eenblam · November 17, 2025 08:12 · Sep 2, 2019 · Sep 2, 2019 · Sep 2, 2019 · Sep 2, 2019
diff --git a/linux_reading_list.md b/linux_reading_list.md
@@ -43,7 +43,7 @@ These weren't sufficient:
 * https://bitsup.blogspot.com/2008/04/monitoring-ip-changes-with-netlink.html (required polling, which OP didn't like)
 * https://github.com/kristrev/inet-diag-example Monitors something different; OP uncertain if the same is possible with diag sockets
 
-See als:
+See also:
 * http://man7.org/linux/man-pages/man7/sock_diag.7.html
 * https://www.infradead.org/~tgr/libnl/
 * https://netfilter.org/projects/libmnl/doxygen/html/
@@ -54,9 +54,11 @@ Netfilter: https://github.com/torvalds/linux/tree/db54615e21419c3cb4d699a0b0aa16
 ss, from iproute2: https://github.com/shemminger/iproute2/blob/master/misc/ss.c
 * This should provide an example of monitoring via NETLINK+INET_DIAG sockets.
 
-## Making it work in Go
+## Making it work in Go/Python
 https://github.com/mdlayher/netlink
 
 https://godoc.org/github.com/ti-mo/conntrack
 * Source: https://github.com/ti-mo/conntrack
-* Implemented using https://github.com/ti-mo/netfilter
+* Implemented using https://github.com/ti-mo/netfilter
+
+https://github.com/svinota/pyroute2/blob/master/pyroute2/netlink/
diff --git a/linux_reading_list.md b/linux_reading_list.md
@@ -43,7 +43,10 @@ These weren't sufficient:
 * https://bitsup.blogspot.com/2008/04/monitoring-ip-changes-with-netlink.html (required polling, which OP didn't like)
 * https://github.com/kristrev/inet-diag-example Monitors something different; OP uncertain if the same is possible with diag sockets
 
-See http://man7.org/linux/man-pages/man7/sock_diag.7.html
+See als:
+* http://man7.org/linux/man-pages/man7/sock_diag.7.html
+* https://www.infradead.org/~tgr/libnl/
+* https://netfilter.org/projects/libmnl/doxygen/html/
 
 ## Source code
 Netfilter: https://github.com/torvalds/linux/tree/db54615e21419c3cb4d699a0b0aa16cc44d0e9da/net/netfilterGo

diff --git a/linux_reading_list.md b/linux_reading_list.md
@@ -24,7 +24,7 @@ PAPER [Linux Advanced Routing & Traffic Control HOWTO](https://lartc.org/lartc.h
         * Lots of info on Rosen's [personal site](https://ramirose.wixsite.com/ramirosen)
         * Lectures at the [Haifa Linux Club](http://www.haifux.org/rami_rosen.html)
 
-WIKI [Generic Netlink by Example](https://web.archive.org/web/20070824154425/http://linux-net.osdl.org/index.php/Generic_Netlink_HOWTO)
+WIKI [Generic Netlink by Example](https://web.archive.org/web/20070824154425/http://linux-net.osdl.org/index.php/Generic_Netlink_HOWTO) focuses on targeting Generic Netlink from *within the kernel*, not from user-space. 
 
 SLIDES [A Map of the Networking Code in Linux Kernel 2.4.20](https://www.cs.dartmouth.edu/~sergey/me/netreads/path-of-packet/tr-datatag-2004-1.pdf)
 

diff --git a/linux_reading_list.md b/linux_reading_list.md
@@ -10,7 +10,7 @@ Do this! At least get through the introduction section and first chapter of each
 https://www.netfilter.org/
 
 BOOK OREILLY [Understanding Linux Network Internals](http://shop.oreilly.com/product/9780596002558.do)
-    * Doesn't really cover netfilter???
+* Doesn't really cover netfilter???
 
