2013-12-08 12:01:32 +00:00
|
|
|
/* packet-netlink.h
|
|
|
|
*
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
* Copyright 2001 Gerald Combs
|
|
|
|
*
|
2018-02-12 11:23:27 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
2013-12-08 12:01:32 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __PACKET_NETLINK_H__
|
|
|
|
#define __PACKET_NETLINK_H__
|
|
|
|
|
2013-12-13 00:51:30 +00:00
|
|
|
#include <epan/value_string.h>
|
|
|
|
|
2019-12-27 22:36:56 +00:00
|
|
|
/* from <include/uapi/linux/netlink.h> prefixed with WS_ */
|
2013-12-08 12:01:32 +00:00
|
|
|
enum {
|
|
|
|
WS_NETLINK_ROUTE = 0,
|
|
|
|
WS_NETLINK_UNUSED = 1,
|
|
|
|
WS_NETLINK_USERSOCK = 2,
|
|
|
|
WS_NETLINK_FIREWALL = 3,
|
|
|
|
WS_NETLINK_SOCK_DIAG = 4,
|
|
|
|
WS_NETLINK_NFLOG = 5,
|
|
|
|
WS_NETLINK_XFRM = 6,
|
|
|
|
WS_NETLINK_SELINUX = 7,
|
|
|
|
WS_NETLINK_ISCSI = 8,
|
|
|
|
WS_NETLINK_AUDIT = 9,
|
|
|
|
WS_NETLINK_FIB_LOOKUP = 10,
|
|
|
|
WS_NETLINK_CONNECTOR = 11,
|
|
|
|
WS_NETLINK_NETFILTER = 12,
|
|
|
|
WS_NETLINK_IP6_FW = 13,
|
|
|
|
WS_NETLINK_DNRTMSG = 14,
|
|
|
|
WS_NETLINK_KOBJECT_UEVENT = 15,
|
|
|
|
WS_NETLINK_GENERIC = 16,
|
|
|
|
/* leave room for NETLINK_DM (DM Events) */
|
|
|
|
WS_NETLINK_SCSITRANSPORT = 18,
|
|
|
|
WS_NETLINK_ECRYPTFS = 19,
|
|
|
|
WS_NETLINK_RDMA = 20,
|
2019-12-27 22:36:56 +00:00
|
|
|
WS_NETLINK_CRYPTO = 21,
|
|
|
|
WS_NETLINK_SMC = 22
|
2013-12-08 12:01:32 +00:00
|
|
|
};
|
|
|
|
|
2019-12-27 22:36:56 +00:00
|
|
|
/* from <include/uapi/linux/netlink.h> prefixed with WS_ */
|
2015-06-08 20:24:17 +00:00
|
|
|
enum {
|
|
|
|
WS_NLM_F_REQUEST = 1, /* It is request message.*/
|
|
|
|
WS_NLM_F_MULTI = 2, /* Multipart message, terminated by NETLINK_MSG_DONE */
|
|
|
|
WS_NLM_F_ACK = 4, /* Reply with ack, with zero or error code */
|
|
|
|
WS_NLM_F_ECHO = 8, /* Echo this request */
|
2016-08-06 14:42:19 +00:00
|
|
|
WS_NLM_F_DUMP_INTR = 16, /* Dump was inconsistent due to sequence change */
|
|
|
|
WS_NLM_F_DUMP_FILTERED = 32, /* Dump was filtered as requested */
|
2015-06-08 20:24:17 +00:00
|
|
|
|
|
|
|
/* Modifiers to Get request */
|
|
|
|
WS_NLM_F_ROOT = 0x100, /* specify tree root */
|
|
|
|
WS_NLM_F_MATCH = 0x200, /* return all matching */
|
2017-03-21 23:32:14 +00:00
|
|
|
WS_NLM_F_ATOMIC = 0x400, /* return an atomic snapshot of the table */
|
2015-06-08 20:24:17 +00:00
|
|
|
|
|
|
|
/* Modifiers to NEW request */
|
|
|
|
WS_NLM_F_REPLACE = 0x100, /* Override existing */
|
|
|
|
WS_NLM_F_EXCL = 0x200, /* Do not touch, if it exists */
|
|
|
|
WS_NLM_F_CREATE = 0x400, /* Create, if it does */
