[PATCH 1/8] netlink: add a basic socket diag parser of AF_NETLINK messages

Tue Jun 13 14:13:18 UTC 2017

* linux/netlink_diag.h (NDIAG_SHOW_GROUPS)
(NDIAG_SHOW_RING_CFG): New macros.
* netlink_sock_diag.c: Include <linux/netlink_diag.h>,
"xlat/netlink_diag_show.h" and "xlat/netlink_states.h".
(decode_netlink_diag_req, decode_netlink_diag_msg): New functions.
(diag_decoders): Add AF_NETLINK.
* xlat/netlink_diag_show.in: New file.
* xlat/netlink_states.in: Likewise.

Co-authored-by: Fabien Siron <fabien.siron at epita.fr>
---
 linux/netlink_diag.h      |  3 +++
 netlink_sock_diag.c       | 60 +++++++++++++++++++++++++++++++++++++++++++++++
 xlat/netlink_diag_show.in |  3 +++
 xlat/netlink_states.in    |  2 ++
 4 files changed, 68 insertions(+)
 create mode 100644 xlat/netlink_diag_show.in
 create mode 100644 xlat/netlink_states.in

diff --git a/linux/netlink_diag.h b/linux/netlink_diag.h
index a52507c..234748c 100644
--- a/linux/netlink_diag.h
+++ b/linux/netlink_diag.h
@@ -24,6 +24,9 @@ struct netlink_diag_msg {
 };
 
 #define NDIAG_SHOW_MEMINFO           0x00000001
+#define NDIAG_SHOW_GROUPS	     0x00000002
+/* deprecated since 4.6 */
+#define NDIAG_SHOW_RING_CFG          0x00000004
 #define NDIAG_PROTO_ALL              ((uint8_t) ~0)
 
 #endif /* !STRACE_LINUX_NETLINK_DIAG_H */
diff --git a/netlink_sock_diag.c b/netlink_sock_diag.c
index 378d9c1..0b37803 100644
--- a/netlink_sock_diag.c
+++ b/netlink_sock_diag.c
@@ -31,11 +31,15 @@
 
 #include <sys/socket.h>
 #include <linux/netlink.h>
+#include <linux/netlink_diag.h>
 #include <linux/unix_diag.h>
 
 #include "xlat/tcp_states.h"
 #include "xlat/tcp_state_flags.h"
 
+#include "xlat/netlink_diag_show.h"
+#include "xlat/netlink_states.h"
+
 #include "xlat/unix_diag_show.h"
 
 static void
@@ -102,9 +106,65 @@ decode_unix_diag_msg(struct tcb *const tcp,
 	return true;
 }
 
+static bool
+decode_netlink_diag_req(struct tcb *const tcp,
+			const struct nlmsghdr *const nlmsghdr,
+			const kernel_ulong_t addr,
+			const kernel_ulong_t len)
+{
+	struct netlink_diag_req req;
+
+	if (len < sizeof(req) || umove(tcp, addr, &req) < 0)
+		return false;
+
+	tprints("{sdiag_family=");
+	printxval(addrfams, req.sdiag_family, "AF_???");
+	tprints(", sdiag_protocol=");
+	if (NDIAG_PROTO_ALL == req.sdiag_protocol)
+		tprints("NDIAG_PROTO_ALL");
+	else
+		printxval(netlink_protocols,
+			  req.sdiag_protocol, "NETLINK_???");
+	tprintf(", ndiag_ino=%" PRIu32 ", ndiag_show=", req.ndiag_ino);
+	printflags(netlink_diag_show, req.ndiag_show, "NDIAG_SHOW_???");
+	tprintf(", ndiag_cookie=[%" PRIu32 ", %" PRIu32 "]}",
+		req.ndiag_cookie[0], req.ndiag_cookie[1]);
+
+	return true;
+}
+
+static bool
+decode_netlink_diag_msg(struct tcb *const tcp,
+			const struct nlmsghdr *const nlmsghdr,
+			const kernel_ulong_t addr,
+			const kernel_ulong_t len)
+{
+	struct netlink_diag_msg msg;
+
+	if (len < sizeof(msg) || umove(tcp, addr, &msg) < 0)
+		return false;
+
+	tprints("{ndiag_family=");
+	printxval(addrfams, msg.ndiag_family, "AF_???");
+	tprints(", ndiag_type=");
+	printxval(socktypes, msg.ndiag_type, "SOCK_???");
+	tprints(", ndiag_protocol=");
+	printxval(netlink_protocols, msg.ndiag_protocol, "NETLINK_???");
+	tprints(", ndiag_state=");
+	printxval(netlink_states, msg.ndiag_state, "NETLINK_???");
+	tprintf(", ndiag_portid=%" PRIu32 ", ndiag_dst_portid=%" PRIu32
+		", ndiag_dst_group=%" PRIu32 ", ndiag_ino=%" PRIu32
+		", ndiag_cookie=[%" PRIu32 ", %" PRIu32 "]}",
+		msg.ndiag_portid, msg.ndiag_dst_portid, msg.ndiag_dst_group,
+		msg.ndiag_ino, msg.ndiag_cookie[0], msg.ndiag_cookie[1]);
+
+	return true;
+}
+
 static const struct {
 	const netlink_decoder_t request, response;
 } diag_decoders[] = {
+	[AF_NETLINK] = { decode_netlink_diag_req, decode_netlink_diag_msg },
 	[AF_UNIX] = { decode_unix_diag_req, decode_unix_diag_msg }
 };
 
diff --git a/xlat/netlink_diag_show.in b/xlat/netlink_diag_show.in
new file mode 100644
index 0000000..9639c5a
--- /dev/null
+++ b/xlat/netlink_diag_show.in
@@ -0,0 +1,3 @@
+NDIAG_SHOW_MEMINFO
+NDIAG_SHOW_GROUPS
+NDIAG_SHOW_RING_CFG
diff --git a/xlat/netlink_states.in b/xlat/netlink_states.in
new file mode 100644
index 0000000..4d4aee7
--- /dev/null
+++ b/xlat/netlink_states.in
@@ -0,0 +1,2 @@
+NETLINK_UNCONNECTED	0
+NETLINK_CONNECTED	1
-- 
2.7.4



