Netlink Communication between Kernel and User space

Last year, I have used Netlink in my development work for collecting some events from kernel space. I present in this post some basic practice I have done when I learnt to program with Netlink.

Introduction

Netlink is a Linux kernel interface used for inter-process communication (IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the Unix domain sockets. Similarly to the Unix domain sockets, and unlike INET sockets, Netlink communication cannot traverse host boundaries. Netlink provides a standard socket-based interface for userspace processes, and a kernel-side API for internal use by kernel modules. Originally, Netlink used the AF_NETLINK socket family. Netlink is designed to be a more flexible successor to ioctl; RFC 3549 describes the protocol in detail.

My practice

Kernel module

Below is the content of my source file “netlink_kernel.c” which yields a kernel module. There is macro MY_NETLINK 30 which defines my customized netlink protocol. One can also choose available protocols such like NETLINK_ROUTE or NETLINK_INET_DIAG. All available protocols can be seen in this page. Function netlink_kernel_create() creates a netlink socket for user space application to communicate with. More information about netlink programming can found here.

netlink_kernel.c

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#include <linux/module.h>
#include <net/sock.h>
#include <linux/netlink.h>
#include <linux/skbuff.h>

/*
refer to https://elixir.bootlin.com/linux/v5.15.13/source/include/linux/netlink.h
*/

#define MY_NETLINK 30 // cannot be larger than 31, otherwise we shall get "insmod: ERROR: could not insert module netlink_kernel.ko: No child processes"


struct sock *nl_sk = NULL;

static void myNetLink_recv_msg(struct sk_buff *skb)
{
struct nlmsghdr *nlhead;
struct sk_buff *skb_out;
int pid, res, msg_size;
char *msg = "Hello msg from kernel";


printk(KERN_INFO "Entering: %s\n", __FUNCTION__);

msg_size = strlen(msg);

nlhead = (struct nlmsghdr*)skb->data; //nlhead message comes from skb's data... (sk_buff: unsigned char *data)

printk(KERN_INFO "MyNetlink has received: %s\n",(char*)nlmsg_data(nlhead));


pid = nlhead->nlmsg_pid; // Sending process port ID, will send new message back to the 'user space sender'


skb_out = nlmsg_new(msg_size, 0); //nlmsg_new - Allocate a new netlink message: skb_out

if(!skb_out)
{
printk(KERN_ERR "Failed to allocate new skb\n");
return;
}

nlhead = nlmsg_put(skb_out, 0, 0, NLMSG_DONE, msg_size, 0); // Add a new netlink message to an skb

NETLINK_CB(skb_out).dst_group = 0;


strncpy(nlmsg_data(nlhead), msg, msg_size); //char *strncpy(char *dest, const char *src, size_t count)

res = nlmsg_unicast(nl_sk, skb_out, pid);

if(res < 0)
printk(KERN_INFO "Error while sending back to user\n");
}

static int __init myNetLink_init(void)
{
struct netlink_kernel_cfg cfg = {
.input = myNetLink_recv_msg,
};

/*netlink_kernel_create() returns a pointer, should be checked with == NULL */
nl_sk = netlink_kernel_create(&init_net, MY_NETLINK, &cfg);
printk("Entering: %s, protocol family = %d \n",__FUNCTION__, MY_NETLINK);
if(!nl_sk)
{
printk(KERN_ALERT "Error creating socket.\n");
return -10;
}

printk("MyNetLink Init OK!\n");
return 0;
}

static void __exit myNetLink_exit(void)
{
printk(KERN_INFO "exiting myNetLink module\n");
netlink_kernel_release(nl_sk);
}

module_init(myNetLink_init);
module_exit(myNetLink_exit);
MODULE_LICENSE("GPL");

User space application

Below are the content of my file “netlink_client.c”. This program shall open a netlink socket with the same protocol and allow user to send/receive msg to/from kernel module in previous section.

netlink_client.c

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <string.h>
#include <asm/types.h>
#include <linux/netlink.h>
#include <linux/socket.h>
#include <errno.h>

#define NETLINK_USER 30 // same customized protocol as in my kernel module
#define MAX_PAYLOAD 1024 // maximum payload size

struct sockaddr_nl src_addr, dest_addr;
struct nlmsghdr *nlh = NULL;
struct nlmsghdr *nlh2 = NULL;
struct msghdr msg, resp; // famous struct msghdr, it includes "struct iovec * msg_iov;"
struct iovec iov, iov2;
int sock_fd;

int main(int args, char *argv[])
{
//int socket(int domain, int type, int protocol);
sock_fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_USER); //NETLINK_KOBJECT_UEVENT

if(sock_fd < 0)
return -1;

memset(&src_addr, 0, sizeof(src_addr));
src_addr.nl_family = AF_NETLINK;
src_addr.nl_pid = getpid(); /* self pid */

