From c5d6bccdb02cea5c2fe4cf405749561cba0bb7e7 Mon Sep 17 00:00:00 2001 From: JingPiao Chen Date: Sat, 9 Sep 2017 17:42:41 +0800 Subject: [PATCH] netlink: decode NETLINK_NETFILTER netlink message types * netlink.c: Include "xlat/nf_acct_msg_types.h", "xlat/nf_cthelper_msg_types.h", "xlat/nf_ctnetlink_exp_msg_types.h", "xlat/nf_ctnetlink_msg_types.h", "xlat/nf_cttimeout_msg_types.h", "xlat/nf_ipset_msg_types.h", "xlat/nf_nft_compat_msg_types.h", "xlat/nf_nftables_msg_types.h", "xlat/nf_osf_msg_types.h", "xlat/nf_queue_msg_types.h", and "xlat/nf_ulog_msg_types.h". (nf_nlmsg_types): New array. (decode_nlmsg_type_netfilter): Use it. * NEWS: Mention this. * xlat/nf_acct_msg_types.in: New file. * xlat/nf_cthelper_msg_types.in: Likewise. * xlat/nf_ctnetlink_exp_msg_types.in: Likewise. * xlat/nf_ctnetlink_msg_types.in: Likewise. * xlat/nf_cttimeout_msg_types.in: Likewise. * xlat/nf_ipset_msg_types.in: Likewise. * xlat/nf_nft_compat_msg_types.in: Likewise. * xlat/nf_nftables_msg_types.in: Likewise. * xlat/nf_osf_msg_types.in: Likewise. * xlat/nf_queue_msg_types.in: Likewise. * xlat/nf_ulog_msg_types.in: Likewise. * tests/netlink_netfilter.c (test_nlmsg_type): Update expected output. --- NEWS | 1 + netlink.c | 54 +++++++++++++++++++++++++++--- tests/netlink_netfilter.c | 14 ++++---- xlat/nf_acct_msg_types.in | 5 +++ xlat/nf_cthelper_msg_types.in | 3 ++ xlat/nf_ctnetlink_exp_msg_types.in | 4 +++ xlat/nf_ctnetlink_msg_types.in | 8 +++++ xlat/nf_cttimeout_msg_types.in | 5 +++ xlat/nf_ipset_msg_types.in | 21 ++++++++++++ xlat/nf_nft_compat_msg_types.in | 1 + xlat/nf_nftables_msg_types.in | 22 ++++++++++++ xlat/nf_osf_msg_types.in | 2 ++ xlat/nf_queue_msg_types.in | 4 +++ xlat/nf_ulog_msg_types.in | 2 ++ 14 files changed, 134 insertions(+), 12 deletions(-) create mode 100644 xlat/nf_acct_msg_types.in create mode 100644 xlat/nf_cthelper_msg_types.in create mode 100644 xlat/nf_ctnetlink_exp_msg_types.in create mode 100644 xlat/nf_ctnetlink_msg_types.in create mode 100644 xlat/nf_cttimeout_msg_types.in create mode 100644 xlat/nf_ipset_msg_types.in create mode 100644 xlat/nf_nft_compat_msg_types.in create mode 100644 xlat/nf_nftables_msg_types.in create mode 100644 xlat/nf_osf_msg_types.in create mode 100644 xlat/nf_queue_msg_types.in create mode 100644 xlat/nf_ulog_msg_types.in diff --git a/NEWS b/NEWS index 6c7f1876..36b26a73 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,7 @@ Noteworthy changes in release ?.?? (????-??