Netlink is a socket family used for inter-process communication (IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the Unix domain sockets available on certain Unix-like operating systems, including its original incarnation as a Linux kernel interface, as well as in the form of a later implementation on FreeBSD. [2] Similarly to the Unix domain sockets, and unlike INET sockets, Netlink communication cannot traverse host boundaries. However, while the Unix domain sockets use the file system namespace, Netlink sockets are usually addressed by process identifiers (PIDs). [3]
Netlink is designed and used for transferring miscellaneous networking information between the
kernel space and userspace processes. Networking utilities, such as the
iproute2 family and the utilities used for configuring
mac80211-based wireless drivers, use Netlink to communicate with the
Linux kernel from userspace. Netlink provides a standard
socket-based interface for userspace processes, and a kernel-side
API for internal use by
kernel modules. Originally, Netlink used the AF_NETLINK
socket family.
Netlink is designed to be a more flexible successor to ioctl; RFC 3549 describes the protocol in detail.
Netlink was created by Alexey Kuznetsov
[4] as a more flexible alternative to the sophisticated but awkward
ioctl
communication method used for setting and getting external socket options. The Linux kernel continues to support ioctl
for backward compatibility.
Netlink was first provided in the 2.0 series of the Linux kernel, implemented as a
character device. By 2013, this interface is obsolete, but still forms an
ioctl communication method; compare the use of rtnetlink
.
[5] The Netlink socket interface appeared in 2.2 series of the Linux kernel.
In 2022, experimental support for the Netlink protocol was added to FreeBSD. Initially, only a subset of the NETLINK_ROUTE family and NETLINK_GENERIC is supported. [2]
Bit offset | 0–15 | 16–31 | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | Message length | |||||||||||||||||||||||||||||||
32 | Type | Flags | ||||||||||||||||||||||||||||||
64 | Sequence number | |||||||||||||||||||||||||||||||
96 | PID | |||||||||||||||||||||||||||||||
128+ | Data |
Unlike
BSD sockets using Internet protocols such as
TCP, where the message headers are autogenerated, the Netlink message header (available as struct nlmsghdr
) must be prepared by the caller. The Netlink socket generally works in a SOCK_RAW
-like mode, even if SOCK_DGRAM
was used to create it.
The data portion then contains a subsystem-specific message that may be further nested.
The AF_NETLINK
family offers multiple protocol subsets. Each interfaces to a different kernel component and has a different messaging subset. The subset is referenced by the protocol field in the socket call:
int socket(AF_NETLINK, SOCK_DGRAM or SOCK_RAW, protocol)
Lacking a standard, SOCK_DGRAM
and SOCK_RAW
are not guaranteed to be implemented in a given Linux (or other OS) release. Some sources state that both options are legitimate, and the reference below from
Red Hat states that SOCK_RAW
is always the parameter. However, iproute2 uses both interchangeably.
A non-exhaustive list of the supported protocol entries follows:
NETLINK_ROUTE
provides routing and link information. This information is used primarily for user-space routing daemons.
Linux implements a large subset of messages:
NETLINK_FIREWALL
provides an interface for a user-space app to receive packets from the
firewall.
NETLINK_NFLOG
provides an interface used to communicate between
Netfilter and
iptables.
NETLINK_ARPD
provides an interface to manage the
ARP table from user-space.
NETLINK_AUDIT
provides an interface to the audit subsystem found in Linux kernel versions 2.6.6 and later.
NETLINK_IP6_FW
provides an interface to transport packets from netfilter to user-space.
NETLINK_XFRM
provides an interface to manage the
IPsec
security association and security policy databases - mostly used by key-manager daemons using the
Internet Key Exchange protocol.
NETLINK_KOBJECT_UEVENT
provides the interface in which the kernel broadcasts uevents, typically consumed by
udev.
One of the drawbacks of the Netlink protocol is that the number of protocol families is limited to 32 (MAX_LINKS
).This is one of the main reasons that the generic Netlink family was created—to provide support for adding a higher number of families. It acts as a Netlink multiplexer and works with a single Netlink family NETLINK_GENERIC
. The generic Netlink protocol is based on the Netlink protocol and uses its API.
Users can add a Netlink handler in their own kernel routines. This allows the development of additional Netlink protocols to address new kernel modules. [6]
All rtnetlink messages consist of a netlink message header and appended attributes.
