WSL2-Linux-Kernel/Documentation/userspace-api/netlink/intro.rst

682 строки
26 KiB
ReStructuredText

.. SPDX-License-Identifier: BSD-3-Clause
=======================
Introduction to Netlink
=======================
Netlink is often described as an ioctl() replacement.
It aims to replace fixed-format C structures as supplied
to ioctl() with a format which allows an easy way to add
or extended the arguments.
To achieve this Netlink uses a minimal fixed-format metadata header
followed by multiple attributes in the TLV (type, length, value) format.
Unfortunately the protocol has evolved over the years, in an organic
and undocumented fashion, making it hard to coherently explain.
To make the most practical sense this document starts by describing
netlink as it is used today and dives into more "historical" uses
in later sections.
Opening a socket
================
Netlink communication happens over sockets, a socket needs to be
opened first:
.. code-block:: c
fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC);
The use of sockets allows for a natural way of exchanging information
in both directions (to and from the kernel). The operations are still
performed synchronously when applications send() the request but
a separate recv() system call is needed to read the reply.
A very simplified flow of a Netlink "call" will therefore look
something like:
.. code-block:: c
fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC);
/* format the request */
send(fd, &request, sizeof(request));
n = recv(fd, &response, RSP_BUFFER_SIZE);
/* interpret the response */
Netlink also provides natural support for "dumping", i.e. communicating
to user space all objects of a certain type (e.g. dumping all network
interfaces).
.. code-block:: c
fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC);
/* format the dump request */
send(fd, &request, sizeof(request));
while (1) {
n = recv(fd, &buffer, RSP_BUFFER_SIZE);
/* one recv() call can read multiple messages, hence the loop below */
for (nl_msg in buffer) {
if (nl_msg.nlmsg_type == NLMSG_DONE)
goto dump_finished;
/* process the object */
}
}
dump_finished:
The first two arguments of the socket() call require little explanation -
it is opening a Netlink socket, with all headers provided by the user
(hence NETLINK, RAW). The last argument is the protocol within Netlink.
This field used to identify the subsystem with which the socket will
communicate.
Classic vs Generic Netlink
--------------------------
Initial implementation of Netlink depended on a static allocation
of IDs to subsystems and provided little supporting infrastructure.
Let us refer to those protocols collectively as **Classic Netlink**.
The list of them is defined on top of the ``include/uapi/linux/netlink.h``
file, they include among others - general networking (NETLINK_ROUTE),
iSCSI (NETLINK_ISCSI), and audit (NETLINK_AUDIT).
**Generic Netlink** (introduced in 2005) allows for dynamic registration of
subsystems (and subsystem ID allocation), introspection and simplifies
implementing the kernel side of the interface.
The following section describes how to use Generic Netlink, as the
number of subsystems using Generic Netlink outnumbers the older
protocols by an order of magnitude. There are also no plans for adding
more Classic Netlink protocols to the kernel.
Basic information on how communicating with core networking parts of
the Linux kernel (or another of the 20 subsystems using Classic
Netlink) differs from Generic Netlink is provided later in this document.
Generic Netlink
===============
In addition to the Netlink fixed metadata header each Netlink protocol
defines its own fixed metadata header. (Similarly to how network
headers stack - Ethernet > IP > TCP we have Netlink > Generic N. > Family.)
A Netlink message always starts with struct nlmsghdr, which is followed
by a protocol-specific header. In case of Generic Netlink the protocol
header is struct genlmsghdr.
The practical meaning of the fields in case of Generic Netlink is as follows:
.. code-block:: c
struct nlmsghdr {
__u32 nlmsg_len; /* Length of message including headers */
__u16 nlmsg_type; /* Generic Netlink Family (subsystem) ID */
__u16 nlmsg_flags; /* Flags - request or dump */
__u32 nlmsg_seq; /* Sequence number */
__u32 nlmsg_pid; /* Port ID, set to 0 */
};
struct genlmsghdr {
__u8 cmd; /* Command, as defined by the Family */
__u8 version; /* Irrelevant, set to 1 */
__u16 reserved; /* Reserved, set to 0 */
};
/* TLV attributes follow... */
In Classic Netlink :c:member:`nlmsghdr.nlmsg_type` used to identify
which operation within the subsystem the message was referring to
(e.g. get information about a netdev). Generic Netlink needs to mux
multiple subsystems in a single protocol so it uses this field to
identify the subsystem, and :c:member:`genlmsghdr.cmd` identifies
the operation instead. (See :ref:`res_fam` for
information on how to find the Family ID of the subsystem of interest.)
