nlink
| Crates.io | nlink |
| lib.rs | nlink |
| version | 0.8.0 |
| created_at | 2026-01-01 20:32:54.698005+00 |
| updated_at | 2026-01-17 18:49:30.653505+00 |
| description | Async netlink library for Linux network configuration |
| homepage | |
| repository | https://github.com/p13marc/nlink |
| max_upload_size | |
| id | 2017480 |
| size | 2,371,642 |
(p13marc)
documentation
https://docs.rs/nlink
README
nlink - Rust IP utilities
A modern Rust implementation of Linux network management tools, providing both a library crate and CLI binaries.
Overview
nlink is a from-scratch implementation of Linux netlink-based network management. The primary goal is to provide a high-quality Rust library for programmatic network configuration, with CLI tools serving as proof-of-concept binaries.
Key design principles:
- Library-first: Core functionality lives in a single, well-designed crate
- Async/tokio-native: Built for async Rust from the ground up
- Custom netlink: No dependency on rtnetlink or netlink-packet-* crates
- Type-safe: Leverage Rust's type system for correctness
- High-level APIs: Declarative configuration, rate limiting DSL, diagnostics
Installation
# Core netlink functionality
nlink = "0.8"
# With additional features
nlink = { version = "0.8", features = ["sockdiag", "tuntap", "tc", "output"] }
# All features
nlink = { version = "0.8", features = ["full"] }
Features
| Feature | Description |
|---|---|
sockdiag |
Socket diagnostics via NETLINK_SOCK_DIAG |
tuntap |
TUN/TAP device management |
tc |
Traffic control utilities |
output |
JSON/text output formatting |
namespace_watcher |
Namespace watching via inotify |
full |
All features enabled |
Quick Start
use nlink::netlink::{Connection, Route, RtnetlinkGroup, NetworkEvent};
use tokio_stream::StreamExt;
#[tokio::main]
async fn main() -> nlink::Result<()> {
let mut conn = Connection::<Route>::new()?;
// Query interfaces
let links = conn.get_links().await?;
for link in &links {
println!("{}: {} (up={})",
link.ifindex(),
link.name_or("?"),
link.is_up());
}
// Build ifindex -> name map for resolving routes/addresses
let names = conn.get_interface_names().await?;
// Modify interface state
conn.set_link_up("eth0").await?;
conn.set_link_mtu("eth0", 9000).await?;
// Monitor events
conn.subscribe(&[RtnetlinkGroup::Link, RtnetlinkGroup::Ipv4Addr])?;
let mut events = conn.events();
while let Some(result) = events.next().await {
match result? {
NetworkEvent::NewLink(link) => println!("Link: {}", link.name_or("?")),
_ => {}
}
}
Ok(())
}
High-Level APIs
Declarative Network Configuration
Define desired network state and let nlink compute and apply changes:
use nlink::netlink::config::{NetworkConfig, LinkConfig, LinkType, AddressConfig};
let config = NetworkConfig::new()
.link(LinkConfig::new("br0").link_type(LinkType::Bridge).up())
.link(LinkConfig::new("dummy0").link_type(LinkType::Dummy).mtu(9000).up())
.address(AddressConfig::new("br0", "192.168.100.1/24"));
// Compute diff and apply (idempotent)
config.apply(&conn).await?;
Rate Limiting DSL
Simple bandwidth management without TC complexity:
use nlink::netlink::ratelimit::{RateLimiter, PerHostLimiter};
// Interface-wide rate limiting
let limiter = RateLimiter::new("eth0")
.egress("100mbit")
.ingress("50mbit");
limiter.apply(&conn).await?;
// Per-IP rate limiting
let limiter = PerHostLimiter::new("eth0", "10mbit")?
.limit_ip("192.168.1.100".parse()?, "100mbit")?;
limiter.apply(&conn).await?;
Network Diagnostics
Scan for issues, check connectivity, find bottlenecks:
use nlink::netlink::diagnostics::Diagnostics;
let diag = Diagnostics::new(conn);
// Full diagnostic scan
let report = diag.scan().await?;
for issue in &report.issues {
println!("[{:?}] {}", issue.severity, issue.message);
}
// Check connectivity to destination
let report = diag.check_connectivity("8.8.8.8".parse()?).await?;
// Find bottlenecks
if let Some(bottleneck) = diag.find_bottleneck().await? {
println!("{}: {}", bottleneck.location, bottleneck.recommendation);
}
Documentation
- Library Usage - Detailed library examples: namespaces, TC, WireGuard, error handling
- CLI Tools - ip and tc command reference
- Examples - 40+ runnable examples
Library Modules
| Module | Description |
|---|---|
nlink::netlink |
Core netlink: Connection<Route>, EventStream, namespace, TC |
nlink::netlink::config |
Declarative network configuration |
nlink::netlink::ratelimit |
High-level rate limiting API |
nlink::netlink::diagnostics |
Network diagnostics and issue detection |
nlink::netlink::genl |
Generic Netlink: WireGuard, MACsec, MPTCP |
nlink::netlink::nexthop |
Nexthop objects and ECMP groups (Linux 5.3+) |
nlink::netlink::mpls |
MPLS routes and encapsulation |
nlink::netlink::srv6 |
SRv6 segment routing |
nlink::netlink::fdb |
Bridge FDB management |
nlink::netlink::bridge_vlan |
Bridge VLAN filtering |
nlink::netlink::uevent |
Device hotplug events: Connection<KobjectUevent> |
nlink::netlink::connector |
Process lifecycle events: Connection<Connector> |
nlink::netlink::netfilter |
Connection tracking: Connection<Netfilter> |
nlink::netlink::xfrm |
IPsec SA/SP management: Connection<Xfrm> |
nlink::netlink::fib_lookup |
FIB route lookups: Connection<FibLookup> |
nlink::netlink::audit |
Linux Audit subsystem: Connection<Audit> |
nlink::netlink::selinux |
SELinux events: Connection<SELinux> |
nlink::sockdiag |
Socket diagnostics: Connection<SockDiag> (feature: sockdiag) |
nlink::util |
Parsing utilities, address helpers, name resolution |
nlink::tuntap |
TUN/TAP devices (feature: tuntap) |
Project Status
The library API is production-ready for network monitoring and configuration.
Implemented:
- Core netlink socket and connection handling
- Link operations (show, add, del, set) with 20+ link types
- Address, route, neighbor, and rule operations
- Event monitoring (link, address, route, neighbor, TC)
- TC qdisc operations with 19 qdisc types
- TC class management with typed builders (HTB, HFSC, DRR, QFQ)
- TC filter (9 types) and action (12 types) support
- TC filter chains for complex classification
- Network namespace support
- Tunnel management (GRE, IPIP, SIT, VTI, VXLAN, Geneve)
- WireGuard, MACsec, MPTCP configuration via Generic Netlink
- Nexthop objects and ECMP groups (Linux 5.3+)
- MPLS routes and encapsulation
- SRv6 segment routing and local SIDs
- Bridge FDB and VLAN filtering
- Declarative network configuration
- Rate limiting DSL
- Network diagnostics
- VRF and XFRM/IPSec support
Building
Requires Rust 1.85+ (edition 2024).
cargo build --release
cargo run --release -p ip -- link show
cargo run --release -p tc -- qdisc show
License
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE)
- MIT license (LICENSE-MIT)
at your option.