From 7559a718ecbc9d4d3e8776a9ed615dace4a23ddd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Valverde?= Date: Sat, 11 Dec 2021 15:33:27 +0000 Subject: [PATCH] Netlink netfilter: Convert to normal proto tree API --- epan/dissectors/packet-netlink-netfilter.c | 1277 ++++++++++---------- 1 file changed, 671 insertions(+), 606 deletions(-) diff --git a/epan/dissectors/packet-netlink-netfilter.c b/epan/dissectors/packet-netlink-netfilter.c index 6c4f159726..86ffc606ff 100644 --- a/epan/dissectors/packet-netlink-netfilter.c +++ b/epan/dissectors/packet-netlink-netfilter.c @@ -29,8 +29,6 @@ static dissector_handle_t netlink_netfilter; static dissector_handle_t nflog_handle; static dissector_table_t ethertype_table; -static header_field_info *hfi_netlink_netfilter = NULL; - /* nfnetlink subsystems from */ enum { WS_NFNL_SUBSYS_NONE = 0, @@ -370,6 +368,101 @@ enum ws_ipset_ip_attr { static int proto_netlink_netfilter; +static int hf_ipset_adt_attr = -1; +static int hf_ipset_adt_attr_comment = -1; +static int hf_ipset_attr = -1; +static int hf_ipset_attr_family = -1; +static int hf_ipset_attr_flags = -1; +static int hf_ipset_attr_setname = -1; +static int hf_ipset_attr_typename = -1; +static int hf_ipset_cadt_attr = -1; +static int hf_ipset_cadt_attr_cadt_flags = -1; +static int hf_ipset_cadt_attr_cidr = -1; +static int hf_ipset_cadt_attr_timeout = -1; +static int hf_ipset_command = -1; +static int hf_ipset_ip_attr = -1; +static int hf_ipset_ip_attr_ipv4 = -1; +static int hf_ipset_ip_attr_ipv6 = -1; +static int hf_netlink_netfilter_family = -1; +static int hf_netlink_netfilter_resid = -1; +static int hf_netlink_netfilter_subsys = -1; +static int hf_netlink_netfilter_ulog_type = -1; +static int hf_netlink_netfilter_version = -1; +static int hf_nfct_attr = -1; +static int hf_nfct_attr_id = -1; +static int hf_nfct_attr_status = -1; +static int hf_nfct_attr_status_flag_assured = -1; +static int hf_nfct_attr_status_flag_confirmed = -1; +static int hf_nfct_attr_status_flag_dst_nat = -1; +static int hf_nfct_attr_status_flag_dst_nat_done = -1; +static int hf_nfct_attr_status_flag_dying = -1; +static int hf_nfct_attr_status_flag_expected = -1; +static int hf_nfct_attr_status_flag_fixed_timeout = -1; +static int hf_nfct_attr_status_flag_helper = -1; +static int hf_nfct_attr_status_flag_offload = -1; +static int hf_nfct_attr_status_flag_seen_reply = -1; +static int hf_nfct_attr_status_flag_seq_adjust = -1; +static int hf_nfct_attr_status_flag_src_nat = -1; +static int hf_nfct_attr_status_flag_src_nat_done = -1; +static int hf_nfct_attr_status_flag_template = -1; +static int hf_nfct_attr_status_flag_untracked = -1; +static int hf_nfct_attr_timeout = -1; +static int hf_nfct_help_attr = -1; +static int hf_nfct_help_attr_help_name = -1; +static int hf_nfct_seqadj_attr = -1; +static int hf_nfct_seqadj_attr_correction_pos = -1; +static int hf_nfct_seqadj_attr_offset_after = -1; +static int hf_nfct_seqadj_attr_offset_before = -1; +static int hf_nfct_tuple_attr = -1; +static int hf_nfct_tuple_ip_attr = -1; +static int hf_nfct_tuple_ip_attr_ipv4 = -1; +static int hf_nfct_tuple_ip_attr_ipv6 = -1; +static int hf_nfct_tuple_proto_attr = -1; +static int hf_nfct_tuple_proto_dst_port_attr = -1; +static int hf_nfct_tuple_proto_num_attr = -1; +static int hf_nfct_tuple_proto_src_port_attr = -1; +static int hf_nfct_tuple_zone_attr = -1; +static int hf_nfexp_attr = -1; +static int hf_nfexp_attr_class = -1; +static int hf_nfexp_attr_flag_inactive = -1; +static int hf_nfexp_attr_flag_permanent = -1; +static int hf_nfexp_attr_flag_userspace = -1; +static int hf_nfexp_attr_flags = -1; +static int hf_nfexp_attr_fn = -1; +static int hf_nfexp_attr_id = -1; +static int hf_nfexp_attr_timeout = -1; +static int hf_nfexp_attr_zone = -1; +static int hf_nfexp_nat_attr = -1; +static int hf_nfexp_nat_attr_dir = -1; +static int hf_nfexp_type = -1; +static int hf_nfq_attr = -1; +static int hf_nfq_caplen = -1; +static int hf_nfq_config_attr = -1; +static int hf_nfq_config_command_command = -1; +static int hf_nfq_config_command_pf = -1; +static int hf_nfq_config_flags = -1; +static int hf_nfq_config_mask = -1; +static int hf_nfq_config_params_copymode = -1; +static int hf_nfq_config_params_copyrange = -1; +static int hf_nfq_config_queue_maxlen = -1; +static int hf_nfq_ctinfo = -1; +static int hf_nfq_gid = -1; +static int hf_nfq_hwaddr_addr = -1; +static int hf_nfq_hwaddr_len = -1; +static int hf_nfq_ifindex_indev = -1; +static int hf_nfq_ifindex_outdev = -1; +static int hf_nfq_ifindex_physindev = -1; +static int hf_nfq_ifindex_physoutdev = -1; +static int hf_nfq_nfmark = -1; +static int hf_nfq_packet_hook = -1; +static int hf_nfq_packet_hwprotocol = -1; +static int hf_nfq_packet_id = -1; +static int hf_nfq_timestamp = -1; +static int hf_nfq_type = -1; +static int hf_nfq_uid = -1; +static int hf_nfq_verdict_id = -1; +static int hf_nfq_verdict_verdict = -1; + static int ett_netlink_netfilter = -1; static int ett_nfct_attr = -1; static int ett_nfct_help_attr = -1; @@ -388,29 +481,15 @@ static int ett_ipset_cadt_attr = -1; static int ett_ipset_adt_attr = -1; static int ett_ipset_ip_attr = -1; -/* nfgenmsg header, common to all Netfilter over Netlink packets. */ - -static header_field_info hfi_netlink_netfilter_family = - { "Address family", "netlink-netfilter.family", FT_UINT8, BASE_DEC | BASE_EXT_STRING, - &linux_af_vals_ext, 0x00, "nfnetlink address family", HFILL }; - -static header_field_info hfi_netlink_netfilter_version = - { "Version", "netlink-netfilter.version", FT_UINT8, BASE_DEC, - NULL, 0x00, "nfnetlink version", HFILL }; - -static header_field_info hfi_netlink_netfilter_resid = - { "Resource id", "netlink-netfilter.res_id", FT_UINT16, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - static int dissect_netlink_netfilter_header(tvbuff_t *tvb, proto_tree *tree, int offset) { - proto_tree_add_item(tree, hfi_netlink_netfilter_family.id, tvb, offset, 1, ENC_NA); + proto_tree_add_item(tree, hf_netlink_netfilter_family, tvb, offset, 1, ENC_NA); offset++; - proto_tree_add_item(tree, hfi_netlink_netfilter_version.id, tvb, offset, 1, ENC_NA); + proto_tree_add_item(tree, hf_netlink_netfilter_version, tvb, offset, 1, ENC_NA); offset++; - proto_tree_add_item(tree, hfi_netlink_netfilter_resid.id, tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_netlink_netfilter_resid, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; return offset; @@ -446,22 +525,6 @@ static const value_string nfct_tuple_l4proto_attr_vals[] = { { 0, NULL } }; -static header_field_info hfi_nfct_tuple_proto_num_attr = - { "Protocol", "netlink-netfilter.nfct_tuple.proto.num", FT_UINT8, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfct_tuple_proto_src_port_attr = - { "Port", "netlink-netfilter.nfct_tuple.proto.src_port", FT_UINT16, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfct_tuple_proto_dst_port_attr = - { "Port", "netlink-netfilter.nfct_tuple.proto.dst_port", FT_UINT16, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfct_tuple_proto_attr = - { "Type", "netlink-netfilter.nfct_tuple.proto", FT_UINT16, BASE_DEC, - VALS(nfct_tuple_l4proto_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - static int dissect_nfct_tuple_proto_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len) { @@ -469,15 +532,15 @@ dissect_nfct_tuple_proto_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netl switch (type) { case WS_CTA_PROTO_NUM: - proto_tree_add_item(tree, hfi_nfct_tuple_proto_num_attr.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfct_tuple_proto_num_attr, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_PROTO_SRC_PORT: - proto_tree_add_item(tree, hfi_nfct_tuple_proto_src_port_attr.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfct_tuple_proto_src_port_attr, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_PROTO_DST_PORT: - proto_tree_add_item(tree, hfi_nfct_tuple_proto_dst_port_attr.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfct_tuple_proto_dst_port_attr, tvb, offset, len, ENC_BIG_ENDIAN); return 1; default: @@ -485,18 +548,6 @@ dissect_nfct_tuple_proto_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netl } } -static header_field_info hfi_nfct_tuple_ip_attr_ipv4 = - { "IPv4 address", "netlink-netfilter.nfct_tuple.ip.ip_addr", FT_IPv4, BASE_NONE, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfct_tuple_ip_attr_ipv6 = - { "IPv6 address", "netlink-netfilter.nfct_tuple.ip.ip6_addr", FT_IPv6, BASE_NONE, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfct_tuple_ip_attr = - { "Type", "netlink-netfilter.nfct_tuple.ip", FT_UINT16, BASE_DEC, - VALS(nfct_tuple_ip_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - static int dissect_nfct_tuple_ip_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len) { @@ -505,12 +556,12 @@ dissect_nfct_tuple_ip_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink switch (type) { case WS_CTA_IP_V4_SRC: case WS_CTA_IP_V4_DST: - proto_tree_add_item(tree, hfi_nfct_tuple_ip_attr_ipv4.