[PATCH 01/12] netlink: decode NETLINK_NETFILTER message types
JingPiao Chen
chenjingpiao at gmail.com
Mon Sep 18 12:10:06 UTC 2017
* netlink.c: Include "xlat/nf_acct_msg_types.h",
"xlat/nf_cthelper_msg_types.h", "xlat/nf_ctnetlink_exp_msg_types.h",
"xlat/nf_ctnetlink_msg_types.h", "xlat/nf_cttimeout_msg_types.h",
"xlat/nf_ipset_msg_types.h", "xlat/nf_nft_compat_msg_types.h",
"xlat/nf_nftables_msg_types.h", "xlat/nf_osf_msg_types.h",
"xlat/nf_queue_msg_types.h", and "xlat/nf_ulog_msg_types.h".
(nf_nlmsg_types): New array.
(decode_nlmsg_type_netfilter): Use it.
* NEWS: Mention this.
* xlat/nf_acct_msg_types.in: New file.
* xlat/nf_cthelper_msg_types.in: Likewise.
* xlat/nf_ctnetlink_exp_msg_types.in: Likewise.
* xlat/nf_ctnetlink_msg_types.in: Likewise.
* xlat/nf_cttimeout_msg_types.in: Likewise.
* xlat/nf_ipset_msg_types.in: Likewise.
* xlat/nf_nft_compat_msg_types.in: Likewise.
* xlat/nf_nftables_msg_types.in: Likewise.
* xlat/nf_osf_msg_types.in: Likewise.
* xlat/nf_queue_msg_types.in: Likewise.
* xlat/nf_ulog_msg_types.in: Likewise.
* tests/netlink_netfilter.c (test_nlmsg_type): Update expected output.
---
NEWS | 1 +
netlink.c | 54 ++++++++++++++++++++++++++++++++++----
tests/netlink_netfilter.c | 14 +++++-----
xlat/nf_acct_msg_types.in | 5 ++++
xlat/nf_cthelper_msg_types.in | 3 +++
xlat/nf_ctnetlink_exp_msg_types.in | 4 +++
xlat/nf_ctnetlink_msg_types.in | 8 ++++++
xlat/nf_cttimeout_msg_types.in | 5 ++++
xlat/nf_ipset_msg_types.in | 21 +++++++++++++++
xlat/nf_nft_compat_msg_types.in | 1 +
xlat/nf_nftables_msg_types.in | 22 ++++++++++++++++
xlat/nf_osf_msg_types.in | 2 ++
xlat/nf_queue_msg_types.in | 4 +++
xlat/nf_ulog_msg_types.in | 2 ++
14 files changed, 134 insertions(+), 12 deletions(-)
create mode 100644 xlat/nf_acct_msg_types.in
create mode 100644 xlat/nf_cthelper_msg_types.in
create mode 100644 xlat/nf_ctnetlink_exp_msg_types.in
create mode 100644 xlat/nf_ctnetlink_msg_types.in
create mode 100644 xlat/nf_cttimeout_msg_types.in
create mode 100644 xlat/nf_ipset_msg_types.in
create mode 100644 xlat/nf_nft_compat_msg_types.in
create mode 100644 xlat/nf_nftables_msg_types.in
create mode 100644 xlat/nf_osf_msg_types.in
create mode 100644 xlat/nf_queue_msg_types.in
create mode 100644 xlat/nf_ulog_msg_types.in
diff --git a/NEWS b/NEWS
index 7aee72c..a19dfcd 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ Noteworthy changes in release ?.?? (????-??-??)
===============================================
* Improvements
+ * Implemented decoding of NETLINK_NETFILTER message types.
