2013-12-11 20:48:18 +00:00
|
|
|
/* packet-netlink-netfilter.c
|
|
|
|
*
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
2018-02-12 11:23:27 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
2013-12-11 20:48:18 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
2016-08-06 23:03:17 +00:00
|
|
|
#include <epan/aftypes.h>
|
|
|
|
#include <epan/etypes.h>
|
2013-12-11 20:48:18 +00:00
|
|
|
#include <epan/packet.h>
|
|
|
|
#include "packet-netlink.h"
|
|
|
|
|
2013-12-13 22:34:10 +00:00
|
|
|
void proto_register_netlink_netfilter(void);
|
|
|
|
void proto_reg_handoff_netlink_netfilter(void);
|
|
|
|
|
2013-12-11 21:30:23 +00:00
|
|
|
typedef struct {
|
2013-12-11 20:48:18 +00:00
|
|
|
packet_info *pinfo;
|
2016-08-06 23:03:17 +00:00
|
|
|
guint16 hw_protocol; /* protocol for NFQUEUE packet payloads. */
|
2013-12-11 21:30:23 +00:00
|
|
|
} netlink_netfilter_info_t;
|
2013-12-11 20:48:18 +00:00
|
|
|
|
|
|
|
|
|
|
|
static dissector_handle_t netlink_netfilter;
|
|
|
|
static dissector_handle_t nflog_handle;
|
2016-08-06 23:03:17 +00:00
|
|
|
static dissector_table_t ethertype_table;
|
2013-12-11 20:48:18 +00:00
|
|
|
|
2019-12-27 22:36:56 +00:00
|
|
|
/* nfnetlink subsystems from <include/uapi/linux/netfilter/nfnetlink.h> */
|
2013-12-11 20:48:18 +00:00
|
|
|
enum {
|
|
|
|
WS_NFNL_SUBSYS_NONE = 0,
|
|
|
|
WS_NFNL_SUBSYS_CTNETLINK = 1,
|
|
|
|
WS_NFNL_SUBSYS_CTNETLINK_EXP = 2,
|
|
|
|
WS_NFNL_SUBSYS_QUEUE = 3,
|
|
|
|
WS_NFNL_SUBSYS_ULOG = 4,
|
|
|
|
WS_NFNL_SUBSYS_OSF = 5,
|
|
|
|
WS_NFNL_SUBSYS_IPSET = 6,
|
|
|
|
WS_NFNL_SUBSYS_ACCT = 7,
|
|
|
|
WS_NFNL_SUBSYS_CTNETLINK_TIMEOUT = 8,
|
2016-08-06 23:03:17 +00:00
|
|
|
WS_NFNL_SUBSYS_CTHELPER = 9,
|
|
|
|
WS_NFNL_SUBSYS_NFTABLES = 10,
|
|
|
|
WS_NFNL_SUBSYS_NFT_COMPAT = 11,
|
2019-12-27 22:36:56 +00:00
|
|
|
WS_NFNL_SUBSYS_COUNT = 12,
|
2013-12-11 20:48:18 +00:00
|
|
|
};
|
|
|
|
|
2019-12-27 22:36:56 +00:00
|
|
|
/* nfnetlink ULOG subsystem types from <include/uapi/linux/netfilter/nfnetlink_log.h> */
|
2013-12-11 20:48:18 +00:00
|
|
|
enum ws_nfulnl_msg_types {
|
|
|
|
WS_NFULNL_MSG_PACKET = 0,
|
|
|
|
WS_NFULNL_MSG_CONFIG = 1
|
|
|
|
};
|
|
|
|
|
2019-12-27 22:36:56 +00:00
|
|
|
/* Macros for "hook function responses" from <include/uapi/linux/netfilter.h> */
|
2016-08-06 23:03:17 +00:00
|
|
|
enum ws_verdict_types {
|
|
|
|
WS_NF_DROP = 0,
|
|
|
|
WS_NF_ACCEPT = 1,
|
|
|
|
WS_NF_STOLEN = 2,
|
|
|
|
WS_NF_QUEUE = 3,
|
|
|
|
WS_NF_REPEAT = 4,
|
|
|
|
WS_NF_STOP = 5,
|
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_nf_inet_hooks {
|
|
|
|
WS_NF_INET_PRE_ROUTING = 0,
|
|
|
|
WS_NF_INET_LOCAL_IN = 1,
|
|
|
|
WS_NF_INET_FORWARD = 2,
|
|
|
|
WS_NF_INET_LOCAL_OUT = 3,
|
|
|
|
WS_NF_INET_POST_ROUTING = 4,
|
|
|
|
};
|
|
|
|
|
2019-12-27 22:36:56 +00:00
|
|
|
/* from <include/uapi/linux/netfilter/nf_conntrack_common.h> */
|
2016-08-06 23:03:17 +00:00
|
|
|
enum ws_ip_conntrack_info {
|
|
|
|
WS_IP_CT_ESTABLISHED,
|
|
|
|
WS_IP_CT_RELATED,
|
|
|
|
WS_IP_CT_NEW,
|
|
|
|
WS_IP_CT_IS_REPLY,
|
|
|
|
WS_IP_CT_ESTABLISHED_REPLY = WS_IP_CT_ESTABLISHED + WS_IP_CT_IS_REPLY,
|
|
|
|
WS_IP_CT_RELATED_REPLY = WS_IP_CT_RELATED + WS_IP_CT_IS_REPLY,
|
|
|
|
WS_IP_CT_NUMBER,
|
|
|
|
};
|
|
|
|
|
2017-12-04 00:09:17 +00:00
|
|
|
enum ws_ip_conntrack_status {
|
|
|
|
WS_IPS_EXPECTED_BIT = 0,
|
|
|
|
WS_IPS_EXPECTED = (1 << WS_IPS_EXPECTED_BIT),
|
|
|
|
WS_IPS_SEEN_REPLY_BIT = 1,
|
|
|
|
WS_IPS_SEEN_REPLY = (1 << WS_IPS_SEEN_REPLY_BIT),
|
|
|
|
WS_IPS_ASSURED_BIT = 2,
|
|
|
|
WS_IPS_ASSURED = (1 << WS_IPS_ASSURED_BIT),
|
|
|
|
WS_IPS_CONFIRMED_BIT = 3,
|
|
|
|
WS_IPS_CONFIRMED = (1 << WS_IPS_CONFIRMED_BIT),
|
|
|
|
WS_IPS_SRC_NAT_BIT = 4,
|
|
|
|
WS_IPS_SRC_NAT = (1 << WS_IPS_SRC_NAT_BIT),
|
|
|
|
WS_IPS_DST_NAT_BIT = 5,
|
|
|
|
WS_IPS_DST_NAT = (1 << WS_IPS_DST_NAT_BIT),
|
|
|
|
WS_IPS_SEQ_ADJUST_BIT = 6,
|
|
|
|
WS_IPS_SEQ_ADJUST = (1 << WS_IPS_SEQ_ADJUST_BIT),
|
|
|
|
WS_IPS_SRC_NAT_DONE_BIT = 7,
|
|
|
|
WS_IPS_SRC_NAT_DONE = (1 << WS_IPS_SRC_NAT_DONE_BIT),
|
|
|
|
WS_IPS_DST_NAT_DONE_BIT = 8,
|
|
|
|
WS_IPS_DST_NAT_DONE = (1 << WS_IPS_DST_NAT_DONE_BIT),
|
|
|
|
WS_IPS_DYING_BIT = 9,
|
|
|
|
WS_IPS_DYING = (1 << WS_IPS_DYING_BIT),
|
|
|
|
WS_IPS_FIXED_TIMEOUT_BIT = 10,
|
|
|
|
WS_IPS_FIXED_TIMEOUT = (1 << WS_IPS_FIXED_TIMEOUT_BIT),
|
|
|
|
WS_IPS_TEMPLATE_BIT = 11,
|
|
|
|
WS_IPS_TEMPLATE = (1 << WS_IPS_TEMPLATE_BIT),
|
|
|
|
WS_IPS_UNTRACKED_BIT = 12,
|
|
|
|
WS_IPS_UNTRACKED = (1 << WS_IPS_UNTRACKED_BIT),
|
|
|
|
WS_IPS_HELPER_BIT = 13,
|
|
|
|
WS_IPS_HELPER = (1 << WS_IPS_HELPER_BIT),
|
2019-12-27 22:36:56 +00:00
|
|
|
WS_IPS_OFFLOAD_BIT = 14,
|
|
|
|
WS_IPS_OFFLOAD = (1 << WS_IPS_OFFLOAD_BIT),
|
2017-12-04 00:09:17 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
enum nfexp_flags {
|
|
|
|
WS_NF_CT_EXPECT_PERMANENT = (1 << 0),
|
|
|
|
WS_NF_CT_EXPECT_INACTIVE = (1 << 1),
|
|
|
|
WS_NF_CT_EXPECT_USERSPACE = (1 << 2),
|
|
|
|
};
|
|
|
|
|
2019-12-27 22:36:56 +00:00
|
|
|
/* from <include/uapi/linux/netfilter/nf_conntrack_tuple_common.h> */
|
2017-12-04 00:09:17 +00:00
|
|
|
enum ws_ip_conntrack_dir {
|
|
|
|
WS_IP_CT_DIR_ORIGINAL = 0,
|
|
|
|
WS_IP_CT_DIR_REPLY = 1,
|
|
|
|
};
|
|
|
|
|
2019-12-27 22:36:56 +00:00
|
|
|
/* nfnetlink QUEUE subsystem types from <include/uapi/linux/netfilter/nfnetlink_queue.h> */
|
2013-12-11 20:48:18 +00:00
|
|
|
enum ws_nfqnl_msg_types {
|
|
|
|
WS_NFQNL_MSG_PACKET = 0,
|
|
|
|
WS_NFQNL_MSG_VERDICT = 1,
|
|
|
|
WS_NFQNL_MSG_CONFIG = 2,
|
|
|
|
WS_NFQNL_MSG_VERDICT_BATCH = 3
|
|
|
|
};
|
|
|
|
|
2016-08-06 23:03:17 +00:00
|
|
|
enum ws_nfqnl_attr_type {
|
|
|
|
WS_NFQA_UNSPEC = 0,
|
|
|
|
WS_NFQA_PACKET_HDR = 1,
|
|
|
|
WS_NFQA_VERDICT_HDR = 2,
|
|
|
|
WS_NFQA_MARK = 3,
|
|
|
|
WS_NFQA_TIMESTAMP = 4,
|
|
|
|
WS_NFQA_IFINDEX_INDEV = 5,
|
|
|
|
WS_NFQA_IFINDEX_OUTDEV = 6,
|
|
|
|
WS_NFQA_IFINDEX_PHYSINDEV = 7,
|
|
|
|
WS_NFQA_IFINDEX_PHYSOUTDEV = 8,
|
|
|
|
WS_NFQA_HWADDR = 9,
|
|
|
|
WS_NFQA_PAYLOAD = 10,
|
|
|
|
WS_NFQA_CT = 11,
|
|
|
|
WS_NFQA_CT_INFO = 12,
|
|
|
|
WS_NFQA_CAP_LEN = 13,
