Netlink Sockets are the method that the Linux Kernel uses to pass Routing, Interface and other miscellaneous networking information around, both within the kernel and between the kernel and userspace. It replaces the old ioctl(2) based method and is far far superior - infact as soon as the kernel receives a networking ioctl it is converted to a netlink message before being shipped off for further processing.

Basic Introduction

The netlink protocol uses a special type of socket(2) to communicate with the Linux kernel. This socket is called a "Netlink Socket" surprisingly enough and can be created by specifing AF_NETLINK as the first argument to a socket(2) call, The socket type (second argument) can be either SOCK_DGRAM or SOCK_RAW, it makes absolutely no difference!, the third argument (netlink family) specifies which part of the linux networking stack you want to modify, for example NETLINK_ROUTE can be specified to modify the routing table (including interfaces), or NETLINK_ARPD can be specified to allow the arp table to be manipulated. A full list of available netlink families is found in netlink(7).

NETLINK_ROUTE is the most commonly used netlink family as it is used to add, delete and modify routes from the kernels routing table and can also be used to add, delete and modify the interfaces on the machine.

Some of the basic Netlink principles are documented in RFC:3549.

Programming Netlink

There is somewhat of a lack of easy to read documentation regarding how to program using netlink sockets, however the information is all there in the end. As a start try the netlink(3), netlink(7), rtnetlink(3) and rtnetlink(7) manpages which provide a very technical description of the netlink protocol, all the information that you need to write a program using netlink is contained in these manpages.... should be easy from here right?

The iproute2 package is the base implementation of the netlink interface, it replaces all the old linux networking utilities (ifconfig, route, etc) into a single binary called ip which performs all of the tasks using the netlink interface. I highly recommend that you use this package as a reference when coding netlink related applications. In particular iproute2 contains a netlink library (libnetlink) which deals with much of the low level protocol interactions between your application and the kernel. Unfortunately the library is not seperately packaged and you'll have to spend some time extracting it from the iproute2 package before it is useful.

Coming Soon - Some basic examples of how to program using libnetlink -- Talk to MattBrown if you want them and they're not here yet!

(ha! It's been ages and you've not put up any examples! So I've written one that shows route add/del events, see LinuxNetlinkSocketExample --PerryLorier).

Applications Known to Use Netlink Sockets

Random notes (things I wish were documented somewhere but aren't)

  • if you want to recieve RTM_NEWNEIGH messages, you need /proc/sys/net/ipv{4,6}/neigh/*/app_probes to be non 0.

I don't know why. They might have been drunk at the time -- PerryLorier
The reason why is that much of the system parameters are moving this way and they were just too lazy to convert other ones too I suspect -- IanMcDonald

Other Documentation:

Part Of CategoryNetworking