//int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
if(bind(sock_fd, (struct sockaddr*)&src_addr, sizeof(src_addr))){
perror("bind() error\n");
close(sock_fd);
return -1;
}

memset(&dest_addr, 0, sizeof(dest_addr));
dest_addr.nl_family = AF_NETLINK;
dest_addr.nl_pid = 0; /* For Linux Kernel */
dest_addr.nl_groups = 0; /* unicast */

//nlh: contains "Hello" msg
nlh = (struct nlmsghdr *)malloc(NLMSG_SPACE(MAX_PAYLOAD));
memset(nlh, 0, NLMSG_SPACE(MAX_PAYLOAD));
nlh->nlmsg_len = NLMSG_SPACE(MAX_PAYLOAD);
nlh->nlmsg_pid = getpid(); //self pid
nlh->nlmsg_flags = 0;

//nlh2: contains received msg
nlh2 = (struct nlmsghdr *)malloc(NLMSG_SPACE(MAX_PAYLOAD));
memset(nlh2, 0, NLMSG_SPACE(MAX_PAYLOAD));
nlh2->nlmsg_len = NLMSG_SPACE(MAX_PAYLOAD);
nlh2->nlmsg_pid = getpid(); //self pid
nlh2->nlmsg_flags = 0;

strcpy(NLMSG_DATA(nlh), "Hello this is a msg from userspace"); //put "Hello" msg into nlh

iov.iov_base = (void *)nlh; //iov -> nlh
iov.iov_len = nlh->nlmsg_len;
msg.msg_name = (void *)&dest_addr; //msg_name is Socket name: dest
msg.msg_namelen = sizeof(dest_addr);
msg.msg_iov = &iov; //msg -> iov
msg.msg_iovlen = 1;

iov2.iov_base = (void *)nlh2; //iov -> nlh2
iov2.iov_len = nlh2->nlmsg_len;
resp.msg_name = (void *)&dest_addr; //msg_name is Socket name: dest
resp.msg_namelen = sizeof(dest_addr);
resp.msg_iov = &iov2; //resp -> iov
resp.msg_iovlen = 1;



printf("Sending message to kernel\n");

int ret = sendmsg(sock_fd, &msg, 0);
printf("send ret: %d\n", ret);

printf("Waiting for message from kernel\n");

/* Read message from kernel */
recvmsg(sock_fd, &resp, 0); //msg is also receiver for read

printf("Received message payload: %s\n", (char *) NLMSG_DATA(nlh2));

char usermsg[MAX_PAYLOAD];
while (1) {
printf("Input your msg for sending to kernel: ");
scanf("%s", usermsg);

strcpy(NLMSG_DATA(nlh), usermsg); //put "Hello" msg into nlh


printf("Sending message \" %s \" to kernel\n", usermsg);

ret = sendmsg(sock_fd, &msg, 0);
printf("send ret: %d\n", ret);

printf("Waiting for message from kernel\n");

/* Read message from kernel */
recvmsg(sock_fd, &resp, 0); //msg is also receiver for read

printf("Received message payload: %s\n", (char *)NLMSG_DATA(nlh2));

}
close(sock_fd);

return 0;
}

Makefile

Create a Makefile with the following content which will enable us to easily compile the source files.

Makefile

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
obj-m += netlink_kernel.o

#generate the path
CURRENT_PATH:=$(shell pwd)

#the current kernel version number
LINUX_KERNEL:=$(shell uname -r)

#the absolute path
LINUX_KERNEL_PATH:=/usr/src/linux-headers-$(LINUX_KERNEL)



#complie object
# extension of "make modules" cmd with -C option and "M=dir" configuration
# this cmd will switch working directory to the given path followed by the -C option
# and will search specified source files from the given path configured by "M="
# and compile them to generate ko files

all:
@echo $(LINUX_KERNEL_PATH)
make -C $(LINUX_KERNEL_PATH) M=$(CURRENT_PATH) modules

client:
gcc netlink_client.c -o netlink_client -g

#clean
clean:
make -C $(LINUX_KERNEL_PATH) M=$(CURRENT_PATH) clean
rm netlink_client

Test the communication

Make sure that files “netlink_kernel.c”, “netlink_client.c” and “Makefile” are in the same directory. In a Linux terminal window, cd into this directory and start the compilation:

1
2
make 
make client

Normally kernel module file “netlink_kernel.ko” and user application file “netlink_client” will be generated.

Load the generated kernel module “netlink_kernel.ko” to linux kernel:

1
sudo insmod netlink_kernel.ko

Execute in a new terminal the following cmd to monitor the kernel messages:

1
dmesg -Hw

Now start the user application to start the communication:

1
./netlink_client

Below is the screenshot of my test:
Image description