* Updated lists of ARPHRD_*, BPF_*, ETH_P_*, MADV_*, MEMBARRIER_CMD_*, MFD_*,
SO_*, SOL_*, TCP_*, and UFFD_FEATURE_* constants.
diff --git a/netlink.c b/netlink.c
index ab40b14..cdfe4ee 100644
--- a/netlink.c
+++ b/netlink.c
@@ -39,6 +39,17 @@
#include "xlat/netlink_new_flags.h"
#include "xlat/netlink_protocols.h"
#include "xlat/netlink_types.h"
+#include "xlat/nf_acct_msg_types.h"
+#include "xlat/nf_cthelper_msg_types.h"
+#include "xlat/nf_ctnetlink_exp_msg_types.h"
+#include "xlat/nf_ctnetlink_msg_types.h"
+#include "xlat/nf_cttimeout_msg_types.h"
+#include "xlat/nf_ipset_msg_types.h"
+#include "xlat/nf_nft_compat_msg_types.h"
+#include "xlat/nf_nftables_msg_types.h"
+#include "xlat/nf_osf_msg_types.h"
+#include "xlat/nf_queue_msg_types.h"
+#include "xlat/nf_ulog_msg_types.h"
#include "xlat/nl_audit_types.h"
#include "xlat/nl_crypto_types.h"
#include "xlat/nl_netfilter_msg_types.h"
@@ -110,6 +121,38 @@ decode_nlmsg_type_generic(const struct xlat *const xlat,
printxval(genl_families_xlat(), type, dflt);
}
+static const struct {
+ const struct xlat *const xlat;
+ const char *const dflt;
+} nf_nlmsg_types[] = {
+ [NFNL_SUBSYS_CTNETLINK] = {
+ nf_ctnetlink_msg_types,
+ "IPCTNL_MSG_CT_???"
+ },
+ [NFNL_SUBSYS_CTNETLINK_EXP] = {
+ nf_ctnetlink_exp_msg_types,
+ "IPCTNL_MSG_EXP_???"
+ },
+ [NFNL_SUBSYS_QUEUE] = { nf_queue_msg_types, "NFQNL_MSG_???" },
+ [NFNL_SUBSYS_ULOG] = { nf_ulog_msg_types, "NFULNL_MSG_???" },
+ [NFNL_SUBSYS_OSF] = { nf_osf_msg_types, "OSF_MSG_???" },
+ [NFNL_SUBSYS_IPSET] = { nf_ipset_msg_types, "IPSET_CMD_???" },
+ [NFNL_SUBSYS_ACCT] = { nf_acct_msg_types, "NFNL_MSG_ACCT_???" },
+ [NFNL_SUBSYS_CTNETLINK_TIMEOUT] = {
+ nf_cttimeout_msg_types,
+ "IPCTNL_MSG_TIMEOUT_???"
+ },
+ [NFNL_SUBSYS_CTHELPER] = {
+ nf_cthelper_msg_types,
+ "NFNL_MSG_CTHELPER_???"
+ },
+ [NFNL_SUBSYS_NFTABLES] = { nf_nftables_msg_types, "NFT_MSG_???" },
+ [NFNL_SUBSYS_NFT_COMPAT] = {
+ nf_nft_compat_msg_types,
+ "NFNL_MSG_COMPAT_???"
+ }
+};
+
static void
decode_nlmsg_type_netfilter(const struct xlat *const xlat,
const uint16_t type,
@@ -131,11 +174,12 @@ decode_nlmsg_type_netfilter(const struct xlat *const xlat,
printxval(xlat, subsys_id, dflt);
- /*
- * The type is subsystem specific,
- * print it in numeric format for now.
