Netlinkek May 2026

| Family | Purpose | Example Tools | |--------|---------|----------------| | NETLINK_ROUTE | Network routing, interfaces, addresses, neighbor tables | ip , route , arp | | NETLINK_FIREWALL | Firewall event notifications (legacy) | iptables (older versions) | | NETLINK_NETFILTER | Netfilter packet logging and queueing | ulogd , nfqueue | | NETLINK_AUDIT | Kernel audit subsystem events | auditd | | NETLINK_KOBJECT_UEVENT | Device hotplug events | udev | | NETLINK_GENERIC | Dynamically registered families | Modern kernel modules |

This essay is structured to be useful for computer science students, Linux kernel developers, or system programmers looking to understand inter-process communication between user space and kernel space. Introduction In the monolithic Linux kernel, user-space applications constantly need to communicate with the kernel—to query network interfaces, modify routing tables, receive firewall events, or manage device states. Traditional system calls like ioctl or procfs file operations have long served this purpose, but they suffer from limitations in flexibility, asynchronicity, and scalability. Enter Netlink sockets : a modern, flexible, and bidirectional communication mechanism designed specifically for kernel-user messaging. Understanding Netlink is essential for any developer writing advanced networking tools, security applications, or kernel modules. What Are Netlink Sockets? Netlink is a socket family (similar to AF_INET or AF_UNIX ) but with the address family AF_NETLINK . It provides a datagram-oriented messaging service using the standard socket API ( socket() , bind() , sendmsg() , recvmsg() ). What makes Netlink unique is that it allows user-space processes to communicate with kernel subsystems (and even between user-space processes using multicast) in a reliable, asynchronous manner. netlinkek