vyos-netlinkd: T8047: add proof-of-concept for a netlink listener daemon

c-po · c-po · commit 9158ee1399e5 · 2025-11-26T22:34:50.000+01:00
Implementing a daemon that listens for netlink messages in Python was discussed
for many years. This is a proof-of-concept implementation how we can listen for
netlink messages and process them in Python.

Python 3.10 minimum is required due to the use of case statements which mimics
C-style switch/case instructions.

Add example:

 set interfaces ethernet eth1 vif 21
 commit

  vyos-configd[4690]: Received message: {"type": "node", "last": true, "data":
     "VYOS_TAGNODE_VALUE=eth1/usr/libexec/vyos/conf_mode/interfaces_ethernet.py"}
  vyos-netlinkd[5955]: RTM_NEWLINK -&gt; eth1, state=UP, mac=00:50:56:b3:38:c5
  vyos-netlinkd[5955]: RTM_NEWLINK -&gt; eth1.21, state=DOWN, mac=00:50:56:b3:38:c5

Remove example:

  delete interfaces ethernet eth1 vif
  commit

  vyos-configd[4690]: Received message: {"type": "node", "last": true, "data":
     "VYOS_TAGNODE_VALUE=eth1/usr/libexec/vyos/conf_mode/interfaces_ethernet.py"}
  vyos-netlinkd[6803]: Received event RTM_DELADDR - unhandled!
  vyos-netlinkd[6803]: RTM_NEWLINK -&gt; eth1, state=UP, mac=00:50:56:b3:38:c5
  vyos-netlinkd[6803]: RTM_NEWLINK -&gt; eth1.21, state=DOWN, mac=00:50:56:b3:38:c5

Message parsing of course needs to be improved for real-world use!
diff --git a/src/services/vyos-netlinkd b/src/services/vyos-netlinkd
@@ -0,0 +1,84 @@
+#!/usr/bin/env python3
+#
+# Copyright VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import syslog
+import signal
+import select
+
+from pyroute2 import IPRoute # pylint: disable = no-name-in-module
+from pyroute2 import NetlinkError # pylint: disable = no-name-in-module
+from sys import exit
+
+running = True
+
+def sigterm_handler(signo, frame):
+    global running
+    running = False
+    sig = signal.Signals(signo)
+    syslog.syslog(syslog.LOG_INFO, f'Received signal {sig.name} - shutting down...')
+
+def main():
+    syslog.openlog(ident="vyos-netlinkd", logoption=syslog.LOG_PID)
+    syslog.syslog(syslog.LOG_INFO, "Netlink listener daemon started.")
+
+    ipr = IPRoute()
+    ipr.bind()
+    fd = ipr.fileno()
+
+    global running
+    while running:
+        try:
+            # Wait for up to 1 second for a netlink message
+            rlist, _, _ = select.select([fd], [], [], 1.0)
+            if not rlist:
+                # timeout - retry
+                continue
+
+            # Receive and process any messages
+            for message in ipr.get():
+                event_type = message['event']
+                match event_type:
+                    case 'RTM_NEWLINK':
+                        attrs = dict(message.get('attrs', []))
+                        iface = attrs.get('IFLA_IFNAME', '<unknown>')
+                        operstate = attrs.get('IFLA_OPERSTATE', '<unknown>')
+                        mac = attrs.get('IFLA_ADDRESS', '<unknown>')
+                        syslog.syslog(syslog.LOG_INFO,
+                                      f'RTM_NEWLINK -> {iface}, state={operstate}, mac={mac}')
+
+                    case 'RTM_DELLINK':
+                        attrs = dict(message.get('attrs', []))
+                        iface = attrs.get('IFLA_IFNAME', '<unknown>')
+                        syslog.syslog(syslog.LOG_INFO, f'RTM_DELLINK -> {iface}')
+
+                    case _:
+                        syslog.syslog(syslog.LOG_INFO, f'Received event {event_type} - unhandled!')
+
+        except NetlinkError as e:
+            syslog.syslog(syslog.LOG_ERR, f'Netlink error: {e}')
+        except KeyboardInterrupt:
+            break
+        except Exception as e:
+            syslog.syslog(syslog.LOG_ERR, f'Unhandled exception: {e}')
+
+    ipr.close()
+    syslog.syslog(syslog.LOG_INFO, 'Netlink listener daemon stopped.')
+    exit(0)
+
+if __name__ == "__main__":
+    signal.signal(signal.SIGTERM, sigterm_handler)
+    signal.signal(signal.SIGINT, sigterm_handler)
+    main()
diff --git a/src/systemd/vyos-netlinkd.service b/src/systemd/vyos-netlinkd.service
@@ -0,0 +1,26 @@
+[Unit]
+Description=VyOS netlink daemon
+
+# Without this option, lots of default dependencies are added,
+# among them network.target, which creates a dependency cycle
+DefaultDependencies=no
+
+# Seemingly sensible way to say "as early as the system is ready"
+# All vyos-configd needs is read/write mounted root
+After=systemd-remount-fs.service
+Before=vyos-router.service
+
+[Service]
+ExecStart=/usr/bin/python3 -u /usr/libexec/vyos/services/vyos-netlinkd
+Type=idle
+
+SyslogIdentifier=vyos-netlinkd
+SyslogFacility=daemon
+
+Restart=on-failure
+
+User=root
+Group=vyattacfg
+
+[Install]
+WantedBy=vyos.target