 PAPER [Linux Advanced Routing & Traffic Control HOWTO](https://lartc.org/lartc.html)
 

diff --git a/linux_reading_list.md b/linux_reading_list.md
@@ -0,0 +1,59 @@
+# Linux Networking Reading List
+Currently in no particular order. Most of these are kind of ancient.
+
+Where's all the modern documentation? So much of what I've turned up searching is other folks complaining about having few options beyond reading source code.
+
+The OREILLY books, while dated, seem to be some of the best available.
+Note that these can be read with a 7-day trial.
+Do this! At least get through the introduction section and first chapter of each to see if it's what you're after.
+
+https://www.netfilter.org/
+
+BOOK OREILLY [Understanding Linux Network Internals](http://shop.oreilly.com/product/9780596002558.do)
+    * Doesn't really cover netfilter???
+
+PAPER [Linux Advanced Routing & Traffic Control HOWTO](https://lartc.org/lartc.html)
+
+[Sergey's netreads](https://www.cs.dartmouth.edu/~sergey/me/netreads/):
+* SLIDES [The Journey of a Packet Through the Linux Network Stack](https://www.cs.dartmouth.edu/~sergey/me/netreads/path-of-packet/Lab9_modified.pdf)
+    * Cites PAPER [Path of a Packet in the Linux Kernel Stack](https://www.cs.dartmouth.edu/~sergey/me/netreads/path-of-packet/Network_stack.pdf)
+* PAPER [Linux Kernel Networking](https://www.cs.dartmouth.edu/~sergey/me/netreads/path-of-packet/netLec.pdf) (Rami Rosen)
+    * Rosen also wrote BOOK OREILLY [Linux Kernel Networking: Implementation and Theory](https://learning.oreilly.com/library/view/linux-kernel-networking/9781430261964/).
+        * Published in 2013, it seems to be somewhat of a successor to Understanding Linux Network Internals.
+        * Does cover netfilter and some other stuff not in Linux Network Internals!
+        * Lots of info on Rosen's [personal site](https://ramirose.wixsite.com/ramirosen)
+        * Lectures at the [Haifa Linux Club](http://www.haifux.org/rami_rosen.html)
+
+WIKI [Generic Netlink by Example](https://web.archive.org/web/20070824154425/http://linux-net.osdl.org/index.php/Generic_Netlink_HOWTO)
+
+SLIDES [A Map of the Networking Code in Linux Kernel 2.4.20](https://www.cs.dartmouth.edu/~sergey/me/netreads/path-of-packet/tr-datatag-2004-1.pdf)
+
+PAPER [Linux Network Stack Walkthrough (2.4.20)](https://web.archive.org/web/20080714111103/gicl.cs.drexel.edu/people/sevy/network/Linux_network_stack_walkthrough.html)
+
+## Q&A's
+This Quora has some good diagrams in the responses.
+https://www.quora.com/What-is-the-best-way-resource-to-learn-Linux-networking-concepts-and-practices-like-open-source-training-manuals-and-hand-outs
+
+## Netlink
+See Rosen's Linux Kernel Networking.
+
+I'd like to answer this question: https://stackoverflow.com/questions/18541517/live-socket-monitoring-with-netlink-inet-diag
+
+These weren't sufficient:
+* https://bitsup.blogspot.com/2008/04/monitoring-ip-changes-with-netlink.html (required polling, which OP didn't like)
+* https://github.com/kristrev/inet-diag-example Monitors something different; OP uncertain if the same is possible with diag sockets
+
+See http://man7.org/linux/man-pages/man7/sock_diag.7.html
+
+## Source code
+Netfilter: https://github.com/torvalds/linux/tree/db54615e21419c3cb4d699a0b0aa16cc44d0e9da/net/netfilterGo
+
+ss, from iproute2: https://github.com/shemminger/iproute2/blob/master/misc/ss.c
+* This should provide an example of monitoring via NETLINK+INET_DIAG sockets.
+
+## Making it work in Go
+https://github.com/mdlayher/netlink
+
+https://godoc.org/github.com/ti-mo/conntrack
+* Source: https://github.com/ti-mo/conntrack
+* Implemented using https://github.com/ti-mo/netfilter
No results found