DEV Community: Zdenko Vrabel The latest articles on DEV Community by Zdenko Vrabel (@sn3d). https://dev.to/sn3d https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F408950%2F0c6258d2-6fe5-47ee-8650-9634b13bc3dd.jpeg DEV Community: Zdenko Vrabel https://dev.to/sn3d en Introduction to Netlink with Go Zdenko Vrabel Sun, 28 Apr 2024 11:44:30 +0000 https://dev.to/sn3d/introduction-to-netlink-with-go-b7f https://dev.to/sn3d/introduction-to-netlink-with-go-b7f <p>A few years back, I got really interested in understanding how Docker and containers work. One area that grabbed my attention was containers and networking. Docker handles networking pretty simply. It mainly relies on virtual interfaces, bridges, NAT routing, and other features provided by the Linux operating system. But I won't be focusing on Docker and networking in this article.</p> <p>As I delved deeper, I became curious about how Docker do all this networking. If you're like me—a developer who spends almost all their time in user space—you're probably familiar with interacting with the kernel through syscalls or the filesystem (like <code>/proc</code>). At first, I had this naive idea that OS had some kind of magic syscall or something in <code>/proc</code> that Docker was tapping into. But nope, I was way off. In Docker's code, I discovered another method: Netlink.</p> <p>So, what is Netlink? It's another way of exchanging information between user space and the kernel. But this time, the socket-like way. Think of Netlink as a direct socket connection into the kernel, allowing you to send and receive messages. This approach is quite interesting, because I can do asynchronous communication with the kernel or simply listening for messages from the kernel in user space.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8mvfknvofvi5lh0zkqup.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8mvfknvofvi5lh0zkqup.png" alt="netlink" width="800" height="546"></a></p> <p>With Netlink, I can communicate with various kernel subsystems. For example, I can receive events from SELinux, updates about routing or network links, and even modify routing tables and IP addresses.</p> <p>If you're comfortable with basic socket programming like me, handling Netlink could be easy to understand. All you need to do is open a socket to the kernel, address the subsystem, and send or receive binary messages.</p> <h2> Bring interface UP </h2> <p>Let's get practical here. Let's start with something super basic—like a Netlink <code>hello world</code>. One of the simplest examples I could think of is enabling an network interface. On my system, I've got this <code>veth0</code> interface sitting there, in the <code>DOWN</code> state:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>ip <span class="nb">link</span> ... 78: veth0@veth1: &lt;BROADCAST,MULTICAST&gt; mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000 <span class="nb">link</span>/ether de:8f:4e:7e:9c:cd brd ff:ff:ff:ff:ff:ff </code></pre> </div> <p>I'd like to write my own simple Go program to execute <code>ip link set veth1 up</code>.</p> <p>One note before I start: Since I want to use syscalls and related data structures, I'll need to install the Go <code>golang.org/x/sys</code> package.</p> <p>Let's begin by establishing the socket. The Netlink socket is created using <code>unix.Socket()</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// open the Netlink socket </span> <span class="n">sock</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">unix</span><span class="o">.</span><span class="n">Socket</span><span class="p">(</span> <span class="n">unix</span><span class="o">.</span><span class="n">AF_NETLINK</span><span class="p">,</span> <span class="n">unix</span><span class="o">.</span><span class="n">SOCK_RAW</span><span class="p">,</span> <span class="n">unix</span><span class="o">.</span><span class="n">NETLINK_ROUTE</span><span class="p">,</span> <span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Error creating socket: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">unix</span><span class="o">.</span><span class="n">Close</span><span class="p">(</span><span class="n">sock</span><span class="p">)</span> </code></pre> </div> <p>Instead of the <code>AF_INET</code> domain, which we typically use for TCP/IP communication, I'm using <code>AF_NETLINK</code>. What's also interesting here is the last parameter. This value determines which subsystem I want to communicate with. It could be <code>NETLINK_NETFILTER</code>, <code>NETLINK_SELINUX</code>, and so on. I'm opting for <code>NETLINK_ROUTE</code>, which is dedicated to interfaces, links, IP addresses, and such.</p> <p>However, just having the socket isn't enough. In TCP/IP communication, we associate a socket with a specific network address using <code>bind()</code>. Similarly, in Netlink, I'll set what group and port ID (PID) I want to use. For simplicity, I'll use values of <code>0</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// bind the socket to group and PID</span> <span class="n">err</span> <span class="o">=</span> <span class="n">unix</span><span class="o">.