Linux -- Netlink

The first day of the holiday.

 

Remember Master Steven S.

Best references:

1. Master from the Internet.

2. Linux man command: Man Netlink, man rtnetlink.

3. UNP V1 Chapter 1.

4. http://blog.csdn.net/unbutun/archive/2010/01/10/5170059.aspx

 

Http://en.wikipedia.org/wiki/Netlink

 

Http://yongqig.onlyblog.com/blog2/enchen/8605.html

Http://linux.chinaunix.net/techdoc/develop/2006/10/15/942169.shtml

Http://yangelc.blog.sohu.com/68245920.html

Http://www.chinaunix.net/jh/4/822500.html

Http://www.ibm.com/developerworks/cn/linux/l-kerns-usrs/

 

 

Article 1: Overview.

To put it simply, Linux uses the Netlink mechanism to communicate with the corresponding modules in the kernel to control the devices (most of which are network-related ).

The man manual says:

 

Netlink is used to transfer information between kernel and userspace processes. it consists of a standard sockets-based interface for userspace processes and an internal kernel API for kernel modules. the internal kernel interface is not supported ented in this manual page. there is also an obsolete Netlink interface via Netlink character devices; this interface is not supported ented here and is only provided for backwards compatibility.

I translated:

Netlink is used for communication between processes in the kernel and user space. The Netlink mechanism consists of socketapi in the user space and system calls of the kernel module. The Manual does not mention kernel system calling interfaces. As for the interface API of The Netlink character device, the interface API of The Netlink character device is for backward compatibility.

 

 

In addition, the routing socket in chapter 1 of unpv1 is not applicable to Linux. Linux uses the Netlink mechanism to completely replace the routing socket interface mechanism of BSD.

# Definepf_routepf_netlink/* alias to emulate 4.4bsd .*/

Question: What is socket? That is, the combination of IP addresses and ports.

Article 2: netlink socket Descriptor

Int sockfd = socket (af_netlink, sock_type, netlink_faimly );

 

1. sock_type: Netlink is a datain-oriented service, as stated in the man manual. Netlink is a datagram-oriented service. Therefore, sock_raw and sock_dgram can be used instead of sock_stream. The Manual also mentions that the Netlink mechanism does not distinguish between a datagram socket and a raw socket.

 

2. netlink_faimly: Specifies the protocol for communication with which the kernel module is located, as follows:

 

Netlink_route: Route daemon

Es routing and link updates and may be used to modify the routing tables (both IPv4 and IPv6), IP addresses, link parameters, neighbor setups, Queueing disciplines, traffic classes and packet classifiers (see rtnetlink (7 )).

 

Netlink_w1: 1-wire Subsystem

Messages from 1-wire subsystem.

 

Netlink_usersock: User-mode SOCKET protocol

Reserved for user-mode socket protocols.

 

Netlink_firewall: Firewall

Transport IPv4 packets from netfilter to userspace. Used by ip_queue kernel module.

 

Netlink_inet_diag: Socket monitoring

Inet socket monitoring.

 

Netlink_nflog: netfilter log

Netfilter/iptables ulog.

 

Netlink_xfrm: IPSec Security Policy

IPSec.

 

Netlink_selinux: SELinux Event Notification

SELinux Event Events.

 

Netlink_iscsi: iSCSI Subsystem

Open-iSCSI.

 

Netlink_audit: Process Audit

Auditing.

 

Netlink_fib_lookup: query the forwarding table.

Access to fib lookup from userspace.

 

Netlink_connector: Netlink connector kernel connector. see documentation/connector/* in the kernel source for further information. netlink_netfilter: netfilter subsystem. netlink_ip6_fw: ipv6 firewall transport IPv6 packets from netfilter to userspace. used by ip6_queue kernel module. netlink_dnrtmsg: decnet route information decnet routing messages. netlink_kobject_uevent: kernel events notify users of kernel messages to use Rspace. netlink_generic: General Netlink generic Netlink family for simplified Netlink usage. function close is used to close the opened netlink socket. Article 3: netlink socket address Structure

# Inlcude <Linux/Netlink. h>

Struct sockaddr_nl {// almost the same as sockaddr in TCP.

