From Fedora Project Wiki
IRC Log
| G__81 | this session is about Netlink Sockets. I would like this session to be as introduction to linux netlink sockets | 14:11 |
|---|---|---|
| G__81 | the second session could be more on the next level | 14:11 |
| G__81 | details | 14:11 |
| G__81 | ok now | 14:11 |
| G__81 | what are linux netlink sockets | 14:11 |
| G__81 | ? | 14:11 |
| G__81 | netlink sockets are very similar to normal sockets except that its basically used for user-space to kernel space communication and vice-versa | 14:12 |
| G__81 | so what do we achieve with this | 14:12 |
| G__81 | in the linux kernel there are many drivers which gets loaded when the system gets booted | 14:13 |
| G__81 | it could be network drivers, char drivers etc | 14:13 |
| G__81 | and once the driver gets loaded into the kernel you would need some means to configure that driver from user space. there are many options to do it | 14:13 |
| ... join!#fedora-classroom -> zer0c00l_(n=zer0c00l@117.97.150.19) | 14:14 | |
| G__81 | famous ones are ioctls, netlink sockets, procfs, and many more | 14:14 |
| LynuxDevil | ok. cool | 14:14 |
| ... signoff!#fedora-classroom -> zer0c00l(Read error: 104 (Connection reset by peer)) | 14:14 | |
| G__81 | they all at the end of the day do the same thing of having user space to kernel space communication but there is a small twist | 14:15 |
| G__81 | here | 14:15 |
| G__81 | let me explain it a little further | 14:15 |
| G__81 | with an example: Lets say i write a driver and i want to configure it from user space when i say configure lets say i want to send some data from user space. I could use ioctls to do it | 14:15 |
| G__81 | so what happens is that i get the data in the kernel driver and i process it | 14:16 |
| ... nick!zer0c00l_ -> zer0c00l | 14:16 | |
| G__81 | now what if i want the user space to get data from the kernel space how do i do it . Yeah i could still use ioctls but with ioctls the user space has to query the kernel space everytime for data ie | 14:17 |
| G__81 | the user space can get data by asking the kernel space whether you have it. If it does not have it, you dont get it but lets say you want the user space to get the data when the kernel space receives it rather than user space asking for it | 14:18 |
| G__81 | at that point of time | 14:18 |
| G__81 | you would need something else and you would get into netlinks | 14:18 |
| G__81 | a typical example is this | 14:18 |
| LynuxDevil | G__81: do you get a NULL pointer if you try to request a socket into a driver that does not exist? | 14:18 |
| LynuxDevil | I do not know that much about C or C++ | 14:19 |
| G__81 | lets say you have a finite state machine running in user space and its expecting some data from the kernel space and assume that the data its expecting is a packet from the kernel driver that you have written so how would your kernel driver give the data to the user space ( The complete packet) | 14:19 |
| G__81 | because you never know in the kernel driver when you would get the packet in the driver | 14:20 |
| ... join!#fedora-classroom -> MarilynManson(i=Randy@unaffiliated/reznor) | 14:20 | |
| G__81 | LynuxDevil, you dont get null pointers you get error codes | 14:20 |
| G__81 | LynuxDevil, the socket calls generally returns an error if the socket is not created | 14:21 |
| G__81 | and you cannot request a socket into the driver | 14:21 |
| LynuxDevil | oh | 14:21 |
| G__81 | any questions till now ? | 14:21 |
| LynuxDevil | MarilynManson: Hi, and welcome | 14:21 |
| G__81 | can i proceed ? | 14:21 |
| LynuxDevil | if it's OK with MarilynManson then yes | 14:22 |
| MarilynManson | proceed | 14:22 |
| * mharris suggests "man 7 netlink" and "man 3 netlink" as useful reading materials also | 14:22 | |
| LynuxDevil | he would want logs of this channel, I'm sure | 14:22 |
| LynuxDevil | ok, let's go | 14:22 |
| G__81 | ok | 14:23 |
| G__81 | now how does this communication happen between user space and kernel space driver | 14:23 |
| ... join!#fedora-classroom -> stanback(n=stanback@h41.158.19.98.ip.windstream.net) | 14:23 | |
| LynuxDevil | yeah, good question, how does it? | 14:23 |
| G__81 | how many here have some knowledge on kernel networking drivers or any drivers for that matter? | 14:23 |
| LynuxDevil | not me | 14:24 |
| l0nwlf_ | neither me | 14:24 |
| MarilynManson | I have some experience installing drivers | 14:24 |