</span><span class="n">Bind</span><span class="p">(</span><span class="n">sock</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">unix</span><span class="o">.</span><span class="n">SockaddrNetlink</span><span class="p">{</span> <span class="n">Family</span><span class="o">:</span> <span class="n">unix</span><span class="o">.</span><span class="n">AF_NETLINK</span><span class="p">,</span> <span class="n">Groups</span><span class="o">:</span> <span class="m">0</span><span class="p">,</span> <span class="n">Pid</span><span class="o">:</span> <span class="m">0</span><span class="p">,</span> <span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Error in binding socket: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> </code></pre> </div> <h2> Create and send message </h2> <p>The easy part is done. At this point, I've got everything ready for sending and receiving messages. Now comes the tricky part—building and parsing Netlink messages. Like in many binary protocols, the Netlink message consists of a header and payload.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe2ke5n4sguqd7vckshdx.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe2ke5n4sguqd7vckshdx.png" alt="Message" width="800" height="312"></a></p> <p>Let's start from the end—with the payload. The payload is all about what I want to do or get from Netlink. In my case, it's about enabling a network interface. Therefore, I'll use <code>IfInfomsg</code>, where I'll set the <code>Change</code> field to <code>IFF_UP</code>. The good news is that the structure is available in the <code>golang.org/x/sys</code> package, so I don't need to write it from scratch.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">payload</span> <span class="o">:=</span> <span class="n">unix</span><span class="o">.</span><span class="n">IfInfomsg</span><span class="p">{</span> <span class="n">Family</span><span class="o">:</span> <span class="n">unix</span><span class="o">.</span><span class="n">AF_UNSPEC</span><span class="p">,</span> <span class="n">Change</span><span class="o">:</span> <span class="n">unix</span><span class="o">.</span><span class="n">IFF_UP</span><span class="p">,</span> <span class="n">Flags</span><span class="o">:</span> <span class="n">unix</span><span class="o">.</span><span class="n">IFF_UP</span><span class="p">,</span> <span class="n">Index</span><span class="o">:</span> <span class="kt">int32</span><span class="p">(</span><span class="n">ethIndex</span><span class="p">),</span> <span class="c">// index of network interface I would like to enable (in my case it's 79 - veth1)</span> <span class="p">}</span> </code></pre> </div> <p>Then, I need to build a header. The header carries information like the type of the payload or the total length of the whole message. The structure for the header is <code>NlMsghdr</code>. The type I need to set is <code>RTM_NEWLINK</code>, which is related to the <code>IfInfomsg</code> payload.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// total length of message is size of header + size of payload</span> <span class="n">length</span> <span class="o">:=</span> <span class="n">unix</span><span class="o">.</span><span class="n">SizeofNlMsghdr</span> <span class="o">+</span> <span class="n">unix</span><span class="o">.</span><span class="n">SizeofIfInfomsg</span> <span class="n">header</span> <span class="o">:=</span> <span class="n">unix</span><span class="o">.</span><span class="n">NlMsghdr</span><span class="p">{</span> <span class="n">Len</span><span class="o">:</span> <span class="kt">uint32</span><span class="p">(</span><span class="n">length</span><span class="p">),</span> <span class="n">Type</span><span class="o">:</span> <span class="kt">uint16</span><span class="p">(</span><span class="n">unix</span><span class="o">.</span><span class="n">RTM_NEWLINK</span><span class="p">),</span> <span class="n">Flags</span><span class="o">:</span> <span class="kt">uint16</span><span class="p">(</span><span class="n">unix</span><span class="o">.</span><span class="n">NLM_F_REQUEST</span><span class="p">)</span> <span class="o">|</span> <span class="kt">uint16</span><span class="p">(</span><span class="n">unix</span><span class="o">.</span><span class="n">NLM_F_ACK</span><span class="p">),</span> <span class="n">Seq</span><span class="o">:</span> <span class="m">1</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>Alright, the message should be almost ready. I just need to put the header and payload into one message structure. I'll create an anonymous structure and fill it with the payload and header:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">msg</span> <span class="o">:=</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">header</span> <span class="n">unix</span><span class="o">.