|
2019-12-27 22:36:56 +00:00
|
|
|
WS_NLM_F_APPEND = 0x800, /* Add to end of list */
|
|
|
|
|
|
|
|
/* Modifiers to DELETE request */
|
|
|
|
WS_NLM_F_NONREC = 0x100, /* Do not delete recursively */
|
|
|
|
|
|
|
|
/* Flags for ACK message */
|
|
|
|
WS_NLM_F_CAPPED = 0x100, /* request was capped */
|
|
|
|
WS_NLM_F_ACK_TLVS = 0x200 /* extended ACK TLVs were included */
|
2015-06-08 20:24:17 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
2013-12-13 00:51:30 +00:00
|
|
|
extern value_string_ext netlink_family_vals_ext;
|
|
|
|
|
2013-12-08 19:30:33 +00:00
|
|
|
enum {
|
|
|
|
WS_NLMSG_NOOP = 0x01,
|
|
|
|
WS_NLMSG_ERROR = 0x02,
|
|
|
|
WS_NLMSG_DONE = 0x03,
|
2015-06-08 20:24:17 +00:00
|
|
|
WS_NLMSG_OVERRUN = 0x04,
|
|
|
|
WS_NLMSG_MIN_TYPE = 0x10 /** type < WS_NLMSG_MIN_TYPE are reserved */
|
|
|
|
};
|
|
|
|
|
2019-12-27 22:36:56 +00:00
|
|
|
/* from <include/uapi/linux/netfilter.h>. Looks like AF_xxx, except for NFPROTO_ARP */
|
2016-08-20 11:22:30 +00:00
|
|
|
enum ws_nfproto {
|
|
|
|
WS_NFPROTO_UNSPEC = 0,
|
|
|
|
WS_NFPROTO_INET = 1,
|
|
|
|
WS_NFPROTO_IPV4 = 2,
|
|
|
|
WS_NFPROTO_ARP = 3,
|
|
|
|
WS_NFPROTO_NETDEV = 5,
|
|
|
|
WS_NFPROTO_BRIDGE = 7,
|
|
|
|
WS_NFPROTO_IPV6 = 10,
|
|
|
|
WS_NFPROTO_DECNET = 12,
|
|
|
|
};
|
|
|
|
extern const value_string nfproto_family_vals[];
|
2016-08-20 13:10:21 +00:00
|
|
|
extern const value_string netfilter_hooks_vals[];
|
2016-08-20 11:22:30 +00:00
|
|
|
|
2013-12-08 12:01:32 +00:00
|
|
|
#define PACKET_NETLINK_MAGIC 0x4A5ACCCE
|
|
|
|
|
|
|
|
struct packet_netlink_data {
|
|
|
|
guint32 magic; /* PACKET_NETLINK_MAGIC */
|
|
|
|
|
|
|
|
int encoding;
|
|
|
|
guint16 type;
|
|
|
|
};
|
|
|
|
|
2017-04-04 19:30:45 +00:00
|
|
|
/**
|
|
|
|
* Dissects the Netlink message header (struct nlmsghdr). The "hfi_type" field
|
|
|
|
* is added for the "nlmsg_type" field and returned into pi_type.
|
|
|
|
*/
|
|
|
|
int dissect_netlink_header(tvbuff_t *tvb, proto_tree *tree, int offset, int encoding, header_field_info *hfi_type, proto_item **pi_type);
|
|
|
|
|
2020-01-07 22:02:06 +00:00
|
|
|
typedef int netlink_attributes_cb_t(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len);
|
2013-12-11 20:48:18 +00:00
|
|
|
|
2016-08-31 18:06:49 +00:00
|
|
|
int dissect_netlink_attributes(tvbuff_t *tvb, header_field_info *hfi_type, int ett, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int offset, int length, netlink_attributes_cb_t cb);
|
2016-08-11 21:30:06 +00:00
|
|
|
|
netlink: don't use -1 to mean "to end of packet".
