Netlink是用户程序与内核通信的socket方法,通过Netlink可以获得修改内核的配置,常见的有获得接口的IP地址列表、更改路由表或邻居表。旧版本的内核提供很多从内核获取信息的方式,至今仍在被广泛使用。
其次,除了可以获取修改内核配置外,还能够监听内核相关配置信息变化的事件,例如:接口状态、接口地址、内核路由表或者内核邻居表项的变更。
下面,我们先列举一个简单的例子:监听接口的状态变化,并打印出出,发生变化的接口信息。
1.1. 监听接口状态变化
咋们直接上代码,然后在详细描述,实现的关键步骤。
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <unistd.h>
#include <errno.h>
#include <sys socket.h>
#include <sys select.h>
#include <sys time.h>
#include <asm types.h>
#include <linux if.h>
#include <linux netlink.h>
#include <linux rtnetlink.h>
#define dprint(format, ...) \
printf("[%15s:%-4d] " format , __FUNCTION__, __LINE__, ##__VA_ARGS__)
static int gnl_fd;
static void parse_rtattr(struct rtattr **tb, int max, struct rtattr *attr, int len)
{
for ( ; RTA_OK(attr, len); attr = RTA_NEXT(attr, len)) {
if (attr->rta_type <= max) { tb[attr->rta_type] = attr;
}
}
}
static void show_iflink_msg(struct nlmsghdr *nh_msg)
{
int msg_len;
/**
* @brief #define IFLA_MAX (__IFLA_MAX - 1)
* 头文件:linux/if_link.h
*/
struct rtattr *tb[IFLA_MAX + 1];
struct ifinfomsg *ifmsg; /* 6 */
bzero(tb, sizeof(tb));
ifmsg = NLMSG_DATA(nh_msg); /* 7 */
msg_len = nh_msg->nlmsg_len - NLMSG_SPACE(sizeof(*ifmsg));
parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifmsg), msg_len); /* 8 */
dprint(" >> if intf_index: %d\n", ifmsg->ifi_index);
dprint(" >> if intf_name : %s\n", (tb[IFLA_IFNAME] ? RTA_DATA(tb[IFLA_IFNAME]) : " "));
dprint(" >> if link_type : %s\n", (nh_msg->nlmsg_type == RTM_NEWLINK) ? "NEWLINK" : "DELLINK");
dprint(" >> if link_state: %s\n\n", (ifmsg->ifi_flags & IFF_UP) ? "up" : "down");
return;
}
int main(int argc, char **argv)
{
fd_set rd_set;
int max_fd = -1;
int iret, old_iret = -1;
struct timeval tmval;
struct sockaddr_nl sa_nl;
char sbuff[2048];
struct nlmsghdr *nh_msg;
memset(&sa_nl, 0, sizeof(sa_nl));
sa_nl.nl_family = PF_NETLINK; /* 1 */
sa_nl.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR; /* 2 */
gnl_fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); /* 3 */
bind(gnl_fd, (struct sockaddr *) &sa_nl, sizeof(sa_nl));
dprint("begin listen gnl_fd socket ...\n");
for ( ; ; ) {
FD_ZERO(&rd_set);
FD_SET(gnl_fd, &rd_set);
tmval.tv_sec = 1;
tmval.tv_usec = 0;
max_fd = (max_fd > gnl_fd) ? max_fd : gnl_fd;
iret = select(max_fd + 1, &rd_set, NULL, NULL, &tmval);
if (old_iret != iret) {
dprint("select return value %d, errno %d.\n", iret, errno);
old_iret = iret;
}
if (iret == -1 || iret == 0 || !FD_ISSET(gnl_fd, &rd_set)) {
if (iret == -1 && errno != EINTR)
break;
continue;
}
iret = read(gnl_fd, sbuff, sizeof(sbuff));
dprint(" >> read gnl_fd return value %d.\n", iret);
if (iret <= 4 0) { continue; } nh_msg="(struct" nlmsghdr *)sbuff; for ( ; nlmsg_ok(nh_msg, iret); iret)) * dprint(">> recive nh_msg type %u, portid %u.\n", nh_msg->nlmsg_type, nh_msg->nlmsg_pid);
/**
* @brief 这里的 nlmsg_type 对应到 linux/rtnetlink.h 中
* enum { RTM_BASE = 16, ... } 等枚举类型
*/
switch (nh_msg->nlmsg_type) { /* 5 */
case RTM_NEWLINK:
case RTM_DELLINK:
show_iflink_msg(nh_msg);
break;
