netlinkrb/README

Ruby Netlink
============

This library provides an API for using a Linux Netlink socket, for doing
things like manipulating IP interfaces, routes and firewall rules
programmatically.

Code organisation
=================

There are separate classes for each Netlink protocol providing a high-level
API. These all in turn use the NLSocket class, which has methods for adding
the headers to messages and sending them over a socket. The messages
themselves are built using class Message or RtattrMessage, which in turn are
subclasses of CStruct, which performs the low-level packing and unpacking of
the message bodies.

      LinkHandler/
      AddrHandler/
      VlanHandler/
      RouteHandler
           |
           v
         Route  Firewall  NFLog  ...etc
           |       |       |
           +-------+-------+
                   |
                   v
                NLSocket
                   |
                   v
        Message / RtattrMessage
                   |
                   v
                CStruct

Useful reference material
=========================

* http://www.linuxjournal.com/article/7356
* http://people.redhat.com/nhorman/papers/netlink.pdf
* apt-get source iproute

Note there are some errors in the nhorman paper. On page 8/9, it says

    nlmsg_pid ... Also note that it is
    imperative that any program receiving netlink socket messages from
    the kernel verify that this field is set to zero, or it is possible to expose
    the software to unexpected influences from other non-privlidged user
    space programs.

However, what really needs to be checked is the pid in the sockaddr_nl
structure returned by recvmsg msghdr, as shown by this code in
lib/libnetlink.c:

        struct msghdr msg = {
                .msg_name = &nladdr,
                .msg_namelen = sizeof(nladdr),
                .msg_iov = &iov,
                .msg_iovlen = 1,
        };
...
                status = recvmsg(rth->fd, &msg, 0);
...
                                if (nladdr.nl_pid != 0 ||
                                    h->nlmsg_pid != rth->local.nl_pid ||
                                    h->nlmsg_seq != rth->dump) {

TODO
====

* Exception hierarchy
* Unit tests
* Integration tests

Copyright
=========

Copyright (C) 2011 Bytemark Computer Consulting Ltd