From Fedora Project Wiki


G__81 this session is about Netlink Sockets. I would like this session to be as introduction to linux netlink sockets 14:11
G__81 the second session could be more on the next level 14:11
G__81 details 14:11
G__81 ok now 14:11
G__81 what are linux netlink sockets 14:11
G__81 ? 14:11
G__81 netlink sockets are very similar to normal sockets except that its basically used for user-space to kernel space communication and vice-versa 14:12
G__81 so what do we achieve with this 14:12
G__81 in the linux kernel there are many drivers which gets loaded when the system gets booted 14:13
G__81 it could be network drivers, char drivers etc 14:13
G__81 and once the driver gets loaded into the kernel you would need some means to configure that driver from user space. there are many options to do it 14:13
... join!#fedora-classroom -> zer0c00l_(n=zer0c00l@ 14:14
G__81 famous ones are ioctls, netlink sockets, procfs, and many more 14:14
LynuxDevil ok. cool 14:14
... signoff!#fedora-classroom -> zer0c00l(Read error: 104 (Connection reset by peer)) 14:14
G__81 they all at the end of the day do the same thing of having user space to kernel space communication but there is a small twist 14:15
G__81 here 14:15
G__81 let me explain it a little further 14:15
G__81 with an example: Lets say i write a driver and i want to configure it from user space when i say configure lets say i want to send some data from user space. I could use ioctls to do it 14:15
G__81 so what happens is that i get the data in the kernel driver and i process it 14:16
... nick!zer0c00l_ -> zer0c00l 14:16
G__81 now what if i want the user space to get data from the kernel space how do i do it . Yeah i could still use ioctls but with ioctls the user space has to query the kernel space everytime for data ie 14:17
G__81 the user space can get data by asking the kernel space whether you have it. If it does not have it, you dont get it but lets say you want the user space to get the data when the kernel space receives it rather than user space asking for it 14:18
G__81 at that point of time 14:18
G__81 you would need something else and you would get into netlinks 14:18
G__81 a typical example is this 14:18
LynuxDevil G__81: do you get a NULL pointer if you try to request a socket into a driver that does not exist? 14:18
LynuxDevil I do not know that much about C or C++ 14:19
G__81 lets say you have a finite state machine running in user space and its expecting some data from the kernel space and assume that the data its expecting is a packet from the kernel driver that you have written so how would your kernel driver give the data to the user space ( The complete packet) 14:19
G__81 because you never know in the kernel driver when you would get the packet in the driver 14:20
... join!#fedora-classroom -> MarilynManson(i=Randy@unaffiliated/reznor) 14:20
G__81 LynuxDevil, you dont get null pointers you get error codes 14:20
G__81 LynuxDevil, the socket calls generally returns an error if the socket is not created 14:21
G__81 and you cannot request a socket into the driver 14:21
LynuxDevil oh 14:21
G__81 any questions till now ? 14:21
LynuxDevil MarilynManson: Hi, and welcome 14:21
G__81 can i proceed ? 14:21
LynuxDevil if it's OK with MarilynManson then yes 14:22
MarilynManson proceed 14:22
* mharris suggests "man 7 netlink" and "man 3 netlink" as useful reading materials also 14:22
LynuxDevil he would want logs of this channel, I'm sure 14:22
LynuxDevil ok, let's go 14:22
G__81 ok 14:23
G__81 now how does this communication happen between user space and kernel space driver 14:23
... join!#fedora-classroom -> stanback( 14:23
LynuxDevil yeah, good question, how does it? 14:23
G__81 how many here have some knowledge on kernel networking drivers or any drivers for that matter? 14:23
LynuxDevil not me 14:24
l0nwlf_ neither me 14:24
