[PATCH] netlink: decode NLMSG_DONE message

JingPiao Chen chenjingpiao at gmail.com
Sun Jun 4 07:57:08 UTC 2017 

On Fri, Jun 02, 2017 at 06:25:28PM +0300, Dmitry V. Levin wrote:
> On Fri, May 05, 2017 at 06:21:17PM +0800, JingPiao Chen wrote:
> > * netlink.c (decode_payload): Decode NLMSG_DONE message.
> > * tests/netlink_protocol.c: Add check for decoding
> > of NLMSG_DONE message.
>
> Unlike NLMSG_ERROR, there are no universal NLMSG_DONE messages.  While
> many NLMSG_DONE messages indeed have payload containing just one integer,
> there are exceptions.  For example,
>
> net/netfilter/nfnetlink_log.c:__nfulnl_send() sends struct nfgenmsg,
> drivers/connector/connector.c:cn_netlink_send_mult() sends struct cn_msg,
> drivers/scsi/scsi_transport_iscsi.c:iscsi_if_send_reply() sends struct
iscsi_uevent,
> kernel/auditfilter.c:audit_list_rules() sends struct audit_rule_data,
> kernel/audit.c:audit_get_feature() sends struct audit_features,
> kernel/audit.c:audit_receive_msg() sends struct audit_status,
audit_sig_info,
> audit_tty_status, and so on.

I am decoding audit, I understand kernel/auditfilter.c: audit_list_rules()
sends struct audit_rule_data, but I do not understand
kernel/audit.c: audit_get_feature() sends struct audit_features

static int audit_get_feature(struct sk_buff *skb)
{
...
audit_send_reply(skb, seq, AUDIT_GET_FEATURE, 0, 0, &af, sizeof(af));
...
}

done = 0, why is it send NLMSG_DONE messages?
Can you help me understand this? Thank you.

> I suggest implementing a default decoder of NLMSG_DONE messages that
> would print the integer in case of len == sizeof(int) and fall back
> to  printstrn for other lengths.

I updated the patch. default decoder[1]:

diff --git a/netlink.c b/netlink.c
index 678343c..104a65f 100644
--- a/netlink.c
+++ b/netlink.c
@@ -120,6 +120,12 @@ decode_payload(struct tcb *const tcp,
  if (nlmsghdr->nlmsg_type == NLMSG_ERROR) {
  decode_nlmsgerr(tcp, addr, len);
  return;
+ } else if (nlmsghdr->nlmsg_type == NLMSG_DONE && len == sizeof(int)) {
+ int total_len;
+
+ if (!umove_or_printaddr(tcp, addr, &total_len))
+ tprintf("%d", total_len);
+ return;
  }

> When protocol specific netlink decoders are added, they could either
> decode NLMSG_DONE themselves (and return true) or just return false to
> fall back to default decoder.

When netlink_sock_diag protocol is added[2]:

diff --git a/netlink.c b/netlink.c
index 42dc382..a0165f2 100644
--- a/netlink.c
+++ b/netlink.c
@@ -209,6 +209,25 @@ decode_nlmsgerr(struct tcb *const tcp, int fd,
  tprints("}");
 }

+static bool
+decode_specific_proto(struct tcb *const tcp, int fd,
+      const struct nlmsghdr *const nlmsghdr,
+      const kernel_ulong_t addr,
+      const kernel_ulong_t len)
+{
+ int proto = getfdnlproto(tcp, fd, netlink_protocols);
+
+ switch (proto) {
+ case NETLINK_SOCK_DIAG:
+ return decode_netlink_sock_diag(tcp, addr, len,
+ nlmsghdr->nlmsg_type,
+ nlmsghdr->nlmsg_flags &
+ NLM_F_REQUEST);
+ default:
+ return false;
+ }
+}
+
 static void
 decode_payload(struct tcb *const tcp, int fd,
        const struct nlmsghdr *const nlmsghdr,
@@ -218,6 +237,8 @@ decode_payload(struct tcb *const tcp, int fd,
  if (nlmsghdr->nlmsg_type == NLMSG_ERROR) {
  decode_nlmsgerr(tcp, fd, addr, len);
  return;
+ } else if (decode_specific_proto(tcp, fd, nlmsghdr, addr, len)) {
+ return;
  } else if (nlmsghdr->nlmsg_type == NLMSG_DONE && len == sizeof(int)) {
  int total_len;

[1]https://github.com/ppiao/strace/commit/b3b21ff0
[2]https://github.com/ppiao/strace/commit/d52bc5bd

--
JingPiao Chen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20170604/b3092490/attachment.html>

More information about the Strace-devel mailing list