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfct_tuple_ip_attr_ipv4, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_IP_V6_SRC: case WS_CTA_IP_V6_DST: - proto_tree_add_item(tree, hfi_nfct_tuple_ip_attr_ipv6.id, tvb, offset, len, ENC_NA); + proto_tree_add_item(tree, hf_nfct_tuple_ip_attr_ipv6, tvb, offset, len, ENC_NA); return 1; default: @@ -518,14 +569,6 @@ dissect_nfct_tuple_ip_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink } } -static header_field_info hfi_nfct_tuple_zone_attr = - { "Zone", "netlink-netfilter.nfct_tuple.zone", FT_UINT16, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfct_tuple_attr = - { "Type", "netlink-netfilter.nfct_tuple", FT_UINT16, BASE_DEC, - VALS(nfct_tuple_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - static int dissect_nfct_tuple_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len) { @@ -535,18 +578,18 @@ dissect_nfct_tuple_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data * switch (type) { case WS_CTA_TUPLE_IP: if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_nfct_tuple_ip_attr.id, ett_nfct_tuple_ip_attr, info, nl_data, + return dissect_netlink_attributes(tvb, hf_nfct_tuple_ip_attr, ett_nfct_tuple_ip_attr, info, nl_data, tree, offset, len, dissect_nfct_tuple_ip_attrs); return 0; case WS_CTA_TUPLE_PROTO: if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_nfct_tuple_proto_attr.id, ett_nfct_tuple_proto_attr, info, nl_data, + return dissect_netlink_attributes(tvb, hf_nfct_tuple_proto_attr, ett_nfct_tuple_proto_attr, info, nl_data, tree, offset, len, dissect_nfct_tuple_proto_attrs); return 0; case WS_CTA_TUPLE_ZONE: - proto_tree_add_item(tree, hfi_nfct_tuple_zone_attr.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfct_tuple_zone_attr, tvb, offset, len, ENC_BIG_ENDIAN); return 1; default: @@ -598,121 +641,25 @@ static const value_string nfct_seqadj_attr_vals[] = { { 0, NULL } }; -static header_field_info hfi_nfct_attr_timeout = - { "Timeout", "netlink-netfilter.ct_attr.timeout", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfct_attr_id = - { "ID", "netlink-netfilter.ct_attr.id", FT_UINT32, BASE_HEX, - NULL, 0x00, NULL, HFILL }; - -/* CTA_STATUS bitfield */ -static header_field_info hfi_nfct_attr_status_flag_expected = - { "Expected", "netlink-netfilter.ct_attr.status.expected", - FT_UINT32, BASE_DEC, NULL, WS_IPS_EXPECTED, - "It is an expected connection", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_seen_reply = - { "Seen reply", "netlink-netfilter.ct_attr.status.seen_reply", - FT_UINT32, BASE_DEC, NULL, WS_IPS_SEEN_REPLY, - "Packets going in both directions have been seen", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_assured = - { "Assured", "netlink-netfilter.ct_attr.status.assured", - FT_UINT32, BASE_DEC, NULL, WS_IPS_ASSURED, - "Conntrack should never be early-expired", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_confirmed = - { "Confirmed", "netlink-netfilter.ct_attr.status.confirmed", - FT_UINT32, BASE_DEC, NULL, WS_IPS_CONFIRMED, - "Connection is confirmed: originating packet has left box", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_src_nat = - { "Source NAT", "netlink-netfilter.ct_attr.status.src_nat", - FT_UINT32, BASE_DEC, NULL, WS_IPS_SRC_NAT, - "Connection needs source NAT in orig dir.", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_dst_nat = - { "Destination NAT", "netlink-netfilter.ct_attr.status.dst_nat", - FT_UINT32, BASE_DEC, NULL, WS_IPS_DST_NAT, - "Connection needs destination NAT in orig dir.", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_seq_adjust = - { "Sequence adjust", "netlink-netfilter.ct_attr.status.seq_adjust", - FT_UINT32, BASE_DEC, NULL, WS_IPS_SEQ_ADJUST, - "Connection needs TCP sequence adjusted", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_src_nat_done = - { "Source NAT done", "netlink-netfilter.ct_attr.status.src_nat_done", - FT_UINT32, BASE_DEC, NULL, WS_IPS_SRC_NAT_DONE, - "Source NAT has been initialized", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_dst_nat_done = - { "Destination NAT done", "netlink-netfilter.ct_attr.status.dst_nat_done", - FT_UINT32, BASE_DEC, NULL, WS_IPS_DST_NAT_DONE, - "Destination NAT has been initialized", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_dying = - { "Dying", "netlink-netfilter.ct_attr.status.dying", - FT_UINT32, BASE_DEC, NULL, WS_IPS_DYING, - "Connection is dying (removed from lists)", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_fixed_timeout = - { "Fixed timeout", "netlink-netfilter.ct_attr.status.fixed_timeout", - FT_UINT32, BASE_DEC, NULL, WS_IPS_FIXED_TIMEOUT, - "Connection has fixed timeout", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_template = - { "Template", "netlink-netfilter.ct_attr.status.template", - FT_UINT32, BASE_DEC, NULL, WS_IPS_TEMPLATE, - "Conntrack is a template", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_untracked = - { "Untracked", "netlink-netfilter.ct_attr.status.untracked", - FT_UINT32, BASE_DEC, NULL, WS_IPS_UNTRACKED, - "Conntrack is a fake untracked entry. Obsolete and not used anymore", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_helper = - { "Helper", "netlink-netfilter.ct_attr.status.helper", - FT_UINT32, BASE_DEC, NULL, WS_IPS_HELPER, - "Conntrack got a helper explicitly attached via CT target", HFILL }; - -static header_field_info hfi_nfct_attr_status_flag_offload = - { "Offload", "netlink-netfilter.ct_attr.status.offload", - FT_UINT32, BASE_DEC, NULL, WS_IPS_OFFLOAD, - NULL, HFILL }; - -static int * const hfi_nfct_attr_status_flags[] = { - &hfi_nfct_attr_status_flag_offload.id, - &hfi_nfct_attr_status_flag_helper.id, - &hfi_nfct_attr_status_flag_untracked.id, - &hfi_nfct_attr_status_flag_template.id, - &hfi_nfct_attr_status_flag_fixed_timeout.id, - &hfi_nfct_attr_status_flag_dying.id, - &hfi_nfct_attr_status_flag_dst_nat_done.id, - &hfi_nfct_attr_status_flag_src_nat_done.id, - &hfi_nfct_attr_status_flag_seq_adjust.id, - &hfi_nfct_attr_status_flag_dst_nat.id, - &hfi_nfct_attr_status_flag_src_nat.id, - &hfi_nfct_attr_status_flag_confirmed.id, - &hfi_nfct_attr_status_flag_assured.id, - &hfi_nfct_attr_status_flag_seen_reply.id, - &hfi_nfct_attr_status_flag_expected.id, +static int * const hf_nfct_attr_status_flags[] = { + &hf_nfct_attr_status_flag_offload, + &hf_nfct_attr_status_flag_helper, + &hf_nfct_attr_status_flag_untracked, + &hf_nfct_attr_status_flag_template, + &hf_nfct_attr_status_flag_fixed_timeout, + &hf_nfct_attr_status_flag_dying, + &hf_nfct_attr_status_flag_dst_nat_done, + &hf_nfct_attr_status_flag_src_nat_done, + &hf_nfct_attr_status_flag_seq_adjust, + &hf_nfct_attr_status_flag_dst_nat, + &hf_nfct_attr_status_flag_src_nat, + &hf_nfct_attr_status_flag_confirmed, + &hf_nfct_attr_status_flag_assured, + &hf_nfct_attr_status_flag_seen_reply, + &hf_nfct_attr_status_flag_expected, NULL }; -static header_field_info hfi_nfct_attr_status = - { "Status", "netlink-netfilter.ct_attr.status", FT_UINT32, BASE_HEX, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfct_help_attr_help_name = - { "Helper name", "netlink-netfilter.ct_help_attr.help_name", FT_STRINGZ, BASE_NONE, - NULL, 0x0, NULL, HFILL }; - -static header_field_info hfi_nfct_help_attr = - { "Helper", "netlink-netfilter.ct_help_attr", FT_UINT16, BASE_DEC, - VALS(nfct_help_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - static int dissect_nfct_help_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len) { @@ -720,7 +667,7 @@ dissect_nfct_help_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_dat switch (type) { case WS_CTA_HELP_NAME: - proto_tree_add_item(tree, hfi_nfct_help_attr_help_name.id, tvb, offset, len, ENC_UTF_8); + proto_tree_add_item(tree, hf_nfct_help_attr_help_name, tvb, offset, len, ENC_UTF_8); return 1; default: @@ -730,22 +677,6 @@ dissect_nfct_help_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_dat return 0; } -static header_field_info hfi_nfct_seqadj_attr_correction_pos = - { "Position", "netlink-netfilter.ct_seqadj_correction_pos", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfct_seqadj_attr_offset_before = - { "Offset", "netlink-netfilter.ct_seqadj_offset_before", FT_INT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfct_seqadj_attr_offset_after = - { "Offset", "netlink-netfilter.ct_seqadj_offset_after", FT_INT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfct_seqadj_attr = - { "Adjustment", "netlink-netfilter.ct_seqadj_attr", FT_UINT16, BASE_DEC, - VALS(nfct_seqadj_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - static int dissect_nfct_seqadj_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len) { @@ -753,15 +684,15 @@ dissect_nfct_seqadj_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_d switch (type) { case WS_CTA_SEQADJ_CORRECTION_POS: - proto_tree_add_item(tree, hfi_nfct_seqadj_attr_correction_pos.