[PATCH 3/4] nfnetlink: introduce generic netfilter subsystem decoder

Chen Jingpiao chenjingpiao at gmail.com
Sun Mar 4 12:17:20 UTC 2018 

On 02/26 07:21, Dmitry V. Levin wrote:
> On Thu, Jan 18, 2018 at 10:02:34PM +0800, Chen Jingpiao wrote:
> > * defs.h (nl_netfilter_msg_types): New xlat prototype.
> > * netlink_netfilter.c: Include "nlattr.h".
> > (decode_netlink_netfilter): Call decode_nlattr.
> > ---
> >  defs.h              |  1 +
> >  netlink_netfilter.c | 11 +++++++++--
> >  2 files changed, 10 insertions(+), 2 deletions(-)
> > 
> > diff --git a/defs.h b/defs.h
> > index 6b51626..cf75802 100644
> > --- a/defs.h
> > +++ b/defs.h
> > @@ -287,6 +287,7 @@ extern const struct xlat inet_protocols[];
> >  extern const struct xlat ip_type_of_services[];
> >  extern const struct xlat msg_flags[];
> >  extern const struct xlat netlink_protocols[];
> > +extern const struct xlat nl_netfilter_msg_types[];
> >  extern const struct xlat nl_route_types[];
> >  extern const struct xlat open_access_modes[];
> >  extern const struct xlat open_mode_flags[];
> > diff --git a/netlink_netfilter.c b/netlink_netfilter.c
> > index a5efeb6..2840301 100644
> > --- a/netlink_netfilter.c
> > +++ b/netlink_netfilter.c
> > @@ -31,6 +31,7 @@
> >  #ifdef HAVE_LINUX_NETFILTER_NFNETLINK_H
> >  
> >  # include "print_fields.h"
> > +# include "nlattr.h"
> >  
> >  # include <netinet/in.h>
> >  # include <arpa/inet.h>
> > @@ -77,8 +78,14 @@ decode_netlink_netfilter(struct tcb *const tcp,
> >  		const size_t offset = NLMSG_ALIGN(sizeof(nfmsg));
> >  		if (len > offset) {
> >  			tprints(", ");
> > -			printstr_ex(tcp, addr + offset,
> > -				    len - offset, QUOTE_FORCE_HEX);
> > +			if (subsys_id >= NFNL_SUBSYS_COUNT
> > +			    || xlookup(nl_netfilter_msg_types,
> > +				       nlmsghdr->nlmsg_type))
> > +				printstr_ex(tcp, addr + offset,
> > +					    len - offset, QUOTE_FORCE_HEX);
> > +			else
> > +				decode_nlattr(tcp, addr + offset, len - offset,
> > +					      NULL, NULL, NULL, 0, NULL);
> >  		}
> >  	}
> >  
> 
> Is this xlookup better than an explicit check for
> (nlmsghdr->nlmsg_type >= NFNL_MSG_BATCH_BEGIN &&
>  nlmsghdr->nlmsg_type <= NFNL_MSG_BATCH_END)
> 
> ?

I do not understand why use

	(nlmsghdr->nlmsg_type >= NFNL_MSG_BATCH_BEGIN &&
	nlmsghdr->nlmsg_type <= NFNL_MSG_BATCH_END)                             
                                                                                 
instead of

	nlmsghdr->nlmsg_type != NFNL_MSG_BATCH_BEGIN ||
	nlmsghdr->nlmsg_type != NFNL_MSG_BATCH_END

--
Chen Jingpiao

More information about the Strace-devel mailing list