default:
break;
}
}
}
close(gnl_fd);
dprint("close gnl_fd socket, bye bye...\n");
return 0;
}
</=></=></linux></linux></linux></asm></sys></sys></sys></errno.h></unistd.h></stdint.h></string.h></stdlib.h></stdio.h>
struct sockaddr_nl {
sa_family_t nl_family; /* AF_NETLINK */
unsigned short nl_pad; /* Zero */
pid_t nl_pid; /* Port ID */
__u32 nl_groups; /* Multicast groups mask */
};
常用的配置选项,在头文件 linux/rtnetlink.h 文件约659行
#define RTMGRP_LINK 1
#define RTMGRP_NOTIFY 2
#define RTMGRP_NEIGH 4
#define RTMGRP_TC 8
#define RTMGRP_IPV4_IFADDR 0x10
#define RTMGRP_IPV4_MROUTE 0x20
#define RTMGRP_IPV4_ROUTE 0x40
#define RTMGRP_IPV4_RULE 0x80
#define RTMGRP_IPV6_IFADDR 0x100
#define RTMGRP_IPV6_MROUTE 0x200
#define RTMGRP_IPV6_ROUTE 0x400
#define RTMGRP_IPV6_IFINFO 0x800
#define RTMGRP_DECnet_IFADDR 0x1000
#define RTMGRP_DECnet_ROUTE 0x4000
#define RTMGRP_IPV6_PREFIX 0x20000
在我们示例中,我们仅想监听接口链路状态和接口地址变化;所以,只需要设置上LINK和IFADDR即可;其他设置,根据自己需求进行设置
3. 注意socket(…)函数中第三个参数NETLINK_ROUTE,这个值我们又是从哪里获取,又是怎么确定应该使用它而不是别的值呢,这里就需要简单解释下。
这个值在头文件:linux/netlink.h 中约第9行开始
当前可用的宏定义有以下这么多:
#define NETLINK_ROUTE 0 /* Routing/device hook */
#define NETLINK_UNUSED 1 /* Unused number */
#define NETLINK_USERSOCK 2 /* Reserved for user mode socket protocols */
#define NETLINK_FIREWALL 3 /* Unused number, formerly ip_queue */
#define NETLINK_SOCK_DIAG 4 /* socket monitoring */
#define NETLINK_NFLOG 5 /* netfilter/iptables ULOG */
#define NETLINK_XFRM 6 /* ipsec */
#define NETLINK_SELINUX 7 /* SELinux event notifications */
#define NETLINK_ISCSI 8 /* Open-iSCSI */
#define NETLINK_AUDIT 9 /* auditing */
#define NETLINK_FIB_LOOKUP 10
#define NETLINK_CONNECTOR 11
#define NETLINK_NETFILTER 12 /* netfilter subsystem */
#define NETLINK_IP6_FW 13
#define NETLINK_DNRTMSG 14 /* DECnet routing messages */
#define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace */
#define NETLINK_GENERIC 16
/* leave room for NETLINK_DM (DM Events) */
#define NETLINK_SCSITRANSPORT 18 /* SCSI Transports */
#define NETLINK_ECRYPTFS 19
#define NETLINK_RDMA 20
#define NETLINK_CRYPTO 21 /* Crypto layer */
#define NETLINK_SMC 22 /* SMC monitoring */
#define NETLINK_INET_DIAG NETLINK_SOCK_DIAG
#define MAX_LINKS 32
根据《深入Linux内核架构与底层原理》这本书9.2.2节介绍,每个宏的含义如下(这里只列举几个常用的)
- NETLINK_ROUTE:它与邻居表、路由表、数据包分类器、网卡信息等路由子系统进行通信,以获取信息。(目前最为常用的)
- NETLINK_USERSOCK:它就是用户端socket,使用这个处理netlink请求的单位就不是内核了,而是用户空间的另外一头的某个进程。Socket一端可以监听,另一端只要将 发送的目标地址填充为目标进程的PID就好(netlink的发送地址不是ip编码的,而是pid等编码的)。这种IPC最厉害的地方在于可以支持multicast,即一个消息可以统发发送给多个接收者。
- NETLINK_FIREWALL:它是跟内核的netfilter的ip_queue模块沟通的选项。(iptables的动作要设置为: -j QUEUE)
struct nlmsghdr {
__u32 nlmsg_len; /* Length of message including header */
__u16 nlmsg_type; /* Type of message content */
__u16 nlmsg_flags; /* Additional flags */
__u32 nlmsg_seq; /* Sequence number */
__u32 nlmsg_pid; /* Sender port ID */
};
这里最常用到的就是 nlmsg_type 这个字段了,在下一点进行介绍。
其次,对于这个 nlmsg_flags 字段,再做下介绍:
Standard flag bits in nlmsg_flags
NLM_F_REQUEST Must be set on all request messages.