Note that the first 16 values (0 - 15) of this field are reserved for
control messages both in Classic Netlink and Generic Netlink.
See :ref:`nl_msg_type` for more details.
There are 3 usual types of message exchanges on a Netlink socket:
- performing a single action (``do``);
- dumping information (``dump``);
- getting asynchronous notifications (``multicast``).
Classic Netlink is very flexible and presumably allows other types
of exchanges to happen, but in practice those are the three that get
used.
Asynchronous notifications are sent by the kernel and received by
the user sockets which subscribed to them. ``do`` and ``dump`` requests
are initiated by the user. :c:member:`nlmsghdr.nlmsg_flags` should
be set as follows:
- for ``do``: ``NLM_F_REQUEST | NLM_F_ACK``
- for ``dump``: ``NLM_F_REQUEST | NLM_F_ACK | NLM_F_DUMP``
:c:member:`nlmsghdr.nlmsg_seq` should be a set to a monotonically
increasing value. The value gets echoed back in responses and doesn't
matter in practice, but setting it to an increasing value for each
message sent is considered good hygiene. The purpose of the field is
matching responses to requests. Asynchronous notifications will have
:c:member:`nlmsghdr.nlmsg_seq` of ``0``.
:c:member:`nlmsghdr.nlmsg_pid` is the Netlink equivalent of an address.
This field can be set to ``0`` when talking to the kernel.
See :ref:`nlmsg_pid` for the (uncommon) uses of the field.
The expected use for :c:member:`genlmsghdr.version` was to allow
versioning of the APIs provided by the subsystems. No subsystem to
date made significant use of this field, so setting it to ``1`` seems
like a safe bet.
.. _nl_msg_type:
Netlink message types
---------------------
As previously mentioned :c:member:`nlmsghdr.nlmsg_type` carries
protocol specific values but the first 16 identifiers are reserved
(first subsystem specific message type should be equal to
``NLMSG_MIN_TYPE`` which is ``0x10``).
There are only 4 Netlink control messages defined:
- ``NLMSG_NOOP`` - ignore the message, not used in practice;
- ``NLMSG_ERROR`` - carries the return code of an operation;
- ``NLMSG_DONE`` - marks the end of a dump;
- ``NLMSG_OVERRUN`` - socket buffer has overflown, not used to date.
``NLMSG_ERROR`` and ``NLMSG_DONE`` are of practical importance.
They carry return codes for operations. Note that unless
the ``NLM_F_ACK`` flag is set on the request Netlink will not respond
with ``NLMSG_ERROR`` if there is no error. To avoid having to special-case
this quirk it is recommended to always set ``NLM_F_ACK``.
The format of ``NLMSG_ERROR`` is described by struct nlmsgerr::
----------------------------------------------
| struct nlmsghdr - response header |
----------------------------------------------
| int error |
----------------------------------------------
| struct nlmsghdr - original request header |
----------------------------------------------
| ** optionally (1) payload of the request |
----------------------------------------------
| ** optionally (2) extended ACK |
----------------------------------------------
There are two instances of struct nlmsghdr here, first of the response
and second of the request. ``NLMSG_ERROR`` carries the information about
the request which led to the error. This could be useful when trying
to match requests to responses or re-parse the request to dump it into
logs.
The payload of the request is not echoed in messages reporting success
(``error == 0``) or if ``NETLINK_CAP_ACK`` setsockopt() was set.
The latter is common
and perhaps recommended as having to read a copy of every request back
from the kernel is rather wasteful. The absence of request payload
is indicated by ``NLM_F_CAPPED`` in :c:member:`nlmsghdr.nlmsg_flags`.
The second optional element of ``NLMSG_ERROR`` are the extended ACK
attributes. See :ref:`ext_ack` for more details. The presence
of extended ACK is indicated by ``NLM_F_ACK_TLVS`` in
:c:member:`nlmsghdr.nlmsg_flags`.
