[PATCH 1/4] netlink: introduce NETLINK_NETFILTER parser

Dmitry V. Levin ldv at altlinux.org
Mon Feb 26 15:58:29 UTC 2018 

On Thu, Jan 18, 2018 at 09:58:42PM +0800, Chen Jingpiao wrote:
> * netlink_netfilter.c: New file.
> * Makefile.am (strace_SOURCES): Add it.
> * defs.h (decode_netlink_netfilter): New prototype.
> * netlink.c (netlink_decoders): Add NETLINK_NETFILTER.
> * xlat/netfilter_versions.in: New file.

Thanks.

> ---
>  Makefile.am                |  1 +
>  defs.h                     |  1 +
>  netlink.c                  |  3 ++
>  netlink_netfilter.c        | 88 ++++++++++++++++++++++++++++++++++++++++++++++
>  xlat/netfilter_versions.in |  2 ++
>  5 files changed, 95 insertions(+)
>  create mode 100644 netlink_netfilter.c
>  create mode 100644 xlat/netfilter_versions.in
> 
> diff --git a/Makefile.am b/Makefile.am
> index 2515876..358afc1 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -196,6 +196,7 @@ strace_SOURCES =	\
>  	netlink_crypto.c \
>  	netlink_sock_diag.h \
>  	netlink_inet_diag.c \
> +	netlink_netfilter.c \
>  	netlink_netlink_diag.c \
>  	netlink_packet_diag.c \
>  	netlink_route.c	\
> diff --git a/defs.h b/defs.h
> index 3e42908..6b51626 100644
> --- a/defs.h
> +++ b/defs.h
> @@ -699,6 +699,7 @@ decode_netlink_ ## name(struct tcb *, const struct nlmsghdr *,		\
>  /* End of DECL_NETLINK definition. */
>  
>  DECL_NETLINK(crypto);
> +DECL_NETLINK(netfilter);
>  DECL_NETLINK(route);
>  DECL_NETLINK(selinux);
>  DECL_NETLINK(sock_diag);
> diff --git a/netlink.c b/netlink.c
> index beb6ea4..f5fa1f1 100644
> --- a/netlink.c
> +++ b/netlink.c
> @@ -549,6 +549,9 @@ static const netlink_decoder_t netlink_decoders[] = {
>  #ifdef HAVE_LINUX_CRYPTOUSER_H
>  	[NETLINK_CRYPTO] = decode_netlink_crypto,
>  #endif
> +#ifdef HAVE_LINUX_NETFILTER_NFNETLINK_H
> +	[NETLINK_NETFILTER] = decode_netlink_netfilter,
> +#endif
>  	[NETLINK_ROUTE] = decode_netlink_route,
>  	[NETLINK_SELINUX] = decode_netlink_selinux,
>  	[NETLINK_SOCK_DIAG] = decode_netlink_sock_diag
> diff --git a/netlink_netfilter.c b/netlink_netfilter.c
> new file mode 100644
> index 0000000..a5efeb6
> --- /dev/null
> +++ b/netlink_netfilter.c
> @@ -0,0 +1,88 @@
> +/*
> + * Copyright (c) 2018 Chen Jingpiao <chenjingpiao at gmail.com>
> + * Copyright (c) 2018 The strace developers.
> + * All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + *    notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + *    notice, this list of conditions and the following disclaimer in the
> + *    documentation and/or other materials provided with the distribution.
> + * 3. The name of the author may not be used to endorse or promote products
> + *    derived from this software without specific prior written permission.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
> + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
> + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
> + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
> + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
> + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
> + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> + */
> +
> +#include "defs.h"
> +
> +#ifdef HAVE_LINUX_NETFILTER_NFNETLINK_H
> +
> +# include "print_fields.h"
> +
> +# include <netinet/in.h>
> +# include <arpa/inet.h>
> +# include "netlink.h"
> +# include <linux/netfilter/nfnetlink.h>
> +
> +# include "xlat/netfilter_versions.h"
> +# include "xlat/nl_netfilter_subsys_ids.h"
> +
> +bool
> +decode_netlink_netfilter(struct tcb *const tcp,
> +			 const struct nlmsghdr *const nlmsghdr,
> +			 const kernel_ulong_t addr,
> +			 const unsigned int len)
> +{
> +	if (nlmsghdr->nlmsg_type == NLMSG_DONE)
> +		return false;
> +
> +	struct nfgenmsg nfmsg;
> +
> +	if (len < sizeof(nfmsg))
> +		printstr_ex(tcp, addr, len, QUOTE_FORCE_HEX);
> +	else if (!umove_or_printaddr(tcp, addr, &nfmsg)) {
> +		const uint8_t subsys_id = (uint8_t) (nlmsghdr->nlmsg_type >> 8);
> +		uint16_t res_id = ntohs(nfmsg.res_id);
> +
> +		PRINT_FIELD_XVAL("{", nfmsg, nfgen_family, addrfams, "AF_???");
> +		PRINT_FIELD_XVAL(", ", nfmsg, version, netfilter_versions,
> +				 "NFNETLINK_???");
> +		tprints(", res_id=");
> +		if (subsys_id == NFNL_SUBSYS_NFTABLES
> +		    && nfmsg.res_id == NFNL_SUBSYS_NFTABLES)
> +			tprints("NFNL_SUBSYS_NFTABLES");
> +		else {
> +			tprints("htons(");
> +			if (subsys_id == NFNL_SUBSYS_NFTABLES
> +			    && res_id == NFNL_SUBSYS_NFTABLES)
> +				tprints("NFNL_SUBSYS_NFTABLES");
> +			else
> +				tprintf("%d", res_id);
> +			tprints(")");
> +		}

How would you like to print this on big-endian hosts (where ntohs returns
its argument unchanged)?  I think it would be better to present it as
htons(value) even if htons(value) == value, otherwise the strace output
would be unnecessarily different on big- and little-endian hosts,
and your test would have to handle these differences (it currently
doesn't, so it most likely fails on big-endian hosts).

I'd also add a comment right before the relevant piece of code, e.g.

		/*
		 * Work around wrong endianness in res_id field,
		 * see linux commit v4.3-rc1~28^2~47^2~1
		 */

> +
> +		const size_t offset = NLMSG_ALIGN(sizeof(nfmsg));
> +		if (len > offset) {
> +			tprints(", ");
> +			printstr_ex(tcp, addr + offset,
> +				    len - offset, QUOTE_FORCE_HEX);
> +		}
> +	}
> +
> +	return true;
> +}
> +
> +#endif /* HAVE_LINUX_NETFILTER_NFNETLINK_H */
> diff --git a/xlat/netfilter_versions.in b/xlat/netfilter_versions.in
> new file mode 100644
> index 0000000..da6cd05
> --- /dev/null
> +++ b/xlat/netfilter_versions.in
> @@ -0,0 +1,2 @@
> +NFNETLINK_V0
> +NFNETLINK_V1

-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20180226/215af329/attachment.bin>

More information about the Strace-devel mailing list