| zer0c00l | G__81, no i dont have | 14:24 |
| LynuxDevil | I want to become a kernel developer but at the age of 15 uhh...I need skills, that's all I can say | 14:24 |
| G__81 | ok.. in that case i ll explain some stuff before i get into this | 14:24 |
| LynuxDevil | I can do the installing drivers, the math, and soon the C | 14:24 |
| G__81 | so that you would know how it works and visualize it | 14:24 |
| LynuxDevil | but no more besides compiling the kernel with make menuconfig | 14:24 |
| LynuxDevil | I have made tons of kernels, and they where all optimized and worked great, except for one or two | 14:25 |
| G__81 | i guess then today's session could be more on introduction and the next sessions i could have code walk throughs in the linux kernel with respect to netlinks | 14:25 |
| G__81 | ok now coming back to the topic | 14:25 |
| G__81 | when we do ifconfig you see eth0, eth1 and so on | 14:25 |
| LynuxDevil | uh huh | 14:26 |
| LynuxDevil | yeah | 14:26 |
| G__81 | how does this happen | 14:26 |
| G__81 | let me give you an example: | 14:26 |
| LynuxDevil | files in /proc/net/ get accessed and maybe NetLink | 14:26 |
| LynuxDevil | you can "fix" the permissions of files in /proc/net/ to restrict access to info about interfaces from normal users | 14:26 |
| LynuxDevil | ok, go on | 14:27 |
| G__81 | no | 14:27 |
| G__81 | i ll tell you why | 14:27 |
| G__81 | before i proceed | 14:27 |
| LynuxDevil | ok | 14:27 |
| G__81 | ok how do 2 processes in user space communicate with each other ? | 14:28 |
| G__81 | or rather whats that that makes a process unique ? | 14:28 |
| G__81 | or how does the kernel distinguish one process from an other ? | 14:28 |
| mharris | PID | 14:29 |
| G__81 | perfect | 14:29 |
| G__81 | yes | 14:29 |
| LynuxDevil | yes | 14:29 |
| LynuxDevil | PID | 14:29 |
| zer0c00l | 2 process commn with each other using IPC mechs like dbus | 14:29 |
| G__81 | yeah zer0c00l | 14:29 |
| LynuxDevil | yep | 14:29 |
| LynuxDevil | and? | 14:29 |
| G__81 | now if you take the same aspect, the kernel module drivers which gets loaded into the kernel is not run as a process when you do a ps -ef it does not show the kernel drivers | 14:30 |
| G__81 | right? | 14:30 |
| ... signoff!#fedora-classroom -> killefiz(Remote closed the connection) | 14:30 | |
| G__81 | so when it does not have a process ID how does the user space program know that i want to communicate to driver A and not with driver B | 14:30 |
| ... join!#fedora-classroom -> killefiz(n=sven@fedora/killefiz) | 14:30 | |
| LynuxDevil | yes | 14:30 |
| LynuxDevil | right | 14:30 |
| G__81 | yes for that you need a name/number which identifies your driver | 14:31 |
| G__81 | it differs on the type of the driver that you write | 14:31 |
| LynuxDevil | G__81: it asks the kernel by looking in /sys/, /proc/, /config/, or /security/, and then it goes on to NetLink | 14:31 |
| G__81 | what can it ask ? | 14:31 |
| G__81 | it either should know something to ask | 14:31 |
| LynuxDevil | you give your module a struct that specifies it's name and other info | 14:31 |
| LynuxDevil | G__81: the kernel, about it's currently loaded modules | 14:32 |
| G__81 | you mean in the user space ? | 14:32 |
| LynuxDevil | yes, in your C file | 14:32 |
| G__81 | C file in the sense ? | 14:32 |
| G__81 | user space or kernel space ? | 14:32 |
| LynuxDevil | a C file for a kernel module, in kernel | 14:32 |
| G__81 | both are C files :) | 14:32 |
| ... join!#fedora-classroom -> MostafaDaneshvar(n=MostafaD@unaffiliated/mostafadaneshvar) | 14:33 | |
| LynuxDevil | I expect FUSE to use netlink as well | 14:33 |
| G__81 | how does the user space program know that there is a driver A exists and i want to send Hello to A and not to B driver | 14:33 |
| LynuxDevil | it asks the kernel | 14:33 |
| LynuxDevil | what else? | 14:33 |
| G__81 | ask what ? | 14:33 |
| LynuxDevil | asks it about loaded drivers it can contafct | 14:33 |
| LynuxDevil | then it picks a module, and there you go | 14:33 |
| LynuxDevil | it communicates with that module using netlink or files | 14:34 |
| LynuxDevil | and? | 14:34 |
| G__81 | hmmm you are kind of right but let me explain it more | 14:34 |
| G__81 | now lets say you write the networking driver and you want that driver to be communicated from user space | 14:35 |
| G__81 | what do you do is this | 14:35 |