``NLMSG_DONE`` is simpler, the request is never echoed but the extended
ACK attributes may be present::
----------------------------------------------
| struct nlmsghdr - response header |
----------------------------------------------
| int error |
----------------------------------------------
| ** optionally extended ACK |
----------------------------------------------
.. _res_fam:
Resolving the Family ID
-----------------------
This section explains how to find the Family ID of a subsystem.
It also serves as an example of Generic Netlink communication.
Generic Netlink is itself a subsystem exposed via the Generic Netlink API.
To avoid a circular dependency Generic Netlink has a statically allocated
Family ID (``GENL_ID_CTRL`` which is equal to ``NLMSG_MIN_TYPE``).
The Generic Netlink family implements a command used to find out information
about other families (``CTRL_CMD_GETFAMILY``).
To get information about the Generic Netlink family named for example
``"test1"`` we need to send a message on the previously opened Generic Netlink
socket. The message should target the Generic Netlink Family (1), be a
``do`` (2) call to ``CTRL_CMD_GETFAMILY`` (3). A ``dump`` version of this
call would make the kernel respond with information about *all* the families
it knows about. Last but not least the name of the family in question has
to be specified (4) as an attribute with the appropriate type::
struct nlmsghdr:
__u32 nlmsg_len: 32
__u16 nlmsg_type: GENL_ID_CTRL // (1)
__u16 nlmsg_flags: NLM_F_REQUEST | NLM_F_ACK // (2)
__u32 nlmsg_seq: 1
__u32 nlmsg_pid: 0
struct genlmsghdr:
__u8 cmd: CTRL_CMD_GETFAMILY // (3)
__u8 version: 2 /* or 1, doesn't matter */
__u16 reserved: 0
struct nlattr: // (4)
__u16 nla_len: 10
__u16 nla_type: CTRL_ATTR_FAMILY_NAME
char data: test1\0
(padding:)
char data: \0\0
The length fields in Netlink (:c:member:`nlmsghdr.nlmsg_len`
and :c:member:`nlattr.nla_len`) always *include* the header.
Attribute headers in netlink must be aligned to 4 bytes from the start
of the message, hence the extra ``\0\0`` after ``CTRL_ATTR_FAMILY_NAME``.
The attribute lengths *exclude* the padding.
If the family is found kernel will reply with two messages, the response
with all the information about the family::
/* Message #1 - reply */
struct nlmsghdr:
__u32 nlmsg_len: 136
__u16 nlmsg_type: GENL_ID_CTRL
__u16 nlmsg_flags: 0
__u32 nlmsg_seq: 1 /* echoed from our request */
__u32 nlmsg_pid: 5831 /* The PID of our user space process */
struct genlmsghdr:
__u8 cmd: CTRL_CMD_GETFAMILY
__u8 version: 2
__u16 reserved: 0
struct nlattr:
__u16 nla_len: 10
__u16 nla_type: CTRL_ATTR_FAMILY_NAME
char data: test1\0
(padding:)
data: \0\0
struct nlattr:
__u16 nla_len: 6
__u16 nla_type: CTRL_ATTR_FAMILY_ID
__u16: 123 /* The Family ID we are after */
(padding:)
char data: \0\0
struct nlattr:
__u16 nla_len: 9
__u16 nla_type: CTRL_ATTR_FAMILY_VERSION
__u16: 1
/* ... etc, more attributes will follow. */
And the error code (success) since ``NLM_F_ACK`` had been set on the request::
/* Message #2 - the ACK */
struct nlmsghdr:
__u32 nlmsg_len: 36
__u16 nlmsg_type: NLMSG_ERROR
__u16 nlmsg_flags: NLM_F_CAPPED /* There won't be a payload */
__u32 nlmsg_seq: 1 /* echoed from our request */
__u32 nlmsg_pid: 5831 /* The PID of our user space process */
int error: 0
struct nlmsghdr: /* Copy of the request header as we sent it */
__u32 nlmsg_len: 32
__u16 nlmsg_type: GENL_ID_CTRL
__u16 nlmsg_flags: NLM_F_REQUEST | NLM_F_ACK
__u32 nlmsg_seq: 1
__u32 nlmsg_pid: 0
The order of attributes (struct nlattr) is not guaranteed so the user
has to walk the attributes and parse them.