NLM_F_MULTI The message is part of a multipart message terminated by NLMSG_DONE.
NLM_F_ACK Request for an acknowledgment on success.
NLM_F_ECHO Echo this request.
Additional flag bits for GET requests
NLM_F_ROOT Return the complete table instead of a single entry.
NLM_F_MATCH Return all entries matching criteria passed in message content. Not implemented yet.
NLM_F_ATOMIC Return an atomic snapshot of the table.
NLM_F_DUMP Convenience macro; equivalent to (NLM_F_ROOT|NLM_F_MATCH).
Note that NLM_F_ATOMIC requires the CAP_NET_ADMIN capability or an effective UID of 0.
Additional flag bits for NEW requests(以下这几个,我们可能会常用到)
NLM_F_REPLACE Replace existing matching object.
NLM_F_EXCL Don't replace if the object already exists.
NLM_F_CREATE Create object if it doesn't already exist.
NLM_F_APPEND Add to the end of the object list.
/****
* Routing/neighbour discovery messages.
****/
/* Types of messages */
enum {
RTM_BASE = 16,
#define RTM_BASE RTM_BASE
RTM_NEWLINK = 16,
#define RTM_NEWLINK RTM_NEWLINK
RTM_DELLINK,
#define RTM_DELLINK RTM_DELLINK
RTM_GETLINK,
#define RTM_GETLINK RTM_GETLINK
RTM_SETLINK,
#define RTM_SETLINK RTM_SETLINK
RTM_NEWADDR = 20,
#define RTM_NEWADDR RTM_NEWADDR
RTM_DELADDR,
#define RTM_DELADDR RTM_DELADDR
RTM_GETADDR,
#define RTM_GETADDR RTM_GETADDR
...
/*
* IFLA_AF_SPEC
* Contains nested attributes for address family specific attributes.
* Each address family may create a attribute with the address family
* number as type and create its own attribute structure in it.
*
* Example:
* [IFLA_AF_SPEC] = {
* [AF_INET] = {
* [IFLA_INET_CONF] = ...,
* },
* [AF_INET6] = {
* [IFLA_INET6_FLAGS] = ...,
* [IFLA_INET6_CONF] = ...,
* }
* }
*/
enum {
IFLA_UNSPEC,
IFLA_ADDRESS,
IFLA_BROADCAST,
IFLA_IFNAME,
IFLA_MTU,
IFLA_LINK,
IFLA_QDISC,
IFLA_STATS,
IFLA_COST,
#define IFLA_COST IFLA_COST
IFLA_PRIORITY,
#define IFLA_PRIORITY IFLA_PRIORITY
IFLA_MASTER,
这些属性值,都是可以通过 RTA_DATA( tb[IFLA_XXX] ) 获取到。
至此,一个简单的示例也就讲述完毕。
1.2. 小结
进行Netlink编程的一个简单的总结:
- rtnetlink.h 接口、路由消息
- netlink.h
- if.h
- if_addr.h
- if_link.h
- neighbour.h 邻居消息
其次,加入是包过滤(netfilter)的话,其通常的命令方式含有 fw、netfilter 等字样,然后再确认文件内容,是否是所需要的。
Original: https://www.cnblogs.com/kingpop/p/16687030.html
Author: KingPop
Title: Linux Netlink学习笔记
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/577874/
转载文章受原作者版权保护。转载请注明原作者出处!