Sa_family_tnl_family;/* Must Be af_netlink or pf_netlink */

Unsigned shortnl_pad;/* Reserved unused, initially 0 */

_ U32nl_pid;/* port ID ,*/

_ U32nl_groups;/* multicast groups mask multicast group mask */

};

Nl_pid:1. when used as a parameter of the BIND function, it is to assign a name to socketfd without a name. Only one parameter must ensure uniqueness when there are multiple Netlink socketfd. Method 1: Ensure uniqueness by the user: when a process has only one Netlink socketfd, you can specify nl_pid as any integer. getpid () is a good choice. However, when a process has multiple netlinksocketfd instances, it cannot be specified as getpid (). The difference must be made. Method 2: The man manual points out that when the nl_pid is assigned to 0, no matter how many Netlink socketfd in a process, the kernel will ensure their uniqueness. 2. As a parameter for functions such as sendto: it is used to specify the data sending destination. When the destination is another process, the PID of the process can be assigned, which is almost useless. When it is sent to the kernel, it is directly assigned 0. Nl_groups: Each Netlink Protocol has a set of 32 multicast groups. A binary digit of nl_groups represents a group of 32. 1. as a parameter of the BIND function, it is used to add the calling process to the multicast group specified by the nl_groups (whether it can be added to multiple groups at the same time, that is, the multiple-bit nl_groups is 1, not verified). If it is set to 0, the caller is not added to any multicast group. 2. When used as a parameter for functions such as sendto. If the value of nl_groups is 0, use nl_pid to send unicast data. If the value of nl_groups is not 0, use nl_pid to send multicast data. Article 4: Netlink message.

The message that Netlink communicates with the kernel has two parts: header and data.

First, Netlink socket and TCP require the header to receive and send data. It is mainly used for multiplexing, multi-channel decomposition, and other control measures.

 

 

Struct nlmsghdr {// This structure is used to indicate the header (header ).

_ U32 nlmsg_len;/* length of message including Header. The entire data size, including the header and data to be received/sent */

_ 2010nlmsg_type;/* type of message content. Purpose of receiving/sending data */

 

_ 2010nlmsg_flags;/* Additional flags. Additional flag */

_ U32 nlmsg_seq;/* sequence number. Serial number, which indicates the number of the Message */

_ U32 nlmsg_pid;/* PID of the sending process .*/

};

Nlmsg_seq and nlmsg_pid are used to track messages. The former indicates the sequence number, and the latter indicates the ID of the message source process.

If a message is composed of multiple data packets, that is to say, the message has multiple headers. Of course, each header is followed by the data part. In addition to the last datagram, set nlm_f_multi in the nlmsg_flags header for each part, and set the nlmsg_type header for the last datagram to nlmsg_done. This situation is mostly caused by the kernel to the user space. Therefore, these flags are generally assigned by the kernel. We do not need to assign values, but only receive messages to detect these flags.

 

 

Nlmsg_type: The value is as follows:

The following four values are generally set by the kernel for detection after we receive data.

1. nlmsg_noop: message is to be ignored; this message type indicates that the data content is empty, and the application can ignore the message

2. nlmsg_error: Message signals an error and the payload contains an nlmsgerr structure the message type indicates that the data part is an error message, and the structure of the data part is as follows:

Struct nlmsgerr {

Int error;/* negative errno or 0 for acknowledgements; negative number indicates the error number errno or 0. Check acks */

Struct nlmsghdr MSG;/* message header that caused the error: an error message header */

};

3. nlmsg_done: Message terminates a multipart message. When we receive or send a message to the kernel, multiple packets may be sent at a time. This message type indicates the last packet.

4. nlmsg_overrun: data lost.

The following are the types supported by the netlink_route protocol. For other protocols to be studied, each type corresponds to different bearer structures of the subsequent data. The netlink_route protocol supports the following types:

1. Link Layer: Create, delete, obtain, and set network device information: rtm_newlink, rtm_dellink, rtm_getlink, rtm_setlink

Corresponding data structure: in Linux/rtnetlink. h

 

Struct ifinfomsg {/* struct ifinfomsg passes link level specific information, not dependent on network protocol .*/

Unsigned charifi_family;

Unsigned char _ ifi_pad;

Unsigned shortifi_type;/* arphrd _**/

Intifi_index;/* link Index */

Unsignedifi_flags;/* IFF _ * flags */

Unsignedifi_change;/* IFF _ * Change mask */

};