|
|
|
|
WS_NFQA_SKB_INFO = 14,
|
|
|
|
WS_NFQA_EXP = 15,
|
|
|
|
WS_NFQA_UID = 16,
|
|
|
|
WS_NFQA_GID = 17,
|
|
|
|
WS_NFQA_SECCTX = 18,
|
|
|
|
WS_NFQA_VLAN = 19,
|
|
|
|
WS_NFQA_L2HDR = 20,
|
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_nfqnl_msg_config_cmds {
|
|
|
|
WS_NFQNL_CFG_CMD_NONE = 0,
|
|
|
|
WS_NFQNL_CFG_CMD_BIND = 1,
|
|
|
|
WS_NFQNL_CFG_CMD_UNBIND = 2,
|
|
|
|
WS_NFQNL_CFG_CMD_PF_BIND = 3,
|
|
|
|
WS_NFQNL_CFG_CMD_PF_UNBIND = 4,
|
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_nfqnl_config_mode {
|
|
|
|
WS_NFQNL_COPY_NONE = 0,
|
|
|
|
WS_NFQNL_COPY_META = 1,
|
|
|
|
WS_NFQNL_COPY_PACKET = 2,
|
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_nfqnl_attr_config {
|
|
|
|
WS_NFQA_CFG_UNSPEC = 0,
|
|
|
|
WS_NFQA_CFG_CMD = 1,
|
|
|
|
WS_NFQA_CFG_PARAMS = 2,
|
|
|
|
WS_NFQA_CFG_QUEUE_MAXLEN = 3,
|
|
|
|
WS_NFQA_CFG_MASK = 4,
|
|
|
|
WS_NFQA_CFG_FLAGS = 5,
|
|
|
|
};
|
|
|
|
|
2019-12-27 22:36:56 +00:00
|
|
|
/* from <include/uapi/linux/netfilter/nfnetlink_conntrack.h> */
|
2017-12-04 00:09:17 +00:00
|
|
|
enum ws_ctattr_tuple {
|
|
|
|
WS_CTA_TUPLE_UNSPEC = 0,
|
|
|
|
WS_CTA_TUPLE_IP = 1,
|
|
|
|
WS_CTA_TUPLE_PROTO = 2,
|
|
|
|
WS_CTA_TUPLE_ZONE = 3,
|
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_ctattr_ip {
|
|
|
|
WS_CTA_IP_UNSPEC = 0,
|
|
|
|
WS_CTA_IP_V4_SRC = 1,
|
|
|
|
WS_CTA_IP_V4_DST = 2,
|
|
|
|
WS_CTA_IP_V6_SRC = 3,
|
|
|
|
WS_CTA_IP_V6_DST = 4,
|
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_ctattr_l4proto {
|
|
|
|
WS_CTA_PROTO_UNSPEC = 0,
|
|
|
|
WS_CTA_PROTO_NUM = 1,
|
|
|
|
WS_CTA_PROTO_SRC_PORT = 2,
|
|
|
|
WS_CTA_PROTO_DST_PORT = 3,
|
|
|
|
WS_CTA_PROTO_ICMP_ID = 4,
|
|
|
|
WS_CTA_PROTO_ICMP_TYPE = 5,
|
|
|
|
WS_CTA_PROTO_ICMP_CODE = 6,
|
|
|
|
WS_CTA_PROTO_ICMPV6_ID = 7,
|
|
|
|
WS_CTA_PROTO_ICMPV6_TYPE = 8,
|
|
|
|
WS_CTA_PROTO_ICMPV6_CODE = 9,
|
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_ctnl_exp_msg_types {
|
|
|
|
WS_IPCTNL_MSG_EXP_NEW = 0,
|
|
|
|
WS_IPCTNL_MSG_EXP_GET = 1,
|
|
|
|
WS_IPCTNL_MSG_EXP_DELETE = 2,
|
|
|
|
WS_IPCTNL_MSG_EXP_GET_STATS_CPU = 3,
|
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_ctattr_expect {
|
|
|
|
WS_CTA_EXPECT_UNSPEC = 0,
|
|
|
|
WS_CTA_EXPECT_MASTER = 1,
|
|
|
|
WS_CTA_EXPECT_TUPLE = 2,
|
|
|
|
WS_CTA_EXPECT_MASK = 3,
|
|
|
|
WS_CTA_EXPECT_TIMEOUT = 4,
|
|
|
|
WS_CTA_EXPECT_ID = 5,
|
|
|
|
WS_CTA_EXPECT_HELP_NAME = 6,
|
|
|
|
WS_CTA_EXPECT_ZONE = 7,
|
|
|
|
WS_CTA_EXPECT_FLAGS = 8,
|
|
|
|
WS_CTA_EXPECT_CLASS = 9,
|
|
|
|
WS_CTA_EXPECT_NAT = 10,
|
|
|
|
WS_CTA_EXPECT_FN = 11,
|
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_ctattr_expect_nat {
|
2019-12-27 22:36:56 +00:00
|
|
|
WS_CTA_EXPECT_NAT_UNSPEC = 0,
|
2017-12-04 00:09:17 +00:00
|
|
|
WS_CTA_EXPECT_NAT_DIR = 1,
|
|
|
|
WS_CTA_EXPECT_NAT_TUPLE = 2,
|
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_ctattr_type {
|
|
|
|
WS_CTA_UNSPEC = 0,
|
|
|
|
WS_CTA_TUPLE_ORIG = 1,
|
|
|
|
WS_CTA_TUPLE_REPLY = 2,
|
|
|
|
WS_CTA_STATUS = 3,
|
|
|
|
WS_CTA_PROTOINFO = 4,
|
|
|
|
WS_CTA_HELP = 5,
|
|
|
|
WS_CTA_NAT_SRC = 6,
|
|
|
|
WS_CTA_TIMEOUT = 7,
|
|
|
|
WS_CTA_MARK = 8,
|
|
|
|
WS_CTA_COUNTERS_ORIG = 9,
|
|
|
|
WS_CTA_COUNTERS_REPLY = 10,
|
|
|
|
WS_CTA_USE = 11,
|
|
|
|
WS_CTA_ID = 12,
|
|
|
|
WS_CTA_NAT_DST = 13,
|
|
|
|
WS_CTA_TUPLE_MASTER = 14,
|
|
|
|
WS_CTA_SEQ_ADJ_ORIG = 15,
|
|
|
|
WS_CTA_SEQ_ADJ_REPLY = 16,
|
|
|
|
WS_CTA_SECMARK = 17,
|
|
|
|
WS_CTA_ZONE = 18,
|
|
|
|
WS_CTA_SECCTX = 19,
|
|
|
|
WS_CTA_TIMESTAMP = 20,
|
|
|
|
WS_CTA_MARK_MASK = 21,
|
|
|
|
WS_CTA_LABELS = 22,
|
|
|
|
WS_CTA_LABELS_MASK = 23,
|
2019-12-27 22:36:56 +00:00
|
|
|
WS_CTA_SYNPROXY = 24,
|
2017-12-04 00:09:17 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_ctattr_help {
|
|
|
|
WS_CTA_HELP_UNSPEC = 0,
|
|
|
|
WS_CTA_HELP_NAME = 1,
|
|
|
|
WS_CTA_HELP_INFO = 2,
|
|
|
|
};
|
|
|
|
|
|
|
|
enum ws_ctattr_seqadj {
|
2019-12-27 22:36:56 +00:00
|
|
|
WS_CTA_SEQADJ_UNSPEC = 0,
|
2017-12-04 00:09:17 +00:00
|
|
|
WS_CTA_SEQADJ_CORRECTION_POS = 1,
|
|
|
|
WS_CTA_SEQADJ_OFFSET_BEFORE = 2,
|
|
|
|
WS_CTA_SEQADJ_OFFSET_AFTER = 3,
|
|
|
|
};
|
|
|
|
|
2019-12-27 22:36:56 +00:00
|
|
|
/* from <include/uapi/linux/netfilter/ipset/ip_set.h> */
|
2016-08-12 15:24:54 +00:00
|
|
|
enum ws_ipset_cmd {
|
|
|
|
WS_IPSET_CMD_NONE = 0,
|
|
|
|
WS_IPSET_CMD_PROTOCOL = 1,
|
|
|
|
WS_IPSET_CMD_CREATE = 2,
|
|
|
|
WS_IPSET_CMD_DESTROY = 3,
|
|
|
|
WS_IPSET_CMD_FLUSH = 4,
|
|
|
|
WS_IPSET_CMD_RENAME = 5,
|
|
|
|
WS_IPSET_CMD_SWAP = 6,
|
|
|
|
WS_IPSET_CMD_LIST = 7,
|
|
|
|
WS_IPSET_CMD_SAVE = 8,
|
|
|
|
WS_IPSET_CMD_ADD = 9,
|
|
|
|
WS_IPSET_CMD_DEL = 10,
|
|
|
|
WS_IPSET_CMD_TEST = 11,
|
|
|
|
WS_IPSET_CMD_HEADER = 12,
|
|
|
|
WS_IPSET_CMD_TYPE = 13,
|
2019-12-27 22:36:56 +00:00
|
|
|
WS_IPSET_CMD_GET_BYNAME = 14,
|
|
|
|
WS_IPSET_CMD_GET_BYINDEX = 15,
|
2016-08-12 15:24:54 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/* Attributes at command level */
|
|
|
|
enum ws_ipset_attr {
|
|
|
|
WS_IPSET_ATTR_PROTOCOL = 1,
|
|
|
|
WS_IPSET_ATTR_SETNAME = 2,
|
|
|
|
WS_IPSET_ATTR_TYPENAME = 3,
|
|
|
|
WS_IPSET_ATTR_REVISION = 4,
|
|
|
|
WS_IPSET_ATTR_FAMILY = 5,
|
|
|
|
WS_IPSET_ATTR_FLAGS = 6,
|
|
|
|
WS_IPSET_ATTR_DATA = 7,
|
|
|
|
WS_IPSET_ATTR_ADT = 8,
|
|
|
|
WS_IPSET_ATTR_LINENO = 9,
|
|
|
|
WS_IPSET_ATTR_PROTOCOL_MIN = 10,
|
2019-12-27 22:36:56 +00:00
|
|
|
WS_IPSET_ATTR_INDEX = 11,
|
2016-08-12 15:24:54 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/* CADT-specific attributes (Create/Abstract Data Type) */
|
|
|
|
enum ws_ipset_cadt_attr {
|
|
|
|
WS_IPSET_ATTR_IP_FROM = 1,
|
|
|
|
WS_IPSET_ATTR_IP_TO = 2,
|
|
|
|
WS_IPSET_ATTR_CIDR = 3,
|
|
|
|
WS_IPSET_ATTR_PORT_FROM = 4,
|
|
|
|
WS_IPSET_ATTR_PORT_TO = 5,
|
|
|
|
WS_IPSET_ATTR_TIMEOUT = 6,
|
|
|
|
WS_IPSET_ATTR_PROTO = 7,
|
|
|
|
WS_IPSET_ATTR_CADT_FLAGS = 8,
|
|
|
|
WS_IPSET_ATTR_CADT_LINENO = 9,
|
|
|
|
WS_IPSET_ATTR_MARK = 10,
|
|
|
|
WS_IPSET_ATTR_MARKMASK = 11,
|
|
|
|
/* (reserved up to 16) */
|
|
|
|
#define WS_IPSET_ATTR_CADT_MAX 16
|
|
|
|
