LINUX KERNEL NETWORKING: \\ Linux has Two main APIs for networking: * Ethtool is for physical link management (speed, duplex, buffers etc.) * Netlink is for the rest. Every network device is represented as a netdev object in the kernel. * **[[https://medium.com/@mdlayher/linux-netlink-and-go-part-1-netlink-4781aaeeaca8|NETLINK]]** (successor of ioctl): api (no restapi), system call. Is the way ip route talks to the kernel. socket family is a Linux kernel interface used for inter-process communication (IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the Unix domain sockets. NETLINK_ROUTE , NETLINK_ARPD , NETLINK_NETFILTER .. * Netlink in python: [[https://pypi.org/project/pyroute2/|External Link]] {{ :network_stuff:network_os_models.pdf |}} * Do not confuse it with NETFILTER (~iptables). * iproute2 is more a set of **utililities** (arpd, bridge, devlink, ip, nstat, routef, rtacct, rtmon, ss, tc) ---- Place to find all information about interface is this, they are netdev, not just dev: /sys/class/net How to use **multiple routing tables in linux** : 1) Index in rt_tables ; 2) **ip rule** 'if source x, use the table y ; 3) define the table entries as usual but adding .. table at the end . [[http://www.allgoodbits.org/articles/view/24|External Link]] \\ TODO\\ ... kernel objects and udev, and details of implementing logical interfaces that are associated with ASIC front-panel physical ports. From this discussion: [[http://blog.ipspace.net/2018/03/linux-interfaces-on-software-gone-wild.html]]\\ \\ Interface can or cannot be related to physical port.\\ Linux labels them according to the PCI name, UUID can be used to rename them. udev, driver..\\ CPU-PCI BUS (unique) driver enumerates > port1,2,3 ... Then udev/uuid is used to map the name/rename the port name on boot time ---- Always use the -d flag when dealing with the netlink api: ip -d link show wlp2s0 ip add show | egrep "^[0-9*]|inet " # this is unrelated but useful for a more compact view. * Interaction user-space >> kernel * Existing system call * ioctl * /proc file * NETLINK socket? ---- * **eBPF [[https://lwn.net/Articles/740157/]]** * BPF is the in-kernel bytecode machine that can be used for tracing, virtual networks, and more. Alexei Starovoitov is the lead developer (he's now at Facebook), and there are developers from several companies contributing, including myself at Netflix, Daniel Borkmann at Cisco, and Brenden Blanco at PLUMgrid. * P4 is very similar but needs compiling ---- OVS (Open VSwitch):\\ [[https://therandomsecurityguy.com/openvswitch-cheat-sheet/]] \\ ovs-vswitchd --help ---- Kernel structs \\ * ''net_device'' structure, which represents a network device, * ''sk_buff'' structure represents an incoming or outgoing packet, including its headers