 

2. Address Settings: Create, delete, and obtain network device IP information: rtm_newaddr, rtm_deladdr, rtm_getaddr

Corresponding data structure: in Linux/if_addr.h

 

 

Struct ifaddrmsg {

_ U8ifa_family;

_ U8ifa_prefixlen;/* the prefix length */

_ U8ifa_flags;/* flags */

_ U8ifa_scope;/* address scope */

_ U32ifa_index;/* link Index */

};

 

 

3. Routing tables: Create, delete, and obtain route information of network devices: rtm_newroute, rtm_delroute, rtm_getroute

Corresponding data structure: in Linux/rtnetlink. h

 

 

Struct rtmsg {// definitions used in routing table administration.

Unsigned charrtm_family;/* route table address family */

 

Unsigned charrtm_dst_len;/* destination length */

 

Unsigned charrtm_src_len;/* Source length */

 

Unsigned charrtm_tos;/* TOS */

 

Unsigned charrtm_table;/* routing table ID * // * route table selection */

 

Unsigned charrtm_protocol;/* routing protocol; see below * // * routing protocol */

 

Unsigned charrtm_scope;/* See below */

Unsigned charrtm_type;/* See below */

Unsignedrtm_flags;

};

 

 

4. Neighbor cache: Create, delete, and obtain adjacent information of network devices: rtm_newneigh, rtm_delneigh, rtm_getneigh

 

Corresponding data structure: in Linux/neighbor. h

 

Struct ndmsg {

_ U8ndm_family;

_ U8ndm_pad1;

_ U16ndm_pad2;

_ S32ndm_ifindex;

_ U16ndm_state;

_ U8ndm_flags;

_ U8ndm_type;

};

 

Struct nda_cacheinfo {

_ U32ndm_confirmed;

_ U32ndm_used;

_ U32ndm_updated;

_ U32ndm_refcnt;

};

 

 

 

 

5. Routing rules: Create, delete, and obtain route Rule Information: rtm_newrule, rtm_delrule, rtm_getrule

 

Corresponding data structure: struct rtmsg in Linux/rtnetlink. h

 

 

6. queuing discipline settings: Principles for creating, deleting, and obtaining Queues: rtm_newqdisc, rtm_delqdisc, and rtm_getqdisc

 

Corresponding data structure: in Linux/rtnetlink. h

 

Struct tcmsg {// traffic control messages.

Unsigned chartcm_family;

Unsigned chartcm _ pad1;

Unsigned shorttcm _ pad2;

Inttcm_ifindex;

_ U32tcm_handle;

_ U32tcm_parent;

_ U32tcm_info;

};

 

 

7. Traffic classes used with Queues: class for creating, deleting, and retrieving traffic: rtm_newtclass, rtm_deltclass, and rtm_gettclass

 

Data Structure of the corresponding part: struct tcmsg in Linux/rtnetlink. h

 

 

8. Traffic filters: excessive considerations for creating, deleting, and retrieving traffic: rtm_newtfilter, rtm_deltfilter, and rtm_gettfilter

 

 

Data Structure of the corresponding part: struct tcmsg in Linux/rtnetlink. h

9. Others: rtm_newaction, rtm_delaction, rtm_getaction, rtm_newprefix, rtm_getprefix, rtm_getmulticast,

Rtm_getanycast, rtm_newneightbl, rtm_getneightbl, rtm_setneightbl

Nlmsg_flags: This member is used to control and represent messages,The value is as follows:

 

1. Standard flag bits in nlmsg_flags

Nlm_f_request must be set on all request messages. indicates that a message is a request, and this flag should be set for the first message initiated by all applications ., This sign can be combined with one of the following.

 

• Nlm_f_root is used by various data acquisition operations of the Netlink protocol. This flag indicates that the requested data table should be returned to the user application as a whole, rather than an entry. A request with this flag usually sets the nlm_f_multi flag for the response message. Note: When this flag is set, the request is protocol-specific. Therefore, you must specify the protocol type in the nlmsg_type field.
• Nlm_f_match indicates that only one data subset is required for a specific request of the Protocol. The data subset is matched by a specific filter of the specified protocol.
• Nlm_f_atomic returns the snapshot of the object table
• Nlm_f_dump is defined as nlm_f_root | nlm_f_match
• Nlm_f_replace is used to replace existing entries in the data table.
• Nlm_f_excl is used in combination with create and append. If an entry already exists, it will fail.
• Nlm_f_creat indicates that an entry should be created in the specified table.
• Nlm_f_append indicates adding a new entry to the end of the table.