WS_IPSET_ATTR_GC = 17,
|
|
|
|
WS_IPSET_ATTR_HASHSIZE = 18,
|
|
|
|
WS_IPSET_ATTR_MAXELEM = 19,
|
|
|
|
WS_IPSET_ATTR_NETMASK = 20,
|
|
|
|
WS_IPSET_ATTR_PROBES = 21,
|
|
|
|
WS_IPSET_ATTR_RESIZE = 22,
|
|
|
|
WS_IPSET_ATTR_SIZE = 23,
|
|
|
|
WS_IPSET_ATTR_ELEMENTS = 24,
|
|
|
|
WS_IPSET_ATTR_REFERENCES = 25,
|
|
|
|
WS_IPSET_ATTR_MEMSIZE = 26,
|
|
|
|
};
|
|
|
|
|
|
|
|
/* ADT-specific attrivutes */
|
|
|
|
enum ws_ipset_adt_attr {
|
|
|
|
WS_IPSET_ATTR_ETHER = 17,
|
|
|
|
WS_IPSET_ATTR_NAME = 18,
|
|
|
|
WS_IPSET_ATTR_NAMEREF = 19,
|
|
|
|
WS_IPSET_ATTR_IP2 = 20,
|
|
|
|
WS_IPSET_ATTR_CIDR2 = 21,
|
|
|
|
WS_IPSET_ATTR_IP2_TO = 22,
|
|
|
|
WS_IPSET_ATTR_IFACE = 23,
|
|
|
|
WS_IPSET_ATTR_BYTES = 24,
|
|
|
|
WS_IPSET_ATTR_PACKETS = 25,
|
|
|
|
WS_IPSET_ATTR_COMMENT = 26,
|
|
|
|
WS_IPSET_ATTR_SKBMARK = 27,
|
|
|
|
WS_IPSET_ATTR_SKBPRIO = 28,
|
|
|
|
WS_IPSET_ATTR_SKBQUEUE = 29,
|
|
|
|
WS_IPSET_ATTR_PAD = 30,
|
|
|
|
};
|
|
|
|
|
|
|
|
/* IP specific attributes */
|
|
|
|
enum ws_ipset_ip_attr {
|
|
|
|
WS_IPSET_ATTR_IPADDR_IPV4 = 1,
|
|
|
|
WS_IPSET_ATTR_IPADDR_IPV6 = 2,
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2017-04-04 19:30:45 +00:00
|
|
|
static int proto_netlink_netfilter;
|
|
|
|
|
2021-12-11 15:33:27 +00:00
|
|
|
static int hf_ipset_adt_attr = -1;
|
|
|
|
static int hf_ipset_adt_attr_comment = -1;
|
|
|
|
static int hf_ipset_attr = -1;
|
|
|
|
static int hf_ipset_attr_family = -1;
|
|
|
|
static int hf_ipset_attr_flags = -1;
|
|
|
|
static int hf_ipset_attr_setname = -1;
|
|
|
|
static int hf_ipset_attr_typename = -1;
|
|
|
|
static int hf_ipset_cadt_attr = -1;
|
|
|
|
static int hf_ipset_cadt_attr_cadt_flags = -1;
|
|
|
|
static int hf_ipset_cadt_attr_cidr = -1;
|
|
|
|
static int hf_ipset_cadt_attr_timeout = -1;
|
|
|
|
static int hf_ipset_command = -1;
|
|
|
|
static int hf_ipset_ip_attr = -1;
|
|
|
|
static int hf_ipset_ip_attr_ipv4 = -1;
|
|
|
|
static int hf_ipset_ip_attr_ipv6 = -1;
|
|
|
|
static int hf_netlink_netfilter_family = -1;
|
|
|
|
static int hf_netlink_netfilter_resid = -1;
|
|
|
|
static int hf_netlink_netfilter_subsys = -1;
|
|
|
|
static int hf_netlink_netfilter_ulog_type = -1;
|
|
|
|
static int hf_netlink_netfilter_version = -1;
|
|
|
|
static int hf_nfct_attr = -1;
|
|
|
|
static int hf_nfct_attr_id = -1;
|
|
|
|
static int hf_nfct_attr_status = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_assured = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_confirmed = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_dst_nat = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_dst_nat_done = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_dying = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_expected = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_fixed_timeout = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_helper = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_offload = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_seen_reply = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_seq_adjust = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_src_nat = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_src_nat_done = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_template = -1;
|
|
|
|
static int hf_nfct_attr_status_flag_untracked = -1;
|
|
|
|
static int hf_nfct_attr_timeout = -1;
|
|
|
|
static int hf_nfct_help_attr = -1;
|
|
|
|
static int hf_nfct_help_attr_help_name = -1;
|
|
|
|
static int hf_nfct_seqadj_attr = -1;
|
|
|
|
static int hf_nfct_seqadj_attr_correction_pos = -1;
|
|
|
|
static int hf_nfct_seqadj_attr_offset_after = -1;
|
|
|
|
static int hf_nfct_seqadj_attr_offset_before = -1;
|
|
|
|
static int hf_nfct_tuple_attr = -1;
|
|
|
|
static int hf_nfct_tuple_ip_attr = -1;
|
|
|
|
static int hf_nfct_tuple_ip_attr_ipv4 = -1;
|
|
|
|
static int hf_nfct_tuple_ip_attr_ipv6 = -1;
|
|
|
|
static int hf_nfct_tuple_proto_attr = -1;
|
|
|
|
static int hf_nfct_tuple_proto_dst_port_attr = -1;
|
|
|
|
static int hf_nfct_tuple_proto_num_attr = -1;
|
|
|
|
static int hf_nfct_tuple_proto_src_port_attr = -1;
|
|
|
|
static int hf_nfct_tuple_zone_attr = -1;
|
|
|
|
static int hf_nfexp_attr = -1;
|
|
|
|
static int hf_nfexp_attr_class = -1;
|
|
|
|
static int hf_nfexp_attr_flag_inactive = -1;
|
|
|
|
static int hf_nfexp_attr_flag_permanent = -1;
|
|
|
|
static int hf_nfexp_attr_flag_userspace = -1;
|
|
|
|
static int hf_nfexp_attr_flags = -1;
|
|
|
|
static int hf_nfexp_attr_fn = -1;
|
|
|
|
static int hf_nfexp_attr_id = -1;
|
|
|
|
static int hf_nfexp_attr_timeout = -1;
|
|
|
|
static int hf_nfexp_attr_zone = -1;
|
|
|
|
static int hf_nfexp_nat_attr = -1;
|
|
|
|
static int hf_nfexp_nat_attr_dir = -1;
|
|
|
|
static int hf_nfexp_type = -1;
|
|
|
|
static int hf_nfq_attr = -1;
|
|
|
|
static int hf_nfq_caplen = -1;
|
|
|
|
static int hf_nfq_config_attr = -1;
|
|
|
|
static int hf_nfq_config_command_command = -1;
|
|
|
|
static int hf_nfq_config_command_pf = -1;
|
|
|
|
static int hf_nfq_config_flags = -1;
|
|
|
|
static int hf_nfq_config_mask = -1;
|
|
|
|
static int hf_nfq_config_params_copymode = -1;
|
|
|
|
static int hf_nfq_config_params_copyrange = -1;
|
|
|
|
static int hf_nfq_config_queue_maxlen = -1;
|
|
|
|
static int hf_nfq_ctinfo = -1;
|
|
|
|
static int hf_nfq_gid = -1;
|
|
|
|
static int hf_nfq_hwaddr_addr = -1;
|
|
|
|
static int hf_nfq_hwaddr_len = -1;
|
|
|
|
static int hf_nfq_ifindex_indev = -1;
|
|
|
|
static int hf_nfq_ifindex_outdev = -1;
|
|
|
|
static int hf_nfq_ifindex_physindev = -1;
|
|
|
|
static int hf_nfq_ifindex_physoutdev = -1;
|
|
|
|
static int hf_nfq_nfmark = -1;
|
|
|
|
static int hf_nfq_packet_hook = -1;
|
|
|
|
static int hf_nfq_packet_hwprotocol = -1;
|
|
|
|
static int hf_nfq_packet_id = -1;
|
|
|
|
static int hf_nfq_timestamp = -1;
|
|
|
|
static int hf_nfq_type = -1;
|
|
|
|
static int hf_nfq_uid = -1;
|
|
|
|
static int hf_nfq_verdict_id = -1;
|
|
|
|
static int hf_nfq_verdict_verdict = -1;
|
|
|
|
|
2013-12-11 20:48:18 +00:00