</span><span class="n">NlMsghdr</span> <span class="n">payload</span> <span class="n">unix</span><span class="o">.</span><span class="n">IfInfomsg</span> <span class="p">}{</span> <span class="n">header</span><span class="o">:</span> <span class="n">header</span><span class="p">,</span> <span class="n">payload</span><span class="o">:</span> <span class="n">payload</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>The message is ready, and I could write the message data into the socket. But before I call <code>Sendto()</code>, I need to convert the message structure to an array (or slice) of bytes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// first I need convert the `msg` to slice of bytes</span> <span class="k">var</span> <span class="n">asByteSlice</span> <span class="p">[]</span><span class="kt">byte</span> <span class="o">=</span> <span class="p">(</span><span class="o">*</span><span class="p">(</span><span class="o">*</span><span class="p">[</span><span class="n">unix</span><span class="o">.</span><span class="n">SizeofNlMsghdr</span> <span class="o">+</span> <span class="n">unix</span><span class="o">.</span><span class="n">SizeofIfInfomsg</span><span class="p">]</span><span class="kt">byte</span><span class="p">)(</span><span class="n">unsafe</span><span class="o">.</span><span class="n">Pointer</span><span class="p">(</span><span class="o">&amp;</span><span class="n">msg</span><span class="p">)))[</span><span class="o">:</span><span class="p">]</span> <span class="c">// write the data to the socket</span> <span class="n">err</span> <span class="o">=</span> <span class="n">unix</span><span class="o">.</span><span class="n">Sendto</span><span class="p">(</span><span class="n">sock</span><span class="p">,</span> <span class="n">asByteSlice</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">unix</span><span class="o">.</span><span class="n">SockaddrNetlink</span><span class="p">{</span><span class="n">Family</span><span class="o">:</span> <span class="n">unix</span><span class="o">.</span><span class="n">AF_NETLINK</span><span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Could not write message to socket:%s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h2> Receiving message </h2> <p>At this point, if I compile and run my simple program with root privileges, the code will bring the <code>veth1</code> interface up. Mission accomplished. Right? But what about receiving messages?</p> <p>Receiving messages might be complicated. The messages might be large, or the information might be broken into multiple pieces. There are various factors to consider. But I'll stick with my simple scenario. I just want to know if my <code>up</code> operation failed or if it was successful.</p> <p>To receive the response, I'll use <code>unix.Recvfrom()</code>, which will read all remaining data from the socket into the <code>buf</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="n">buf</span> <span class="p">[</span><span class="m">1024</span><span class="p">]</span><span class="kt">byte</span> <span class="n">n</span><span class="p">,</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">unix</span><span class="o">.</span><span class="n">Recvfrom</span><span class="p">(</span><span class="n">sock</span><span class="p">,</span> <span class="n">buf</span><span class="p">[</span><span class="o">:</span><span class="p">],</span> <span class="m">0</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Could not read data from socket: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> </code></pre> </div> <p>The next step is parsing the received raw data. Here, I'll use <code>ParseNetlinkMessage()</code> to do just that.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// parse data to messages</span> <span class="n">msgs</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">syscall</span><span class="o">.</span><span class="n">ParseNetlinkMessage</span><span class="p">(</span><span class="n">buf</span><span class="p">[</span><span class="o">:</span><span class="n">n</span><span class="p">])</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Could not parse the response: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> </code></pre> </div> <p>The function will return parsed data as an array of <code>[]NetlinkMessage</code>. The <code>NetlinkMessage</code> is a simple structure with <code>Header</code> and <code>Data</code>. The <code>Header</code> is <code>NlMsghdr</code>, and <code>Data</code> is an array of bytes. Based on the type in the <code>Header</code>, I can cast the <code>Data</code> to the proper type. In my case, the first response message will be <code>NLMSG_ERROR</code>, so I'll cast <code>Data</code> to <code>NlMsgerr</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// the first received message must be `NLMSG_ERROR`</span> <span class="k">if</span> <span class="n">msgs</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Type</span> <span class="o">!