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfct_seqadj_attr_correction_pos, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_SEQADJ_OFFSET_BEFORE: - proto_tree_add_item(tree, hfi_nfct_seqadj_attr_offset_before.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfct_seqadj_attr_offset_before, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_SEQADJ_OFFSET_AFTER: - proto_tree_add_item(tree, hfi_nfct_seqadj_attr_offset_after.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfct_seqadj_attr_offset_after, tvb, offset, len, ENC_BIG_ENDIAN); return 1; default: @@ -779,28 +710,28 @@ dissect_nfct_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_dat switch (type) { case WS_CTA_STATUS: - proto_tree_add_bitmask(tree, tvb, offset, hfi_nfct_attr_status.id, - ett_nfct_status_attr, hfi_nfct_attr_status_flags, ENC_BIG_ENDIAN); + proto_tree_add_bitmask(tree, tvb, offset, hf_nfct_attr_status, + ett_nfct_status_attr, hf_nfct_attr_status_flags, ENC_BIG_ENDIAN); return 1; case WS_CTA_TIMEOUT: - proto_tree_add_item(tree, hfi_nfct_attr_timeout.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfct_attr_timeout, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_ID: - proto_tree_add_item(tree, hfi_nfct_attr_id.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfct_attr_id, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_HELP: if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_nfct_help_attr.id, ett_nfct_help_attr, info, nl_data, + return dissect_netlink_attributes(tvb, hf_nfct_help_attr, ett_nfct_help_attr, info, nl_data, tree, offset, len, dissect_nfct_help_attrs); return 0; case WS_CTA_SEQ_ADJ_ORIG: case WS_CTA_SEQ_ADJ_REPLY: if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_nfct_seqadj_attr.id, ett_nfct_seqadj_attr, info, nl_data, + return dissect_netlink_attributes(tvb, hf_nfct_seqadj_attr, ett_nfct_seqadj_attr, info, nl_data, tree, offset, len, dissect_nfct_seqadj_attrs); return 0; @@ -808,7 +739,7 @@ dissect_nfct_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_dat case WS_CTA_TUPLE_REPLY: case WS_CTA_TUPLE_MASTER: if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_nfct_tuple_attr.id, ett_nfct_tuple_attr, info, nl_data, + return dissect_netlink_attributes(tvb, hf_nfct_tuple_attr, ett_nfct_tuple_attr, info, nl_data, tree, offset, len, dissect_nfct_tuple_attrs); return 0; @@ -819,15 +750,11 @@ dissect_nfct_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_dat /* CT - main */ -static header_field_info hfi_nfct_attr = - { "Type", "netlink-netfilter.ct.attr", FT_UINT16, BASE_DEC, - VALS(nfct_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - static int dissect_netfilter_ct(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset) { offset = dissect_netlink_netfilter_header(tvb, tree, offset); - return dissect_netlink_attributes_to_end(tvb, hfi_nfct_attr.id, ett_nfct_attr, info, nl_data, + return dissect_netlink_attributes_to_end(tvb, hf_nfct_attr, ett_nfct_attr, info, nl_data, tree, offset, dissect_nfct_attrs); } @@ -868,14 +795,6 @@ static const value_string nfexp_conntrack_dir_vals[] = { { 0, NULL } }; -static header_field_info hfi_nfexp_nat_attr_dir = - { "Direction", "netlink-netfilter.nfexp.nat.dir", FT_UINT32, BASE_DEC, - VALS(nfexp_conntrack_dir_vals), 0x00, NULL, HFILL }; - -static header_field_info hfi_nfexp_nat_attr = - { "Type", "netlink-netfilter.nfexp.nat", FT_UINT16, BASE_DEC, - VALS(nfexp_nat_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - static int dissect_nfexp_nat_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len) { @@ -884,12 +803,12 @@ dissect_nfexp_nat_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *n switch (type) { case WS_CTA_EXPECT_NAT_DIR: - proto_tree_add_item(tree, hfi_nfexp_nat_attr_dir.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfexp_nat_attr_dir, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_EXPECT_NAT_TUPLE: if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_nfct_tuple_attr.id, ett_nfct_tuple_attr, info, nl_data, + return dissect_netlink_attributes(tvb, hf_nfct_tuple_attr, ett_nfct_tuple_attr, info, nl_data, tree, offset, len, dissect_nfct_tuple_attrs); return 0; @@ -898,53 +817,14 @@ dissect_nfexp_nat_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *n } } -static header_field_info hfi_nfexp_attr_timeout = - { "Timeout", "netlink-netfilter.nfexp.timeout", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfexp_attr_id = - { "ID", "netlink-netfilter.nfexp.id", FT_UINT32, BASE_HEX, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfexp_attr_class = - { "Class", "netlink-netfilter.nfexp.class", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfexp_attr_zone = - { "Zone", "netlink-netfilter.nfexp.zone", FT_UINT16, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfexp_attr_fn = - { "Name", "netlink-netfilter.nfexp.fn", FT_STRINGZ, BASE_NONE, - NULL, 0x0, NULL, HFILL }; - /* CTA_EXPECT_FLAGS bitfield */ -static header_field_info hfi_nfexp_attr_flag_permanent = - { "Permanent", "netlink-netfilter.nfexp.flags.permanent", - FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_PERMANENT, - NULL, HFILL }; - -static header_field_info hfi_nfexp_attr_flag_inactive = - { "Inactive", "netlink-netfilter.nfexp.flags.inactive", - FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_INACTIVE, - NULL, HFILL }; - -static header_field_info hfi_nfexp_attr_flag_userspace = - { "Userspace", "netlink-netfilter.nfexp.flags.userspace", - FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_USERSPACE, - NULL, HFILL }; - -static int * const hfi_nfexp_attr_flags_bitfield[] = { - &hfi_nfexp_attr_flag_userspace.id, - &hfi_nfexp_attr_flag_inactive.id, - &hfi_nfexp_attr_flag_permanent.id, +static int * const hf_nfexp_attr_flags_bitfield[] = { + &hf_nfexp_attr_flag_userspace, + &hf_nfexp_attr_flag_inactive, + &hf_nfexp_attr_flag_permanent, NULL }; -static header_field_info hfi_nfexp_attr_flags = - { "Flags", "netlink-netfilter.nfexp.flags", FT_UINT32, BASE_HEX, - NULL, 0x00, NULL, HFILL }; - static int dissect_nfexp_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len) { @@ -956,39 +836,39 @@ dissect_nfexp_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_da case WS_CTA_EXPECT_MASK: case WS_CTA_EXPECT_MASTER: if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_nfct_tuple_attr.id, ett_nfct_tuple_attr, info, nl_data, + return dissect_netlink_attributes(tvb, hf_nfct_tuple_attr, ett_nfct_tuple_attr, info, nl_data, tree, offset, len, dissect_nfct_tuple_attrs); return 0; case WS_CTA_EXPECT_NAT: if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_nfexp_nat_attr.id, ett_nfexp_nat_attr, info, nl_data, + return dissect_netlink_attributes(tvb, hf_nfexp_nat_attr, ett_nfexp_nat_attr, info, nl_data, tree, offset, len, dissect_nfexp_nat_attrs); return 0; case WS_CTA_EXPECT_TIMEOUT: - proto_tree_add_item(tree, hfi_nfexp_attr_timeout.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfexp_attr_timeout, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_EXPECT_ID: - proto_tree_add_item(tree, hfi_nfexp_attr_id.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfexp_attr_id, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_EXPECT_CLASS: - proto_tree_add_item(tree, hfi_nfexp_attr_class.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfexp_attr_class, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_EXPECT_ZONE: - proto_tree_add_item(tree, hfi_nfexp_attr_zone.