|
|
|
static int ett_netlink_netfilter = -1;
|
2017-12-04 00:09:17 +00:00
|
|
|
static int ett_nfct_attr = -1;
|
|
|
|
static int ett_nfct_help_attr = -1;
|
|
|
|
static int ett_nfct_seqadj_attr = -1;
|
|
|
|
static int ett_nfct_status_attr = -1;
|
|
|
|
static int ett_nfct_tuple_attr = -1;
|
|
|
|
static int ett_nfct_tuple_ip_attr = -1;
|
|
|
|
static int ett_nfct_tuple_proto_attr = -1;
|
2016-08-06 23:03:17 +00:00
|
|
|
static int ett_nfq_config_attr = -1;
|
|
|
|
static int ett_nfq_attr = -1;
|
2017-12-04 00:09:17 +00:00
|
|
|
static int ett_nfexp_attr = -1;
|
|
|
|
static int ett_nfexp_flags_attr = -1;
|
|
|
|
static int ett_nfexp_nat_attr = -1;
|
2016-08-12 15:24:54 +00:00
|
|
|
static int ett_ipset_attr = -1;
|
|
|
|
static int ett_ipset_cadt_attr = -1;
|
|
|
|
static int ett_ipset_adt_attr = -1;
|
|
|
|
static int ett_ipset_ip_attr = -1;
|
2016-08-06 23:03:17 +00:00
|
|
|
|
|
|
|
static int dissect_netlink_netfilter_header(tvbuff_t *tvb, proto_tree *tree, int offset)
|
|
|
|
{
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_netlink_netfilter_family, tvb, offset, 1, ENC_NA);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset++;
|
|
|
|
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_netlink_netfilter_version, tvb, offset, 1, ENC_NA);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset++;
|
|
|
|
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_netlink_netfilter_resid, tvb, offset, 2, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 2;
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
2013-12-11 20:48:18 +00:00
|
|
|
|
2017-12-04 00:09:17 +00:00
|
|
|
/* tuple attribute, used by EXP and QUEUE */
|
|
|
|
|
|
|
|
static const value_string nfct_tuple_attr_vals[] = {
|
|
|
|
{ WS_CTA_TUPLE_IP, "IP address" },
|
|
|
|
{ WS_CTA_TUPLE_PROTO, "L4 protocol info" },
|
|
|
|
{ WS_CTA_TUPLE_ZONE, "Zone" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string nfct_tuple_ip_attr_vals[] = {
|
|
|
|
{ WS_CTA_IP_V4_SRC, "IPv4 source address" },
|
|
|
|
{ WS_CTA_IP_V4_DST, "IPv4 destination address" },
|
|
|
|
{ WS_CTA_IP_V6_SRC, "IPv6 source address" },
|
|
|
|
{ WS_CTA_IP_V6_DST, "IPv6 destination address" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string nfct_tuple_l4proto_attr_vals[] = {
|
|
|
|
{ WS_CTA_PROTO_NUM, "IP protocol number" },
|
|
|
|
{ WS_CTA_PROTO_SRC_PORT, "Source port" },
|
|
|
|
{ WS_CTA_PROTO_DST_PORT, "Destination port" },
|
|
|
|
{ WS_CTA_PROTO_ICMP_ID, "ICMPv4 ID" },
|
|
|
|
{ WS_CTA_PROTO_ICMP_TYPE, "ICMPv4 type" },
|
|
|
|
{ WS_CTA_PROTO_ICMP_CODE, "ICMPv4 code" },
|
|
|
|
{ WS_CTA_PROTO_ICMPV6_ID, "ICMPv6 ID" },
|
|
|
|
{ WS_CTA_PROTO_ICMPV6_TYPE, "ICMPv6 type" },
|
|
|
|
{ WS_CTA_PROTO_ICMPV6_CODE, "ICMPv6 code" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_nfct_tuple_proto_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len)
|
2017-12-04 00:09:17 +00:00
|
|
|
{
|
|
|
|
enum ws_ctattr_ip type = (enum ws_ctattr_ip) nla_type & NLA_TYPE_MASK;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_CTA_PROTO_NUM:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_tuple_proto_num_attr, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_PROTO_SRC_PORT:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_tuple_proto_src_port_attr, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_PROTO_DST_PORT:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_tuple_proto_dst_port_attr, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_nfct_tuple_ip_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len)
|
2017-12-04 00:09:17 +00:00
|
|
|
{
|
|
|
|
enum ws_ctattr_ip type = (enum ws_ctattr_ip) nla_type & NLA_TYPE_MASK;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_CTA_IP_V4_SRC:
|
|
|
|
case WS_CTA_IP_V4_DST:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_tuple_ip_attr_ipv4, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_IP_V6_SRC:
|
|
|
|
case WS_CTA_IP_V6_DST:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_tuple_ip_attr_ipv6, tvb, offset, len, ENC_NA);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_nfct_tuple_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
|
2017-12-04 00:09:17 +00:00
|
|
|
{
|
|
|
|
enum ws_ctattr_tuple type = (enum ws_ctattr_tuple) nla_type & NLA_TYPE_MASK;
|
|
|
|
netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_CTA_TUPLE_IP:
|
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_nfct_tuple_ip_attr, ett_nfct_tuple_ip_attr, info, nl_data,
|
2017-12-04 00:09:17 +00:00
|
|
|
tree, offset, len, dissect_nfct_tuple_ip_attrs);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_CTA_TUPLE_PROTO:
|
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_nfct_tuple_proto_attr, ett_nfct_tuple_proto_attr, info, nl_data,
|
2017-12-04 00:09:17 +00:00
|
|
|
tree, offset, len, dissect_nfct_tuple_proto_attrs);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_CTA_TUPLE_ZONE:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_tuple_zone_attr, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* conntrack attributes, used by QUEUE and CT */
|
|
|
|
|
|
|
|
static const value_string nfct_attr_vals[] = {
|
|
|
|
{ WS_CTA_TUPLE_ORIG, "Original IP tuple" },
|
|
|
|
{ WS_CTA_TUPLE_REPLY, "Reply IP tuple" },
|
|
|
|
{ WS_CTA_STATUS, "Connection status" },
|
|
|
|
{ WS_CTA_PROTOINFO, "Protocol-specific info" },
|
|
|
|
{ WS_CTA_HELP, "Helper" },
|
|
|
|
{ WS_CTA_NAT_SRC, "SNAT setup" },
|
|
|
|
{ WS_CTA_TIMEOUT, "Timeout" },
|
|
|
|
{ WS_CTA_MARK, "Mark" },
|
|
|
|
{ WS_CTA_COUNTERS_ORIG, "COUNTERS_ORIG" },
|
|
|
|
{ WS_CTA_COUNTERS_REPLY, "COUNTERS_REPLY" },
|
|
|
|
{ WS_CTA_USE, "Use count" },
|
|
|
|
{ WS_CTA_ID, "ID" },
|
|
|
|
{ WS_CTA_NAT_DST, "DNAT setup" },
|
|
|
|
{ WS_CTA_TUPLE_MASTER, "Master IP tuple" },
|
|
|
|
{ WS_CTA_SEQ_ADJ_ORIG, "Sequence number adjustment (original direction)" },
|
|
|
|
{ WS_CTA_SEQ_ADJ_REPLY, "Sequence number adjustment (reply direction)" },
|
|
|
|
{ WS_CTA_SECMARK, "Security mark" },
|
|
|
|
{ WS_CTA_ZONE, "Zone" },
