[PATCH v4 4/4] tests: add check for decoding of netfilter subsystem
Dmitry V. Levin
ldv at altlinux.org
Sun Mar 11 00:48:03 UTC 2018
On Sun, Mar 11, 2018 at 03:06:23AM +0300, Dmitry V. Levin wrote:
> On Thu, Mar 08, 2018 at 10:53:47PM +0800, Chen Jingpiao wrote:
> > * tests/netlink_netfilter.c(test_nfgenmsg): Add check for decoding
> > of netfilter subsystem.
> > ---
> > tests/netlink_netfilter.c | 34 ++++++++++++++++++++++++++++++++++
> > 1 file changed, 34 insertions(+)
> >
> > diff --git a/tests/netlink_netfilter.c b/tests/netlink_netfilter.c
> > index 2826017d1..149da5ac1 100644
> > --- a/tests/netlink_netfilter.c
> > +++ b/tests/netlink_netfilter.c
> > @@ -149,9 +149,22 @@ test_nfgenmsg(const int fd)
> > printf("{nfgen_family=AF_UNIX");
> > printf(", version=NFNETLINK_V0");
> > printf(", res_id=htons(%d)", NFNL_SUBSYS_NFTABLES));
> > +# endif /* NFNL_MSG_BATCH_BEGIN */
> >
> > char str_buf[NLMSG_ALIGN(sizeof(msg)) + 4];
> > + msg.res_id = htons(0xefab);
> > + memcpy(str_buf, &msg, sizeof(msg));
> > + memcpy(str_buf + NLMSG_ALIGN(sizeof(msg)), "1234", 4);
> > + TEST_NETLINK_(fd, nlh0,
> > + 0xffff, "0xff /* NFNL_SUBSYS_??? */<<8|0xff",
> > + NLM_F_REQUEST, "NLM_F_REQUEST",
> > + sizeof(str_buf), str_buf, sizeof(str_buf),
> > + printf("{nfgen_family=AF_UNIX");
> > + printf(", version=NFNETLINK_V0");
> > + printf(", res_id=htons(%d)"
> > + ", \"\\x31\\x32\\x33\\x34\"", 0xefab));
> >
> > +# ifdef NFNL_MSG_BATCH_BEGIN
> > msg.res_id = htons(0xabcd);
> > memcpy(str_buf, &msg, sizeof(msg));
> > memcpy(str_buf + NLMSG_ALIGN(sizeof(msg)), "1234", 4);
> > @@ -164,6 +177,27 @@ test_nfgenmsg(const int fd)
> > printf(", res_id=htons(%d)"
> > ", \"\\x31\\x32\\x33\\x34\"", 0xabcd));
> > # endif /* NFNL_MSG_BATCH_BEGIN */
> > +
> > + static const struct nlattr nla = {
> > + .nla_len = sizeof(nla),
> > + .nla_type = 0x0bcd
> > + };
> > + char nla_buf[NLMSG_ALIGN(sizeof(msg)) + sizeof(nla)];
> > +
> > + msg.res_id = htons(NFNL_SUBSYS_NFTABLES);
> > + memcpy(nla_buf, &msg, sizeof(msg));
> > + memcpy(nla_buf + NLMSG_ALIGN(sizeof(msg)), &nla, sizeof(nla));
> > +
> > + TEST_NETLINK_(fd, nlh0,
> > + NFNL_SUBSYS_NFTABLES << 8 | 0xff,
> > + "NFNL_SUBSYS_NFTABLES<<8|0xff /* NFT_MSG_??? */",
> > + NLM_F_REQUEST, "NLM_F_REQUEST",
> > + sizeof(nla_buf), nla_buf, sizeof(nla_buf),
> > + printf("{nfgen_family=AF_UNIX");
> > + printf(", version=NFNETLINK_V0");
> > + printf(", res_id=htons(NFNL_SUBSYS_NFTABLES)"
> > + ", {nla_len=%d, nla_type=%#x}",
> > + nla.nla_len, nla.nla_type));
>
> The last part of this test fails on one of systems where
> I test changes before merging them into master:
>
> -sendto(3, {{len=24, type=NFNL_SUBSYS_NFTABLES<<8|0xff /* NFT_MSG_??? */, flags=NLM_F_REQUEST, seq=0, pid=0}, {nfgen_family=AF_UNIX, version=NFNETLINK_V0, res_id=htons(NFNL_SUBSYS_NFTABLES), {nla_len=4, nla_type=0xbcd}}, 24, MSG_DONTWAIT, NULL, 0) = 24
> +sendto(3, {{len=24, type=NFNL_SUBSYS_NFTABLES<<8|0xff /* NFT_MSG_??? */, flags=NLM_F_REQUEST, seq=0, pid=0}, {nfgen_family=AF_UNIX, version=NFNETLINK_V0, res_id=htons(NFNL_SUBSYS_NFTABLES), "\x04\x00\xcd\x0b"}, 24, MSG_DONTWAIT, NULL, 0) = 24
>
> Looks like an alignment issue, but I haven't had a chance to look into this yet.
No, the reason is completely different: the kernel headers installed on
that system are old enough to have NFNL_SUBSYS_COUNT defined to older
value than our fallback definition of NFNL_SUBSYS_NFTABLES provided by
xlat/nl_netfilter_subsys_ids.in file.
In other words, NFNL_SUBSYS_COUNT provided by kernel headers is unreliable
and shouldn't be used, I think it has to be removed from
xlat/nl_netfilter_subsys_ids.in as well.
For netlink_netfilter.c purposes I'd recommend to use something like
(subsys_id > nl_netfilter_subsys_ids[ARRAY_SIZE(nl_netfilter_subsys_ids) - 1].val)
instead of subsys_id >= NFNL_SUBSYS_COUNT).
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20180311/c31da8ef/attachment.bin>
More information about the Strace-devel
mailing list