Chapter 12: Networks
❑ libnlis a standalone library that has not been optimized for a particular use case. Instead, it
provides support for all types of netlink connections, including routing sockets.Data Structures
Specifying Addresses
As for every networking protocol, an address needs to be assigned to a netlink socket. The following
variant ofstruct sockaddrrepresents netlink addresses:<netlink.h>
struct sockaddr_nl
{
sa_family_t nl_family; /* AF_NETLINK */
unsigned short nl_pad; /* zero */
__u32 nl_pid; /* port ID */
__u32 nl_groups; /* multicast groups mask */
};To distinguish between different netlink channels used by different parts of the kernel,nl_familyis
employed. Several different families are specified in<netlink.h>, and the list has especially grown
during the development of 2.6. Currently 20 families are defined, and some examples are:❑ NETLINK_ROUTErepresents the initial purpose of netlink sockets, namely, changing routing
information.
❑ NETLINK_INET_DIAGallows for monitoring IP sockets; seenet/ipv4/inet_diag.cfor more
details.
❑ NETLINK_XFRMis used to send and receive messages related to IPSec (or, more generally, to any
XFRM transformations).
❑ NETLINK_KOBJECT_UEVENTspecifies the protocol for kernel to userland messages that originate
from the generic object model (the reverse direction, userland to kernel, is not possible for this
type of message). The channel provides the basis of the hotplugging mechanism as discussed in
Section 7.4.2.A unique identifier for the socket is provided innl_pid. While this is always zero for the kernel itself,
userspace applications conventionally use their thread group ID. Note thatnl_pidexplicitly doesnot
represent a process ID, but can be any unique value— the thread group ID is just one particularly con-
venient choice.^35 nl_pidis a unicast address. Each address familycan also specify different multicast
groups, andnl_groupsis a bitmap that denotes to which multicast addresses the socket belongs. If mul-
ticast is not supposed to be used, the field is 0. To simplify matters, I consider only unicast transmissions
in the following.Netlink Protocol Family
Recall from Section 12.10.4 that each protocol family needs to register an instance ofnet_proto_family
within the kernel. The structure contains a function pointer that is called when a new socket is created for(^35) See the manual pagenetlink(7)on how to proceed if a userspace process wants to hold more than one netlink socket and thus
requires more than one unique identifier.