MarilynManson I have some experience installing drivers 14:24
zer0c00l G__81, no i dont have 14:24
LynuxDevil I want to become a kernel developer but at the age of 15 uhh...I need skills, that's all I can say 14:24
G__81 ok.. in that case i ll explain some stuff before i get into this 14:24
LynuxDevil I can do the installing drivers, the math, and soon the C 14:24
G__81 so that you would know how it works and visualize it 14:24
LynuxDevil but no more besides compiling the kernel with make menuconfig 14:24
LynuxDevil I have made tons of kernels, and they where all optimized and worked great, except for one or two 14:25
G__81 i guess then today's session could be more on introduction and the next sessions i could have code walk throughs in the linux kernel with respect to netlinks 14:25
G__81 ok now coming back to the topic 14:25
G__81 when we do ifconfig you see eth0, eth1 and so on 14:25
LynuxDevil uh huh 14:26
LynuxDevil yeah 14:26
G__81 how does this happen 14:26
G__81 let me give you an example: 14:26
LynuxDevil files in /proc/net/ get accessed and maybe NetLink 14:26
LynuxDevil you can "fix" the permissions of files in /proc/net/ to restrict access to info about interfaces from normal users 14:26
LynuxDevil ok, go on 14:27
G__81 no 14:27
G__81 i ll tell you why 14:27
G__81 before i proceed 14:27
LynuxDevil ok 14:27
G__81 ok how do 2 processes in user space communicate with each other ? 14:28
G__81 or rather whats that that makes a process unique ? 14:28
G__81 or how does the kernel distinguish one process from an other ? 14:28
mharris PID 14:29
G__81 perfect 14:29
G__81 yes 14:29
LynuxDevil yes 14:29
LynuxDevil PID 14:29
zer0c00l 2 process commn with each other using IPC mechs like dbus 14:29
G__81 yeah zer0c00l 14:29
LynuxDevil yep 14:29
LynuxDevil and? 14:29
G__81 now if you take the same aspect, the kernel module drivers which gets loaded into the kernel is not run as a process when you do a ps -ef it does not show the kernel drivers 14:30
G__81 right? 14:30
... signoff!#fedora-classroom -> killefiz(Remote closed the connection) 14:30
G__81 so when it does not have a process ID how does the user space program know that i want to communicate to driver A and not with driver B 14:30
... join!#fedora-classroom -> killefiz(n=sven@fedora/killefiz) 14:30
LynuxDevil yes 14:30
LynuxDevil right 14:30
G__81 yes for that you need a name/number which identifies your driver 14:31
G__81 it differs on the type of the driver that you write 14:31
LynuxDevil G__81: it asks the kernel by looking in /sys/, /proc/, /config/, or /security/, and then it goes on to NetLink 14:31
G__81 what can it ask ? 14:31
G__81 it either should know something to ask 14:31
LynuxDevil you give your module a struct that specifies it's name and other info 14:31
LynuxDevil G__81: the kernel, about it's currently loaded modules 14:32
G__81 you mean in the user space ? 14:32
LynuxDevil yes, in your C file 14:32
G__81 C file in the sense ? 14:32
G__81 user space or kernel space ? 14:32
LynuxDevil a C file for a kernel module, in kernel 14:32
G__81 both are C files :) 14:32
... join!#fedora-classroom -> MostafaDaneshvar(n=MostafaD@unaffiliated/mostafadaneshvar) 14:33
LynuxDevil I expect FUSE to use netlink as well 14:33
G__81 how does the user space program know that there is a driver A exists and i want to send Hello to A and not to B driver 14:33
LynuxDevil it asks the kernel 14:33
LynuxDevil what else? 14:33
G__81 ask what ? 14:33
LynuxDevil asks it about loaded drivers it can contafct 14:33
LynuxDevil then it picks a module, and there you go 14:33
LynuxDevil it communicates with that module using netlink or files 14:34
LynuxDevil and? 14:34
G__81 hmmm you are kind of right but let me explain it more 14:34
G__81 now lets say you write the networking driver and you want that driver to be communicated from user space 14:35
G__81 what do you do is this 14:35
... signoff!#fedora-classroom -> nowx("Leaving") 14:35