|
|
|
|
{ WS_CTA_SECCTX, "Security context" },
|
|
|
|
{ WS_CTA_TIMESTAMP, "Timestamp" },
|
|
|
|
{ WS_CTA_MARK_MASK, "Mark mask" },
|
|
|
|
{ WS_CTA_LABELS, "LABELS" },
|
|
|
|
{ WS_CTA_LABELS_MASK, "LABELS_MASK" },
|
2019-12-27 22:36:56 +00:00
|
|
|
{ WS_CTA_SYNPROXY, "SYNPROXY" },
|
2017-12-04 00:09:17 +00:00
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string nfct_help_attr_vals[] = {
|
|
|
|
{ WS_CTA_HELP_NAME, "Helper name" },
|
|
|
|
{ WS_CTA_HELP_INFO, "Helper info" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string nfct_seqadj_attr_vals[] = {
|
2019-12-27 22:36:56 +00:00
|
|
|
{ WS_CTA_SEQADJ_UNSPEC, "Unspecified" },
|
2017-12-04 00:09:17 +00:00
|
|
|
{ WS_CTA_SEQADJ_CORRECTION_POS, "Correction position" },
|
|
|
|
{ WS_CTA_SEQADJ_OFFSET_BEFORE, "Offset before" },
|
|
|
|
{ WS_CTA_SEQADJ_OFFSET_AFTER, "Offset after" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
2021-12-11 15:33:27 +00:00
|
|
|
static int * const hf_nfct_attr_status_flags[] = {
|
|
|
|
&hf_nfct_attr_status_flag_offload,
|
|
|
|
&hf_nfct_attr_status_flag_helper,
|
|
|
|
&hf_nfct_attr_status_flag_untracked,
|
|
|
|
&hf_nfct_attr_status_flag_template,
|
|
|
|
&hf_nfct_attr_status_flag_fixed_timeout,
|
|
|
|
&hf_nfct_attr_status_flag_dying,
|
|
|
|
&hf_nfct_attr_status_flag_dst_nat_done,
|
|
|
|
&hf_nfct_attr_status_flag_src_nat_done,
|
|
|
|
&hf_nfct_attr_status_flag_seq_adjust,
|
|
|
|
&hf_nfct_attr_status_flag_dst_nat,
|
|
|
|
&hf_nfct_attr_status_flag_src_nat,
|
|
|
|
&hf_nfct_attr_status_flag_confirmed,
|
|
|
|
&hf_nfct_attr_status_flag_assured,
|
|
|
|
&hf_nfct_attr_status_flag_seen_reply,
|
|
|
|
&hf_nfct_attr_status_flag_expected,
|
2018-01-12 22:05:14 +00:00
|
|
|
NULL
|
2017-12-04 00:09:17 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_nfct_help_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len)
|
2017-12-04 00:09:17 +00:00
|
|
|
{
|
|
|
|
enum ws_ctattr_help type = (enum ws_ctattr_help) nla_type & NLA_TYPE_MASK;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_CTA_HELP_NAME:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_help_attr_help_name, tvb, offset, len, ENC_UTF_8);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_nfct_seqadj_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len)
|
2017-12-04 00:09:17 +00:00
|
|
|
{
|
|
|
|
enum ws_ctattr_seqadj type = (enum ws_ctattr_seqadj) nla_type & NLA_TYPE_MASK;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_CTA_SEQADJ_CORRECTION_POS:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_seqadj_attr_correction_pos, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_SEQADJ_OFFSET_BEFORE:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_seqadj_attr_offset_before, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_SEQADJ_OFFSET_AFTER:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_seqadj_attr_offset_after, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_nfct_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
|
2017-12-04 00:09:17 +00:00
|
|
|
{
|
|
|
|
enum ws_ctattr_type type = (enum ws_ctattr_type) nla_type & NLA_TYPE_MASK;
|
|
|
|
netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_CTA_STATUS:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_bitmask(tree, tvb, offset, hf_nfct_attr_status,
|
|
|
|
ett_nfct_status_attr, hf_nfct_attr_status_flags, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_TIMEOUT:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_attr_timeout, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_ID:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfct_attr_id, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_HELP:
|
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_nfct_help_attr, ett_nfct_help_attr, info, nl_data,
|
2017-12-04 00:09:17 +00:00
|
|
|
tree, offset, len, dissect_nfct_help_attrs);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_CTA_SEQ_ADJ_ORIG:
|
|
|
|
case WS_CTA_SEQ_ADJ_REPLY:
|
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_nfct_seqadj_attr, ett_nfct_seqadj_attr, info, nl_data,
|
2017-12-04 00:09:17 +00:00
|
|
|
tree, offset, len, dissect_nfct_seqadj_attrs);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_CTA_TUPLE_ORIG:
|
|
|
|
case WS_CTA_TUPLE_REPLY:
|
|
|
|
case WS_CTA_TUPLE_MASTER:
|
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_nfct_tuple_attr, ett_nfct_tuple_attr, info, nl_data,
|
2017-12-04 00:09:17 +00:00
|
|
|
tree, offset, len, dissect_nfct_tuple_attrs);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* CT - main */
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_netfilter_ct(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset)
|
2017-12-04 00:09:17 +00:00
|
|
|
{
|
|
|
|
offset = dissect_netlink_netfilter_header(tvb, tree, offset);
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes_to_end(tvb, hf_nfct_attr, ett_nfct_attr, info, nl_data,
|
netlink: don't use -1 to mean "to end of packet".
Add dissect_netlink_attributes_to_end(), which takes no length argument,
and uses tvb_ensure_reported_length() to get the remaining length in the
packet.
In dissect_netlink_attributes_common(), treat negative lengths as if
they were a positive length >= 2^31, and throw a reported bounds error.
Also, throw a bounds error if there's more padding to a 4-byte boundary
than there is data in the packet.
At that point, we know the length is positive, so assign it to an
unsigned variable and use *that* in the loop. Throw an error if the
attribute goes past the end of the packet (although we presumably would
have done that already).
(We really should eliminate all use of -1 as "to the end", and make
lengths unsigned. We should also get rid of any places where we're
using negative offsets as offsets from the end of the packet - in the
few cases where you're dealing with trailers, you want to do that
carefully, so as not to throw an exception dissecting the trailer before
you get around to dissecting the rest of the packet - and make offsets
unsigned as well.)
