{ "mode": "man", "parameter": "NETLINK", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/NETLINK/7/json", "generated": "2026-06-16T03:36:57Z", "synopsis": "", "sections": { "NAME": { "content": "netlink - communication between kernel and user space (AFNETLINK)\n", "subsections": [] }, "SYNOPSIS": { "content": "", "subsections": [ { "name": "#include ", "content": "" }, { "name": "#include ", "content": "" }, { "name": "#include ", "content": "netlinksocket = socket(AFNETLINK, sockettype, netlinkfamily);\n" } ] }, "DESCRIPTION": { "content": "Netlink is used to transfer information between the kernel and user-space processes. It con‐\nsists of a standard sockets-based interface for user space processes and an internal kernel\nAPI for kernel modules. The internal kernel interface is not documented in this manual page.\nThere is also an obsolete netlink interface via netlink character devices; this interface is\nnot documented here and is provided only for backward compatibility.\n\nNetlink is a datagram-oriented service. Both SOCKRAW and SOCKDGRAM are valid values for\nsockettype. However, the netlink protocol does not distinguish between datagram and raw\nsockets.\n\nnetlinkfamily selects the kernel module or netlink group to communicate with. The currently\nassigned netlink families are:\n\nNETLINKROUTE\nReceives routing and link updates and may be used to modify the routing tables (both\nIPv4 and IPv6), IP addresses, link parameters, neighbor setups, queueing disciplines,\ntraffic classes and packet classifiers (see rtnetlink(7)).\n\nNETLINKW1 (Linux 2.6.13 to 2.16.17)\nMessages from 1-wire subsystem.\n\nNETLINKUSERSOCK\nReserved for user-mode socket protocols.\n\nNETLINKFIREWALL (up to and including Linux 3.4)\nTransport IPv4 packets from netfilter to user space. Used by ipqueue kernel module.\nAfter a long period of being declared obsolete (in favor of the more advanced\nnfnetlinkqueue feature), NETLINKFIREWALL was removed in Linux 3.5.\n\nNETLINKSOCKDIAG (since Linux 3.3)\nQuery information about sockets of various protocol families from the kernel (see\nsockdiag(7)).\n\nNETLINKINETDIAG (since Linux 2.6.14)\nAn obsolete synonym for NETLINKSOCKDIAG.\n\nNETLINKNFLOG (up to and including Linux 3.16)\nNetfilter/iptables ULOG.\n\nNETLINKXFRM\nIPsec.\n\nNETLINKSELINUX (since Linux 2.6.4)\nSELinux event notifications.\n\nNETLINKISCSI (since Linux 2.6.15)\nOpen-iSCSI.\n\nNETLINKAUDIT (since Linux 2.6.6)\nAuditing.\n\nNETLINKFIBLOOKUP (since Linux 2.6.13)\nAccess to FIB lookup from user space.\n\nNETLINKCONNECTOR (since Linux 2.6.14)\nKernel connector. See Documentation/driver-api/connector.rst (or /Documentation/con‐\nnector/connector.* in kernel 5.2 and earlier) in the Linux kernel source tree for\nfurther information.\n\nNETLINKNETFILTER (since Linux 2.6.14)\nNetfilter subsystem.\n\nNETLINKSCSITRANSPORT (since Linux 2.6.19)\nSCSI Transports.\n\nNETLINKRDMA (since Linux 3.0)\nInfiniband RDMA.\n\nNETLINKIP6FW (up to and including Linux 3.4)\nTransport IPv6 packets from netfilter to user space. Used by ip6queue kernel module.\n\nNETLINKDNRTMSG\nDECnet routing messages.\n\nNETLINKKOBJECTUEVENT (since Linux 2.6.10)\nKernel messages to user space.\n\nNETLINKGENERIC (since Linux 2.6.15)\nGeneric netlink family for simplified netlink usage.\n\nNETLINKCRYPTO (since Linux 3.2)\nNetlink interface to request information about ciphers registered with the kernel\ncrypto API as well as allow configuration of the kernel crypto API.\n\nNetlink messages consist of a byte stream with one or multiple nlmsghdr headers and associ‐\nated payload. The byte stream should be accessed only with the standard NLMSG* macros. See\nnetlink(3) for further information.\n\nIn multipart messages (multiple nlmsghdr headers with associated payload in one byte stream)\nthe first and all following headers have the NLMFMULTI flag set, except for the last header\nwhich has the type NLMSGDONE.\n\nAfter each nlmsghdr the payload follows.