[PATCH 01/12] netlink: decode NETLINK_NETFILTER message types

JingPiao Chen chenjingpiao at gmail.com
Mon Sep 18 12:10:06 UTC 2017


* netlink.c: Include "xlat/nf_acct_msg_types.h",
"xlat/nf_cthelper_msg_types.h", "xlat/nf_ctnetlink_exp_msg_types.h",
"xlat/nf_ctnetlink_msg_types.h", "xlat/nf_cttimeout_msg_types.h",
"xlat/nf_ipset_msg_types.h", "xlat/nf_nft_compat_msg_types.h",
"xlat/nf_nftables_msg_types.h", "xlat/nf_osf_msg_types.h",
"xlat/nf_queue_msg_types.h", and "xlat/nf_ulog_msg_types.h".
(nf_nlmsg_types): New array.
(decode_nlmsg_type_netfilter): Use it.
* NEWS: Mention this.
* xlat/nf_acct_msg_types.in: New file.
* xlat/nf_cthelper_msg_types.in: Likewise.
* xlat/nf_ctnetlink_exp_msg_types.in: Likewise.
* xlat/nf_ctnetlink_msg_types.in: Likewise.
* xlat/nf_cttimeout_msg_types.in: Likewise.
* xlat/nf_ipset_msg_types.in: Likewise.
* xlat/nf_nft_compat_msg_types.in: Likewise.
* xlat/nf_nftables_msg_types.in: Likewise.
* xlat/nf_osf_msg_types.in: Likewise.
* xlat/nf_queue_msg_types.in: Likewise.
* xlat/nf_ulog_msg_types.in: Likewise.
* tests/netlink_netfilter.c (test_nlmsg_type): Update expected output.
---
 NEWS                               |  1 +
 netlink.c                          | 54 ++++++++++++++++++++++++++++++++++----
 tests/netlink_netfilter.c          | 14 +++++-----
 xlat/nf_acct_msg_types.in          |  5 ++++
 xlat/nf_cthelper_msg_types.in      |  3 +++
 xlat/nf_ctnetlink_exp_msg_types.in |  4 +++
 xlat/nf_ctnetlink_msg_types.in     |  8 ++++++
 xlat/nf_cttimeout_msg_types.in     |  5 ++++
 xlat/nf_ipset_msg_types.in         | 21 +++++++++++++++
 xlat/nf_nft_compat_msg_types.in    |  1 +
 xlat/nf_nftables_msg_types.in      | 22 ++++++++++++++++
 xlat/nf_osf_msg_types.in           |  2 ++
 xlat/nf_queue_msg_types.in         |  4 +++
 xlat/nf_ulog_msg_types.in          |  2 ++
 14 files changed, 134 insertions(+), 12 deletions(-)
 create mode 100644 xlat/nf_acct_msg_types.in
 create mode 100644 xlat/nf_cthelper_msg_types.in
 create mode 100644 xlat/nf_ctnetlink_exp_msg_types.in
 create mode 100644 xlat/nf_ctnetlink_msg_types.in
 create mode 100644 xlat/nf_cttimeout_msg_types.in
 create mode 100644 xlat/nf_ipset_msg_types.in
 create mode 100644 xlat/nf_nft_compat_msg_types.in
 create mode 100644 xlat/nf_nftables_msg_types.in
 create mode 100644 xlat/nf_osf_msg_types.in
 create mode 100644 xlat/nf_queue_msg_types.in
 create mode 100644 xlat/nf_ulog_msg_types.in

diff --git a/NEWS b/NEWS
index 7aee72c..a19dfcd 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ Noteworthy changes in release ?.?? (????-??-??)
 ===============================================
 
 * Improvements
+  * Implemented decoding of NETLINK_NETFILTER message types.
   * Updated lists of ARPHRD_*, BPF_*, ETH_P_*, MADV_*, MEMBARRIER_CMD_*, MFD_*,
     SO_*, SOL_*, TCP_*, and UFFD_FEATURE_* constants.
 