-??) =============================================== * Improvements + * Implemented decoding of NETLINK_NETFILTER netlink message types. * Updated lists of ARPHRD_*, BPF_*, ETH_P_*, LOOP_*, MADV_*, MEMBARRIER_CMD_*, MFD_*, SO_*, SOL_*, TCP_*, and UFFD_FEATURE_* constants. * Updated lists of ioctl commands from Linux 4.14. diff --git a/netlink.c b/netlink.c index ab40b142..cdfe4ee8 100644 --- a/netlink.c +++ b/netlink.c @@ -39,6 +39,17 @@ #include "xlat/netlink_new_flags.h" #include "xlat/netlink_protocols.h" #include "xlat/netlink_types.h" +#include "xlat/nf_acct_msg_types.h" +#include "xlat/nf_cthelper_msg_types.h" +#include "xlat/nf_ctnetlink_exp_msg_types.h" +#include "xlat/nf_ctnetlink_msg_types.h" +#include "xlat/nf_cttimeout_msg_types.h" +#include "xlat/nf_ipset_msg_types.h" +#include "xlat/nf_nft_compat_msg_types.h" +#include "xlat/nf_nftables_msg_types.h" +#include "xlat/nf_osf_msg_types.h" +#include "xlat/nf_queue_msg_types.h" +#include "xlat/nf_ulog_msg_types.h" #include "xlat/nl_audit_types.h" #include "xlat/nl_crypto_types.h" #include "xlat/nl_netfilter_msg_types.h" @@ -110,6 +121,38 @@ decode_nlmsg_type_generic(const struct xlat *const xlat, printxval(genl_families_xlat(), type, dflt); } +static const struct { + const struct xlat *const xlat; + const char *const dflt; +} nf_nlmsg_types[] = { + [NFNL_SUBSYS_CTNETLINK] = { + nf_ctnetlink_msg_types, + "IPCTNL_MSG_CT_???" + }, + [NFNL_SUBSYS_CTNETLINK_EXP] = { + nf_ctnetlink_exp_msg_types, + "IPCTNL_MSG_EXP_???" + }, + [NFNL_SUBSYS_QUEUE] = { nf_queue_msg_types, "NFQNL_MSG_???" }, + [NFNL_SUBSYS_ULOG] = { nf_ulog_msg_types, "NFULNL_MSG_???" }, + [NFNL_SUBSYS_OSF] = { nf_osf_msg_types, "OSF_MSG_???" }, + [NFNL_SUBSYS_IPSET] = { nf_ipset_msg_types, "IPSET_CMD_???" }, + [NFNL_SUBSYS_ACCT] = { nf_acct_msg_types, "NFNL_MSG_ACCT_???" }, + [NFNL_SUBSYS_CTNETLINK_TIMEOUT] = { + nf_cttimeout_msg_types, + "IPCTNL_MSG_TIMEOUT_???" + }, + [NFNL_SUBSYS_CTHELPER] = { + nf_cthelper_msg_types, + "NFNL_MSG_CTHELPER_???" + }, + [NFNL_SUBSYS_NFTABLES] = { nf_nftables_msg_types, "NFT_MSG_???" }, + [NFNL_SUBSYS_NFT_COMPAT] = { + nf_nft_compat_msg_types, + "NFNL_MSG_COMPAT_???" + } +}; + static void decode_nlmsg_type_netfilter(const struct xlat *const xlat, const uint16_t type, @@ -131,11 +174,12 @@ decode_nlmsg_type_netfilter(const struct xlat *const xlat, printxval(xlat, subsys_id, dflt); - /* - * The type is subsystem specific, - * print it in numeric format for now. - */ - tprintf("<<8|%#x", msg_type); + tprints("<<8|"); + if (subsys_id < ARRAY_SIZE(nf_nlmsg_types)) + printxval(nf_nlmsg_types[subsys_id].xlat, + msg_type, nf_nlmsg_types[subsys_id].dflt); + else + tprintf("%#x", msg_type); } typedef