\n\nstruct nlmsghdr {\nu32 nlmsglen; /* Length of message including header */\nu16 nlmsgtype; /* Type of message content */\nu16 nlmsgflags; /* Additional flags */\nu32 nlmsgseq; /* Sequence number */\nu32 nlmsgpid; /* Sender port ID */\n};\n\nnlmsgtype can be one of the standard message types: NLMSGNOOP message is to be ignored,\nNLMSGERROR message signals an error and the payload contains an nlmsgerr structure,\nNLMSGDONE message terminates a multipart message.\n\nstruct nlmsgerr {\nint error; /* Negative errno or 0 for acknowledgements */\nstruct nlmsghdr msg; /* Message header that caused the error */\n};\n\nA netlink family usually specifies more message types, see the appropriate manual pages for\nthat, for example, rtnetlink(7) for NETLINKROUTE.\n\nStandard flag bits in nlmsgflags\n──────────────────────────────────────────────────────────\n\nNLMFREQUEST Must be set on all request messages.\nNLMFMULTI The message is part of a multipart mes‐\nsage terminated by NLMSGDONE.\nNLMFACK Request for an acknowledgment on success.\nNLMFECHO Echo this request.\n\nAdditional flag bits for GET requests\n────────────────────────────────────────────────────────────────────\nNLMFROOT Return the complete table instead of a single entry.\nNLMFMATCH Return all entries matching criteria passed in mes‐\nsage content. Not implemented yet.\nNLMFATOMIC Return an atomic snapshot of the table.\nNLMFDUMP Convenience macro; equivalent to\n(NLMFROOT|NLMFMATCH).\n\nNote that NLMFATOMIC requires the CAPNETADMIN capability or an effective UID of 0.\n\nAdditional flag bits for NEW requests\n────────────────────────────────────────────────────────────\nNLMFREPLACE Replace existing matching object.\nNLMFEXCL Don't replace if the object already exists.\nNLMFCREATE Create object if it doesn't already exist.\nNLMFAPPEND Add to the end of the object list.\n\nnlmsgseq and nlmsgpid are used to track messages. nlmsgpid shows the origin of the mes‐\nsage. Note that there isn't a 1:1 relationship between nlmsgpid and the PID of the process\nif the message originated from a netlink socket. See the ADDRESS FORMATS section for further\ninformation.\n\nBoth nlmsgseq and nlmsgpid are opaque to netlink core.\n\nNetlink is not a reliable protocol. It tries its best to deliver a message to its destina‐\ntion(s), but may drop messages when an out-of-memory condition or other error occurs. For\nreliable transfer the sender can request an acknowledgement from the receiver by setting the\nNLMFACK flag. An acknowledgment is an NLMSGERROR packet with the error field set to 0.\nThe application must generate acknowledgements for received messages itself. The kernel\ntries to send an NLMSGERROR message for every failed packet. A user process should follow\nthis convention too.\n\nHowever, reliable transmissions from kernel to user are impossible in any case. The kernel\ncan't send a netlink message if the socket buffer is full: the message will be dropped and\nthe kernel and the user-space process will no longer have the same view of kernel state. It\nis up to the application to detect when this happens (via the ENOBUFS error returned by\nrecvmsg(2)) and resynchronize.\n", "subsections": [ { "name": "Address formats", "content": "The sockaddrnl structure describes a netlink client in user space or in the kernel. A sock‐\naddrnl can be either unicast (only sent to one peer) or sent to netlink multicast groups\n(nlgroups not equal 0).\n\nstruct sockaddrnl {\nsafamilyt nlfamily; /* AFNETLINK */\nunsigned short nlpad; /* Zero */\npidt nlpid; /* Port ID */\nu32 nlgroups; /* Multicast groups mask */\n};\n\nnlpid is the unicast address of netlink socket. It's always 0 if the destination is in the\nkernel. For a user-space process, nlpid is usually the PID of the process owning the desti‐\nnation socket. However, nlpid identifies a netlink socket, not a process. If a process\nowns several netlink sockets, then nlpid can be equal to the process ID only for at most one\nsocket. There are two ways to assign nlpid to a netlink socket. If the application sets\nnlpid before calling bind(2), then it is up to the application to make sure that nlpid is\nunique. If the application sets it to 0, the kernel takes care of assigning it. The kernel\nassigns the process ID to the first netlink socket the process opens and assigns a unique\nnlpid to every netlink socket that the process subsequently creates.