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfexp_attr_zone, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_CTA_EXPECT_FN: - proto_tree_add_item(tree, hfi_nfexp_attr_fn.id, tvb, offset, len, ENC_UTF_8); + proto_tree_add_item(tree, hf_nfexp_attr_fn, tvb, offset, len, ENC_UTF_8); return 1; case WS_CTA_EXPECT_FLAGS: - proto_tree_add_bitmask(tree, tvb, offset, hfi_nfexp_attr_flags.id, - ett_nfexp_flags_attr, hfi_nfexp_attr_flags_bitfield, ENC_BIG_ENDIAN); + proto_tree_add_bitmask(tree, tvb, offset, hf_nfexp_attr_flags, + ett_nfexp_flags_attr, hf_nfexp_attr_flags_bitfield, ENC_BIG_ENDIAN); return 1; default: @@ -996,10 +876,6 @@ dissect_nfexp_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_da } } -static header_field_info hfi_nfexp_attr = - { "Type", "netlink-netfilter.exp.attr", FT_UINT16, BASE_DEC, - VALS(nfexp_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - /* EXP - main */ static int @@ -1008,7 +884,7 @@ dissect_netfilter_exp(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct pack //enum ws_ctnl_exp_msg_types type = (enum ws_ctnl_exp_msg_types) (info->data->type & 0xff); offset = dissect_netlink_netfilter_header(tvb, tree, offset); - return dissect_netlink_attributes_to_end(tvb, hfi_nfexp_attr.id, ett_nfexp_attr, info, nl_data, + return dissect_netlink_attributes_to_end(tvb, hf_nfexp_attr, ett_nfexp_attr, info, nl_data, tree, offset, dissect_nfexp_attrs); } @@ -1050,34 +926,6 @@ static const value_string nfq_config_mode_vals[] = { { 0, NULL } }; -static header_field_info hfi_nfq_config_command_command = - { "Command", "netlink-netfilter.queue.config.command.command", FT_UINT8, BASE_DEC, - VALS(nfq_config_command_vals), 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_config_command_pf = - { "Protocol family", "netlink-netfilter.queue.config.command.pf", FT_UINT16, BASE_DEC, - VALS(nfproto_family_vals), 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_config_params_copyrange = - { "Copy range", "netlink-netfilter.queue.config.params.copy_range", FT_UINT32, BASE_HEX, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_config_params_copymode = - { "Copy mode", "netlink-netfilter.queue.config.params.copy_mode", FT_UINT8, BASE_DEC, - VALS(nfq_config_mode_vals), 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_config_queue_maxlen = - { "Maximum queue length", "netlink-netfilter.queue.config.queue_maxlen", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_config_mask = - { "Flags mask", "netlink-netfilter.queue.config.mask", FT_UINT32, BASE_HEX, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_config_flags = - { "Flags", "netlink-netfilter.queue.config.flags", FT_UINT32, BASE_HEX, - NULL, 0x00, NULL, HFILL }; - static int dissect_nfq_config_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len) { @@ -1089,41 +937,41 @@ dissect_nfq_config_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_da case WS_NFQA_CFG_CMD: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_config_command_command.id, tvb, offset, 1, ENC_NA); + proto_tree_add_item(tree, hf_nfq_config_command_command, tvb, offset, 1, ENC_NA); offset += 2; /* skip command and 1 byte padding. */ - proto_tree_add_item(tree, hfi_nfq_config_command_pf.id, tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_config_command_pf, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } break; case WS_NFQA_CFG_PARAMS: if (len == 5) { - proto_tree_add_item(tree, hfi_nfq_config_params_copyrange.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_config_params_copyrange, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; - proto_tree_add_item(tree, hfi_nfq_config_params_copymode.id, tvb, offset, 1, ENC_NA); + proto_tree_add_item(tree, hf_nfq_config_params_copymode, tvb, offset, 1, ENC_NA); offset++; } break; case WS_NFQA_CFG_QUEUE_MAXLEN: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_config_queue_maxlen.id, tvb, offset, 4, nl_data->encoding); + proto_tree_add_item(tree, hf_nfq_config_queue_maxlen, tvb, offset, 4, nl_data->encoding); offset += 4; } break; case WS_NFQA_CFG_MASK: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_config_mask.id, tvb, offset, 4, nl_data->encoding); + proto_tree_add_item(tree, hf_nfq_config_mask, tvb, offset, 4, nl_data->encoding); offset += 4; } break; case WS_NFQA_CFG_FLAGS: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_config_flags.id, tvb, offset, 4, nl_data->encoding); + proto_tree_add_item(tree, hf_nfq_config_flags, tvb, offset, 4, nl_data->encoding); offset += 4; } break; @@ -1132,10 +980,6 @@ dissect_nfq_config_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_da return offset; } -static header_field_info hfi_nfq_config_attr = - { "Type", "netlink-netfilter.queue.config_attr", FT_UINT16, BASE_DEC, - VALS(nfq_config_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - /* QUEUE - Packet and verdict */ static const value_string nfq_attr_vals[] = { @@ -1205,75 +1049,6 @@ static const value_string nfq_ctinfo_vals[] = { { 0, NULL } }; -static header_field_info hfi_nfq_verdict_verdict = - { "Verdict", "netlink-netfilter.queue.verdict.verdict", FT_UINT32, BASE_DEC, - VALS(nfq_verdict_vals), 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_verdict_id = - { "Verdict ID", "netlink-netfilter.queue.verdict.id", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_packet_id = - { "Packet ID", "netlink-netfilter.queue.packet.id", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_packet_hwprotocol = - { "HW protocol", "netlink-netfilter.queue.packet.protocol", FT_UINT16, BASE_HEX, - VALS(etype_vals), 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_packet_hook = - { "Netfilter hook", "netlink-netfilter.queue.packet.hook", FT_UINT8, BASE_DEC, - VALS(netfilter_hooks_vals), 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_nfmark = - { "Mark", "netlink-netfilter.queue.nfmark", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_timestamp = - { "Timestamp", "netlink-netfilter.queue.timestamp", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_ifindex_indev = - { "IFINDEX_INDEV", "netlink-netfilter.queue.ifindex_indev", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_ifindex_outdev = - { "IFINDEX_OUTDEV", "netlink-netfilter.queue.ifindex_outdev", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_ifindex_physindev = - { "IFINDEX_PHYSINDEV", "netlink-netfilter.queue.ifindex_physindev", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_ifindex_physoutdev = - { "IFINDEX_PHYSOUTDEV", "netlink-netfilter.queue.ifindex_physoutdev", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_hwaddr_len = - { "Address length", "netlink-netfilter.queue.hwaddr.len", FT_UINT16, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_hwaddr_addr = - { "Address", "netlink-netfilter.queue.hwaddr.addr", FT_ETHER, BASE_NONE, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_ctinfo = - { "Conntrack info", "netlink-netfilter.queue.ct_info", FT_UINT32, BASE_DEC, - VALS(nfq_ctinfo_vals), 0x00, "Connection state tracking info", HFILL }; - -static header_field_info hfi_nfq_caplen = - { "Length of captured packet", "netlink-netfilter.queue.caplen", FT_UINT32, BASE_DEC, - NULL, 0x00, "Length of captured, untruncated packet", HFILL }; - -static header_field_info hfi_nfq_uid = - { "UID", "netlink-netfilter.queue.uid", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_nfq_gid = - { "GID", "netlink-netfilter.queue.gid", FT_UINT32, BASE_DEC, - NULL, 0x00, NULL, HFILL }; - - static int dissect_nfq_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len) { @@ -1286,66 +1061,66 @@ dissect_nfq_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data case WS_NFQA_PACKET_HDR: if (len == 7) { - proto_tree_add_item(tree, hfi_nfq_packet_id.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_packet_id, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; - proto_tree_add_item(tree, hfi_nfq_packet_hwprotocol.id, tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_packet_hwprotocol, tvb, offset, 2, ENC_BIG_ENDIAN); info->hw_protocol = tvb_get_ntohs(tvb, offset); offset += 2; - proto_tree_add_item(tree, hfi_nfq_packet_hook.id, tvb, offset, 1, ENC_NA); + proto_tree_add_item(tree, hf_nfq_packet_hook, tvb, offset, 1, ENC_NA); offset++; } break; case WS_NFQA_VERDICT_HDR: if (len == 8) { - proto_tree_add_item(tree, hfi_nfq_verdict_verdict.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_verdict_verdict, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; - proto_tree_add_item(tree, hfi_nfq_verdict_id.