Go to file
Patrick J Cherry 885990c5b3 Updated changelog 2016-10-17 13:11:17 +01:00
debian Updated changelog 2016-10-17 13:11:17 +01:00
examples Reorganise under Linux:: 2011-05-06 09:49:47 +01:00
lib/linux Updated linux header constants 2016-10-17 13:07:47 +01:00
test Scaled back the massive allocation of IPs from 11 /24s to 4. 2015-04-02 11:52:56 +01:00
.gitignore Initial commit, work in progress 2011-04-29 11:51:10 +01:00
.hgignore Added patches to remove rubygems requirements. 2013-07-05 14:17:24 +01:00
README Added working NLSocket.open and scope handling. 2011-05-18 15:26:53 +01:00
Rakefile Removed need for gcc as a dependency for debian packages. 2012-01-24 15:59:30 +00:00
netlinkrb.gemspec Updated to 0.18 2016-10-17 13:08:53 +01:00


Ruby Netlink

This library provides an API for using a Linux Netlink socket, for doing
things like manipulating IP interfaces and routes programmatically, and
capturing packets from ULOG.


    require 'linux/netlink/route'
    ip = Linux::Netlink::Route::Socket.new

    # Info about eth0 interface
    p ip.link["eth0"]

    # Addresses on eth0 interface
    ip.addr.list(:index=>"eth0") do |addr|
      puts addr.address

See the examples/ and test/ directories for more examples.


ruby 1.9 (tested with ruby 1.9.2), OR ruby 1.8.7 with the ffi library.

Code organisation

There are separate classes for each Netlink protocol providing a high-level
API. These all in turn use the NLSocket class, which has methods for adding
the headers to messages and sending them over a socket. The messages
themselves are built using class Message or RtattrMessage, which in turn are
subclasses of CStruct, which performs the low-level packing and unpacking of
the message bodies.

         Route  Firewall  NFLog  ...etc
           |       |       |
        Message / RtattrMessage

Useful reference material

* http://www.linuxjournal.com/article/7356
* http://people.redhat.com/nhorman/papers/netlink.pdf
* apt-get source iproute

Note there are some errors in the nhorman paper. On page 8/9, it says

    nlmsg_pid ... Also note that it is
    imperative that any program receiving netlink socket messages from
    the kernel verify that this field is set to zero, or it is possible to expose
    the software to unexpected influences from other non-privlidged user
    space programs.

However, what really needs to be checked is the pid in the sockaddr_nl
structure returned by recvmsg msghdr, as shown by this code in

        struct msghdr msg = {
                .msg_name = &nladdr,
                .msg_namelen = sizeof(nladdr),
                .msg_iov = &iov,
                .msg_iovlen = 1,
                status = recvmsg(rth->fd, &msg, 0);
                                if (nladdr.nl_pid != 0 ||
                                    h->nlmsg_pid != rth->local.nl_pid ||
                                    h->nlmsg_seq != rth->dump) {


* Exception hierarchy
* More tests
* More netlink protocols

(C) 2011 Bytemark Hosting
Written by Brian Candler <B.Candler@pobox.com>

Distribute under the same terms as Ruby