Netlink is a socket family used for inter-process communication (IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the Unix domain sockets available on certain Unix-like operating systems, including its original incarnation as a Linux kernel interface, as well as in the form of a later implementation on FreeBSD. [2] Similarly to the Unix domain sockets, and unlike INET sockets, Netlink communication cannot traverse host boundaries. However, while the Unix domain sockets use the file system namespace, Netlink sockets are usually addressed by process identifiers (PIDs). [3]
Netlink is designed and used for transferring miscellaneous networking information between the
kernel space and userspace processes. Networking utilities, such as the
iproute2 family and the utilities used for configuring
mac80211-based wireless drivers, use Netlink to communicate with the
Linux kernel from userspace. Netlink provides a standard
socket-based interface for userspace processes, and a kernel-side
API for internal use by
kernel modules. Originally, Netlink used the AF_NETLINK
socket family.
Netlink is designed to be a more flexible successor to ioctl; RFC 3549 describes the protocol in detail.
Netlink was created by Alexey Kuznetsov
[4] as a more flexible alternative to the sophisticated but awkward
ioctl
communication method used for setting and getting external socket options. The Linux kernel continues to support ioctl
for backward compatibility.
Netlink was first provided in the 2.0 series of the Linux kernel, implemented as a
character device. By 2013, this interface is obsolete, but still forms an
ioctl communication method; compare the use of rtnetlink
.
[5] The Netlink socket interface appeared in 2.2 series of the Linux kernel.
In 2022, experimental support for the Netlink protocol was added to FreeBSD. Initially, only a subset of the NETLINK_ROUTE family and NETLINK_GENERIC is supported. [2]
Bit offset | 0–15 | 16–31 | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | Message length | |||||||||||||||||||||||||||||||
32 | Type | Flags | ||||||||||||||||||||||||||||||
64 | Sequence number | |||||||||||||||||||||||||||||||
96 | PID | |||||||||||||||||||||||||||||||
128+ | Data |
Unlike
BSD sockets using Internet protocols such as
TCP, where the message headers are autogenerated, the Netlink message header (available as struct nlmsghdr
) must be prepared by the caller. The Netlink socket generally works in a SOCK_RAW
-like mode, even if SOCK_DGRAM
was used to create it.
The data portion then contains a subsystem-specific message that may be further nested.
The AF_NETLINK
family offers multiple protocol subsets. Each interfaces to a different kernel component and has a different messaging subset. The subset is referenced by the protocol field in the socket call:
int socket(AF_NETLINK, SOCK_DGRAM or SOCK_RAW, protocol)
Lacking a standard, SOCK_DGRAM
and SOCK_RAW
are not guaranteed to be implemented in a given Linux (or other OS) release. Some sources state that both options are legitimate, and the reference below from
Red Hat states that SOCK_RAW
is always the parameter. However, iproute2 uses both interchangeably.
A non-exhaustive list of the supported protocol entries follows:
NETLINK_ROUTE
provides routing and link information. This information is used primarily for user-space routing daemons.
Linux implements a large subset of messages:
NETLINK_FIREWALL
provides an interface for a user-space app to receive packets from the
firewall.
NETLINK_NFLOG
provides an interface used to communicate between
Netfilter and
iptables.
NETLINK_ARPD
provides an interface to manage the
ARP table from user-space.
NETLINK_AUDIT
provides an interface to the audit subsystem found in Linux kernel versions 2.6.6 and later.
NETLINK_IP6_FW
provides an interface to transport packets from netfilter to user-space.
NETLINK_XFRM
provides an interface to manage the
IPsec
security association and security policy databases - mostly used by key-manager daemons using the
Internet Key Exchange protocol.
NETLINK_KOBJECT_UEVENT
provides the interface in which the kernel broadcasts uevents, typically consumed by
udev.
One of the drawbacks of the Netlink protocol is that the number of protocol families is limited to 32 (MAX_LINKS
).This is one of the main reasons that the generic Netlink family was created—to provide support for adding a higher number of families. It acts as a Netlink multiplexer and works with a single Netlink family NETLINK_GENERIC
. The generic Netlink protocol is based on the Netlink protocol and uses its API.
Users can add a Netlink handler in their own kernel routines. This allows the development of additional Netlink protocols to address new kernel modules. [6]
All rtnetlink messages consist of a netlink message header and appended attributes.