[PATCH v4 4/4] tests: add check for decoding of netfilter subsystem

Sun Mar 11 01:43:53 UTC 2018

On 03/11 03:48, Dmitry V. Levin wrote:
> On Sun, Mar 11, 2018 at 03:06:23AM +0300, Dmitry V. Levin wrote:
> > On Thu, Mar 08, 2018 at 10:53:47PM +0800, Chen Jingpiao wrote:
> > > * tests/netlink_netfilter.c(test_nfgenmsg): Add check for decoding
> > > of netfilter subsystem.
> > > ---
> > >  tests/netlink_netfilter.c | 34 ++++++++++++++++++++++++++++++++++
> > >  1 file changed, 34 insertions(+)
> > >
> > > diff --git a/tests/netlink_netfilter.c b/tests/netlink_netfilter.c
> > > index 2826017d1..149da5ac1 100644
> > > --- a/tests/netlink_netfilter.c
> > > +++ b/tests/netlink_netfilter.c
> > > @@ -149,9 +149,22 @@ test_nfgenmsg(const int fd)
> > >       printf("{nfgen_family=AF_UNIX");
> > >       printf(", version=NFNETLINK_V0");
> > >       printf(", res_id=htons(%d)", NFNL_SUBSYS_NFTABLES));
> > > +# endif /* NFNL_MSG_BATCH_BEGIN */
> > >
> > >  char str_buf[NLMSG_ALIGN(sizeof(msg)) + 4];
> > > + msg.res_id = htons(0xefab);
> > > + memcpy(str_buf, &msg, sizeof(msg));
> > > + memcpy(str_buf + NLMSG_ALIGN(sizeof(msg)), "1234", 4);
> > > + TEST_NETLINK_(fd, nlh0,
> > > +       0xffff, "0xff /* NFNL_SUBSYS_??? */<<8|0xff",
> > > +       NLM_F_REQUEST, "NLM_F_REQUEST",
> > > +       sizeof(str_buf), str_buf, sizeof(str_buf),
> > > +       printf("{nfgen_family=AF_UNIX");
> > > +       printf(", version=NFNETLINK_V0");
> > > +       printf(", res_id=htons(%d)"
> > > +      ", \"\\x31\\x32\\x33\\x34\"", 0xefab));
> > >
> > > +# ifdef NFNL_MSG_BATCH_BEGIN
> > >  msg.res_id = htons(0xabcd);
> > >  memcpy(str_buf, &msg, sizeof(msg));
> > >  memcpy(str_buf + NLMSG_ALIGN(sizeof(msg)), "1234", 4);
> > > @@ -164,6 +177,27 @@ test_nfgenmsg(const int fd)
> > >       printf(", res_id=htons(%d)"
> > >      ", \"\\x31\\x32\\x33\\x34\"", 0xabcd));
> > >  # endif /* NFNL_MSG_BATCH_BEGIN */
> > > +
> > > + static const struct nlattr nla = {
> > > + .nla_len = sizeof(nla),
> > > + .nla_type = 0x0bcd
> > > + };
> > > + char nla_buf[NLMSG_ALIGN(sizeof(msg)) + sizeof(nla)];
> > > +
> > > + msg.res_id = htons(NFNL_SUBSYS_NFTABLES);
> > > + memcpy(nla_buf, &msg, sizeof(msg));
> > > + memcpy(nla_buf + NLMSG_ALIGN(sizeof(msg)), &nla, sizeof(nla));
> > > +
> > > + TEST_NETLINK_(fd, nlh0,
> > > +       NFNL_SUBSYS_NFTABLES << 8 | 0xff,
> > > +       "NFNL_SUBSYS_NFTABLES<<8|0xff /* NFT_MSG_??? */",
> > > +       NLM_F_REQUEST, "NLM_F_REQUEST",
> > > +       sizeof(nla_buf), nla_buf, sizeof(nla_buf),
> > > +       printf("{nfgen_family=AF_UNIX");
> > > +       printf(", version=NFNETLINK_V0");
> > > +       printf(", res_id=htons(NFNL_SUBSYS_NFTABLES)"
> > > +      ", {nla_len=%d, nla_type=%#x}",
> > > +      nla.nla_len, nla.nla_type));
> >
> > The last part of this test fails on one of systems where
> > I test changes before merging them into master:
> >
> > -sendto(3, {{len=24, type=NFNL_SUBSYS_NFTABLES<<8|0xff /* NFT_MSG_???
*/, flags=NLM_F_REQUEST, seq=0, pid=0}, {nfgen_family=AF_UNIX,
version=NFNETLINK_V0, res_id=htons(NFNL_SUBSYS_NFTABLES), {nla_len=4,
nla_type=0xbcd}}, 24, MSG_DONTWAIT, NULL, 0) = 24
> > +sendto(3, {{len=24, type=NFNL_SUBSYS_NFTABLES<<8|0xff /* NFT_MSG_???
*/, flags=NLM_F_REQUEST, seq=0, pid=0}, {nfgen_family=AF_UNIX,
version=NFNETLINK_V0, res_id=htons(NFNL_SUBSYS_NFTABLES),
"\x04\x00\xcd\x0b"}, 24, MSG_DONTWAIT, NULL, 0) = 24
> >
> > Looks like an alignment issue, but I haven't had a chance to look into
this yet.
>
> No, the reason is completely different: the kernel headers installed on
> that system are old enough to have NFNL_SUBSYS_COUNT defined to older
> value than our fallback definition of NFNL_SUBSYS_NFTABLES provided by
> xlat/nl_netfilter_subsys_ids.in file.

Yes.

>
> In other words, NFNL_SUBSYS_COUNT provided by kernel headers is unreliable
> and shouldn't be used, I think it has to be removed from
> xlat/nl_netfilter_subsys_ids.in as well.

I can not find an existing way to remove the condition from xlat/*.h.
xlat/gen.sh only have print_xlat and cond_xlat to generate xlat array.
Should I add a directive?

ps:
Is the same problem exist in other counter symbols in xlat/*.in?
(I do the research, not found.)

>
> For netlink_netfilter.c purposes I'd recommend to use something like
> (subsys_id > nl_netfilter_subsys_ids[ARRAY_SIZE(nl_netfilter_subsys_ids)
- 1].val)
> instead of subsys_id >= NFNL_SUBSYS_COUNT).

If I have removed kernel header's NFNL_SUBSYS_COUNT value from
xlat/nl_netfilter_subsys_ids.in.
Why can't we use subsys_id >= NFNL_SUBSYS_COUNT?

--
Chen Jingpiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20180311/28bf58c2/attachment.html>