- */
- tprintf("<<8|%#x", msg_type);
+ tprints("<<8|");
+ if (subsys_id < ARRAY_SIZE(nf_nlmsg_types))
+ printxval(nf_nlmsg_types[subsys_id].xlat,
+ msg_type, nf_nlmsg_types[subsys_id].dflt);
+ else
+ tprintf("%#x", msg_type);
}
typedef void (*nlmsg_types_decoder_t)(const struct xlat *,
diff --git a/tests/netlink_netfilter.c b/tests/netlink_netfilter.c
index 2907c26..db2622e 100644
--- a/tests/netlink_netfilter.c
+++ b/tests/netlink_netfilter.c
@@ -52,19 +52,19 @@ test_nlmsg_type(const int fd)
", flags=NLM_F_REQUEST, seq=0, pid=0}"
", %u, MSG_DONTWAIT, NULL, 0) = %s\n",
fd, nlh.nlmsg_len, (unsigned) sizeof(nlh), sprintrc(rc));
+# endif
- nlh.nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | NFNL_MSG_BATCH_BEGIN;
+ nlh.nlmsg_type = NFNL_SUBSYS_CTNETLINK << 8 | 0xff;
rc = sendto(fd, &nlh, sizeof(nlh), MSG_DONTWAIT, NULL, 0);
- printf("sendto(%d, {len=%u, type=NFNL_SUBSYS_CTNETLINK<<8|%#x"
+ printf("sendto(%d, {len=%u"
+ ", type=NFNL_SUBSYS_CTNETLINK<<8|0xff /* IPCTNL_MSG_CT_??? */"
", flags=NLM_F_REQUEST, seq=0, pid=0}"
", %u, MSG_DONTWAIT, NULL, 0) = %s\n",
- fd, nlh.nlmsg_len, NFNL_MSG_BATCH_BEGIN,
- (unsigned) sizeof(nlh), sprintrc(rc));
-# endif
+ fd, nlh.nlmsg_len, (unsigned) sizeof(nlh), sprintrc(rc));
- nlh.nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8);
+ nlh.nlmsg_type = 0xffff;
rc = sendto(fd, &nlh, sizeof(nlh), MSG_DONTWAIT, NULL, 0);
- printf("sendto(%d, {len=%u, type=NFNL_SUBSYS_CTNETLINK<<8|0"
+ printf("sendto(%d, {len=%u, type=0xff /* NFNL_SUBSYS_??? */<<8|0xff"
", flags=NLM_F_REQUEST, seq=0, pid=0}"
", %u, MSG_DONTWAIT, NULL, 0) = %s\n",
fd, nlh.nlmsg_len, (unsigned) sizeof(nlh), sprintrc(rc));
diff --git a/xlat/nf_acct_msg_types.in b/xlat/nf_acct_msg_types.in
new file mode 100644
index 0000000..3384ee0
--- /dev/null
+++ b/xlat/nf_acct_msg_types.in
@@ -0,0 +1,5 @@
+NFNL_MSG_ACCT_NEW 0
+NFNL_MSG_ACCT_GET 1
+NFNL_MSG_ACCT_GET_CTRZERO 2
+NFNL_MSG_ACCT_DEL 3
+NFNL_MSG_ACCT_OVERQUOTA 4
diff --git a/xlat/nf_cthelper_msg_types.in b/xlat/nf_cthelper_msg_types.in
new file mode 100644
index 0000000..bbee697
--- /dev/null
+++ b/xlat/nf_cthelper_msg_types.in
@@ -0,0 +1,3 @@
+NFNL_MSG_CTHELPER_NEW 0
+NFNL_MSG_CTHELPER_GET 1
+NFNL_MSG_CTHELPER_DEL 2
diff --git a/xlat/nf_ctnetlink_exp_msg_types.in b/xlat/nf_ctnetlink_exp_msg_types.in
new file mode 100644
index 0000000..8236e06
--- /dev/null
+++ b/xlat/nf_ctnetlink_exp_msg_types.in
@@ -0,0 +1,4 @@
+IPCTNL_MSG_EXP_NEW 0
+IPCTNL_MSG_EXP_GET 1
+IPCTNL_MSG_EXP_DELETE 2
+IPCTNL_MSG_EXP_GET_STATS_CPU 3
diff --git a/xlat/nf_ctnetlink_msg_types.in b/xlat/nf_ctnetlink_msg_types.in
new file mode 100644
index 0000000..2dab169
--- /dev/null
+++ b/xlat/nf_ctnetlink_msg_types.in
@@ -0,0 +1,8 @@
