Netlink is a

socket Socket may refer to: Mechanics * Socket wrench, a type of wrench that uses separate, removable sockets to fit different sizes of nuts and bolts * Socket head screw, a screw (or bolt) with a cylindrical head containing a socket into which the hexag ...

family used for

inter-process communication In computer science, interprocess communication (IPC) is the sharing of data between running Process (computing), processes in a computer system. Mechanisms for IPC may be provided by an operating system. Applications which use IPC are often cat ...

(IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the

Unix domain socket A Unix domain socket (UDS), a.k.a. local socket, a.k.a. inter-process communication (IPC) socket, is a communication endpoint for exchanging data between processes executing in the same Unix or Unix-like operating system. The name, ''Unix domain ...

s available on certain Unix-like

operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...

s, including its original incarnation as a Linux kernel interface, as well as in the form of a later implementation on

FreeBSD FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...

. Similarly to the Unix domain sockets, and unlike INET sockets, Netlink communication cannot traverse host boundaries. However, while the Unix domain sockets use the file system namespace, Netlink sockets are usually addressed by

process identifier In computing, the process identifier (a.k.a. process ID or PID) is a number used by most operating system kernel (operating system), kernels—such as those of Unix, macOS and Windows—to uniquely identify an active Process (computing), process. ...

s (PIDs). Netlink is designed and used for transferring miscellaneous networking information between the

kernel space A modern computer operating system usually uses virtual memory to provide separate address spaces or regions of a single address space, called user space and kernel space. This separation primarily provides memory protection and hardware prote ...

and userspace processes. Networking utilities, such as the iproute2 family and the utilities used for configuring mac80211-based wireless drivers, use Netlink to communicate with the

Linux kernel The Linux kernel is a Free and open-source software, free and open source Unix-like kernel (operating system), kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the k ...

from userspace. Netlink provides a standard

-based interface for userspace processes, and a kernel-side

API An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...

for internal use by kernel modules. Originally, Netlink used the socket family. Netlink is designed to be a more flexible successor to

ioctl In computing, ioctl (an abbreviation of input/output control) is a system call for device-specific input/output operations and other operations which cannot be expressed by regular file semantics. It takes a parameter specifying a request code; ...

RFC 3549
describes the protocol in detail.

History

Netlink was created by Alexey Kuznetsov as a more flexible alternative to the sophisticated but awkward communication method used for setting and getting external socket options. The Linux kernel continues to support for backward compatibility. Netlink was first provided in the 2.0 series of the Linux kernel, implemented as a character device. By 2013, this interface is obsolete, but still forms an

communication method; compare the use of . The Netlink socket interface appeared in 2.2 series of the Linux kernel. In 2022, experimental support for the Netlink protocol was added to FreeBSD. Initially, only a subset of the NETLINK_ROUTE family and NETLINK_GENERIC is supported.

Packet structure

Unlike BSD sockets using Internet protocols such as TCP, where the message headers are autogenerated, the Netlink message header (available as ) must be prepared by the caller. The Netlink socket generally works in a -like mode, even if was used to create it. The data portion then contains a subsystem-specific message that may be further nested.

Netlink socket families

The family offers multiple protocol subsets. Each interfaces to a different kernel component and has a different messaging subset. The subset is referenced by the protocol field in the socket call: int socket(AF_NETLINK, SOCK_DGRAM ''or'' SOCK_RAW, ''protocol'') Lacking a standard, and are not guaranteed to be implemented in a given Linux (or other OS) release. Some sources state that both options are legitimate, and the reference below from

Red Hat Red Hat, Inc. (formerly Red Hat Software, Inc.) is an American software company that provides open source software products to enterprises and is a subsidiary of IBM. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North ...

states that is always the parameter. However, iproute2 uses both interchangeably.

Netlink protocols

A non-exhaustive list of the supported ''protocol'' entries follows: ; NETLINK_ROUTE provides routing and link information. This information is used primarily for user-space routing daemons.