... signoff!#fedora-classroom -> jainbasil(Read error: 110 (Connection timed out)) 14:35
LynuxDevil my UML kernel is still compiling by the way 14:35
G__81 1. allocate memory for the data structure (eg:net_device if its a networking driver) 2. initialize the necessary params. 3. Register that driver/interface with the kernel 14:36
G__81 now when i say register with the kernel 14:36
G__81 what happens is that 14:36
... leave!#fedora-classroom -> micha_silver("Leaving") 14:36
G__81 when the driver is loaded using modprobe my_driver 14:36
G__81 the driver gets registered with the kernel and when you do ifconfig 14:37
LynuxDevil wow, really helpful 14:37
G__81 you would see my_driver in the list 14:37
G__81 now lets zoom that registering part a little more 14:37
LynuxDevil :) 14:37
LynuxDevil I will love to see that 14:37
LynuxDevil I should get my Mom's friend Sharon in here, she might like this. She uses Windows though 14:38
G__81 for creating an interface/driver with name "my_if0" you would need to give a name for it which would be a #define 14:38
G__81 #define DRV_NAME "my_if0" 14:38
LynuxDevil yes 14:38
G__81 now that has to be unique 14:39
LynuxDevil I've made little C programs before, and a C++ one that draws a square, a triangle, and a rectangle, with configurable sizes for each 14:39
LynuxDevil MarilynManson: add me on Skype 14:39
... signoff!#fedora-classroom -> openpercept("Leaving") 14:40
G__81 now when you create memory for your interface "my_if0" you need to tell the kernel that i need memory for this interface which is my_if0 and the kernel would allocate and return an instance of net_device data structure 14:40
G__81 whats net_device data structure ? 14:40
G__81 any idea ? 14:40
G__81 ok let me explain 14:40
LynuxDevil char* name; char* ver_magic; char* compatible_versions; <some more stuff> 14:40
LynuxDevil something like that 14:41
... join!#fedora-classroom -> zer0c00l_(n=zer0c00l@ 14:41
LynuxDevil oh 14:41
LynuxDevil net_device 14:41
LynuxDevil well, I dunno 14:41
G__81 net_device is a data structure which is maintained in the linux kernel for each device in the kernel. When i say each device i mean each interface (eth0,eth1,eth2 etc) 14:41
... signoff!#fedora-classroom -> zer0c00l_(Client Quit) 14:42
G__81 so the kernel maintains each and every interface in net_device 14:42
G__81 if you have 2 physical cards in your system eth0,eth1 you would need to have 2 instances of net_device data structures 14:43
G__81 any questions ? 14:43
G__81 till now ? 14:43
G__81 ok 14:44
G__81 let me proceed 14:44
G__81 now this name for each driver becomes unique and hence when you need to talk to your driver from user space you give this name and start talking 14:45
G__81 got it ? 14:45
mharris yup 14:45
G__81 ok now 14:45
G__81 let me take an example of netlinks and tell you how it works 14:45
G__81 lets say you have done the basic stuff of creating a interface for your driver which is myif0 and you have registered with the kernel and now you want to start off with the netlinks 14:46
G__81 what we do is 14:46
G__81 in the driver 14:46
G__81 you open a socket 14:46
G__81 with the call 14:46
LynuxDevil no 14:46
LynuxDevil no questions 14:47
G__81 which is netlink_kernel_create 14:47
... signoff!#fedora-classroom -> MostafaDaneshvar("Leaving.") 14:48
G__81 and to this API what we give is a number of arguments 14:48
G__81 a number, group_number,a function pointer and an instance of struct module 14:48
G__81 what are those 14:49
G__81 the number can be any number lets say you give the number 10 then you need to give the same number in the user space too 14:50
G__81 whats the group number. group number is given if you are going to send it to some many groups 14:50
G__81 2 or more drivers need to receive that message then you could use that option 14:50
G__81 the third argument is the function pointer where in a function is given 14:51