+IPCTNL_MSG_CT_NEW 0
+IPCTNL_MSG_CT_GET 1
+IPCTNL_MSG_CT_DELETE 2
+IPCTNL_MSG_CT_GET_CTRZERO 3
+IPCTNL_MSG_CT_GET_STATS_CPU 4
+IPCTNL_MSG_CT_GET_STATS 5
+IPCTNL_MSG_CT_GET_DYING 6
+IPCTNL_MSG_CT_GET_UNCONFIRMED 7
diff --git a/xlat/nf_cttimeout_msg_types.in b/xlat/nf_cttimeout_msg_types.in
new file mode 100644
index 0000000..bf6c529
--- /dev/null
+++ b/xlat/nf_cttimeout_msg_types.in
@@ -0,0 +1,5 @@
+IPCTNL_MSG_TIMEOUT_NEW 0
+IPCTNL_MSG_TIMEOUT_GET 1
+IPCTNL_MSG_TIMEOUT_DELETE 2
+IPCTNL_MSG_TIMEOUT_DEFAULT_SET 3
+IPCTNL_MSG_TIMEOUT_DEFAULT_GET 4
diff --git a/xlat/nf_ipset_msg_types.in b/xlat/nf_ipset_msg_types.in
new file mode 100644
index 0000000..a61d906
--- /dev/null
+++ b/xlat/nf_ipset_msg_types.in
@@ -0,0 +1,21 @@
+IPSET_CMD_NONE 0
+IPSET_CMD_PROTOCOL 1
+IPSET_CMD_CREATE 2
+IPSET_CMD_DESTROY 3
+IPSET_CMD_FLUSH 4
+IPSET_CMD_RENAME 5
+IPSET_CMD_SWAP 6
+IPSET_CMD_LIST 7
+IPSET_CMD_SAVE 8
+IPSET_CMD_ADD 9
+IPSET_CMD_DEL 10
+IPSET_CMD_TEST 11
+IPSET_CMD_HEADER 12
+IPSET_CMD_TYPE 13
+
+IPSET_CMD_RESTORE 14
+IPSET_CMD_HELP 15
+IPSET_CMD_VERSION 16
+IPSET_CMD_QUIT 17
+
+IPSET_CMD_COMMIT 18
diff --git a/xlat/nf_nft_compat_msg_types.in b/xlat/nf_nft_compat_msg_types.in
new file mode 100644
index 0000000..e2f7da1
--- /dev/null
+++ b/xlat/nf_nft_compat_msg_types.in
@@ -0,0 +1 @@
+NFNL_MSG_COMPAT_GET 0
diff --git a/xlat/nf_nftables_msg_types.in b/xlat/nf_nftables_msg_types.in
new file mode 100644
index 0000000..eb1e773
--- /dev/null
+++ b/xlat/nf_nftables_msg_types.in
@@ -0,0 +1,22 @@
+NFT_MSG_NEWTABLE 0
+NFT_MSG_GETTABLE 1
+NFT_MSG_DELTABLE 2
+NFT_MSG_NEWCHAIN 3
+NFT_MSG_GETCHAIN 4
+NFT_MSG_DELCHAIN 5
+NFT_MSG_NEWRULE 6
+NFT_MSG_GETRULE 7
+NFT_MSG_DELRULE 8
+NFT_MSG_NEWSET 9
+NFT_MSG_GETSET 10
+NFT_MSG_DELSET 11
+NFT_MSG_NEWSETELEM 12
+NFT_MSG_GETSETELEM 13
+NFT_MSG_DELSETELEM 14
+NFT_MSG_NEWGEN 15
+NFT_MSG_GETGEN 16
+NFT_MSG_TRACE 17
+NFT_MSG_NEWOBJ 18
+NFT_MSG_GETOBJ 19
+NFT_MSG_DELOBJ 20
+NFT_MSG_GETOBJ_RESET 21
diff --git a/xlat/nf_osf_msg_types.in b/xlat/nf_osf_msg_types.in
new file mode 100644
index 0000000..636c932
--- /dev/null
+++ b/xlat/nf_osf_msg_types.in
@@ -0,0 +1,2 @@
+OSF_MSG_ADD 0
+OSF_MSG_REMOVE 1
diff --git a/xlat/nf_queue_msg_types.in b/xlat/nf_queue_msg_types.in
new file mode 100644
index 0000000..65c7bdd
--- /dev/null
+++ b/xlat/nf_queue_msg_types.in
@@ -0,0 +1,4 @@
+NFQNL_MSG_PACKET 0
+NFQNL_MSG_VERDICT 1
+NFQNL_MSG_CONFIG 2
+NFQNL_MSG_VERDICT_BATCH 3
diff --git a/xlat/nf_ulog_msg_types.in b/xlat/nf_ulog_msg_types.in
new file mode 100644
index 0000000..13ff42f
--- /dev/null
+++ b/xlat/nf_ulog_msg_types.in
@@ -0,0 +1,2 @@
+NFULNL_MSG_PACKET 0
+NFULNL_MSG_CONFIG 1
--
2.7.4
More information about the Strace-devel
mailing list