2021-06-15 21:32:54 +00:00
|
|
|
tree, offset, dissect_nfct_attrs);
|
2017-12-04 00:09:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* EXP */
|
|
|
|
|
|
|
|
static const value_string nfexp_type_vals[] = {
|
|
|
|
{ WS_IPCTNL_MSG_EXP_NEW, "New" },
|
|
|
|
{ WS_IPCTNL_MSG_EXP_GET, "Get" },
|
|
|
|
{ WS_IPCTNL_MSG_EXP_DELETE, "Delete" },
|
|
|
|
{ WS_IPCTNL_MSG_EXP_GET_STATS_CPU, "Get CPU stats" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string nfexp_attr_vals[] = {
|
|
|
|
{ WS_CTA_EXPECT_MASTER, "Master IP tuple" },
|
|
|
|
{ WS_CTA_EXPECT_TUPLE, "IP tuple" },
|
|
|
|
{ WS_CTA_EXPECT_MASK, "IP mask tuple" },
|
|
|
|
{ WS_CTA_EXPECT_TIMEOUT, "Timeout" },
|
|
|
|
{ WS_CTA_EXPECT_ID, "ID" },
|
|
|
|
{ WS_CTA_EXPECT_HELP_NAME, "Helper name" },
|
|
|
|
{ WS_CTA_EXPECT_ZONE, "Zone" },
|
|
|
|
{ WS_CTA_EXPECT_FLAGS, "Flags" },
|
|
|
|
{ WS_CTA_EXPECT_CLASS, "Class" },
|
|
|
|
{ WS_CTA_EXPECT_NAT, "NAT" },
|
|
|
|
{ WS_CTA_EXPECT_FN, "Expect function" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string nfexp_nat_attr_vals[] = {
|
|
|
|
{ WS_CTA_EXPECT_NAT_DIR, "Direction" },
|
|
|
|
{ WS_CTA_EXPECT_NAT_TUPLE, "IP tuple" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string nfexp_conntrack_dir_vals[] = {
|
|
|
|
{ WS_IP_CT_DIR_ORIGINAL, "Original direction" },
|
|
|
|
{ WS_IP_CT_DIR_REPLY, "Reply direction" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_nfexp_nat_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
|
2017-12-04 00:09:17 +00:00
|
|
|
{
|
|
|
|
enum ws_ctattr_expect type = (enum ws_ctattr_expect) nla_type & NLA_TYPE_MASK;
|
|
|
|
netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_CTA_EXPECT_NAT_DIR:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfexp_nat_attr_dir, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_EXPECT_NAT_TUPLE:
|
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_nfct_tuple_attr, ett_nfct_tuple_attr, info, nl_data,
|
2017-12-04 00:09:17 +00:00
|
|
|
tree, offset, len, dissect_nfct_tuple_attrs);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* CTA_EXPECT_FLAGS bitfield */
|
2021-12-11 15:33:27 +00:00
|
|
|
static int * const hf_nfexp_attr_flags_bitfield[] = {
|
|
|
|
&hf_nfexp_attr_flag_userspace,
|
|
|
|
&hf_nfexp_attr_flag_inactive,
|
|
|
|
&hf_nfexp_attr_flag_permanent,
|
2018-01-12 22:05:14 +00:00
|
|
|
NULL
|
2017-12-04 00:09:17 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_nfexp_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
|
2017-12-04 00:09:17 +00:00
|
|
|
{
|
|
|
|
enum ws_ctattr_expect type = (enum ws_ctattr_expect) nla_type & NLA_TYPE_MASK;
|
|
|
|
netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_CTA_EXPECT_TUPLE:
|
|
|
|
case WS_CTA_EXPECT_MASK:
|
|
|
|
case WS_CTA_EXPECT_MASTER:
|
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_nfct_tuple_attr, ett_nfct_tuple_attr, info, nl_data,
|
2017-12-04 00:09:17 +00:00
|
|
|
tree, offset, len, dissect_nfct_tuple_attrs);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_CTA_EXPECT_NAT:
|
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_nfexp_nat_attr, ett_nfexp_nat_attr, info, nl_data,
|
2017-12-04 00:09:17 +00:00
|
|
|
tree, offset, len, dissect_nfexp_nat_attrs);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_CTA_EXPECT_TIMEOUT:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfexp_attr_timeout, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_EXPECT_ID:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfexp_attr_id, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_EXPECT_CLASS:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfexp_attr_class, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_EXPECT_ZONE:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfexp_attr_zone, tvb, offset, len, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_EXPECT_FN:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfexp_attr_fn, tvb, offset, len, ENC_UTF_8);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_CTA_EXPECT_FLAGS:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_bitmask(tree, tvb, offset, hf_nfexp_attr_flags,
|
|
|
|
ett_nfexp_flags_attr, hf_nfexp_attr_flags_bitfield, ENC_BIG_ENDIAN);
|
2017-12-04 00:09:17 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* EXP - main */
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_netfilter_exp(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset)
|
2017-12-04 00:09:17 +00:00
|
|
|
{
|
|
|
|
//enum ws_ctnl_exp_msg_types type = (enum ws_ctnl_exp_msg_types) (info->data->type & 0xff);
|
|
|
|
|
|
|
|
offset = dissect_netlink_netfilter_header(tvb, tree, offset);
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes_to_end(tvb, hf_nfexp_attr, ett_nfexp_attr, info, nl_data,
|
netlink: don't use -1 to mean "to end of packet".
Add dissect_netlink_attributes_to_end(), which takes no length argument,
and uses tvb_ensure_reported_length() to get the remaining length in the
packet.
In dissect_netlink_attributes_common(), treat negative lengths as if
they were a positive length >= 2^31, and throw a reported bounds error.
Also, throw a bounds error if there's more padding to a 4-byte boundary
than there is data in the packet.
At that point, we know the length is positive, so assign it to an
unsigned variable and use *that* in the loop. Throw an error if the
attribute goes past the end of the packet (although we presumably would
have done that already).
(We really should eliminate all use of -1 as "to the end", and make
lengths unsigned. We should also get rid of any places where we're
using negative offsets as offsets from the end of the packet - in the
few cases where you're dealing with trailers, you want to do that
carefully, so as not to throw an exception dissecting the trailer before
you get around to dissecting the rest of the packet - and make offsets
unsigned as well.)
2021-06-15 21:32:54 +00:00
|
|
|
tree, offset, dissect_nfexp_attrs);
|
2017-12-04 00:09:17 +00:00
|
|
|
}
|
|
|
|
|
2013-12-11 20:48:18 +00:00
|
|
|
/* QUEUE */
|
|
|
|
|
2016-08-06 23:03:17 +00:00
|
|
|
/* QUEUE - Config */
|
|
|
|
|
|
|
|
static const value_string nfq_type_vals[] = {
|
|
|
|
{ WS_NFQNL_MSG_PACKET, "Packet" },
|
|
|
|
{ WS_NFQNL_MSG_VERDICT, "Verdict" },
|
|
|
|
{ WS_NFQNL_MSG_CONFIG, "Config" },
|
|
|
|
{ WS_NFQNL_MSG_VERDICT_BATCH, "Verdict (batch)" },
|
2013-12-11 20:48:18 +00:00
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
2016-08-06 23:03:17 +00:00
|
|
|
static const value_string nfq_config_command_vals[] = {
|
|
|
|
{ WS_NFQNL_CFG_CMD_NONE, "None" },
|
|
|
|
{ WS_NFQNL_CFG_CMD_BIND, "Bind" },
|
|
|
|
{ WS_NFQNL_CFG_CMD_UNBIND, "Unbind" },
|
|
|
|
{ WS_NFQNL_CFG_CMD_PF_BIND, "PF bind" },
|
|
|
|
{ WS_NFQNL_CFG_CMD_PF_UNBIND, "PF unbind" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string nfq_config_attr_vals[] = {
|
|
|
|
{ WS_NFQA_CFG_UNSPEC, "Unspecified" },
|
|
|
|
{ WS_NFQA_CFG_CMD, "Command" },
|
|
|
|
{ WS_NFQA_CFG_PARAMS, "Parameters" },
|
|
|
|
{ WS_NFQA_CFG_QUEUE_MAXLEN, "Maximum queue length" },
|
|
|
|
{ WS_NFQA_CFG_MASK, "Mask" },
|
|
|
|
{ WS_NFQA_CFG_FLAGS, "Flags" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string nfq_config_mode_vals[] = {
|
|
|
|
{ WS_NFQNL_COPY_NONE, "None" },
|
|
|
|
{ WS_NFQNL_COPY_META, "Meta" },
|
|
|
|
{ WS_NFQNL_COPY_PACKET, "Packet" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
2013-12-11 20:48:18 +00:00
|
|
|
static int
|
2020-01-08 21:08:15 +00:00
|
|
|
dissect_nfq_config_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
|
2016-08-06 23:03:17 +00:00