diff --git a/netlink.c b/netlink.c
index ab40b14..cdfe4ee 100644
--- a/netlink.c
+++ b/netlink.c
@@ -39,6 +39,17 @@
 #include "xlat/netlink_new_flags.h"
 #include "xlat/netlink_protocols.h"
 #include "xlat/netlink_types.h"
+#include "xlat/nf_acct_msg_types.h"
+#include "xlat/nf_cthelper_msg_types.h"
+#include "xlat/nf_ctnetlink_exp_msg_types.h"
+#include "xlat/nf_ctnetlink_msg_types.h"
+#include "xlat/nf_cttimeout_msg_types.h"
+#include "xlat/nf_ipset_msg_types.h"
+#include "xlat/nf_nft_compat_msg_types.h"
+#include "xlat/nf_nftables_msg_types.h"
+#include "xlat/nf_osf_msg_types.h"
+#include "xlat/nf_queue_msg_types.h"
+#include "xlat/nf_ulog_msg_types.h"
 #include "xlat/nl_audit_types.h"
 #include "xlat/nl_crypto_types.h"
 #include "xlat/nl_netfilter_msg_types.h"
@@ -110,6 +121,38 @@ decode_nlmsg_type_generic(const struct xlat *const xlat,
 	printxval(genl_families_xlat(), type, dflt);
 }
 
+static const struct {
+	const struct xlat *const xlat;
+	const char *const dflt;
+} nf_nlmsg_types[] = {
+	[NFNL_SUBSYS_CTNETLINK] = {
+		nf_ctnetlink_msg_types,
+		"IPCTNL_MSG_CT_???"
+	},
+	[NFNL_SUBSYS_CTNETLINK_EXP] = {
+		nf_ctnetlink_exp_msg_types,
+		"IPCTNL_MSG_EXP_???"
+	},
+	[NFNL_SUBSYS_QUEUE] = { nf_queue_msg_types, "NFQNL_MSG_???" },
+	[NFNL_SUBSYS_ULOG] = { nf_ulog_msg_types, "NFULNL_MSG_???" },
+	[NFNL_SUBSYS_OSF] = { nf_osf_msg_types, "OSF_MSG_???" },
+	[NFNL_SUBSYS_IPSET] = { nf_ipset_msg_types, "IPSET_CMD_???" },
+	[NFNL_SUBSYS_ACCT] = { nf_acct_msg_types, "NFNL_MSG_ACCT_???" },
+	[NFNL_SUBSYS_CTNETLINK_TIMEOUT] = {
+		nf_cttimeout_msg_types,
+		"IPCTNL_MSG_TIMEOUT_???"
+	},
+	[NFNL_SUBSYS_CTHELPER] = {
+		nf_cthelper_msg_types,
+		"NFNL_MSG_CTHELPER_???"
+	},
+	[NFNL_SUBSYS_NFTABLES] = { nf_nftables_msg_types, "NFT_MSG_???" },
+	[NFNL_SUBSYS_NFT_COMPAT] = {
+		nf_nft_compat_msg_types,
+		"NFNL_MSG_COMPAT_???"
+	}
+};
+
 static void
 decode_nlmsg_type_netfilter(const struct xlat *const xlat,
 			    const uint16_t type,
@@ -131,11 +174,12 @@ decode_nlmsg_type_netfilter(const struct xlat *const xlat,
 
 	printxval(xlat, subsys_id, dflt);
 
-	/*
-	 * The type is subsystem specific,
-	 * print it in numeric format for now.
-	 */
-	tprintf("<<8|%#x", msg_type);
+	tprints("<<8|");
+	if (subsys_id < ARRAY_SIZE(nf_nlmsg_types))
+		printxval(nf_nlmsg_types[subsys_id].xlat,
+			  msg_type, nf_nlmsg_types[subsys_id].dflt);
+	else
+		tprintf("%#x", msg_type);
 }
 
 typedef void (*nlmsg_types_decoder_t)(const struct xlat *,
diff --git a/tests/netlink_netfilter.c b/tests/netlink_netfilter.c
index 2907c26..db2622e 100644
--- a/tests/netlink_netfilter.c
+++ b/tests/netlink_netfilter.c
@@ -52,19 +52,19 @@ test_nlmsg_type(const int fd)
 	       ", flags=NLM_F_REQUEST, seq=0, pid=0}"
 	       ", %u, MSG_DONTWAIT, NULL, 0) = %s\n",
 	       fd, nlh.nlmsg_len, (unsigned) sizeof(nlh), sprintrc(rc));
+# endif
 