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

implements a large subset of messages: * Link layer: ''RTM_NEWLINK'', ''RTM_DELLINK'', ''RTM_GETLINK'', ''RTM_SETLINK'' * Address settings: ''RTM_NEWADDR'', ''RTM_DELADDR'', ''RTM_GETADDR'' * Routing tables: ''RTM_NEWROUTE'', ''RTM_DELROUTE'', ''RTM_GETROUTE'' * Neighbor cache: ''RTM_NEWNEIGH'', ''RTM_DELNEIGH'', ''RTM_GETNEIGH'' * Routing rules: ''RTM_NEWRULE'', ''RTM_DELRULE'', ''RTM_GETRULE'' * Queuing discipline settings: ''RTM_NEWQDISC'', ''RTM_DELQDISC'', ''RTM_GETQDISC'' * Traffic classes used with queues: ''RTM_NEWTCLASS'', ''RTM_DELTCLASS'', ''RTM_GETTCLASS'' * Traffic filters: ''RTM_NEWTFILTER'', ''RTM_DELTFILTER'', ''RTM_GETTFILTER'' * Others: ''RTM_NEWACTION'', ''RTM_DELACTION'', ''RTM_GETACTION'', ''RTM_NEWPREFIX'', ''RTM_GETPREFIX'', ''RTM_GETMULTICAST'', ''RTM_GETANYCAST'', ''RTM_NEWNEIGHTBL'', ''RTM_GETNEIGHTBL'', ''RTM_SETNEIGHTBL'' ; NETLINK_FIREWALL provides an interface for a user-space app to receive packets from the firewall. ; NETLINK_NFLOG provides an interface used to communicate between Netfilter and

iptables iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in a set of tables, whi ...

. ; NETLINK_ARPD provides an interface to manage the ARP table from user-space. ; NETLINK_AUDIT provides an interface to the audit subsystem found in Linux kernel versions 2.6.6 and later. ; NETLINK_IP6_FW provides an interface to transport packets from netfilter to user-space. ; NETLINK_ROUTE6 ; NETLINK_TAPBASE ; NETLINK_NETFILTER ; NETLINK_TCPDIAG ; NETLINK_XFRM provides an interface to manage the IPsec

security association A security association (SA) is the establishment of shared security attributes between two network entities to support secure communication. An SA may include attributes such as: cryptographic algorithm and mode; traffic encryption key; and param ...

and security policy databases - mostly used by key-manager daemons using the Internet Key Exchange protocol. ; NETLINK_KOBJECT_UEVENT provides the interface in which the kernel broadcasts uevents, typically consumed by

udev udev (userspace ) is a device manager for the Linux kernel. As the successor of devfsd and hotplug, udev primarily manages device nodes in the directory. At the same time, udev also handles all user space events raised when hardware devices ...

. ; NETLINK_GENERIC One of the drawbacks of the Netlink protocol is that the number of protocol families is limited to 32 ().This is one of the main reasons that the generic Netlink family was created—to provide support for adding a higher number of families. It acts as a Netlink multiplexer and works with a single Netlink family . The generic Netlink protocol is based on the Netlink protocol and uses its API.

User-defined Netlink protocol

Users can add a Netlink handler in their own kernel routines. This allows the development of additional Netlink protocols to address new kernel modules.

References

External links

Pablo Neira Ayuso, Rafael M. Gasca, Laurent Lefèvre. Communicating between the kernel and user-space in Linux using Netlink sockets. Software: Practice and Experience, 40(9):797-810, August 2010

Why and How to Use Netlink Sockets

RFC 3549

netfilter/iptables project homepage - The netfilter.org "libmnl" project
– Minimalist Library for Netlink – userspace library for construction and parsing of Netlink messages
libnl - Netlink Protocol Library Suite
– Netlink Protocol Library Suite – full functional library covering almost all aspects of working with Netlink sockets
Manipulating the Networking Environment Using RTNETLINK

Netlink Protocol Library Suite

"Linux Kernel Networking" by Rami Rosen, Apress 2013: Chapter 2, Netlink Sockets
{{Linux kernel Interfaces of the Linux kernel Linux kernel features