|
|
|
{
|
|
|
|
enum ws_nfqnl_attr_config type = (enum ws_nfqnl_attr_config) nla_type;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_NFQA_CFG_UNSPEC:
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_CFG_CMD:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_config_command_command, tvb, offset, 1, ENC_NA);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 2; /* skip command and 1 byte padding. */
|
|
|
|
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_config_command_pf, tvb, offset, 2, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 2;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_CFG_PARAMS:
|
|
|
|
if (len == 5) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_config_params_copyrange, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_config_params_copymode, tvb, offset, 1, ENC_NA);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset++;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_CFG_QUEUE_MAXLEN:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_config_queue_maxlen, tvb, offset, 4, nl_data->encoding);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_CFG_MASK:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_config_mask, tvb, offset, 4, nl_data->encoding);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_CFG_FLAGS:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_config_flags, tvb, offset, 4, nl_data->encoding);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* QUEUE - Packet and verdict */
|
|
|
|
|
|
|
|
static const value_string nfq_attr_vals[] = {
|
|
|
|
{ WS_NFQA_UNSPEC, "Unspecified" },
|
|
|
|
{ WS_NFQA_PACKET_HDR, "Packet header" },
|
|
|
|
{ WS_NFQA_VERDICT_HDR, "Verdict header" },
|
|
|
|
{ WS_NFQA_MARK, "Mark" },
|
|
|
|
{ WS_NFQA_TIMESTAMP, "Timestamp" },
|
|
|
|
{ WS_NFQA_IFINDEX_INDEV, "NFQA_IFINDEX_INDEV" },
|
|
|
|
{ WS_NFQA_IFINDEX_OUTDEV, "NFQA_IFINDEX_OUTDEV" },
|
|
|
|
{ WS_NFQA_IFINDEX_PHYSINDEV, "NFQA_IFINDEX_PHYSINDEV" },
|
|
|
|
{ WS_NFQA_IFINDEX_PHYSOUTDEV, "NFQA_IFINDEX_PHYSOUTDEV" },
|
|
|
|
{ WS_NFQA_HWADDR, "Hardware address" },
|
|
|
|
{ WS_NFQA_PAYLOAD, "Payload" },
|
|
|
|
{ WS_NFQA_CT, "NFQA_CT" },
|
|
|
|
{ WS_NFQA_CT_INFO, "Conntrack info" },
|
|
|
|
{ WS_NFQA_CAP_LEN, "Length of captured packet" },
|
|
|
|
{ WS_NFQA_SKB_INFO, "SKB meta information" },
|
|
|
|
{ WS_NFQA_EXP, "Conntrack expectation" },
|
|
|
|
{ WS_NFQA_UID, "SK UID" },
|
|
|
|
{ WS_NFQA_GID, "SK GID" },
|
|
|
|
{ WS_NFQA_SECCTX, "Security context string" },
|
|
|
|
{ WS_NFQA_VLAN, "Packet VLAN info" },
|
|
|
|
{ WS_NFQA_L2HDR, "Full L2 header" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string nfq_verdict_vals[] = {
|
|
|
|
{ WS_NF_DROP, "DROP" },
|
|
|
|
{ WS_NF_ACCEPT, "ACCEPT" },
|
|
|
|
{ WS_NF_STOLEN, "STOLEN" },
|
|
|
|
{ WS_NF_QUEUE, "QUEUE" },
|
|
|
|
{ WS_NF_REPEAT, "REPEAT" },
|
|
|
|
{ WS_NF_STOP, "STOP" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
2016-08-20 13:10:21 +00:00
|
|
|
const value_string netfilter_hooks_vals[] = {
|
2016-08-06 23:03:17 +00:00
|
|
|
{ WS_NF_INET_PRE_ROUTING, "Pre-routing" },
|
|
|
|
{ WS_NF_INET_LOCAL_IN, "Local in" },
|
|
|
|
{ WS_NF_INET_FORWARD, "Forward" },
|
|
|
|
{ WS_NF_INET_LOCAL_OUT, "Local out" },
|
|
|
|
{ WS_NF_INET_POST_ROUTING, "Post-routing" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
2016-08-20 11:22:30 +00:00
|
|
|
const value_string nfproto_family_vals[] = {
|
|
|
|
{ WS_NFPROTO_UNSPEC, "Unspecified" },
|
|
|
|
{ WS_NFPROTO_INET, "IPv4/IPv6" },
|
|
|
|
{ WS_NFPROTO_IPV4, "IPv4" },
|
|
|
|
{ WS_NFPROTO_ARP, "ARP" },
|
|
|
|
{ WS_NFPROTO_NETDEV, "Netdev" },
|
|
|
|
{ WS_NFPROTO_BRIDGE, "Bridge" },
|
|
|
|
{ WS_NFPROTO_IPV6, "IPv6" },
|
|
|
|
{ WS_NFPROTO_DECNET, "DECNET" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
2016-08-06 23:03:17 +00:00
|
|
|
static const value_string nfq_ctinfo_vals[] = {
|
|
|
|
{ WS_IP_CT_ESTABLISHED, "ESTABLISHED" },
|
|
|
|
{ WS_IP_CT_RELATED, "RELATED" },
|
|
|
|
{ WS_IP_CT_NEW, "NEW" },
|
|
|
|
{ WS_IP_CT_IS_REPLY, "IS_REPLY" },
|
2017-04-16 14:19:43 +00:00
|
|
|
/* { WS_IP_CT_ESTABLISHED_REPLY, "ESTABLISHED_REPLY" }, XXX - duplicate of WS_IP_CT_ESTABLISHED */
|
2016-08-06 23:03:17 +00:00
|
|
|
{ WS_IP_CT_RELATED_REPLY, "RELATED_REPLY" },
|
|
|
|
{ WS_IP_CT_NUMBER, "NUMBER" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_nfq_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
|
2016-08-06 23:03:17 +00:00
|
|
|
{
|
2017-12-04 00:09:17 +00:00
|
|
|
enum ws_nfqnl_attr_type type = (enum ws_nfqnl_attr_type) nla_type & NLA_TYPE_MASK;
|
2016-08-06 23:03:17 +00:00
|
|
|
netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_NFQA_UNSPEC:
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_PACKET_HDR:
|
|
|
|
if (len == 7) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_packet_id, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_packet_hwprotocol, tvb, offset, 2, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
info->hw_protocol = tvb_get_ntohs(tvb, offset);
|
|
|
|
offset += 2;
|
|
|
|
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_packet_hook, tvb, offset, 1, ENC_NA);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset++;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_VERDICT_HDR:
|
|
|
|
if (len == 8) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_verdict_verdict, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_verdict_id, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_MARK:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_nfmark, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_TIMESTAMP:
|
|
|
|
if (len == 16) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_timestamp, tvb, offset, 16, ENC_TIME_SECS_NSECS|ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 16;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_IFINDEX_INDEV:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_ifindex_indev, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_IFINDEX_OUTDEV:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_ifindex_outdev, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_IFINDEX_PHYSINDEV:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_ifindex_physindev, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_IFINDEX_PHYSOUTDEV:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_ifindex_physoutdev, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_HWADDR:
|
|
|
|
if (len >= 4) {
|
|
|
|
guint16 addrlen;
|
|
|
|
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_hwaddr_len, tvb, offset, 2, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
addrlen = tvb_get_ntohs(tvb, offset);
|
|
|
|
offset += 4; /* skip len and padding */
|
|
|
|
|
|
|
|
/* XXX expert info if 4 + addrlen > len. */
|
|
|
|
addrlen = MIN(addrlen, len - 4);
|
2021-12-12 13:01:30 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_hwaddr_addr, tvb, offset, addrlen, ENC_NA);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += addrlen;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_PAYLOAD:
|
|
|
|
if (len > 0) {
|
|
|
|
tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, len);
|
|
|
|
proto_tree *parent_tree = proto_item_get_parent(tree);
|
|
|
|
|
|
|
|
if (!dissector_try_uint(ethertype_table, info->hw_protocol, next_tvb, info->pinfo, parent_tree))
|
|
|
|
call_data_dissector(next_tvb, info->pinfo, parent_tree);
|
|
|
|
offset += len;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_CT:
|
2017-12-04 00:09:17 +00:00
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_nfct_attr, ett_nfct_attr, info, nl_data,