Note that Generic Netlink sockets are not associated or bound to a single
family. A socket can be used to exchange messages with many different
families, selecting the recipient family on message-by-message basis using
the :c:member:`nlmsghdr.nlmsg_type` field.
.. _ext_ack:
Extended ACK
------------
Extended ACK controls reporting of additional error/warning TLVs
in ``NLMSG_ERROR`` and ``NLMSG_DONE`` messages. To maintain backward
compatibility this feature has to be explicitly enabled by setting
the ``NETLINK_EXT_ACK`` setsockopt() to ``1``.
Types of extended ack attributes are defined in enum nlmsgerr_attrs.
The most commonly used attributes are ``NLMSGERR_ATTR_MSG``,
``NLMSGERR_ATTR_OFFS`` and ``NLMSGERR_ATTR_MISS_*``.
``NLMSGERR_ATTR_MSG`` carries a message in English describing
the encountered problem. These messages are far more detailed
than what can be expressed thru standard UNIX error codes.
``NLMSGERR_ATTR_OFFS`` points to the attribute which caused the problem.
``NLMSGERR_ATTR_MISS_TYPE`` and ``NLMSGERR_ATTR_MISS_NEST``
inform about a missing attribute.
Extended ACKs can be reported on errors as well as in case of success.
The latter should be treated as a warning.
Extended ACKs greatly improve the usability of Netlink and should
always be enabled, appropriately parsed and reported to the user.
Advanced topics
===============
Dump consistency
----------------
Some of the data structures kernel uses for storing objects make
it hard to provide an atomic snapshot of all the objects in a dump
(without impacting the fast-paths updating them).
Kernel may set the ``NLM_F_DUMP_INTR`` flag on any message in a dump
(including the ``NLMSG_DONE`` message) if the dump was interrupted and
may be inconsistent (e.g. missing objects). User space should retry
the dump if it sees the flag set.
Introspection
-------------
The basic introspection abilities are enabled by access to the Family
object as reported in :ref:`res_fam`. User can query information about
the Generic Netlink family, including which operations are supported
by the kernel and what attributes the kernel understands.
Family information includes the highest ID of an attribute kernel can parse,
a separate command (``CTRL_CMD_GETPOLICY``) provides detailed information
about supported attributes, including ranges of values the kernel accepts.
Querying family information is useful in cases when user space needs
to make sure that the kernel has support for a feature before issuing
a request.
.. _nlmsg_pid:
nlmsg_pid
---------
:c:member:`nlmsghdr.nlmsg_pid` is the Netlink equivalent of an address.
It is referred to as Port ID, sometimes Process ID because for historical
reasons if the application does not select (bind() to) an explicit Port ID
kernel will automatically assign it the ID equal to its Process ID
(as reported by the getpid() system call).
Similarly to the bind() semantics of the TCP/IP network protocols the value
of zero means "assign automatically", hence it is common for applications
to leave the :c:member:`nlmsghdr.nlmsg_pid` field initialized to ``0``.
The field is still used today in rare cases when kernel needs to send
a unicast notification. User space application can use bind() to associate
its socket with a specific PID, it then communicates its PID to the kernel.
This way the kernel can reach the specific user space process.
This sort of communication is utilized in UMH (User Mode Helper)-like
scenarios when kernel needs to trigger user space processing or ask user
space for a policy decision.
Multicast notifications
-----------------------
One of the strengths of Netlink is the ability to send event notifications
to user space. This is a unidirectional form of communication (kernel ->
user) and does not involve any control messages like ``NLMSG_ERROR`` or
``NLMSG_DONE``.