-	nlh.nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | NFNL_MSG_BATCH_BEGIN;
+	nlh.nlmsg_type = NFNL_SUBSYS_CTNETLINK << 8 | 0xff;
 	rc = sendto(fd, &nlh, sizeof(nlh), MSG_DONTWAIT, NULL, 0);
-	printf("sendto(%d, {len=%u, type=NFNL_SUBSYS_CTNETLINK<<8|%#x"
+	printf("sendto(%d, {len=%u"
+	       ", type=NFNL_SUBSYS_CTNETLINK<<8|0xff /* IPCTNL_MSG_CT_??? */"
 	       ", flags=NLM_F_REQUEST, seq=0, pid=0}"
 	       ", %u, MSG_DONTWAIT, NULL, 0) = %s\n",
-	       fd, nlh.nlmsg_len, NFNL_MSG_BATCH_BEGIN,
-	       (unsigned) sizeof(nlh), sprintrc(rc));
-# endif
+	       fd, nlh.nlmsg_len, (unsigned) sizeof(nlh), sprintrc(rc));
 
-	nlh.nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8);
+	nlh.nlmsg_type = 0xffff;
 	rc = sendto(fd, &nlh, sizeof(nlh), MSG_DONTWAIT, NULL, 0);
-	printf("sendto(%d, {len=%u, type=NFNL_SUBSYS_CTNETLINK<<8|0"
+	printf("sendto(%d, {len=%u, type=0xff /* NFNL_SUBSYS_??? */<<8|0xff"
 	       ", flags=NLM_F_REQUEST, seq=0, pid=0}"
 	       ", %u, MSG_DONTWAIT, NULL, 0) = %s\n",
 	       fd, nlh.nlmsg_len, (unsigned) sizeof(nlh), sprintrc(rc));
diff --git a/xlat/nf_acct_msg_types.in b/xlat/nf_acct_msg_types.in
new file mode 100644
index 0000000..3384ee0
--- /dev/null
+++ b/xlat/nf_acct_msg_types.in
@@ -0,0 +1,5 @@
+NFNL_MSG_ACCT_NEW		0
+NFNL_MSG_ACCT_GET		1
+NFNL_MSG_ACCT_GET_CTRZERO	2
+NFNL_MSG_ACCT_DEL		3
+NFNL_MSG_ACCT_OVERQUOTA		4
diff --git a/xlat/nf_cthelper_msg_types.in b/xlat/nf_cthelper_msg_types.in
new file mode 100644
index 0000000..bbee697
--- /dev/null
+++ b/xlat/nf_cthelper_msg_types.in
@@ -0,0 +1,3 @@
+NFNL_MSG_CTHELPER_NEW	0
+NFNL_MSG_CTHELPER_GET	1
+NFNL_MSG_CTHELPER_DEL	2
diff --git a/xlat/nf_ctnetlink_exp_msg_types.in b/xlat/nf_ctnetlink_exp_msg_types.in
new file mode 100644
index 0000000..8236e06
--- /dev/null
+++ b/xlat/nf_ctnetlink_exp_msg_types.in
@@ -0,0 +1,4 @@
+IPCTNL_MSG_EXP_NEW		0
+IPCTNL_MSG_EXP_GET		1
+IPCTNL_MSG_EXP_DELETE		2
+IPCTNL_MSG_EXP_GET_STATS_CPU	3
diff --git a/xlat/nf_ctnetlink_msg_types.in b/xlat/nf_ctnetlink_msg_types.in
new file mode 100644
index 0000000..2dab169
--- /dev/null
+++ b/xlat/nf_ctnetlink_msg_types.in
@@ -0,0 +1,8 @@
+IPCTNL_MSG_CT_NEW		0
+IPCTNL_MSG_CT_GET		1
+IPCTNL_MSG_CT_DELETE		2
+IPCTNL_MSG_CT_GET_CTRZERO	3
+IPCTNL_MSG_CT_GET_STATS_CPU	4
+IPCTNL_MSG_CT_GET_STATS		5
+IPCTNL_MSG_CT_GET_DYING		6
+IPCTNL_MSG_CT_GET_UNCONFIRMED	7
diff --git a/xlat/nf_cttimeout_msg_types.in b/xlat/nf_cttimeout_msg_types.in