=</span> <span class="n">unix</span><span class="o">.</span><span class="n">NLMSG_ERROR</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"The first received message is not NLMSG_ERROR</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="c">// cast the data to NlMsgerr payload</span> <span class="n">errPayload</span> <span class="o">:=</span> <span class="p">(</span><span class="o">*</span><span class="n">unix</span><span class="o">.</span><span class="n">NlMsgerr</span><span class="p">)(</span><span class="n">unsafe</span><span class="o">.</span><span class="n">Pointer</span><span class="p">(</span><span class="o">&amp;</span><span class="n">resp</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="m">0</span><span class="p">]))</span> <span class="k">if</span> <span class="n">errPayload</span><span class="o">.</span><span class="n">Error</span> <span class="o">!=</span> <span class="m">0</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Error returned by Netlink</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Interface is UP</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> </code></pre> </div> <p>The full code is available on <a href="https://github.com/sn3d/netlink-example">github.com/sn3d/netlink-example</a></p> <h2> Let's try... </h2> <p>It's time to play with my program. As I mentioned above, I have <code>veth1</code> present in my system which is <code>DOWN</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>ip <span class="nb">link</span> ... 78: veth0@veth1: &lt;BROADCAST,MULTICAST&gt; mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000 <span class="nb">link</span>/ether de:8f:4e:7e:9c:cd brd ff:ff:ff:ff:ff:ff </code></pre> </div> <p>If you look closer, you might see the <code>veth0</code> have index <code>78</code>. I need this index pass to my program. Now when I run my program with this index, I should get information <code>Interface is UP</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>go run main.go 78 Interface is UP </code></pre> </div> <p>This is not just a message from my program. If I will check the <code>veth0</code>, I will notice the interface is <code>UP</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>ip <span class="nb">link</span> ... 78: veth0@veth1: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 <span class="nb">link</span>/ether de:8f:4e:7e:9c:cd brd ff:ff:ff:ff:ff:ff </code></pre> </div> <h2> How to debug messages </h2> <p>As you noticed, creating a Netlink connection, reading from, and writing to the socket is the easy part. Maybe reading bigger chunks of data or data that's broken into smaller chunks is more complicated, but it's something we're familiar with from socket programming.</p> <p>The tricky part for me was creating a proper Netlink message. But there's a pretty useful way to debug and observe Netlink messages - using <code>strace</code>. Modern <code>strace</code> has a great feature - it can parse and understand Netlink messages.</p> <p>If you try to execute <code>ip link set veth0 up</code> with <code>strace</code>, you might see <code>sendmsg</code> with a parsed Netlink message:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>strace <span class="nt">-Tfe</span> <span class="nv">trace</span><span class="o">=</span>sendmsg ip <span class="nb">link set </span>veth0 up endmsg<span class="o">(</span>4, <span class="o">{</span><span class="nv">msg_name</span><span class="o">={</span><span class="nv">sa_family</span><span class="o">=</span>AF_NETLINK, <span class="nv">nl_pid</span><span class="o">=</span>0, <span class="nv">nl_groups</span><span class="o">=</span>00000000<span class="o">}</span>, <span class="nv">msg_namelen</span><span class="o">=</span>12, <span class="nv">msg_iov</span><span class="o">=[{</span><span class="nv">iov_base</span><span class="o">=[{</span><span class="nv">nlmsg_len</span><span class="o">=</span>52, <span class="nv">nlmsg_type</span><span class="o">=</span>RTM_GETLINK, <span class="nv">nlmsg_flags</span><span class="o">=</span>NLM_F_REQUEST, <span class="nv">nlmsg_seq</span><span class="o">=</span>1714051690, <span class="nv">nlmsg_pid</span><span class="o">=</span>0<span class="o">}</span>, <span class="o">{</span><span class="nv">ifi_family</span><span class="o">=</span>AF_UNSPEC, <span class="nv">ifi_type</span><span class="o">=</span>ARPHRD_NETROM, <span class="nv">ifi_index</span><span class="o">=</span>0, <span class="nv">ifi_flags</span><span class="o">=</span>0, <span class="nv">ifi_change</span><span class="o">=</span>0<span class="o">}</span>, <span class="o">[[{</span><span class="nv">nla_len</span><span class="o">=</span>8, <span class="nv">nla_type</span><span class="o">=</span>IFLA_EXT_MASK<span class="o">}</span>, RTEXT_FILTER_VF|RTEXT_FILTER_SKIP_STATS], <span class="o">[{</span><span class="nv">nla_len</span><span class="o">=</span>10, <span class="nv">nla_type</span><span