructure of every Netlink The Netlink HeaderThe Netlink header is defined as follows:struct nlmsghdr{u32 nlmsglen;u16 nlmsgtype;u16 nlmsgflags;u32 nlmsgseq;u32 nlmsgpid;} nlmsglen- Each Netlink message header is followed by zero or morebytes of ancilliary data.
10 This 4 byte field records the total amount ofdata in the message, including the header itself. nlmsgtype- This 2 byte field defines the format of the data whichfollows the Netlink message header nlmsgflags- This 2 byte field or logically OR ed bits defines vari-ous control flags which determine who each message is processed andinterpreted: NLMFREQUEST- This flag identifies a request message. Itshould be set on almost all application initiated messages NLMFACK- This flag identifies a response to a previous re-quest packet. The sequence and pid values can be used to correlatethe request to the response.