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_verdict_id, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } break; case WS_NFQA_MARK: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_nfmark.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_nfmark, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } break; case WS_NFQA_TIMESTAMP: if (len == 16) { - proto_tree_add_item(tree, hfi_nfq_timestamp.id, tvb, offset, 16, ENC_TIME_SECS_NSECS|ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_timestamp, tvb, offset, 16, ENC_TIME_SECS_NSECS|ENC_BIG_ENDIAN); offset += 16; } break; case WS_NFQA_IFINDEX_INDEV: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_ifindex_indev.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_ifindex_indev, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } break; case WS_NFQA_IFINDEX_OUTDEV: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_ifindex_outdev.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_ifindex_outdev, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } break; case WS_NFQA_IFINDEX_PHYSINDEV: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_ifindex_physindev.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_ifindex_physindev, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } break; case WS_NFQA_IFINDEX_PHYSOUTDEV: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_ifindex_physoutdev.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_ifindex_physoutdev, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } break; @@ -1354,13 +1129,13 @@ dissect_nfq_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data if (len >= 4) { guint16 addrlen; - proto_tree_add_item(tree, hfi_nfq_hwaddr_len.id, tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_hwaddr_len, tvb, offset, 2, ENC_BIG_ENDIAN); addrlen = tvb_get_ntohs(tvb, offset); offset += 4; /* skip len and padding */ /* XXX expert info if 4 + addrlen > len. */ addrlen = MIN(addrlen, len - 4); - proto_tree_add_item(tree, hfi_nfq_hwaddr_addr.id, tvb, offset, addrlen, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_hwaddr_addr, tvb, offset, addrlen, ENC_BIG_ENDIAN); offset += addrlen; } break; @@ -1378,20 +1153,20 @@ dissect_nfq_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data case WS_NFQA_CT: if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_nfct_attr.id, ett_nfct_attr, info, nl_data, + return dissect_netlink_attributes(tvb, hf_nfct_attr, ett_nfct_attr, info, nl_data, tree, offset, len, dissect_nfct_attrs); break; case WS_NFQA_CT_INFO: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_ctinfo.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_ctinfo, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } break; case WS_NFQA_CAP_LEN: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_caplen.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_caplen, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } break; @@ -1403,14 +1178,14 @@ dissect_nfq_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data case WS_NFQA_UID: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_uid.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_uid, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } break; case WS_NFQA_GID: if (len == 4) { - proto_tree_add_item(tree, hfi_nfq_gid.id, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_nfq_gid, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } break; @@ -1425,10 +1200,6 @@ dissect_nfq_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data return offset; } -static header_field_info hfi_nfq_attr = - { "Type", "netlink-netfilter.queue.attr", FT_UINT16, BASE_DEC, - VALS(nfq_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - /* QUEUE - main */ static int @@ -1440,11 +1211,11 @@ dissect_netfilter_queue(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct pa switch (type) { case WS_NFQNL_MSG_CONFIG: - return dissect_netlink_attributes_to_end(tvb, hfi_nfq_config_attr.id, ett_nfq_config_attr, info, nl_data, tree, offset, dissect_nfq_config_attrs); + return dissect_netlink_attributes_to_end(tvb, hf_nfq_config_attr, ett_nfq_config_attr, info, nl_data, tree, offset, dissect_nfq_config_attrs); case WS_NFQNL_MSG_PACKET: case WS_NFQNL_MSG_VERDICT: - return dissect_netlink_attributes_to_end(tvb, hfi_nfq_attr.id, ett_nfq_attr, info, nl_data, tree, offset, dissect_nfq_attrs); + return dissect_netlink_attributes_to_end(tvb, hf_nfq_attr, ett_nfq_attr, info, nl_data, tree, offset, dissect_nfq_attrs); case WS_NFQNL_MSG_VERDICT_BATCH: /* TODO */ @@ -1462,10 +1233,6 @@ static const value_string netlink_netfilter_ulog_type_vals[] = { { 0, NULL } }; -static header_field_info hfi_netlink_netfilter_ulog_type = - { "Type", "netlink-netfilter.ulog_type", FT_UINT16, BASE_DEC, - VALS(netlink_netfilter_ulog_type_vals), 0x00FF, NULL, HFILL }; - static int dissect_netfilter_ulog(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset) { @@ -1587,62 +1354,6 @@ static const value_string ipset_ip_attr_vals[] = { { 0, NULL } }; -static header_field_info hfi_ipset_attr = - { "Type", "netlink-netfilter.ipset_attr", FT_UINT16, BASE_DEC, - VALS(ipset_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - -static header_field_info hfi_ipset_cadt_attr = - { "Type", "netlink-netfilter.ipset_cadt_attr", FT_UINT16, BASE_DEC, - VALS(ipset_cadt_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - -static header_field_info hfi_ipset_cadt_attr_cidr = - { "CIDR", "netlink-netfilter.ipset.cidr", FT_UINT8, BASE_DEC, - NULL, 0x0, NULL, HFILL }; - -static header_field_info hfi_ipset_cadt_attr_timeout = - { "Timeout", "netlink-netfilter.ipset.timeout", FT_UINT32, BASE_DEC, - NULL, 0x0, NULL, HFILL }; - -static header_field_info hfi_ipset_cadt_attr_cadt_flags = - { "Flags", "netlink-netfilter.ipset.cadt_flags", FT_UINT32, BASE_HEX, - NULL, 0x0, NULL, HFILL }; - -static header_field_info hfi_ipset_attr_setname = - { "Setname", "netlink-netfilter.ipset.setname", FT_STRINGZ, BASE_NONE, - NULL, 0x0, NULL, HFILL }; - -static header_field_info hfi_ipset_attr_typename = - { "Typename", "netlink-netfilter.ipset.typename", FT_STRINGZ, BASE_NONE, - NULL, 0x0, NULL, HFILL }; - -static header_field_info hfi_ipset_attr_family = - { "Settype family", "netlink-netfilter.ipset.family", FT_UINT8, BASE_DEC, - VALS(nfproto_family_vals), 0x00, NULL, HFILL }; - -static header_field_info hfi_ipset_attr_flags = - { "Flags", "netlink-netfilter.ipset.flags", FT_UINT32, BASE_HEX, - NULL, 0x0, NULL, HFILL }; - -static header_field_info hfi_ipset_adt_attr = - { "Type", "netlink-netfilter.ipset_adt_attr", FT_UINT16, BASE_DEC, - VALS(ipset_adt_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - -static header_field_info hfi_ipset_adt_attr_comment = - { "Comment", "netlink-netfilter.ipset.comment", FT_STRINGZ, BASE_NONE, - NULL, 0x0, NULL, HFILL }; - -static header_field_info hfi_ipset_ip_attr = - { "Type", "netlink-netfilter.ipset_ip_attr", FT_UINT16, BASE_DEC, - VALS(ipset_ip_attr_vals), NLA_TYPE_MASK, NULL, HFILL }; - -static header_field_info hfi_ipset_ip_attr_ipv4 = - { "IPv4 address", "netlink-netfilter.ipset.ip_addr", FT_IPv4, BASE_NONE, - NULL, 0x00, NULL, HFILL }; - -static header_field_info hfi_ipset_ip_attr_ipv6 = - { "IPv6 address", "netlink-netfilter.ipset.ip6_addr", FT_IPv6, BASE_NONE, - NULL, 0x00, NULL, HFILL }; - static int dissect_ipset_ip_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len) { @@ -1650,11 +1361,11 @@ dissect_ipset_ip_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data switch (type) { case WS_IPSET_ATTR_IPADDR_IPV4: - proto_tree_add_item(tree, hfi_ipset_ip_attr_ipv4.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_ipset_ip_attr_ipv4, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_IPSET_ATTR_IPADDR_IPV6: - proto_tree_add_item(tree, hfi_ipset_ip_attr_ipv6.id, tvb, offset, len, ENC_NA); + proto_tree_add_item(tree, hf_ipset_ip_attr_ipv6, tvb, offset, len, ENC_NA); return 1; } @@ -1671,12 +1382,12 @@ dissect_ipset_cadt_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data * case WS_IPSET_ATTR_IP_FROM: case WS_IPSET_ATTR_IP_TO: if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_ipset_ip_attr.id, ett_ipset_ip_attr, info, nl_data, tree, offset, len, dissect_ipset_ip_attrs); + return dissect_netlink_attributes(tvb, hf_ipset_ip_attr, ett_ipset_ip_attr, info, nl_data, tree, offset, len, dissect_ipset_ip_attrs); return 0; case WS_IPSET_ATTR_CIDR: if (len == 1) { - proto_tree_add_item(tree, hfi_ipset_cadt_attr_cidr.id, tvb, offset, len, ENC_NA); + proto_tree_add_item(tree, hf_ipset_cadt_attr_cidr, tvb, offset, len, ENC_NA); return 1; } return 0; @@ -1688,7 +1399,7 @@ dissect_ipset_cadt_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data * case WS_IPSET_ATTR_TIMEOUT: if (len == 4) { - proto_tree_add_item(tree, hfi_ipset_cadt_attr_timeout.