https://github.com/dmolik/netlink-examples

Linux Netlink and IPTables Examples
https://github.com/dmolik/netlink-examples

device iptables libiptc linux namespace netlink networking route rtnetlink sockets veth

Last synced: 11 months ago
JSON representation

Linux Netlink and IPTables Examples

• Host: GitHub
• URL: https://github.com/dmolik/netlink-examples
• Owner: dmolik
• License: gpl-3.0
• Created: 2017-08-17T16:31:36.000Z (almost 9 years ago)
• Default Branch: master
• Last Pushed: 2017-09-02T20:24:22.000Z (over 8 years ago)
• Last Synced: 2025-04-11T13:11:50.273Z (about 1 year ago)
• Topics: device, iptables, libiptc, linux, namespace, netlink, networking, route, rtnetlink, sockets, veth
• Language: C
• Homepage:
• Size: 57.6 KB
• Stars: 29
• Watchers: 4
• Forks: 11
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Netlink Examples

Some low-level examples of the Linux Netlink interface.

  1. __pair__         create a virtual ethernet pair

  2. __link_address__ create a pair and add an address

  3. __refactor__     rewrite link_address in a more concise manner

  4. __namespace__    new network namespace, code courtesy iproute2

  5. __pair_ns__      move the virtual peer into the network namespace

  6. __ns_addr__      add an address to a virtual peer in a namespace

  7. __ns_gw__        add a default route in the namespace and turn on the links

  8. __masquerade__   a libiptc example to add a masquerade route

  9. __forward__      a libiptc module to add forwarding rules

  10. __final__       Combine it all into a single binary

You're going to need a C compiler, GNU Make, and `iptables-devel` or `iptables-dev`

in order to compile the final output.

The goal of this project is to recreate the following script:

```

#!/bin/bash

ip link add veth1 type veth peer name vpeer1

ip link set vpeer1 netns ns1

ip addr add 172.16.1.1/24 dev veth1

ip link set veth1 up

ip netns exec ns1 ip addr add 172.16.1.2/24 dev vpeer1

ip netns exec ns1 ip link set vpeer1 up

ip netns exec ns1 ip link set lo up

ip netns exec ns1 ip route add default via 172.16.1.1

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s 172.16.1.0/255.255.255.0 -o eth0 -j MASQUERADE

iptables -A FORWARD -i eth0 -o veth1 -j ACCEPT

iptables -A FORWARD -o eth0 -i veth1 -j ACCEPT

```

## Further reading

I found the following list very helpful when putting together this project

  - https://blogs.igalia.com/dpino/2016/04/10/network-namespaces/

  - https://github.com/theodor96/iptc-dev

  - https://github.com/kenshin54/crane

  - https://strace.io/