\n\nnlgroups is a bit mask with every bit representing a netlink group number. Each netlink\nfamily has a set of 32 multicast groups. When bind(2) is called on the socket, the nlgroups\nfield in the sockaddrnl should be set to a bit mask of the groups which it wishes to listen\nto. The default value for this field is zero which means that no multicasts will be re‐\nceived. A socket may multicast messages to any of the multicast groups by setting nlgroups\nto a bit mask of the groups it wishes to send to when it calls sendmsg(2) or does a con‐‐\nnect(2). Only processes with an effective UID of 0 or the CAPNETADMIN capability may send\nor listen to a netlink multicast group. Since Linux 2.6.13, messages can't be broadcast to\nmultiple groups. Any replies to a message received for a multicast group should be sent back\nto the sending PID and the multicast group. Some Linux kernel subsystems may additionally\nallow other users to send and/or receive messages. As at Linux 3.0, the NETLINKKOB‐‐\nJECTUEVENT, NETLINKGENERIC, NETLINKROUTE, and NETLINKSELINUX groups allow other users to\nreceive messages. No groups allow other users to send messages.\n" }, { "name": "Socket options", "content": "To set or get a netlink socket option, call getsockopt(2) to read or setsockopt(2) to write\nthe option with the option level argument set to SOLNETLINK. Unless otherwise noted, optval\nis a pointer to an int.\n\nNETLINKPKTINFO (since Linux 2.6.14)\nEnable nlpktinfo control messages for received packets to get the extended destina‐\ntion group number.\n\nNETLINKADDMEMBERSHIP, NETLINKDROPMEMBERSHIP (since Linux 2.6.14)\nJoin/leave a group specified by optval.\n\nNETLINKLISTMEMBERSHIPS (since Linux 4.2)\nRetrieve all groups a socket is a member of. optval is a pointer to u32 and optlen\nis the size of the array. The array is filled with the full membership set of the\nsocket, and the required array size is returned in optlen.\n\nNETLINKBROADCASTERROR (since Linux 2.6.30)\nWhen not set, netlinkbroadcast() only reports ESRCH errors and silently ignore\nENOBUFS errors.\n\nNETLINKNOENOBUFS (since Linux 2.6.30)\nThis flag can be used by unicast and broadcast listeners to avoid receiving ENOBUFS\nerrors.\n\nNETLINKLISTENALLNSID (since Linux 4.2)\nWhen set, this socket will receive netlink notifications from all network namespaces\nthat have an nsid assigned into the network namespace where the socket has been\nopened. The nsid is sent to user space via an ancillary data.\n\nNETLINKCAPACK (since Linux 4.2)\nThe kernel may fail to allocate the necessary room for the acknowledgment message back\nto user space. This option trims off the payload of the original netlink message.\nThe netlink message header is still included, so the user can guess from the sequence\nnumber which message triggered the acknowledgment.\n" } ] }, "VERSIONS": { "content": "The socket interface to netlink first appeared Linux 2.2.\n\nLinux 2.0 supported a more primitive device-based netlink interface (which is still available\nas a compatibility option). This obsolete interface is not described here.\n", "subsections": [] }, "NOTES": { "content": "It is often better to use netlink via libnetlink or libnl than via the low-level kernel in‐\nterface.\n", "subsections": [] }, "BUGS": { "content": "This manual page is not complete.\n", "subsections": [] }, "EXAMPLES": { "content": "The following example creates a NETLINKROUTE netlink socket which will listen to the RTM‐‐\nGRPLINK (network interface create/delete/up/down events) and RTMGRPIPV4IFADDR (IPv4 ad‐\ndresses add/delete events) multicast groups.\n\nstruct sockaddrnl sa;\n\nmemset(&sa, 0, sizeof(sa));\nsa.nlfamily = AFNETLINK;\nsa.nlgroups = RTMGRPLINK | RTMGRPIPV4IFADDR;\n\nfd = socket(AFNETLINK, SOCKRAW, NETLINKROUTE);\nbind(fd, (struct sockaddr *) &sa, sizeof(sa));\n\nThe next example demonstrates how to send a netlink message to the kernel (pid 0). Note that\nthe application must take care of message sequence numbers in order to reliably track ac‐\nknowledgements.