void (*nlmsg_types_decoder_t)(const struct xlat *, diff --git a/tests/netlink_netfilter.c b/tests/netlink_netfilter.c index 2907c261..db2622eb 100644 --- a/tests/netlink_netfilter.c +++ b/tests/netlink_netfilter.c @@ -52,19 +52,19 @@ test_nlmsg_type(const int fd) ", flags=NLM_F_REQUEST, seq=0, pid=0}" ", %u, MSG_DONTWAIT, NULL, 0) = %s\n", fd, nlh.nlmsg_len, (unsigned) sizeof(nlh), sprintrc(rc)); +# endif - nlh.nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | NFNL_MSG_BATCH_BEGIN; + nlh.nlmsg_type = NFNL_SUBSYS_CTNETLINK << 8 | 0xff; rc = sendto(fd, &nlh, sizeof(nlh), MSG_DONTWAIT, NULL, 0); - printf("sendto(%d, {len=%u, type=NFNL_SUBSYS_CTNETLINK<<8|%#x" + printf("sendto(%d, {len=%u" + ", type=NFNL_SUBSYS_CTNETLINK<<8|0xff /* IPCTNL_MSG_CT_??? */" ", flags=NLM_F_REQUEST, seq=0, pid=0}" ", %u, MSG_DONTWAIT, NULL, 0) = %s\n", - fd, nlh.nlmsg_len, NFNL_MSG_BATCH_BEGIN, - (unsigned) sizeof(nlh), sprintrc(rc)); -# endif + fd, nlh.nlmsg_len, (unsigned) sizeof(nlh), sprintrc(rc)); - nlh.nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8); + nlh.nlmsg_type = 0xffff; rc = sendto(fd, &nlh, sizeof(nlh), MSG_DONTWAIT, NULL, 0); - printf("sendto(%d, {len=%u, type=NFNL_SUBSYS_CTNETLINK<<8|0" + printf("sendto(%d, {len=%u, type=0xff /* NFNL_SUBSYS_??? */<<8|0xff" ", flags=NLM_F_REQUEST, seq=0, pid=0}" ", %u, MSG_DONTWAIT, NULL, 0) = %s\n", fd, nlh.nlmsg_len, (unsigned) sizeof(nlh), sprintrc(rc)); diff --git a/xlat/nf_acct_msg_types.in b/xlat/nf_acct_msg_types.in new file mode 100644 index 00000000..3384ee0d --- /dev/null +++ b/xlat/nf_acct_msg_types.in @@ -0,0 +1,5 @@ +NFNL_MSG_ACCT_NEW 0 +NFNL_MSG_ACCT_GET 1 +NFNL_MSG_ACCT_GET_CTRZERO 2 +NFNL_MSG_ACCT_DEL 3 +NFNL_MSG_ACCT_OVERQUOTA 4 diff --git a/xlat/nf_cthelper_msg_types.in b/xlat/nf_cthelper_msg_types.in new file mode 100644 index 00000000..bbee697a --- /dev/null +++ b/xlat/nf_cthelper_msg_types.in @@ -0,0 +1,3 @@ +NFNL_MSG_CTHELPER_NEW 0 +NFNL_MSG_CTHELPER_GET 1 +NFNL_MSG_CTHELPER_DEL 2 diff --git a/xlat/nf_ctnetlink_exp_msg_types.in b/xlat/nf_ctnetlink_exp_msg_types.in new file mode 100644 index 00000000..8236e066 --- /dev/null +++ b/xlat/nf_ctnetlink_exp_msg_types.in @@ -0,0 +1,4 @@ +IPCTNL_MSG_EXP_NEW 0 +IPCTNL_MSG_EXP_GET 1 +IPCTNL_MSG_EXP_DELETE 2 +IPCTNL_MSG_EXP_GET_STATS_CPU 3 diff --git a/xlat/nf_ctnetlink_msg_types.in b/xlat/nf_ctnetlink_msg_types.in new file mode 100644 index 00000000..2dab1690 --- /dev/null +++ b/xlat/nf_ctnetlink_msg_types.in @@ -0,0 +1,8 @@ +IPCTNL_MSG_CT_NEW 0 +IPCTNL_MSG_CT_GET 1 +IPCTNL_MSG_CT_DELETE 2 +IPCTNL_MSG_CT_GET_CTRZERO 