bytemark/netlinkrb
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
43 Commits 8 Branches 26 Tags
40fbefa06ba9ceba641abf7b80d779cba678a00b
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Brian Candler 40fbefa06b Experiment: try using FFI::Struct for iptables instead of CStruct 
FFI::Struct handles nested structs and nested arrays much better, and avoids
duplicating logic about structure alignment (which it probably does more
correctly that CStruct)

However it's awkward to use in other ways. e.g. no accessor methods;
no proper #inspect; no ntohl for in_addr; no zero-sized arrays at end
of struct; no hooks to convert int32 <-> IPAddr as far as I can see.
2011-05-06 17:01:50 +01:00
examples
Reorganise under Linux::
2011-05-06 09:49:47 +01:00
lib/linux
Experiment: try using FFI::Struct for iptables instead of CStruct
2011-05-06 17:01:50 +01:00
.gitignore
Initial commit, work in progress
2011-04-29 11:51:10 +01:00
README
Reorganise under Linux::
2011-05-06 09:49:47 +01:00

README 

Ruby Netlink
============

This library provides an API for using a Linux Netlink socket, for doing
things like manipulating IP interfaces, routes and firewall rules
programmatically.

Requirements
============

ruby 1.9 (tested with ruby 1.9.2), OR ruby 1.8.7 with the ffi library.

Code organisation
=================

There are separate classes for each Netlink protocol providing a high-level
API. These all in turn use the NLSocket class, which has methods for adding
the headers to messages and sending them over a socket. The messages
themselves are built using class Message or RtattrMessage, which in turn are
subclasses of CStruct, which performs the low-level packing and unpacking of
the message bodies.

      LinkHandler/
      AddrHandler/
      VlanHandler/
      RouteHandler
           |
           v
         Route  Firewall  NFLog  ...etc
           |       |       |
           +-------+-------+
                   |
                   v
                NLSocket
                   |
                   v
        Message / RtattrMessage
                   |
                   v
                CStruct

Useful reference material
=========================

* http://www.linuxjournal.com/article/7356
* http://people.redhat.com/nhorman/papers/netlink.pdf
* apt-get source iproute

Note there are some errors in the nhorman paper. On page 8/9, it says

    nlmsg_pid ... Also note that it is
    imperative that any program receiving netlink socket messages from
    the kernel verify that this field is set to zero, or it is possible to expose
    the software to unexpected influences from other non-privlidged user
    space programs.

However, what really needs to be checked is the pid in the sockaddr_nl
structure returned by recvmsg msghdr, as shown by this code in
lib/libnetlink.c:

        struct msghdr msg = {
                .msg_name = &nladdr,
                .msg_namelen = sizeof(nladdr),
                .msg_iov = &iov,
                .msg_iovlen = 1,
        };
...
                status = recvmsg(rth->fd, &msg, 0);
...
                                if (nladdr.nl_pid != 0 ||
                                    h->nlmsg_pid != rth->local.nl_pid ||
                                    h->nlmsg_seq != rth->dump) {

TODO
====

* Exception hierarchy
* Unit tests
* Integration tests

Copyright
=========

Copyright (C) 2011 Bytemark Computer Consulting Ltd
Description
No description provided
Readme 453 KiB
Languages
Ruby 100%