Add dissect_netlink_attributes_to_end(), which takes no length argument,
and uses tvb_ensure_reported_length() to get the remaining length in the
packet.
In dissect_netlink_attributes_common(), treat negative lengths as if
they were a positive length >= 2^31, and throw a reported bounds error.
Also, throw a bounds error if there's more padding to a 4-byte boundary
than there is data in the packet.
At that point, we know the length is positive, so assign it to an
unsigned variable and use *that* in the loop. Throw an error if the
attribute goes past the end of the packet (although we presumably would
have done that already).
(We really should eliminate all use of -1 as "to the end", and make
lengths unsigned. We should also get rid of any places where we're
using negative offsets as offsets from the end of the packet - in the
few cases where you're dealing with trailers, you want to do that
carefully, so as not to throw an exception dissecting the trailer before
you get around to dissecting the rest of the packet - and make offsets
unsigned as well.)
2021-06-15 21:32:54 +00:00
|
|
|
int dissect_netlink_attributes_to_end(tvbuff_t *tvb, header_field_info *hfi_type, int ett, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int offset, netlink_attributes_cb_t cb);
|
|
|
|
|
2017-04-04 11:13:59 +00:00
|
|
|
/*
|
|
|
|
* Similar to dissect_netlink_attributes, but used to parse nested attributes
|
|
|
|
* that model an array of attributes. The first level (tree ett_array) contains
|
|
|
|
* array elements and its type field is the array index. The next level (tree
|
|
|
|
* ett_attrib) contains attributes (where hfi_type applies).
|
|
|
|
*/
|
|
|
|
int dissect_netlink_attributes_array(tvbuff_t *tvb, header_field_info *hfi_type, int ett_array, int ett_attrib, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int offset, int length, netlink_attributes_cb_t cb);
|
|
|
|
|
2016-08-11 21:30:06 +00:00
|
|
|
#define NLA_F_NESTED 0x8000
|
|
|
|
#define NLA_F_NET_BYTEORDER 0x4000
|
|
|
|
#define NLA_TYPE_MASK 0x3fff
|
2013-12-11 20:48:18 +00:00
|
|
|
|
2017-04-03 00:32:03 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Format of the data that is passed to "genl.family" dissectors.
|
|
|
|
*/
|
|
|
|
typedef struct {
|
2020-01-07 22:02:06 +00:00
|
|
|
struct packet_netlink_data *nl_data;
|
2017-04-03 00:32:03 +00:00
|
|
|
|
2017-04-16 22:54:32 +00:00
|
|
|
/* For internal use by genl. */
|
|
|
|
proto_tree *genl_tree;
|
|
|
|
|
2017-04-03 00:32:03 +00:00
|
|
|
/* fields from genlmsghdr */
|
|
|
|
guint8 cmd; /* Command number */
|
2020-01-13 21:54:53 +00:00
|
|
|
|
|
|
|
/* XXX This should contain a family version number as well. */
|
2017-04-03 00:32:03 +00:00
|
|
|
} genl_info_t;
|
|
|
|
|
2020-01-07 22:02:06 +00:00
|
|
|
int dissect_genl_header(tvbuff_t *tvb, genl_info_t *genl_info, struct packet_netlink_data *nl_data, header_field_info *hfi_cmd);
|
2017-04-16 22:54:32 +00:00
|
|
|
|
2013-12-08 12:01:32 +00:00
|
|
|
#endif /* __PACKET_NETLINK_H__ */
|
2020-01-07 22:02:06 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Editor modelines - https://www.wireshark.org/tools/modelines.html
|
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
*/
|