3 +IPCTNL_MSG_CT_GET_STATS_CPU 4 +IPCTNL_MSG_CT_GET_STATS 5 +IPCTNL_MSG_CT_GET_DYING 6 +IPCTNL_MSG_CT_GET_UNCONFIRMED 7 diff --git a/xlat/nf_cttimeout_msg_types.in b/xlat/nf_cttimeout_msg_types.in new file mode 100644 index 00000000..bf6c5293 --- /dev/null +++ b/xlat/nf_cttimeout_msg_types.in @@ -0,0 +1,5 @@ +IPCTNL_MSG_TIMEOUT_NEW 0 +IPCTNL_MSG_TIMEOUT_GET 1 +IPCTNL_MSG_TIMEOUT_DELETE 2 +IPCTNL_MSG_TIMEOUT_DEFAULT_SET 3 +IPCTNL_MSG_TIMEOUT_DEFAULT_GET 4 diff --git a/xlat/nf_ipset_msg_types.in b/xlat/nf_ipset_msg_types.in new file mode 100644 index 00000000..a61d9064 --- /dev/null +++ b/xlat/nf_ipset_msg_types.in @@ -0,0 +1,21 @@ +IPSET_CMD_NONE 0 +IPSET_CMD_PROTOCOL 1 +IPSET_CMD_CREATE 2 +IPSET_CMD_DESTROY 3 +IPSET_CMD_FLUSH 4 +IPSET_CMD_RENAME 5 +IPSET_CMD_SWAP 6 +IPSET_CMD_LIST 7 +IPSET_CMD_SAVE 8 +IPSET_CMD_ADD 9 +IPSET_CMD_DEL 10 +IPSET_CMD_TEST 11 +IPSET_CMD_HEADER 12 +IPSET_CMD_TYPE 13 + +IPSET_CMD_RESTORE 14 +IPSET_CMD_HELP 15 +IPSET_CMD_VERSION 16 +IPSET_CMD_QUIT 17 + +IPSET_CMD_COMMIT 18 diff --git a/xlat/nf_nft_compat_msg_types.in b/xlat/nf_nft_compat_msg_types.in new file mode 100644 index 00000000..e2f7da1c --- /dev/null +++ b/xlat/nf_nft_compat_msg_types.in @@ -0,0 +1 @@ +NFNL_MSG_COMPAT_GET 0 diff --git a/xlat/nf_nftables_msg_types.in b/xlat/nf_nftables_msg_types.in new file mode 100644 index 00000000..eb1e773d --- /dev/null +++ b/xlat/nf_nftables_msg_types.in @@ -0,0 +1,22 @@ +NFT_MSG_NEWTABLE 0 +NFT_MSG_GETTABLE 1 +NFT_MSG_DELTABLE 2 +NFT_MSG_NEWCHAIN 3 +NFT_MSG_GETCHAIN 4 +NFT_MSG_DELCHAIN 5 +NFT_MSG_NEWRULE 6 +NFT_MSG_GETRULE 7 +NFT_MSG_DELRULE 8 +NFT_MSG_NEWSET 9 +NFT_MSG_GETSET 10 +NFT_MSG_DELSET 11 +NFT_MSG_NEWSETELEM 12 +NFT_MSG_GETSETELEM 13 +NFT_MSG_DELSETELEM 14 +NFT_MSG_NEWGEN 15 +NFT_MSG_GETGEN 16 +NFT_MSG_TRACE 17 +NFT_MSG_NEWOBJ 18 +NFT_MSG_GETOBJ 19 +NFT_MSG_DELOBJ 20 +NFT_MSG_GETOBJ_RESET 21 diff --git a/xlat/nf_osf_msg_types.in b/xlat/nf_osf_msg_types.in new file mode 100644 index 00000000..636c9323 --- /dev/null +++ b/xlat/nf_osf_msg_types.in @@ -0,0 +1,2 @@ +OSF_MSG_ADD 0 +OSF_MSG_REMOVE 1 diff --git a/xlat/nf_queue_msg_types.in b/xlat/nf_queue_msg_types.in new file mode 100644 index 00000000..65c7bdd9 --- /dev/null +++ b/xlat/nf_queue_msg_types.in @@ -0,0 +1,4 @@ +NFQNL_MSG_PACKET 0 +NFQNL_MSG_VERDICT 1 +NFQNL_MSG_CONFIG 2 +NFQNL_MSG_VERDICT_BATCH 3 diff --git a/xlat/nf_ulog_msg_types.in b/xlat/nf_ulog_msg_types.in new file mode 100644 index 00000000..13ff42f2 --- /dev/null +++ b/xlat/nf_ulog_msg_types.in @@ -0,0 +1,2 @@ +NFULNL_MSG_PACKET 0 +NFULNL_MSG_CONFIG 1 -- 2.40.0