class="o">=</span>IFLA_IFNAME<span class="o">}</span>, <span class="s2">"veth0"</span><span class="o">]]]</span>, <span class="nv">iov_len</span><span class="o">=</span>52<span class="o">}]</span>, <span class="nv">msg_iovlen</span><span class="o">=</span>1, <span class="nv">msg_controllen</span><span class="o">=</span>0, <span class="nv">msg_flags</span><span class="o">=</span>0<span class="o">}</span>, 0<span class="o">)</span> <span class="o">=</span> 52 &lt;0.000094&gt; sendmsg<span class="o">(</span>3, <span class="o">{</span><span class="nv">msg_name</span><span class="o">={</span><span class="nv">sa_family</span><span class="o">=</span>AF_NETLINK, <span class="nv">nl_pid</span><span class="o">=</span>0, <span class="nv">nl_groups</span><span class="o">=</span>00000000<span class="o">}</span>, <span class="nv">msg_namelen</span><span class="o">=</span>12, <span class="nv">msg_iov</span><span class="o">=[{</span><span class="nv">iov_base</span><span class="o">=[{</span><span class="nv">nlmsg_len</span><span class="o">=</span>32, <span class="nv">nlmsg_type</span><span class="o">=</span>RTM_NEWLINK, <span class="nv">nlmsg_flags</span><span class="o">=</span>NLM_F_REQUEST|NLM_F_ACK, <span class="nv">nlmsg_seq</span><span class="o">=</span>1714051690, <span class="nv">nlmsg_pid</span><span class="o">=</span>0<span class="o">}</span>, <span class="o">{</span><span class="nv">ifi_family</span><span class="o">=</span>AF_UNSPEC, <span class="nv">ifi_type</span><span class="o">=</span>ARPHRD_NETROM, <span class="nv">ifi_index</span><span class="o">=</span>if_nametoindex<span class="o">(</span><span class="s2">"veth0"</span><span class="o">)</span>, <span class="nv">ifi_flags</span><span class="o">=</span>IFF_UP, <span class="nv">ifi_change</span><span class="o">=</span>0x1<span class="o">}]</span>, <span class="nv">iov_len</span><span class="o">=</span>32<span class="o">}]</span>, <span class="nv">msg_iovlen</span><span class="o">=</span>1, <span class="nv">msg_controllen</span><span class="o">=</span>0, <span class="nv">msg_flags</span><span class="o">=</span>0<span class="o">}</span>, 0<span class="o">)</span> <span class="o">=</span> 32 &lt;0.000064&gt; </code></pre> </div> <p>It's a bit messy output, but you could notice 2 <code>sendmsg</code> calls. One is for <code>RTM_GETLINK</code>, and the second is for <code>RTM_NEWLINK</code>. In this output, you might see the header and payload. For instance, the header of the second <code>RTM_NEWLINK</code> is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{nlmsg_len=32, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=1714051690, nlmsg_pid=0} </code></pre> </div> <p>And the payload is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("veth0"), ifi_flags=IFF_UP, ifi_change=0x1} </code></pre> </div> <p>With <code>strace</code>, we could study requests like creating a bridge, etc., and reproduce the messages from our code.</p> <h2> Netlink library </h2> <p>Working with sockets, building, and parsing our own messages require quite a lot of work. Thanks to Vish Abrams, we can use in our project the package <code>github.com/vishvananda/netlink</code>, which provides a lot of Netlink functionalities without having to build our own message structures from scratch. It's well-maintained and used by many projects like Docker, Cilium, Flannel, Istio, etc.</p> <p>Thanks to this library, adding a new bridge to the system is a matter of a few lines:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">la</span> <span class="o">:=</span> <span class="n">netlink</span><span class="o">.</span><span class="n">NewLinkAttrs</span><span class="p">()</span> <span class="n">la</span><span class="o">.</span><span class="n">Name</span> <span class="o">=</span> <span class="s">"docker0"</span> <span class="n">dockerBridge</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">netlink</span><span class="o">.</span><span class="n">Bridge</span><span class="p">{</span><span class="n">LinkAttrs</span><span class="o">:</span> <span class="n">la</span><span class="p">}</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">netlink</span><span class="o">.</span><span class="n">LinkAdd</span><span class="p">(</span><span class="n">dockerBridge</span><span class="p">)</span> </code></pre> </div> <h2> A few words in conclusion... </h2> <p>One important aspect I didn't mention earlier is that the byte order in messages depends on the host's CPU architecture. This means we don't need to worry about converting between little and big-endian for integers. Additionally, it's crucial that our messages follow a four-byte padding rule. For example, if a message is 33 bytes long, we'll need to send 36 bytes.</p> <p>I wrote about Netlink almost three years ago, but it was in Slovak. I decided to write this English version because, even after three years, I still find Netlink interesting and worth studying and trying.</p> linux containers networking go