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_ipset_cadt_attr_timeout, tvb, offset, len, ENC_BIG_ENDIAN); return 1; } return 0; @@ -1699,7 +1410,7 @@ dissect_ipset_cadt_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data * case WS_IPSET_ATTR_CADT_FLAGS: if (len == 4) { - proto_tree_add_item(tree, hfi_ipset_cadt_attr_cadt_flags.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_ipset_cadt_attr_cadt_flags, tvb, offset, len, ENC_BIG_ENDIAN); /* TODO show bits from enum ipset_cadt_flags */ return 1; } @@ -1735,7 +1446,7 @@ dissect_ipset_adt_data_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_da switch (type) { case WS_IPSET_ATTR_COMMENT: - proto_tree_add_item(tree, hfi_ipset_adt_attr_comment.id, tvb, offset, len, ENC_UTF_8); + proto_tree_add_item(tree, hf_ipset_adt_attr_comment, tvb, offset, len, ENC_UTF_8); return 1; default: @@ -1751,7 +1462,7 @@ dissect_ipset_adt_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *n netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data; if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_ipset_adt_attr.id, ett_ipset_adt_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_data_attrs); + return dissect_netlink_attributes(tvb, hf_ipset_adt_attr, ett_ipset_adt_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_data_attrs); return 0; } @@ -1767,11 +1478,11 @@ dissect_ipset_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_da return 0; case WS_IPSET_ATTR_SETNAME: - proto_tree_add_item(tree, hfi_ipset_attr_setname.id, tvb, offset, len, ENC_UTF_8); + proto_tree_add_item(tree, hf_ipset_attr_setname, tvb, offset, len, ENC_UTF_8); return 1; case WS_IPSET_ATTR_TYPENAME: - proto_tree_add_item(tree, hfi_ipset_attr_typename.id, tvb, offset, len, ENC_UTF_8); + proto_tree_add_item(tree, hf_ipset_attr_typename, tvb, offset, len, ENC_UTF_8); return 1; case WS_IPSET_ATTR_REVISION: @@ -1779,12 +1490,12 @@ dissect_ipset_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_da return 0; case WS_IPSET_ATTR_FAMILY: - proto_tree_add_item(tree, hfi_ipset_attr_family.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_ipset_attr_family, tvb, offset, len, ENC_BIG_ENDIAN); return 1; case WS_IPSET_ATTR_FLAGS: if (len == 4) { - proto_tree_add_item(tree, hfi_ipset_attr_flags.id, tvb, offset, len, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf_ipset_attr_flags, tvb, offset, len, ENC_BIG_ENDIAN); /* TODO show bits from enum ipset_cmd_flags */ return 1; } @@ -1798,16 +1509,16 @@ dissect_ipset_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_da if (command == WS_IPSET_CMD_CREATE || command == WS_IPSET_CMD_LIST || command == WS_IPSET_CMD_SAVE) - return dissect_netlink_attributes(tvb, hfi_ipset_cadt_attr.id, ett_ipset_cadt_attr, info, nl_data, tree, offset, len, dissect_ipset_cadt_attrs); + return dissect_netlink_attributes(tvb, hf_ipset_cadt_attr, ett_ipset_cadt_attr, info, nl_data, tree, offset, len, dissect_ipset_cadt_attrs); else - return dissect_netlink_attributes(tvb, hfi_ipset_adt_attr.id, ett_ipset_adt_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_data_attrs); + return dissect_netlink_attributes(tvb, hf_ipset_adt_attr, ett_ipset_adt_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_data_attrs); } return 0; case WS_IPSET_ATTR_ADT: /* Following this, there will be an IPSET_ATTR_DATA with regular ADT attributes, not CADT */ if (nla_type & NLA_F_NESTED) - return dissect_netlink_attributes(tvb, hfi_ipset_attr.id, ett_ipset_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_attrs); + return dissect_netlink_attributes(tvb, hf_ipset_attr, ett_ipset_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_attrs); return 0; case WS_IPSET_ATTR_LINENO: @@ -1824,7 +1535,7 @@ static int dissect_netfilter_ipset(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset) { offset = dissect_netlink_netfilter_header(tvb, tree, offset); - return dissect_netlink_attributes_to_end(tvb, hfi_ipset_attr.id, ett_ipset_attr, info, nl_data, tree, offset, dissect_ipset_attrs); + return dissect_netlink_attributes_to_end(tvb, hf_ipset_attr, ett_ipset_attr, info, nl_data, tree, offset, dissect_ipset_attrs); } @@ -1845,22 +1556,6 @@ static const value_string netlink_netfilter_subsystem_vals[] = { { 0, NULL } }; -static header_field_info hfi_nfexp_type = - { "Type", "netlink-netfilter.exp_type", FT_UINT16, BASE_DEC, - VALS(nfexp_type_vals), 0x00FF, NULL, HFILL }; - -static header_field_info hfi_nfq_type = - { "Type", "netlink-netfilter.queue_type", FT_UINT16, BASE_DEC, - VALS(nfq_type_vals), 0x00FF, NULL, HFILL }; - -static header_field_info hfi_ipset_command = - { "Command", "netlink-netfilter.ipset_command", FT_UINT16, BASE_DEC, - VALS(ipset_command_vals), 0x00FF, NULL, HFILL }; - -static header_field_info hfi_netlink_netfilter_subsys = - { "Subsystem", "netlink-netfilter.subsys", FT_UINT16, BASE_DEC, - VALS(netlink_netfilter_subsystem_vals), 0xFF00, NULL, HFILL }; - static int dissect_netlink_netfilter(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { @@ -1880,22 +1575,22 @@ dissect_netlink_netfilter(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, v /* Netlink message header (nlmsghdr) */ offset = dissect_netlink_header(tvb, nlmsg_tree, offset, nl_data->encoding, -1, NULL); - proto_tree_add_item(nlmsg_tree, hfi_netlink_netfilter_subsys.id, tvb, 4, 2, nl_data->encoding); + proto_tree_add_item(nlmsg_tree, hf_netlink_netfilter_subsys, tvb, 4, 2, nl_data->encoding); switch (nl_data->type >> 8) { case WS_NFNL_SUBSYS_CTNETLINK_EXP: - proto_tree_add_item(nlmsg_tree, hfi_nfexp_type.id, tvb, 4, 2, nl_data->encoding); + proto_tree_add_item(nlmsg_tree, hf_nfexp_type, tvb, 4, 2, nl_data->encoding); break; case WS_NFNL_SUBSYS_QUEUE: - proto_tree_add_item(nlmsg_tree, hfi_nfq_type.id, tvb, 4, 2, nl_data->encoding); + proto_tree_add_item(nlmsg_tree, hf_nfq_type, tvb, 4, 2, nl_data->encoding); break; case WS_NFNL_SUBSYS_ULOG: - proto_tree_add_item(nlmsg_tree, hfi_netlink_netfilter_ulog_type.id, tvb, 4, 2, nl_data->encoding); + proto_tree_add_item(nlmsg_tree, hf_netlink_netfilter_ulog_type, tvb, 4, 2, nl_data->encoding); break; case WS_NFNL_SUBSYS_IPSET: - proto_tree_add_item(nlmsg_tree, hfi_ipset_command.id, tvb, 4, 2, nl_data->encoding); + proto_tree_add_item(nlmsg_tree, hf_ipset_command, tvb, 4, 2, nl_data->encoding); break; } @@ -1935,105 +1630,477 @@ dissect_netlink_netfilter(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, v void proto_register_netlink_netfilter(void) { - static header_field_info *hfi[] = { - &hfi_netlink_netfilter_subsys, - &hfi_netlink_netfilter_family, - &hfi_netlink_netfilter_version, - &hfi_netlink_netfilter_resid, - &hfi_nfct_attr, - &hfi_nfct_attr_status, - &hfi_nfct_attr_status_flag_expected, - &hfi_nfct_attr_status_flag_seen_reply, - &hfi_nfct_attr_status_flag_assured, - &hfi_nfct_attr_status_flag_confirmed, - &hfi_nfct_attr_status_flag_src_nat, - &hfi_nfct_attr_status_flag_dst_nat, - &hfi_nfct_attr_status_flag_seq_adjust, - &hfi_nfct_attr_status_flag_src_nat_done, - &hfi_nfct_attr_status_flag_dst_nat_done, - &hfi_nfct_attr_status_flag_dying, - &hfi_nfct_attr_status_flag_fixed_timeout, - &hfi_nfct_attr_status_flag_template, - &hfi_nfct_attr_status_flag_untracked, - &hfi_nfct_attr_status_flag_helper, - &hfi_nfct_attr_status_flag_offload, - &hfi_nfct_attr_timeout, - &hfi_nfct_attr_id, - &hfi_nfct_help_attr, - &hfi_nfct_help_attr_help_name, - &hfi_nfct_seqadj_attr, - &hfi_nfct_seqadj_attr_correction_pos, - &hfi_nfct_seqadj_attr_offset_before, - &hfi_nfct_seqadj_attr_offset_after, - &hfi_nfct_tuple_attr, - &hfi_nfct_tuple_ip_attr, - &hfi_nfct_tuple_ip_attr_ipv4, - &hfi_nfct_tuple_ip_attr_ipv6, - &hfi_nfct_tuple_proto_attr, - &hfi_nfct_tuple_proto_num_attr, - &hfi_nfct_tuple_proto_src_port_attr, - &hfi_nfct_tuple_proto_dst_port_attr, - - /* EXP */ - &hfi_nfexp_type, - &hfi_nfexp_attr, - &hfi_nfexp_attr_fn, - &hfi_nfexp_attr_timeout, - &hfi_nfexp_attr_id, - &hfi_nfexp_attr_class, - &hfi_nfexp_attr_zone, - &hfi_nfexp_attr_flags, - &hfi_nfexp_attr_flag_permanent, - &hfi_nfexp_attr_flag_inactive, - &hfi_nfexp_attr_flag_userspace, - &hfi_nfexp_nat_attr, - &hfi_nfexp_nat_attr_dir, - /* QUEUE */ - &hfi_nfq_type, - &hfi_nfq_attr, - &hfi_nfq_config_command_command, - &hfi_nfq_config_command_pf, - &hfi_nfq_config_params_copyrange, - &hfi_nfq_config_params_copymode, - &hfi_nfq_config_queue_maxlen, - &hfi_nfq_config_mask, - &hfi_nfq_config_flags, - &hfi_nfq_config_attr, - &hfi_nfq_verdict_verdict, - &hfi_nfq_verdict_id, - &hfi_nfq_packet_id, - &hfi_nfq_packet_hwprotocol, - &hfi_nfq_packet_hook, - &hfi_nfq_nfmark, - &hfi_nfq_timestamp, - &hfi_nfq_ifindex_indev, - &hfi_nfq_ifindex_outdev, - &hfi_nfq_ifindex_physindev, - &hfi_nfq_ifindex_physoutdev, - &hfi_nfq_hwaddr_len, - &hfi_nfq_hwaddr_addr, - &hfi_nfq_ctinfo, - &hfi_nfq_caplen, - &hfi_nfq_uid, - &hfi_nfq_gid, - /* ULOG */ - &hfi_netlink_netfilter_ulog_type, - /* IPSET */ - &hfi_ipset_command, - &hfi_ipset_attr, - &hfi_ipset_cadt_attr, - &hfi_ipset_cadt_attr_cidr, - &hfi_ipset_cadt_attr_timeout, - &hfi_ipset_cadt_attr_cadt_flags, - &hfi_ipset_attr_setname, - &hfi_ipset_attr_typename, - &hfi_ipset_attr_family, - &hfi_ipset_attr_flags, - &hfi_ipset_adt_attr, - &hfi_ipset_adt_attr_comment, - &hfi_ipset_ip_attr, - &hfi_ipset_ip_attr_ipv4, - &hfi_ipset_ip_attr_ipv6, + static hf_register_info hf[] = { + { &hf_netlink_netfilter_family, + { "Address family", "netlink-netfilter.family", + FT_UINT8, BASE_DEC | BASE_EXT_STRING, &linux_af_vals_ext, 0x00, + "nfnetlink address family", HFILL } + }, + { &hf_netlink_netfilter_version, + { "Version", "netlink-netfilter.version", + FT_UINT8, BASE_DEC, NULL, 0x00, + "nfnetlink version", HFILL } + }, + { &hf_netlink_netfilter_resid, + { "Resource id", "netlink-netfilter.res_id", + FT_UINT16, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_tuple_proto_num_attr, + { "Protocol", "netlink-netfilter.nfct_tuple.proto.num", + FT_UINT8, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_tuple_proto_src_port_attr, + { "Port", "netlink-netfilter.nfct_tuple.proto.src_port", + FT_UINT16, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_tuple_proto_dst_port_attr, + { "Port", "netlink-netfilter.nfct_tuple.proto.dst_port", + FT_UINT16, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_tuple_proto_attr, + { "Type", "netlink-netfilter.nfct_tuple.proto", + FT_UINT16, BASE_DEC, VALS(nfct_tuple_l4proto_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_nfct_tuple_ip_attr_ipv4, + { "IPv4 address", "netlink-netfilter.nfct_tuple.ip.ip_addr", + FT_IPv4, BASE_NONE, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_tuple_ip_attr_ipv6, + { "IPv6 address", "netlink-netfilter.nfct_tuple.ip.ip6_addr", + FT_IPv6, BASE_NONE, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_tuple_ip_attr, + { "Type", "netlink-netfilter.nfct_tuple.ip", + FT_UINT16, BASE_DEC, VALS(nfct_tuple_ip_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_nfct_tuple_zone_attr, + { "Zone", "netlink-netfilter.nfct_tuple.zone", + FT_UINT16, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_tuple_attr, + { "Type", "netlink-netfilter.nfct_tuple", + FT_UINT16, BASE_DEC, VALS(nfct_tuple_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_nfct_attr_timeout, + { "Timeout", "netlink-netfilter.ct_attr.timeout", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_attr_id, + { "ID", "netlink-netfilter.ct_attr.id", + FT_UINT32, BASE_HEX, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_attr_status_flag_expected, + { "Expected", "netlink-netfilter.ct_attr.status.expected", + FT_UINT32, BASE_DEC, NULL, WS_IPS_EXPECTED, + "It is an expected connection", HFILL } + }, + { &hf_nfct_attr_status_flag_seen_reply, + { "Seen reply", "netlink-netfilter.ct_attr.status.seen_reply", + FT_UINT32, BASE_DEC, NULL, WS_IPS_SEEN_REPLY, + "Packets going in both directions have been seen", HFILL } + }, + { &hf_nfct_attr_status_flag_assured, + { "Assured", "netlink-netfilter.ct_attr.status.assured", + FT_UINT32, BASE_DEC, NULL, WS_IPS_ASSURED, + "Conntrack should never be early-expired", HFILL } + }, + { &hf_nfct_attr_status_flag_confirmed, + { "Confirmed", "netlink-netfilter.ct_attr.status.confirmed", + FT_UINT32, BASE_DEC, NULL, WS_IPS_CONFIRMED, + "Connection is confirmed: originating packet has left box", HFILL } + }, + { &hf_nfct_attr_status_flag_src_nat, + { "Source NAT", "netlink-netfilter.ct_attr.status.src_nat", + FT_UINT32, BASE_DEC, NULL, WS_IPS_SRC_NAT, + "Connection needs source NAT in orig dir.", HFILL } + }, + { &hf_nfct_attr_status_flag_dst_nat, + { "Destination NAT", "netlink-netfilter.ct_attr.status.dst_nat", + FT_UINT32, BASE_DEC, NULL, WS_IPS_DST_NAT, + "Connection needs destination NAT in orig dir.", HFILL } + }, + { &hf_nfct_attr_status_flag_seq_adjust, + { "Sequence adjust", "netlink-netfilter.ct_attr.status.seq_adjust", + FT_UINT32, BASE_DEC, NULL, WS_IPS_SEQ_ADJUST, + "Connection needs TCP sequence adjusted", HFILL } + }, + { &hf_nfct_attr_status_flag_src_nat_done, + { "Source NAT done", "netlink-netfilter.ct_attr.status.src_nat_done", + FT_UINT32, BASE_DEC, NULL, WS_IPS_SRC_NAT_DONE, + "Source NAT has been initialized", HFILL } + }, + { &hf_nfct_attr_status_flag_dst_nat_done, + { "Destination NAT done", "netlink-netfilter.ct_attr.status.dst_nat_done", + FT_UINT32, BASE_DEC, NULL, WS_IPS_DST_NAT_DONE, + "Destination NAT has been initialized", HFILL } + }, + { &hf_nfct_attr_status_flag_dying, + { "Dying", "netlink-netfilter.ct_attr.status.dying", + FT_UINT32, BASE_DEC, NULL, WS_IPS_DYING, + "Connection is dying (removed from lists)", HFILL } + }, + { &hf_nfct_attr_status_flag_fixed_timeout, + { "Fixed timeout", "netlink-netfilter.ct_attr.status.fixed_timeout", + FT_UINT32, BASE_DEC, NULL, WS_IPS_FIXED_TIMEOUT, + "Connection has fixed timeout", HFILL } + }, + { &hf_nfct_attr_status_flag_template, + { "Template", "netlink-netfilter.ct_attr.status.template", + FT_UINT32, BASE_DEC, NULL, WS_IPS_TEMPLATE, + "Conntrack is a template", HFILL } + }, + { &hf_nfct_attr_status_flag_untracked, + { "Untracked", "netlink-netfilter.ct_attr.status.untracked", + FT_UINT32, BASE_DEC, NULL, WS_IPS_UNTRACKED, + "Conntrack is a fake untracked entry. Obsolete and not used anymore", HFILL } + }, + { &hf_nfct_attr_status_flag_helper, + { "Helper", "netlink-netfilter.ct_attr.status.helper", + FT_UINT32, BASE_DEC, NULL, WS_IPS_HELPER, + "Conntrack got a helper explicitly attached via CT target", HFILL } + }, + { &hf_nfct_attr_status_flag_offload, + { "Offload", "netlink-netfilter.ct_attr.status.offload", + FT_UINT32, BASE_DEC, NULL, WS_IPS_OFFLOAD, + NULL, HFILL } + }, + { &hf_nfct_attr_status, + { "Status", "netlink-netfilter.ct_attr.status", + FT_UINT32, BASE_HEX, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_help_attr_help_name, + { "Helper name", "netlink-netfilter.ct_help_attr.help_name", + FT_STRINGZ, BASE_NONE, NULL, 0x0, + NULL, HFILL } + }, + { &hf_nfct_help_attr, + { "Helper", "netlink-netfilter.ct_help_attr", + FT_UINT16, BASE_DEC, VALS(nfct_help_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_nfct_seqadj_attr_correction_pos, + { "Position", "netlink-netfilter.ct_seqadj_correction_pos", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_seqadj_attr_offset_before, + { "Offset", "netlink-netfilter.ct_seqadj_offset_before", + FT_INT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_seqadj_attr_offset_after, + { "Offset", "netlink-netfilter.ct_seqadj_offset_after", + FT_INT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfct_seqadj_attr, + { "Adjustment", "netlink-netfilter.ct_seqadj_attr", + FT_UINT16, BASE_DEC, VALS(nfct_seqadj_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_nfct_attr, + { "Type", "netlink-netfilter.ct.attr", + FT_UINT16, BASE_DEC, VALS(nfct_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_nfexp_nat_attr_dir, + { "Direction", "netlink-netfilter.nfexp.nat.dir", + FT_UINT32, BASE_DEC, VALS(nfexp_conntrack_dir_vals), 0x00, + NULL, HFILL } + }, + { &hf_nfexp_nat_attr, + { "Type", "netlink-netfilter.nfexp.nat", + FT_UINT16, BASE_DEC, VALS(nfexp_nat_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_nfexp_attr_timeout, + { "Timeout", "netlink-netfilter.nfexp.timeout", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfexp_attr_id, + { "ID", "netlink-netfilter.nfexp.id", + FT_UINT32, BASE_HEX, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfexp_attr_class, + { "Class", "netlink-netfilter.nfexp.class", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfexp_attr_zone, + { "Zone", "netlink-netfilter.nfexp.zone", + FT_UINT16, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfexp_attr_fn, + { "Name", "netlink-netfilter.nfexp.fn", + FT_STRINGZ, BASE_NONE, NULL, 