For example the Generic Netlink family itself defines a set of multicast
notifications about registered families. When a new family is added the
sockets subscribed to the notifications will get the following message::
struct nlmsghdr:
__u32 nlmsg_len: 136
__u16 nlmsg_type: GENL_ID_CTRL
__u16 nlmsg_flags: 0
__u32 nlmsg_seq: 0
__u32 nlmsg_pid: 0
struct genlmsghdr:
__u8 cmd: CTRL_CMD_NEWFAMILY
__u8 version: 2
__u16 reserved: 0
struct nlattr:
__u16 nla_len: 10
__u16 nla_type: CTRL_ATTR_FAMILY_NAME
char data: test1\0
(padding:)
data: \0\0
struct nlattr:
__u16 nla_len: 6
__u16 nla_type: CTRL_ATTR_FAMILY_ID
__u16: 123 /* The Family ID we are after */
(padding:)
char data: \0\0
struct nlattr:
__u16 nla_len: 9
__u16 nla_type: CTRL_ATTR_FAMILY_VERSION
__u16: 1
/* ... etc, more attributes will follow. */
The notification contains the same information as the response
to the ``CTRL_CMD_GETFAMILY`` request.
The Netlink headers of the notification are mostly 0 and irrelevant.
The :c:member:`nlmsghdr.nlmsg_seq` may be either zero or a monotonically
increasing notification sequence number maintained by the family.
To receive notifications the user socket must subscribe to the relevant
notification group. Much like the Family ID, the Group ID for a given
multicast group is dynamic and can be found inside the Family information.
The ``CTRL_ATTR_MCAST_GROUPS`` attribute contains nests with names
(``CTRL_ATTR_MCAST_GRP_NAME``) and IDs (``CTRL_ATTR_MCAST_GRP_ID``) of
the groups family.
Once the Group ID is known a setsockopt() call adds the socket to the group:
.. code-block:: c
unsigned int group_id;
/* .. find the group ID... */
setsockopt(fd, SOL_NETLINK, NETLINK_ADD_MEMBERSHIP,
&group_id, sizeof(group_id));
The socket will now receive notifications.
It is recommended to use separate sockets for receiving notifications
and sending requests to the kernel. The asynchronous nature of notifications
means that they may get mixed in with the responses making the message
handling much harder.
Buffer sizing
-------------
Netlink sockets are datagram sockets rather than stream sockets,
meaning that each message must be received in its entirety by a single
recv()/recvmsg() system call. If the buffer provided by the user is too
short, the message will be truncated and the ``MSG_TRUNC`` flag set
in struct msghdr (struct msghdr is the second argument
of the recvmsg() system call, *not* a Netlink header).
Upon truncation the remaining part of the message is discarded.
Netlink expects that the user buffer will be at least 8kB or a page
size of the CPU architecture, whichever is bigger. Particular Netlink
families may, however, require a larger buffer. 32kB buffer is recommended
for most efficient handling of dumps (larger buffer fits more dumped
objects and therefore fewer recvmsg() calls are needed).
Classic Netlink
===============
The main differences between Classic and Generic Netlink are the dynamic
allocation of subsystem identifiers and availability of introspection.
In theory the protocol does not differ significantly, however, in practice
Classic Netlink experimented with concepts which were abandoned in Generic
Netlink (really, they usually only found use in a small corner of a single
subsystem). This section is meant as an explainer of a few of such concepts,
with the explicit goal of giving the Generic Netlink
users the confidence to ignore them when reading the uAPI headers.
Most of the concepts and examples here refer to the ``NETLINK_ROUTE`` family,
which covers much of the configuration of the Linux networking stack.
Real documentation of that family, deserves a chapter (or a book) of its own.
Families
--------
Netlink refers to subsystems as families. This is a remnant of using
sockets and the concept of protocol families, which are part of message
demultiplexing in ``NETLINK_ROUTE``.
Sadly every layer of encapsulation likes to refer to whatever it's carrying
as "families" making the term very confusing:
1. AF_NETLINK is a bona fide socket protocol family
2. AF_NETLINK's documentation refers to what comes after its own
header (struct nlmsghdr) in a message as a "Family Header"
3. Generic Netlink is a family for AF_NETLINK (struct genlmsghdr follows
struct nlmsghdr), yet it also calls its users "Families".
Note that the Generic Netlink Family IDs are in a different "ID space"
and overlap with Classic Netlink protocol numbers (e.g. ``NETLINK_CRYPTO``
has the Classic Netlink protocol ID of 21 which Generic Netlink will
happily allocate to one of its families as well).