new file mode 100644
index 0000000..bf6c529
--- /dev/null
+++ b/xlat/nf_cttimeout_msg_types.in
@@ -0,0 +1,5 @@
+IPCTNL_MSG_TIMEOUT_NEW		0
+IPCTNL_MSG_TIMEOUT_GET		1
+IPCTNL_MSG_TIMEOUT_DELETE	2
+IPCTNL_MSG_TIMEOUT_DEFAULT_SET	3
+IPCTNL_MSG_TIMEOUT_DEFAULT_GET	4
diff --git a/xlat/nf_ipset_msg_types.in b/xlat/nf_ipset_msg_types.in
new file mode 100644
index 0000000..a61d906
--- /dev/null
+++ b/xlat/nf_ipset_msg_types.in
@@ -0,0 +1,21 @@
+IPSET_CMD_NONE		0
+IPSET_CMD_PROTOCOL	1
+IPSET_CMD_CREATE	2
+IPSET_CMD_DESTROY	3
+IPSET_CMD_FLUSH		4
+IPSET_CMD_RENAME	5
+IPSET_CMD_SWAP		6
+IPSET_CMD_LIST		7
+IPSET_CMD_SAVE		8
+IPSET_CMD_ADD		9
+IPSET_CMD_DEL		10
+IPSET_CMD_TEST		11
+IPSET_CMD_HEADER	12
+IPSET_CMD_TYPE		13
+
+IPSET_CMD_RESTORE	14
+IPSET_CMD_HELP		15
+IPSET_CMD_VERSION	16
+IPSET_CMD_QUIT		17
+
+IPSET_CMD_COMMIT	18
diff --git a/xlat/nf_nft_compat_msg_types.in b/xlat/nf_nft_compat_msg_types.in
new file mode 100644
index 0000000..e2f7da1
--- /dev/null
+++ b/xlat/nf_nft_compat_msg_types.in
@@ -0,0 +1 @@
+NFNL_MSG_COMPAT_GET	0
diff --git a/xlat/nf_nftables_msg_types.in b/xlat/nf_nftables_msg_types.in
new file mode 100644
index 0000000..eb1e773
--- /dev/null
+++ b/xlat/nf_nftables_msg_types.in
@@ -0,0 +1,22 @@
+NFT_MSG_NEWTABLE	0
+NFT_MSG_GETTABLE	1
+NFT_MSG_DELTABLE	2
+NFT_MSG_NEWCHAIN	3
+NFT_MSG_GETCHAIN	4
+NFT_MSG_DELCHAIN	5
+NFT_MSG_NEWRULE		6
+NFT_MSG_GETRULE		7
+NFT_MSG_DELRULE		8
+NFT_MSG_NEWSET		9
+NFT_MSG_GETSET		10
+NFT_MSG_DELSET		11
+NFT_MSG_NEWSETELEM	12
+NFT_MSG_GETSETELEM	13
+NFT_MSG_DELSETELEM	14
+NFT_MSG_NEWGEN		15
+NFT_MSG_GETGEN		16
+NFT_MSG_TRACE		17
+NFT_MSG_NEWOBJ		18
+NFT_MSG_GETOBJ		19
+NFT_MSG_DELOBJ		20
+NFT_MSG_GETOBJ_RESET	21
diff --git a/xlat/nf_osf_msg_types.in b/xlat/nf_osf_msg_types.in
new file mode 100644
index 0000000..636c932
--- /dev/null
+++ b/xlat/nf_osf_msg_types.in
@@ -0,0 +1,2 @@
+OSF_MSG_ADD	0
+OSF_MSG_REMOVE	1
diff --git a/xlat/nf_queue_msg_types.in b/xlat/nf_queue_msg_types.in
new file mode 100644
index 0000000..65c7bdd
--- /dev/null
+++ b/xlat/nf_queue_msg_types.in
@@ -0,0 +1,4 @@
+NFQNL_MSG_PACKET	0
+NFQNL_MSG_VERDICT	1
+NFQNL_MSG_CONFIG	2
+NFQNL_MSG_VERDICT_BATCH	3
diff --git a/xlat/nf_ulog_msg_types.in b/xlat/nf_ulog_msg_types.in
new file mode 100644
index 0000000..13ff42f
--- /dev/null
+++ b/xlat/nf_ulog_msg_types.in
@@ -0,0 +1,2 @@
+NFULNL_MSG_PACKET	0
+NFULNL_MSG_CONFIG	1
-- 
2.7.4





More information about the Strace-devel mailing list