 

Nlm_f_multi the message is part of a multipart message terminated by nlmsg_done. It is used to indicate that the message is a part of a multi-part message. Subsequent messages can be obtained through the macro nlmsg_next.

 

Nlm_f_ack request for an acknowledgment on success. indicates that the message is the response of the previous request message. The sequence number and process ID can associate the request with the response.

 

Nlm_f_echo echo this request. indicates that the message is returned by a related package.

 

 

2. Additional flag bits for get requests

Nlm_f_root return the complete table instead of a single entry.

Nlm_f_match return all entries matching criteria (standard, required) passed in message content. Not implemented yet.

Nlm_f_atomic return an atomic snapshot of the table.

Nlm_f_dump convenience macro; equivalent to (nlm_f_root | nlm_f_match ).

Note that nlm_f_atomic requires the cap_net_admin capability or an alternative tive uid of 0.

 

3. Additional flag bits for new requests

Nlm_f_replace replace existing matching object.

Nlm_f_excl don't replace if the object already exists.

Nlm_f_create create object if it doesn't already exist.

Nlm_f_append Add to the end of the Object List.

Article 5 Netlink and kernel communication Linux defines multiple macros to help us send and receive Netlink messages and communicate with the kernel. # Include <ASM/types. h> # Include <Linux/Netlink. h>1. Int nlmsg_align (size_t Len); # define nlmsg_alignto4 # define nlmsg_align (LEN) + NLMSG_ALIGNTO-1 )&~ (NLMSG_ALIGNTO-1) // The macro nlmsg_align (LEN) is used to obtain the minimum value not smaller than Len and the byte align. 2. # define nlmsg_hdrlen (INT) nlmsg_align (sizeof (struct nlmsghdr) // header length 3.int nlmsg_length (size_t Len); # define nlmsg_length (LEN) + nlmsg_align (nlmsg_hdrlen) // The macro nlmsg_length (LEN) is used to calculate the actual message length when the data part length is Len. It is generally used to allocate message cache. 4. int nlmsg_space (size_t Len); # define nlmsg_space (LEN) nlmsg_align (nlmsg_length (LEN) // macro nlmsg_space (LEN) returns no less than nlmsg_length (LEN) and the minimum value of the byte alignment. It is also used to allocate the message cache. 5. void * nlmsg_data (struct nlmsghdr * NLH); # define nlmsg_data (NLH) (void *) (char *) NLH) + nlmsg_length (0 ))) // The macro nlmsg_data (NLH) is used to obtain the first address of the Data part of the message. This macro is used to set and read the data part of the message. 6. struct nlmsghdr * nlmsg_next (struct nlmsghdr * NlH, int Len); # define nlmsg_next (NLH, Len) (LEN)-= nlmsg_align (NLH)-> nlmsg_len ), (struct nlmsghdr *) (char *) (NLH) + nlmsg_align (NLH)-> nlmsg_len) // macro nlmsg_next (NLH, Len) this macro is used to obtain the first address of the next message and reduce Len to the total length of the remaining message. It is used when a message is divided into several parts for sending or receiving. 7. int nlmsg_ OK (struct nlmsghdr * NlH, int Len); # define nlmsg_ OK (NLH, Len) (LEN)> = (INT) sizeof (struct nlmsghdr) & (NLH) -> nlmsg_len> = sizeof (struct nlmsghdr) & (NLH)-> nlmsg_len <= (LEN) // macro nlmsg_ OK (NLH, Len) it is used to determine whether a message has such a long Len. 8. int nlmsg_payload (struct nlmsghdr * NlH, int Len); # define nlmsg_payload (NLH, Len) (NLH)-> nlmsg_len-nlmsg_space (LEN ))) // macro nlmsg_payload (NLH, Len) is used to return the length of payload. After setting the preceding message, we can use sendto and Recv to send and receive data respectively.