用户态监控网络接口up、down事件
网上搜索(https://blog.csdn.net/qq123386926/article/details/50695725)可以直接使用netlink现成的接口实现:
#include <sys/types.h> #include <sys/socket.h> #include <asm/types.h> #include <linux/netlink.h> #include <linux/rtnetlink.h> #include <unistd.h> #include <stdlib.h> #include <stdio.h> #include <sys/ioctl.h> #include <linux/if.h> #include <string.h> #define BUFLEN 20480 int main(int argc, char *argv[]) { int fd, retval; char buf[BUFLEN] = {0}; int len = BUFLEN; struct sockaddr_nl addr; struct nlmsghdr *nh; struct ifinfomsg *ifinfo; struct rtattr *attr; fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &len, sizeof(len)); memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; addr.nl_groups = RTNLGRP_LINK; bind(fd, (struct sockaddr*)&addr, sizeof(addr)); while ((retval = read(fd, buf, BUFLEN)) > 0) { for (nh = (struct nlmsghdr *)buf; NLMSG_OK(nh, retval); nh = NLMSG_NEXT(nh, retval)) { if (nh->nlmsg_type == NLMSG_DONE) break; else if (nh->nlmsg_type == NLMSG_ERROR) return -1; else if (nh->nlmsg_type != RTM_NEWLINK) continue; ifinfo = NLMSG_DATA(nh); printf("%u: %s", ifinfo->ifi_index, (ifinfo->ifi_flags & IFF_LOWER_UP) ? "up" : "down" ); attr = (struct rtattr*)(((char*)nh) + NLMSG_SPACE(sizeof(*ifinfo))); len = nh->nlmsg_len - NLMSG_SPACE(sizeof(*ifinfo)); for (; RTA_OK(attr, len); attr = RTA_NEXT(attr, len)) { if (attr->rta_type == IFLA_IFNAME) { printf(" %s", (char*)RTA_DATA(attr)); break; } } printf("\n"); } } return 0; }
对应内核代码位于net/core/rtnetlink.c:rtnetlink_event
static int rtnetlink_event(struct notifier_block *this, unsigned long event, void *ptr) { struct net_device *dev = netdev_notifier_info_to_dev(ptr); switch (event) { case NETDEV_UP: case NETDEV_DOWN: case NETDEV_PRE_UP: case NETDEV_POST_INIT: case NETDEV_REGISTER: case NETDEV_CHANGE: case NETDEV_PRE_TYPE_CHANGE: case NETDEV_GOING_DOWN: case NETDEV_UNREGISTER: case NETDEV_UNREGISTER_FINAL: case NETDEV_RELEASE: case NETDEV_JOIN: break; default: rtmsg_ifinfo(RTM_NEWLINK, dev, 0, GFP_KERNEL); break; } return NOTIFY_DONE; }
可见netlink没有对所有事件都进行上报。
如果想监控所有事件,可以自行实现内核模块,注册netdevice钩子(调用register_netdevice_notifier),在回调中实现netlink事件推送。