0x0, + NULL, HFILL } + }, + { &hf_nfexp_attr_flag_permanent, + { "Permanent", "netlink-netfilter.nfexp.flags.permanent", + FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_PERMANENT, + NULL, HFILL } + }, + { &hf_nfexp_attr_flag_inactive, + { "Inactive", "netlink-netfilter.nfexp.flags.inactive", + FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_INACTIVE, + NULL, HFILL } + }, + { &hf_nfexp_attr_flag_userspace, + { "Userspace", "netlink-netfilter.nfexp.flags.userspace", + FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_USERSPACE, + NULL, HFILL } + }, + { &hf_nfexp_attr_flags, + { "Flags", "netlink-netfilter.nfexp.flags", + FT_UINT32, BASE_HEX, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfexp_attr, + { "Type", "netlink-netfilter.exp.attr", + FT_UINT16, BASE_DEC, VALS(nfexp_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_nfq_config_command_command, + { "Command", "netlink-netfilter.queue.config.command.command", + FT_UINT8, BASE_DEC, VALS(nfq_config_command_vals), 0x00, + NULL, HFILL } + }, + { &hf_nfq_config_command_pf, + { "Protocol family", "netlink-netfilter.queue.config.command.pf", + FT_UINT16, BASE_DEC, VALS(nfproto_family_vals), 0x00, + NULL, HFILL } + }, + { &hf_nfq_config_params_copyrange, + { "Copy range", "netlink-netfilter.queue.config.params.copy_range", + FT_UINT32, BASE_HEX, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_config_params_copymode, + { "Copy mode", "netlink-netfilter.queue.config.params.copy_mode", + FT_UINT8, BASE_DEC, VALS(nfq_config_mode_vals), 0x00, + NULL, HFILL } + }, + { &hf_nfq_config_queue_maxlen, + { "Maximum queue length", "netlink-netfilter.queue.config.queue_maxlen", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_config_mask, + { "Flags mask", "netlink-netfilter.queue.config.mask", + FT_UINT32, BASE_HEX, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_config_flags, + { "Flags", "netlink-netfilter.queue.config.flags", + FT_UINT32, BASE_HEX, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_config_attr, + { "Type", "netlink-netfilter.queue.config_attr", + FT_UINT16, BASE_DEC, VALS(nfq_config_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_nfq_verdict_verdict, + { "Verdict", "netlink-netfilter.queue.verdict.verdict", + FT_UINT32, BASE_DEC, VALS(nfq_verdict_vals), 0x00, + NULL, HFILL } + }, + { &hf_nfq_verdict_id, + { "Verdict ID", "netlink-netfilter.queue.verdict.id", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_packet_id, + { "Packet ID", "netlink-netfilter.queue.packet.id", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_packet_hwprotocol, + { "HW protocol", "netlink-netfilter.queue.packet.protocol", + FT_UINT16, BASE_HEX, VALS(etype_vals), 0x00, + NULL, HFILL } + }, + { &hf_nfq_packet_hook, + { "Netfilter hook", "netlink-netfilter.queue.packet.hook", + FT_UINT8, BASE_DEC, VALS(netfilter_hooks_vals), 0x00, + NULL, HFILL } + }, + { &hf_nfq_nfmark, + { "Mark", "netlink-netfilter.queue.nfmark", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_timestamp, + { "Timestamp", "netlink-netfilter.queue.timestamp", + FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_ifindex_indev, + { "IFINDEX_INDEV", "netlink-netfilter.queue.ifindex_indev", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_ifindex_outdev, + { "IFINDEX_OUTDEV", "netlink-netfilter.queue.ifindex_outdev", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_ifindex_physindev, + { "IFINDEX_PHYSINDEV", "netlink-netfilter.queue.ifindex_physindev", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_ifindex_physoutdev, + { "IFINDEX_PHYSOUTDEV", "netlink-netfilter.queue.ifindex_physoutdev", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_hwaddr_len, + { "Address length", "netlink-netfilter.queue.hwaddr.len", + FT_UINT16, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_hwaddr_addr, + { "Address", "netlink-netfilter.queue.hwaddr.addr", + FT_ETHER, BASE_NONE, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_ctinfo, + { "Conntrack info", "netlink-netfilter.queue.ct_info", + FT_UINT32, BASE_DEC, VALS(nfq_ctinfo_vals), 0x00, + "Connection state tracking info", HFILL } + }, + { &hf_nfq_caplen, + { "Length of captured packet", "netlink-netfilter.queue.caplen", + FT_UINT32, BASE_DEC, NULL, 0x00, + "Length of captured, untruncated packet", HFILL } + }, + { &hf_nfq_uid, + { "UID", "netlink-netfilter.queue.uid", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_gid, + { "GID", "netlink-netfilter.queue.gid", + FT_UINT32, BASE_DEC, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfq_attr, + { "Type", "netlink-netfilter.queue.attr", + FT_UINT16, BASE_DEC, VALS(nfq_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_netlink_netfilter_ulog_type, + { "Type", "netlink-netfilter.ulog_type", + FT_UINT16, BASE_DEC, VALS(netlink_netfilter_ulog_type_vals), 0x00FF, + NULL, HFILL } + }, + { &hf_ipset_attr, + { "Type", "netlink-netfilter.ipset_attr", + FT_UINT16, BASE_DEC, VALS(ipset_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_ipset_cadt_attr, + { "Type", "netlink-netfilter.ipset_cadt_attr", + FT_UINT16, BASE_DEC, VALS(ipset_cadt_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_ipset_cadt_attr_cidr, + { "CIDR", "netlink-netfilter.ipset.cidr", + FT_UINT8, BASE_DEC, NULL, 0x0, + NULL, HFILL } + }, + { &hf_ipset_cadt_attr_timeout, + { "Timeout", "netlink-netfilter.ipset.timeout", + FT_UINT32, BASE_DEC, NULL, 0x0, + NULL, HFILL } + }, + { &hf_ipset_cadt_attr_cadt_flags, + { "Flags", "netlink-netfilter.ipset.cadt_flags", + FT_UINT32, BASE_HEX, NULL, 0x0, + NULL, HFILL } + }, + { &hf_ipset_attr_setname, + { "Setname", "netlink-netfilter.ipset.setname", + FT_STRINGZ, BASE_NONE, NULL, 0x0, + NULL, HFILL } + }, + { &hf_ipset_attr_typename, + { "Typename", "netlink-netfilter.ipset.typename", + FT_STRINGZ, BASE_NONE, NULL, 0x0, + NULL, HFILL } + }, + { &hf_ipset_attr_family, + { "Settype family", "netlink-netfilter.ipset.family", + FT_UINT8, BASE_DEC, VALS(nfproto_family_vals), 0x00, + NULL, HFILL } + }, + { &hf_ipset_attr_flags, + { "Flags", "netlink-netfilter.ipset.flags", + FT_UINT32, BASE_HEX, NULL, 0x0, + NULL, HFILL } + }, + { &hf_ipset_adt_attr, + { "Type", "netlink-netfilter.ipset_adt_attr", + FT_UINT16, BASE_DEC, VALS(ipset_adt_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_ipset_adt_attr_comment, + { "Comment", "netlink-netfilter.ipset.comment", + FT_STRINGZ, BASE_NONE, NULL, 0x0, + NULL, HFILL } + }, + { &hf_ipset_ip_attr, + { "Type", "netlink-netfilter.ipset_ip_attr", + FT_UINT16, BASE_DEC, VALS(ipset_ip_attr_vals), NLA_TYPE_MASK, + NULL, HFILL } + }, + { &hf_ipset_ip_attr_ipv4, + { "IPv4 address", "netlink-netfilter.ipset.ip_addr", + FT_IPv4, BASE_NONE, NULL, 0x00, + NULL, HFILL } + }, + { &hf_ipset_ip_attr_ipv6, + { "IPv6 address", "netlink-netfilter.ipset.ip6_addr", + FT_IPv6, BASE_NONE, NULL, 0x00, + NULL, HFILL } + }, + { &hf_nfexp_type, + { "Type", "netlink-netfilter.exp_type", + FT_UINT16, BASE_DEC, VALS(nfexp_type_vals), 0x00FF, + NULL, HFILL } + }, + { &hf_nfq_type, + { "Type", "netlink-netfilter.queue_type", + FT_UINT16, BASE_DEC, VALS(nfq_type_vals), 0x00FF, + NULL, HFILL } + }, + { &hf_ipset_command, + { "Command", "netlink-netfilter.ipset_command", + FT_UINT16, BASE_DEC, VALS(ipset_command_vals), 0x00FF, + NULL, HFILL } + }, + { &hf_netlink_netfilter_subsys, + { "Subsystem", "netlink-netfilter.subsys", + FT_UINT16, BASE_DEC, VALS(netlink_netfilter_subsystem_vals), 0xFF00, + NULL, HFILL } + }, }; static gint *ett[] = { @@ -2057,9 +2124,7 @@ proto_register_netlink_netfilter(void) }; proto_netlink_netfilter = proto_register_protocol("Linux netlink netfilter protocol", "netfilter", "netlink-netfilter" ); - hfi_netlink_netfilter = proto_registrar_get_nth(proto_netlink_netfilter); - - proto_register_fields_manual(proto_netlink_netfilter, hfi, array_length(hfi)); + proto_register_field_array(proto_netlink_netfilter, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); netlink_netfilter = create_dissector_handle(dissect_netlink_netfilter, proto_netlink_netfilter); @@ -2070,7 +2135,7 @@ proto_reg_handoff_netlink_netfilter(void) { dissector_add_uint("netlink.protocol", WS_NETLINK_NETFILTER, netlink_netfilter); - nflog_handle = find_dissector_add_dependency("nflog", hfi_netlink_netfilter->id); + nflog_handle = find_dissector_add_dependency("nflog", proto_netlink_netfilter); ethertype_table = find_dissector_table("ethertype"); }