Differences

This shows you the differences between two versions of the page.

--- network_stuff:linux_network_internals [2018/10/28 18:38] – created jotasandoku
+++ network_stuff:linux_network_internals [2023/11/02 14:38] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-----
+LINUX KERNEL NETWORKING:
-**LINUX INTERFACES**\\
+\\
-Always use the -d flag when deailing with the netlink api:
+Linux has Two main APIs for networking:
-  ip -d link show wlp2s0
+  * Ethtool is for physical link management (speed, duplex, buffers etc.)
-  ip add show | egrep "^[0-9*]|inet "  # this is unrelated but useful for a more compact view.
+  * Netlink is for the rest. Every network device is represented as a netdev object in the kernel.
+    * **[[https://medium.com/@mdlayher/linux-netlink-and-go-part-1-netlink-4781aaeeaca8|NETLINK]]** (successor of ioctl): api (no restapi), system call. Is the way ip route talks to the kernel. socket family is a Linux kernel interface used for inter-process communication (IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the Unix domain sockets. NETLINK_ROUTE , NETLINK_ARPD , NETLINK_NETFILTER ..
+    * Netlink in python: [[https://pypi.org/project/pyroute2/|External Link]]
-NETLINK (successor of ioctl): api (no restapi), system call. Is the way ip route talks to the kernel. socket family is a Linux kernel interface used for inter-process communication (IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the Unix domain sockets. NETLINK_ROUTE , NETLINK_ARPD , NETLINK_NETFILTER ...
+{{ :network_stuff:network_os_models.pdf |}}
+  * Do not confuse it with NETFILTER (~iptables).
+  * iproute2 is more a set of **utililities** (arpd, bridge, devlink, ip, nstat, routef, rtacct, rtmon,  ss, tc)
+----
 Place to find all information about interface is this, they are netdev, not just dev:
@@ Line 16: / Line 23: @@
 TODO\\
 ... kernel objects and udev, and details of implementing logical interfaces that are associated with ASIC front-panel physical ports. From this discussion: [[http://blog.ipspace.net/2018/03/linux-interfaces-on-software-gone-wild.html]]\\
+\\
 Interface can or cannot be related to physical port.\\
 Linux labels them according to the PCI name, UUID can be used to rename them. udev, driver..\\
   CPU-PCI BUS (unique)	driver enumerates > port1,2,3 ...
   Then udev/uuid is used to map the name/rename the port name on boot time
-\\
+----
+Always use the -d flag when dealing with the netlink api:
+  ip -d link show wlp2s0
+  ip add show | egrep "^[0-9*]|inet "  # this is unrelated but useful for a more compact view.
+  * Interaction user-space >> kernel
+    * Existing system call
+    * ioctl
+    * /proc file
+    * NETLINK socket?
+----
+  * **eBPF [[https://lwn.net/Articles/740157/]]**
+    * BPF is the in-kernel bytecode machine that can be used for tracing, virtual networks, and more. Alexei Starovoitov is the lead developer (he's now at Facebook), and there are developers from several companies contributing, including myself at Netflix, Daniel Borkmann at Cisco, and Brenden Blanco at PLUMgrid.
+  * P4 is very similar but needs compiling
+----
+OVS (Open VSwitch):\\
+[[https://therandomsecurityguy.com/openvswitch-cheat-sheet/]] \\
+  ovs-vswitchd --help
+----
+Kernel structs
+\\
+  * ''net_device'' structure, which represents a network device,
+  * ''sk_buff'' structure represents an incoming or outgoing packet, including its headers

dokucama

User Tools

Site Tools

Differences

Page Tools