G__81 that function gets trigerred when a message in the kernel space is received from the user space 14:51
G__81 fourth paarameter which is an instance of struct module ; you basically give THIS_MODULE which identifies this particular instance of the module 14:52
G__81 any questions ? 14:52
G__81 so when you send some data from user space example: Hello world the function which is given as a parameter in the netlink_kernel_create gets called automatically 14:52
G__81 and you could print that data hello world 14:53
G__81 i ll tell you on how to print it and how to get data from the user space a little later 14:53
G__81 any questions ? 14:53
LynuxDevil no 14:54
G__81 ok now 14:54
G__81 the driver know that i ve got hello world now lets say the driver wants to say "Thank you" to User space program how does the driver know about the user space program 14:54
G__81 the answer is 14:54
LynuxDevil yes? 14:55
G__81 when user space program sends some data from user space to the kernel driver, the user space program fills its own PID in the Netlink message header where in there is a field to fill in the sender's PID and when the kernel driver receives it just responds to hello world by putting the user space PID as destination PID and sends it back 14:55
LynuxDevil wow! 14:56
G__81 :) 14:57
G__81 the command in linux "route" which adds a routing entry into the routing table uses netlink sockets 14:57
G__81 and the kernel audit daemon, udev uses netlink sockets to communicate with user space 14:57
LynuxDevil I am coloring my laptop red with Permi Mark 14:57
LynuxDevil er 14:57
LynuxDevil cool 14:58
G__81 any questions ? 14:58
LynuxDevil no 14:59
G__81 the netlink messages have a header and a payload 14:59
zer0c00l no 14:59
G__81 the header contains information like PID , length,type of the message, sequence number 15:00
G__81 if you want to send some information from user space 15:00
G__81 you would basically fill the structure 15:00
G__81 which contains this 15:00
G__81 nlmsghdr 15:00
G__81 { 15:00
G__81 __u32 nlmsg_len; /* Length of message including header */ 15:00
G__81 __u16 nlmsg_type; /* Message content */ 15:00
G__81 __u16 nlmsg_flags; /* Additional flags */ 15:00
G__81 __u32 nlmsg_seq; /* Sequence number */ 15:00
G__81 __u32 nlmsg_pid; /* Sending process PID */ 15:00
G__81 msg_Type could be "your message" and PID would be your User Space PID 15:01
mharris G__81: Have you used Netlink for IDS type software? 15:01
G__81 IDS ? 15:01
mharris intrusion detection 15:01
G__81 i ve not used for intrusion detection but i ve used netlinks to quite a good extent 15:01
mharris ie: matching network packets and passing them to userspace for analysis 15:02
G__81 you could do it 15:02
G__81 i ve done something similar to that yes 15:02
G__81 but not IDS exactly but passing packets to user space, i ve done it though 15:02
mharris I've always wanted to fiddle with that type of thing in the past, but hadn't really looked into it. 15:02
G__81 oh ok if you have any doubts you could let me know and netlinks are quite big and i could have a separate session on code walk throughs if you all wish to 15:03
mharris Just wondered if something like that could be covered as well, perhaps at a future date or something. 15:03
mharris yeah, that'd be interesting 15:03
G__81 yeah if you wish to do it exactly on how to send data to user space we could take that scenario and i could explain on how to architect that with code snippets 15:04
G__81 if you want to :) 15:04
LynuxDevil yes 15:04
LynuxDevil if you help me to teach me C, I will code a IDS with netlink support 15:05
G__81 ok then i can add it in the Class room link and i would let you know the timings 15:05
G__81 ok now if you dont have any more questions i guess we could get into the specifics of netlinks in the next session 15:05

Generated by 2.7 by Marius Gedminas - find it at!