osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Netlink: Properly interpret and mask out attribute type 

The netlink attribute type is a 16 bit field, of which the two top most
bits are booleans. Interpret them as such.
The remaining 14 bits form the attribute type value. Due to the flexible
way the interpretation is setup, through the use of family specific code,
the header field for the attribute type value has to have a proper mask.
Otherwise the two top bits are taken (incorrectly) as part of the value.
Since this may not be obvious to the netlink family dissector creator
better enforce it by adding the masked value in the underlying netlink
dissector, using whatever header field is given for this.

Change-Id: I791f9b1de01505d4a4793abbcf62e596b864e2f0
Reviewed-on: https://code.wireshark.org/review/35725
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
Jaap Keuter 2020-01-09 22:31:02 +01:00 committed by Anders Broman
parent c227279d33
commit 0db890ba59
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
epan/dissectors/packet-netlink.c
View File

@ -166,12 +166,12 @@ static header_field_info hfi_netlink_attr_type NETLINK_HFI_INIT =
NULL, 0x0000, "Netlink Attribute type", HFILL };
static header_field_info hfi_netlink_attr_type_nested NETLINK_HFI_INIT =
{ "Nested", "netlink.attr_type.nested", FT_UINT16, BASE_DEC,
NULL, NLA_F_NESTED, "Carries nested attributes", HFILL };
{ "Nested", "netlink.attr_type.nested", FT_BOOLEAN, 16,
TFS(&tfs_true_false), NLA_F_NESTED, "Carries nested attributes", HFILL };
static header_field_info hfi_netlink_attr_type_net_byteorder NETLINK_HFI_INIT =
{ "Network byte order", "netlink.attr_type.net_byteorder", FT_UINT16, BASE_DEC,
NULL, NLA_F_NET_BYTEORDER, "Payload stored in network byte order", HFILL };
{ "Network byte order", "netlink.attr_type.net_byteorder", FT_BOOLEAN, 16,
TFS(&tfs_true_false), NLA_F_NET_BYTEORDER, "Payload stored in host or network byte order", HFILL };
static header_field_info hfi_netlink_attr_index NETLINK_HFI_INIT =
{ "Index", "netlink.attr_index", FT_UINT16, BASE_DEC,
@ -281,7 +281,12 @@ dissect_netlink_attributes_common(tvbuff_t *tvb, header_field_info *hfi_type, in
type_tree = proto_item_add_subtree(type_item, ett_netlink_attr_type);
proto_tree_add_item(type_tree, &hfi_netlink_attr_type_nested, tvb, offset, 2, encoding);
proto_tree_add_item(type_tree, &hfi_netlink_attr_type_net_byteorder, tvb, offset, 2, encoding);
proto_tree_add_item(type_tree, hfi_type, tvb, offset, 2, encoding);
/* The hfi_type _must_ have NLA_TYPE_MASK in it's definition, otherwise the nested/net_byteorder
* flags influence the retrieved value. Since this is impossible to enforce (apart from using
* a nasty DISSECTOR_ASSERT perhaps) we'll just have to make sure to feed in the properly
* masked value. Luckily we already have it: 'type' is the value we need.
*/
proto_tree_add_uint(type_tree, hfi_type, tvb, offset, 2, type);
offset += 2;
if (rta_type & NLA_F_NESTED)