<div dir="ltr"><div>static int</div><div>print_nlmsghdr(struct tcb *tcp,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">  </span>       const int fd,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">        </span>       int family,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">  </span>       const struct nlmsghdr *const nlmsghdr)</div><div>{</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">       </span>...</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">    </span>const int hdr_family = (nlmsghdr->nlmsg_type < NLMSG_MIN_TYPE)</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">                   </span>       ? NL_FAMILY_DEFAULT</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">                  </span>       : (family != NL_FAMILY_DEFAULT</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">                               </span>  ? family : get_fd_nl_family(tcp, fd));</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">      </span>...</div><div>}</div><div><br></div><div>Get family is in this function,</div><div>if type = NLMSG_DONE (NLMSG_DONE < NLMSG_MIN_TYPE),</div><div>family = NL_FAMILY_DEFAULT. So in the decode_payload</div><div>(unsigned int) family < ARRAY_SIZE(netlink_decoders) is false.</div><div><br></div><div>static void</div><div>decode_payload(struct tcb *const tcp,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">      </span>       const int fd,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">        </span>       const int family,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">    </span>       const struct nlmsghdr *const nlmsghdr,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">       </span>       const kernel_ulong_t addr,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">   </span>       const kernel_ulong_t len)</div><div>{</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">    </span>...</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">    </span>if ((unsigned int) family < ARRAY_SIZE(netlink_decoders)</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">    </span>    && netlink_decoders[family]</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">      </span>    && netlink_decoders[family](tcp, nlmsghdr, addr, len)) {</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">         </span>return;</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">        </span>}</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">      </span>...</div><div>}</div><div><br></div><div>If enter decode_netlink_sock_diag, it only return true, following code</div><div>never execute.</div><div><br></div><div>static void</div><div>decode_payload(struct tcb *const tcp,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">  </span>       const int fd,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">        </span>       const int family,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">    </span>       const struct nlmsghdr *const nlmsghdr,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">       </span>       const kernel_ulong_t addr,</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">   </span>       const kernel_ulong_t len)</div><div>{</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">    </span>...</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">    </span>if (nlmsghdr->nlmsg_type == NLMSG_DONE && len == sizeof(int)) {</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">             </span>int num;</div><div><br></div><div><span class="gmail-Apple-tab-span" style="white-space:pre">              </span>if (!umove_or_printaddr(tcp, addr, &num))</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">                  </span>tprintf("%d", num);</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">          </span>return;</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">        </span>}</div><div><span class="gmail-Apple-tab-span" style="white-space:pre">      </span>...</div><div>}</div><div><br></div><div>--</div><div>JingPiao Chen</div></div>