[PATCH 3/4] nfnetlink: introduce generic netfilter subsystem decoder

Dmitry V. Levin ldv at altlinux.org
Sun Mar 4 12:48:56 UTC 2018 

On Sun, Mar 04, 2018 at 08:17:20PM +0800, Chen Jingpiao wrote:
> On 02/26 07:21, Dmitry V. Levin wrote:
> > On Thu, Jan 18, 2018 at 10:02:34PM +0800, Chen Jingpiao wrote:
> > > * defs.h (nl_netfilter_msg_types): New xlat prototype.
> > > * netlink_netfilter.c: Include "nlattr.h".
> > > (decode_netlink_netfilter): Call decode_nlattr.
> > > ---
> > >  defs.h              |  1 +
> > >  netlink_netfilter.c | 11 +++++++++--
> > >  2 files changed, 10 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/defs.h b/defs.h
> > > index 6b51626..cf75802 100644
> > > --- a/defs.h
> > > +++ b/defs.h
> > > @@ -287,6 +287,7 @@ extern const struct xlat inet_protocols[];
> > >  extern const struct xlat ip_type_of_services[];
> > >  extern const struct xlat msg_flags[];
> > >  extern const struct xlat netlink_protocols[];
> > > +extern const struct xlat nl_netfilter_msg_types[];
> > >  extern const struct xlat nl_route_types[];
> > >  extern const struct xlat open_access_modes[];
> > >  extern const struct xlat open_mode_flags[];
> > > diff --git a/netlink_netfilter.c b/netlink_netfilter.c
> > > index a5efeb6..2840301 100644
> > > --- a/netlink_netfilter.c
> > > +++ b/netlink_netfilter.c
> > > @@ -31,6 +31,7 @@
> > >  #ifdef HAVE_LINUX_NETFILTER_NFNETLINK_H
> > >  
> > >  # include "print_fields.h"
> > > +# include "nlattr.h"
> > >  
> > >  # include <netinet/in.h>
> > >  # include <arpa/inet.h>
> > > @@ -77,8 +78,14 @@ decode_netlink_netfilter(struct tcb *const tcp,
> > >  		const size_t offset = NLMSG_ALIGN(sizeof(nfmsg));
> > >  		if (len > offset) {
> > >  			tprints(", ");
> > > -			printstr_ex(tcp, addr + offset,
> > > -				    len - offset, QUOTE_FORCE_HEX);
> > > +			if (subsys_id >= NFNL_SUBSYS_COUNT
> > > +			    || xlookup(nl_netfilter_msg_types,
> > > +				       nlmsghdr->nlmsg_type))
> > > +				printstr_ex(tcp, addr + offset,
> > > +					    len - offset, QUOTE_FORCE_HEX);
> > > +			else
> > > +				decode_nlattr(tcp, addr + offset, len - offset,
> > > +					      NULL, NULL, NULL, 0, NULL);
> > >  		}
> > >  	}
> > >  
> > 
> > Is this xlookup better than an explicit check for
> > (nlmsghdr->nlmsg_type >= NFNL_MSG_BATCH_BEGIN &&
> >  nlmsghdr->nlmsg_type <= NFNL_MSG_BATCH_END)
> > 
> > ?
> 
> I do not understand why use
> 
> 	(nlmsghdr->nlmsg_type >= NFNL_MSG_BATCH_BEGIN &&
> 	nlmsghdr->nlmsg_type <= NFNL_MSG_BATCH_END)                             
>                                                                                  
> instead of
> 
> 	nlmsghdr->nlmsg_type != NFNL_MSG_BATCH_BEGIN ||
> 	nlmsghdr->nlmsg_type != NFNL_MSG_BATCH_END

Assuming that NFNL_MSG_BATCH_BEGIN and NFNL_MSG_BATCH_END describe
an interval,
	nlmsghdr->nlmsg_type >= NFNL_MSG_BATCH_BEGIN &&
	nlmsghdr->nlmsg_type <= NFNL_MSG_BATCH_END)
checks whether nlmsghdr->nlmsg_type belongs to the interval.


-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20180304/ea662ea2/attachment.bin>

More information about the Strace-devel mailing list