| ... signoff!#fedora-classroom -> nowx("Leaving") | 14:35 | |
| ... signoff!#fedora-classroom -> jainbasil(Read error: 110 (Connection timed out)) | 14:35 | |
| LynuxDevil | my UML kernel is still compiling by the way | 14:35 |
| G__81 | 1. allocate memory for the data structure (eg:net_device if its a networking driver) 2. initialize the necessary params. 3. Register that driver/interface with the kernel | 14:36 |
| G__81 | now when i say register with the kernel | 14:36 |
| G__81 | what happens is that | 14:36 |
| ... leave!#fedora-classroom -> micha_silver("Leaving") | 14:36 | |
| G__81 | when the driver is loaded using modprobe my_driver | 14:36 |
| G__81 | the driver gets registered with the kernel and when you do ifconfig | 14:37 |
| LynuxDevil | wow, really helpful | 14:37 |
| G__81 | you would see my_driver in the list | 14:37 |
| G__81 | now lets zoom that registering part a little more | 14:37 |
| LynuxDevil | :) | 14:37 |
| LynuxDevil | I will love to see that | 14:37 |
| LynuxDevil | I should get my Mom's friend Sharon in here, she might like this. She uses Windows though | 14:38 |
| G__81 | for creating an interface/driver with name "my_if0" you would need to give a name for it which would be a #define | 14:38 |
| G__81 | #define DRV_NAME "my_if0" | 14:38 |
| LynuxDevil | yes | 14:38 |
| G__81 | now that has to be unique | 14:39 |
| LynuxDevil | I've made little C programs before, and a C++ one that draws a square, a triangle, and a rectangle, with configurable sizes for each | 14:39 |
| LynuxDevil | MarilynManson: add me on Skype | 14:39 |
| ... signoff!#fedora-classroom -> openpercept("Leaving") | 14:40 | |
| G__81 | now when you create memory for your interface "my_if0" you need to tell the kernel that i need memory for this interface which is my_if0 and the kernel would allocate and return an instance of net_device data structure | 14:40 |
| G__81 | whats net_device data structure ? | 14:40 |
| G__81 | any idea ? | 14:40 |
| G__81 | ok let me explain | 14:40 |
| LynuxDevil | char* name; char* ver_magic; char* compatible_versions; <some more stuff> | 14:40 |
| LynuxDevil | something like that | 14:41 |
| ... join!#fedora-classroom -> zer0c00l_(n=zer0c00l@117.97.150.19) | 14:41 | |
| LynuxDevil | oh | 14:41 |
| LynuxDevil | net_device | 14:41 |
| LynuxDevil | well, I dunno | 14:41 |
| G__81 | net_device is a data structure which is maintained in the linux kernel for each device in the kernel. When i say each device i mean each interface (eth0,eth1,eth2 etc) | 14:41 |
| ... signoff!#fedora-classroom -> zer0c00l_(Client Quit) | 14:42 | |
| G__81 | so the kernel maintains each and every interface in net_device | 14:42 |
| G__81 | if you have 2 physical cards in your system eth0,eth1 you would need to have 2 instances of net_device data structures | 14:43 |
| G__81 | any questions ? | 14:43 |
| G__81 | till now ? | 14:43 |
| G__81 | ok | 14:44 |
| G__81 | let me proceed | 14:44 |
| G__81 | now this name for each driver becomes unique and hence when you need to talk to your driver from user space you give this name and start talking | 14:45 |
| G__81 | got it ? | 14:45 |
| mharris | yup | 14:45 |
| G__81 | ok now | 14:45 |
| G__81 | let me take an example of netlinks and tell you how it works | 14:45 |
| G__81 | lets say you have done the basic stuff of creating a interface for your driver which is myif0 and you have registered with the kernel and now you want to start off with the netlinks | 14:46 |
| G__81 | what we do is | 14:46 |
| G__81 | in the driver | 14:46 |
| G__81 | you open a socket | 14:46 |
| G__81 | with the call | 14:46 |
| LynuxDevil | no | 14:46 |
| LynuxDevil | no questions | 14:47 |
| G__81 | which is netlink_kernel_create | 14:47 |
| ... signoff!#fedora-classroom -> MostafaDaneshvar("Leaving.") | 14:48 | |
| G__81 | and to this API what we give is a number of arguments | 14:48 |
| G__81 | a number, group_number,a function pointer and an instance of struct module | 14:48 |
| G__81 | what are those | 14:49 |
| G__81 | the number can be any number lets say you give the number 10 then you need to give the same number in the user space too | 14:50 |
| G__81 | whats the group number. group number is given if you are going to send it to some many groups | 14:50 |
| G__81 | 2 or more drivers need to receive that message then you could use that option | 14:50 |