Strict checking
---------------
The ``NETLINK_GET_STRICT_CHK`` socket option enables strict input checking
in ``NETLINK_ROUTE``. It was needed because historically kernel did not
validate the fields of structures it didn't process. This made it impossible
to start using those fields later without risking regressions in applications
which initialized them incorrectly or not at all.
``NETLINK_GET_STRICT_CHK`` declares that the application is initializing
all fields correctly. It also opts into validating that message does not
contain trailing data and requests that kernel rejects attributes with
type higher than largest attribute type known to the kernel.
``NETLINK_GET_STRICT_CHK`` is not used outside of ``NETLINK_ROUTE``.
Unknown attributes
------------------
Historically Netlink ignored all unknown attributes. The thinking was that
it would free the application from having to probe what kernel supports.
The application could make a request to change the state and check which
parts of the request "stuck".
This is no longer the case for new Generic Netlink families and those opting
in to strict checking. See enum netlink_validation for validation types
performed.
Fixed metadata and structures
-----------------------------
Classic Netlink made liberal use of fixed-format structures within
the messages. Messages would commonly have a structure with
a considerable number of fields after struct nlmsghdr. It was also
common to put structures with multiple members inside attributes,
without breaking each member into an attribute of its own.
This has caused problems with validation and extensibility and
therefore using binary structures is actively discouraged for new
attributes.
Request types
-------------
``NETLINK_ROUTE`` categorized requests into 4 types ``NEW``, ``DEL``, ``GET``,
and ``SET``. Each object can handle all or some of those requests
(objects being netdevs, routes, addresses, qdiscs etc.) Request type
is defined by the 2 lowest bits of the message type, so commands for
new objects would always be allocated with a stride of 4.
Each object would also have it's own fixed metadata shared by all request
types (e.g. struct ifinfomsg for netdev requests, struct ifaddrmsg for address
requests, struct tcmsg for qdisc requests).
Even though other protocols and Generic Netlink commands often use
the same verbs in their message names (``GET``, ``SET``) the concept
of request types did not find wider adoption.
Notification echo
-----------------
``NLM_F_ECHO`` requests for notifications resulting from the request
to be queued onto the requesting socket. This is useful to discover
the impact of the request.
Note that this feature is not universally implemented.
Other request-type-specific flags
---------------------------------
Classic Netlink defined various flags for its ``GET``, ``NEW``
and ``DEL`` requests in the upper byte of nlmsg_flags in struct nlmsghdr.
Since request types have not been generalized the request type specific
flags are rarely used (and considered deprecated for new families).
For ``GET`` - ``NLM_F_ROOT`` and ``NLM_F_MATCH`` are combined into
``NLM_F_DUMP``, and not used separately. ``NLM_F_ATOMIC`` is never used.
For ``DEL`` - ``NLM_F_NONREC`` is only used by nftables and ``NLM_F_BULK``
only by FDB some operations.
The flags for ``NEW`` are used most commonly in classic Netlink. Unfortunately,
the meaning is not crystal clear. The following description is based on the
best guess of the intention of the authors, and in practice all families
stray from it in one way or another. ``NLM_F_REPLACE`` asks to replace
an existing object, if no matching object exists the operation should fail.
``NLM_F_EXCL`` has the opposite semantics and only succeeds if object already
existed.
``NLM_F_CREATE`` asks for the object to be created if it does not
exist, it can be combined with ``NLM_F_REPLACE`` and ``NLM_F_EXCL``.
A comment in the main Netlink uAPI header states::
4.4BSD ADD NLM_F_CREATE|NLM_F_EXCL
4.4BSD CHANGE NLM_F_REPLACE
True CHANGE NLM_F_CREATE|NLM_F_REPLACE
Append NLM_F_CREATE
Check NLM_F_EXCL
which seems to indicate that those flags predate request types.
``NLM_F_REPLACE`` without ``NLM_F_CREATE`` was initially used instead
of ``SET`` commands.
``NLM_F_EXCL`` without ``NLM_F_CREATE`` was used to check if object exists
without creating it, presumably predating ``GET`` commands.
``NLM_F_APPEND`` indicates that if one key can have multiple objects associated
with it (e.g. multiple next-hop objects for a route) the new object should be
added to the list rather than replacing the entire list.
uAPI reference
==============
.. kernel-doc:: include/uapi/linux/netlink.h