\n\nstruct nlmsghdr *nh; /* The nlmsghdr with payload to send */\nstruct sockaddrnl sa;\nstruct iovec iov = { nh, nh->nlmsglen };\nstruct msghdr msg;\n\nmsg = { &sa, sizeof(sa), &iov, 1, NULL, 0, 0 };\nmemset(&sa, 0, sizeof(sa));\nsa.nlfamily = AFNETLINK;\nnh->nlmsgpid = 0;\nnh->nlmsgseq = ++sequencenumber;\n/* Request an ack from kernel by setting NLMFACK */\nnh->nlmsgflags |= NLMFACK;\n\nsendmsg(fd, &msg, 0);\n\nAnd the last example is about reading netlink message.\n\nint len;\n/* 8192 to avoid message truncation on platforms with\npage size > 4096 */\nstruct nlmsghdr buf[8192/sizeof(struct nlmsghdr)];\nstruct iovec iov = { buf, sizeof(buf) };\nstruct sockaddrnl sa;\nstruct msghdr msg;\nstruct nlmsghdr *nh;\n\nmsg = { &sa, sizeof(sa), &iov, 1, NULL, 0, 0 };\nlen = recvmsg(fd, &msg, 0);\n\nfor (nh = (struct nlmsghdr *) buf; NLMSGOK (nh, len);\nnh = NLMSGNEXT (nh, len)) {\n/* The end of multipart message */\nif (nh->nlmsgtype == NLMSGDONE)\nreturn;\n\nif (nh->nlmsgtype == NLMSGERROR)\n/* Do some error handling */\n...\n\n/* Continue with parsing payload */\n...\n}\n", "subsections": [] }, "SEE ALSO": { "content": "cmsg(3), netlink(3), capabilities(7), rtnetlink(7), sockdiag(7)\n\ninformation about libnetlink ⟨ftp://ftp.inr.ac.ru/ip-routing/iproute2*⟩\n\ninformation about libnl ⟨http://www.infradead.org/~tgr/libnl/⟩\n\nRFC 3549 \"Linux Netlink as an IP Services Protocol\"\n", "subsections": [] }, "COLOPHON": { "content": "This page is part of release 5.10 of the Linux man-pages project. A description of the\nproject, information about reporting bugs, and the latest version of this page, can be found\nat https://www.kernel.org/doc/man-pages/.\n\n\n\nLinux 2020-06-09 NETLINK(7)", "subsections": [] } }, "summary": "netlink - communication between kernel and user space (AFNETLINK)", "flags": [], "examples": [ "The following example creates a NETLINKROUTE netlink socket which will listen to the RTM‐‐", "GRPLINK (network interface create/delete/up/down events) and RTMGRPIPV4IFADDR (IPv4 ad‐", "dresses add/delete events) multicast groups.", "struct sockaddrnl sa;", "memset(&sa, 0, sizeof(sa));", "sa.nlfamily = AFNETLINK;", "sa.nlgroups = RTMGRPLINK | RTMGRPIPV4IFADDR;", "fd = socket(AFNETLINK, SOCKRAW, NETLINKROUTE);", "bind(fd, (struct sockaddr *) &sa, sizeof(sa));", "The next example demonstrates how to send a netlink message to the kernel (pid 0). Note that", "the application must take care of message sequence numbers in order to reliably track ac‐", "knowledgements.", "struct nlmsghdr *nh; /* The nlmsghdr with payload to send */", "struct sockaddrnl sa;", "struct iovec iov = { nh, nh->nlmsglen };", "struct msghdr msg;", "msg = { &sa, sizeof(sa), &iov, 1, NULL, 0, 0 };", "memset(&sa, 0, sizeof(sa));", "sa.nlfamily = AFNETLINK;", "nh->nlmsgpid = 0;", "nh->nlmsgseq = ++sequencenumber;", "/* Request an ack from kernel by setting NLMFACK */", "nh->nlmsgflags |= NLMFACK;", "sendmsg(fd, &msg, 0);", "And the last example is about reading netlink message.", "int len;", "/* 8192 to avoid message truncation on platforms with", "page size > 4096 */", "struct nlmsghdr buf[8192/sizeof(struct nlmsghdr)];", "struct iovec iov = { buf, sizeof(buf) };", "struct sockaddrnl sa;", "struct msghdr msg;", "struct nlmsghdr *nh;", "msg = { &sa, sizeof(sa), &iov, 1, NULL, 0, 0 };", "len = recvmsg(fd, &msg, 0);", "for (nh = (struct nlmsghdr *) buf; NLMSGOK (nh, len);", "nh = NLMSGNEXT (nh, len)) {", "/* The end of multipart message */", "if (nh->nlmsgtype == NLMSGDONE)", "return;", "if (nh->nlmsgtype == NLMSGERROR)", "/* Do some error handling */", "...", "/* Continue with parsing payload */", "..." ], "see_also": [ { "name": "cmsg", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/cmsg/3/json" }, { "name": "netlink", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/netlink/3/json" }, { "name": "capabilities", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/capabilities/7/json" }, { "name": "rtnetlink", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/rtnetlink/7/json" }, { "name": "sockdiag", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/sockdiag/7/json" } ] }