| G__81 | the third argument is the function pointer where in a function is given | 14:51 |
| G__81 | that function gets trigerred when a message in the kernel space is received from the user space | 14:51 |
| G__81 | fourth paarameter which is an instance of struct module ; you basically give THIS_MODULE which identifies this particular instance of the module | 14:52 |
| G__81 | any questions ? | 14:52 |
| G__81 | so when you send some data from user space example: Hello world the function which is given as a parameter in the netlink_kernel_create gets called automatically | 14:52 |
| G__81 | and you could print that data hello world | 14:53 |
| G__81 | i ll tell you on how to print it and how to get data from the user space a little later | 14:53 |
| G__81 | any questions ? | 14:53 |
| LynuxDevil | no | 14:54 |
| G__81 | ok now | 14:54 |
| G__81 | the driver know that i ve got hello world now lets say the driver wants to say "Thank you" to User space program how does the driver know about the user space program | 14:54 |
| G__81 | the answer is | 14:54 |
| LynuxDevil | yes? | 14:55 |
| G__81 | when user space program sends some data from user space to the kernel driver, the user space program fills its own PID in the Netlink message header where in there is a field to fill in the sender's PID and when the kernel driver receives it just responds to hello world by putting the user space PID as destination PID and sends it back | 14:55 |
| LynuxDevil | wow! | 14:56 |
| G__81 | :) | 14:57 |
| G__81 | the command in linux "route" which adds a routing entry into the routing table uses netlink sockets | 14:57 |
| G__81 | and the kernel audit daemon, udev uses netlink sockets to communicate with user space | 14:57 |
| LynuxDevil | I am coloring my laptop red with Permi Mark | 14:57 |
| LynuxDevil | er | 14:57 |
| LynuxDevil | cool | 14:58 |
| G__81 | any questions ? | 14:58 |
| LynuxDevil | no | 14:59 |
| G__81 | the netlink messages have a header and a payload | 14:59 |
| zer0c00l | no | 14:59 |
| G__81 | the header contains information like PID , length,type of the message, sequence number | 15:00 |
| G__81 | if you want to send some information from user space | 15:00 |
| G__81 | you would basically fill the structure | 15:00 |
| G__81 | which contains this | 15:00 |
| G__81 | nlmsghdr | 15:00 |
| G__81 | { | 15:00 |
| G__81 | __u32 nlmsg_len; /* Length of message including header */ | 15:00 |
| G__81 | __u16 nlmsg_type; /* Message content */ | 15:00 |
| G__81 | __u16 nlmsg_flags; /* Additional flags */ | 15:00 |
| G__81 | __u32 nlmsg_seq; /* Sequence number */ | 15:00 |
| G__81 | __u32 nlmsg_pid; /* Sending process PID */ | 15:00 |
| G__81 | msg_Type could be "your message" and PID would be your User Space PID | 15:01 |
| mharris | G__81: Have you used Netlink for IDS type software? | 15:01 |
| G__81 | IDS ? | 15:01 |
| mharris | intrusion detection | 15:01 |
| G__81 | i ve not used for intrusion detection but i ve used netlinks to quite a good extent | 15:01 |
| mharris | ie: matching network packets and passing them to userspace for analysis | 15:02 |
| G__81 | you could do it | 15:02 |
| G__81 | i ve done something similar to that yes | 15:02 |
| G__81 | but not IDS exactly but passing packets to user space, i ve done it though | 15:02 |
| mharris | I've always wanted to fiddle with that type of thing in the past, but hadn't really looked into it. | 15:02 |
| G__81 | oh ok if you have any doubts you could let me know and netlinks are quite big and i could have a separate session on code walk throughs if you all wish to | 15:03 |
| mharris | Just wondered if something like that could be covered as well, perhaps at a future date or something. | 15:03 |
| mharris | yeah, that'd be interesting | 15:03 |
| G__81 | yeah if you wish to do it exactly on how to send data to user space we could take that scenario and i could explain on how to architect that with code snippets | 15:04 |
| G__81 | if you want to :) | 15:04 |
| LynuxDevil | yes | 15:04 |
| LynuxDevil | if you help me to teach me C, I will code a IDS with netlink support | 15:05 |
| G__81 | ok then i can add it in the Class room link and i would let you know the timings | 15:05 |
| G__81 | ok now if you dont have any more questions i guess we could get into the specifics of netlinks in the next session | 15:05 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!