|
2017-12-04 00:09:17 +00:00
|
|
|
tree, offset, len, dissect_nfct_attrs);
|
2016-08-06 23:03:17 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_CT_INFO:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_ctinfo, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_CAP_LEN:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_caplen, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_SKB_INFO:
|
|
|
|
case WS_NFQA_EXP:
|
|
|
|
/* TODO */
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_UID:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_uid, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_GID:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_nfq_gid, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2016-08-06 23:03:17 +00:00
|
|
|
offset += 4;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFQA_SECCTX:
|
|
|
|
case WS_NFQA_VLAN:
|
|
|
|
case WS_NFQA_L2HDR:
|
|
|
|
/* TODO */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* QUEUE - main */
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_netfilter_queue(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset)
|
2013-12-11 20:48:18 +00:00
|
|
|
{
|
2020-01-07 22:02:06 +00:00
|
|
|
enum ws_nfqnl_msg_types type = (enum ws_nfqnl_msg_types) (nl_data->type & 0xff);
|
2013-12-11 20:48:18 +00:00
|
|
|
|
2016-08-06 23:03:17 +00:00
|
|
|
offset = dissect_netlink_netfilter_header(tvb, tree, offset);
|
2013-12-11 20:48:18 +00:00
|
|
|
|
|
|
|
switch (type) {
|
2016-08-06 23:03:17 +00:00
|
|
|
case WS_NFQNL_MSG_CONFIG:
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes_to_end(tvb, hf_nfq_config_attr, ett_nfq_config_attr, info, nl_data, tree, offset, dissect_nfq_config_attrs);
|
2016-08-06 23:03:17 +00:00
|
|
|
|
|
|
|
case WS_NFQNL_MSG_PACKET:
|
|
|
|
case WS_NFQNL_MSG_VERDICT:
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes_to_end(tvb, hf_nfq_attr, ett_nfq_attr, info, nl_data, tree, offset, dissect_nfq_attrs);
|
2016-08-06 23:03:17 +00:00
|
|
|
|
|
|
|
case WS_NFQNL_MSG_VERDICT_BATCH:
|
|
|
|
/* TODO */
|
2013-12-11 20:48:18 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ULOG */
|
|
|
|
|
|
|
|
static const value_string netlink_netfilter_ulog_type_vals[] = {
|
|
|
|
{ WS_NFULNL_MSG_PACKET, "Packet" },
|
|
|
|
{ WS_NFULNL_MSG_CONFIG, "Config" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
2020-01-08 21:08:15 +00:00
|
|
|
dissect_netfilter_ulog(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset)
|
2013-12-11 20:48:18 +00:00
|
|
|
{
|
2020-01-07 22:02:06 +00:00
|
|
|
enum ws_nfulnl_msg_types type = (enum ws_nfulnl_msg_types) (nl_data->type & 0xff);
|
2017-04-04 19:30:45 +00:00
|
|
|
tvbuff_t *next_tvb;
|
2013-12-11 20:48:18 +00:00
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_NFULNL_MSG_PACKET:
|
2016-08-06 23:03:17 +00:00
|
|
|
/* Note that NFLOG dissects the nfgenmsg header */
|
2017-04-04 19:30:45 +00:00
|
|
|
next_tvb = tvb_new_subset_remaining(tvb, offset);
|
|
|
|
call_dissector(nflog_handle, next_tvb, info->pinfo, tree);
|
|
|
|
offset = tvb_reported_length(tvb);
|
2013-12-11 20:48:18 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
2016-08-12 15:24:54 +00:00
|
|
|
/* IPSET */
|
|
|
|
|
|
|
|
static const value_string ipset_command_vals[] = {
|
|
|
|
{ WS_IPSET_CMD_NONE, "None" },
|
|
|
|
{ WS_IPSET_CMD_PROTOCOL, "Return protocol version" },
|
|
|
|
{ WS_IPSET_CMD_CREATE, "Create a new (empty) set" },
|
|
|
|
{ WS_IPSET_CMD_DESTROY, "Destroy a (empty) set" },
|
|
|
|
{ WS_IPSET_CMD_FLUSH, "Remove all elements from a set" },
|
|
|
|
{ WS_IPSET_CMD_RENAME, "Rename a set" },
|
|
|
|
{ WS_IPSET_CMD_SWAP, "Swap two sets" },
|
|
|
|
{ WS_IPSET_CMD_LIST, "List sets" },
|
|
|
|
{ WS_IPSET_CMD_SAVE, "Save sets" },
|
|
|
|
{ WS_IPSET_CMD_ADD, "Add an element to a set" },
|
|
|
|
{ WS_IPSET_CMD_DEL, "Delete an element from a set" },
|
|
|
|
{ WS_IPSET_CMD_TEST, "Test an element in a set" },
|
|
|
|
{ WS_IPSET_CMD_HEADER, "Get set header data only" },
|
|
|
|
{ WS_IPSET_CMD_TYPE, "Get set type" },
|
2019-12-27 22:36:56 +00:00
|
|
|
{ WS_IPSET_CMD_GET_BYNAME, "Get set by name" },
|
|
|
|
{ WS_IPSET_CMD_GET_BYINDEX, "Get set by index" },
|
2016-08-12 15:24:54 +00:00
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string ipset_attr_vals[] = {
|
|
|
|
{ WS_IPSET_ATTR_PROTOCOL, "Protocol version" },
|
|
|
|
{ WS_IPSET_ATTR_SETNAME, "Name of the set" },
|
|
|
|
{ WS_IPSET_ATTR_TYPENAME, "Typename" },
|
|
|
|
{ WS_IPSET_ATTR_REVISION, "Settype revision" },
|
|
|
|
{ WS_IPSET_ATTR_FAMILY, "Settype family" },
|
|
|
|
{ WS_IPSET_ATTR_FLAGS, "Flags at command level" },
|
|
|
|
{ WS_IPSET_ATTR_DATA, "Nested attributes" },
|
|
|
|
{ WS_IPSET_ATTR_ADT, "Multiple data containers" },
|
|
|
|
{ WS_IPSET_ATTR_LINENO, "Restore lineno" },
|
|
|
|
{ WS_IPSET_ATTR_PROTOCOL_MIN, "Minimal supported version number" },
|
2019-12-27 22:36:56 +00:00
|
|
|
{ WS_IPSET_ATTR_INDEX, "Index" },
|
2016-08-12 15:24:54 +00:00
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string ipset_cadt_attr_vals[] = {
|
|
|
|
{ WS_IPSET_ATTR_IP_FROM, "IP_FROM" },
|
|
|
|
{ WS_IPSET_ATTR_IP_TO, "IP_TO" },
|
|
|
|
{ WS_IPSET_ATTR_CIDR, "CIDR" },
|
|
|
|
{ WS_IPSET_ATTR_PORT_FROM, "PORT_FROM" },
|
|
|
|
{ WS_IPSET_ATTR_PORT_TO, "PORT_TO" },
|
|
|
|
{ WS_IPSET_ATTR_TIMEOUT, "TIMEOUT" },
|
|
|
|
{ WS_IPSET_ATTR_PROTO, "PROTO" },
|
|
|
|
{ WS_IPSET_ATTR_CADT_FLAGS, "CADT_FLAGS" },
|
|
|
|
{ WS_IPSET_ATTR_CADT_LINENO, "CADT_LINENO" },
|
|
|
|
{ WS_IPSET_ATTR_MARK, "MARK" },
|
|
|
|
{ WS_IPSET_ATTR_MARKMASK, "MARKMASK" },
|
|
|
|
/* up to 16 is reserved. */
|
|
|
|
{ WS_IPSET_ATTR_GC, "GC" },
|
|
|
|
{ WS_IPSET_ATTR_HASHSIZE, "HASHSIZE" },
|
|
|
|
{ WS_IPSET_ATTR_MAXELEM, "MAXELEM" },
|
|
|
|
{ WS_IPSET_ATTR_NETMASK, "NETMASK" },
|
|
|
|
{ WS_IPSET_ATTR_PROBES, "PROBES" },
|
|
|
|
{ WS_IPSET_ATTR_RESIZE, "RESIZE" },
|
|
|
|
{ WS_IPSET_ATTR_SIZE, "SIZE" },
|
|
|
|
{ WS_IPSET_ATTR_ELEMENTS, "ELEMENTS" },
|
|
|
|
{ WS_IPSET_ATTR_REFERENCES, "REFERENCES" },
|
|
|
|
{ WS_IPSET_ATTR_MEMSIZE, "MEMSIZE" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string ipset_adt_attr_vals[] = {
|
|
|
|
/* Nasty! Duplication from CADT above... */
|
|
|
|
{ WS_IPSET_ATTR_IP_FROM, "IP_FROM" },
|
|
|
|
{ WS_IPSET_ATTR_IP_TO, "IP_TO" },
|
|
|
|
{ WS_IPSET_ATTR_CIDR, "CIDR" },
|
|
|
|
{ WS_IPSET_ATTR_PORT_FROM, "PORT_FROM" },
|
|
|
|
{ WS_IPSET_ATTR_PORT_TO, "PORT_TO" },
|
|
|
|
{ WS_IPSET_ATTR_TIMEOUT, "TIMEOUT" },
|
|
|
|
{ WS_IPSET_ATTR_PROTO, "PROTO" },
|
|
|
|
{ WS_IPSET_ATTR_CADT_FLAGS, "CADT_FLAGS" },
|
|
|
|
{ WS_IPSET_ATTR_CADT_LINENO, "CADT_LINENO" },
|
|
|
|
{ WS_IPSET_ATTR_MARK, "MARK" },
|
|
|
|
{ WS_IPSET_ATTR_MARKMASK, "MARKMASK" },
|
|
|
|
/* End of duplication, other attributes follow. */
|
|
|
|
{ WS_IPSET_ATTR_ETHER, "ETHER" },
|
|
|
|
{ WS_IPSET_ATTR_NAME, "NAME" },
|
|
|
|
{ WS_IPSET_ATTR_NAMEREF, "NAMEREF" },
|
|
|
|
{ WS_IPSET_ATTR_IP2, "IP2" },
|
|
|
|
{ WS_IPSET_ATTR_CIDR2, "CIDR2" },
|
|
|
|
{ WS_IPSET_ATTR_IP2_TO, "IP2_TO" },
|
|
|
|
{ WS_IPSET_ATTR_IFACE, "IFACE" },
|
|
|
|
{ WS_IPSET_ATTR_BYTES, "BYTES" },
|
|
|
|
{ WS_IPSET_ATTR_PACKETS, "PACKETS" },
|
|
|
|
{ WS_IPSET_ATTR_COMMENT, "COMMENT" },
|
|
|
|
{ WS_IPSET_ATTR_SKBMARK, "SKBMARK" },
|
|
|
|
{ WS_IPSET_ATTR_SKBPRIO, "SKBPRIO" },
|
|
|
|
{ WS_IPSET_ATTR_SKBQUEUE, "SKBQUEUE" },
|
|
|
|
{ WS_IPSET_ATTR_PAD, "PAD" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string ipset_ip_attr_vals[] = {
|
|
|
|
{ WS_IPSET_ATTR_IPADDR_IPV4, "IPv4 address" },
|
|
|
|
{ WS_IPSET_ATTR_IPADDR_IPV6, "IPv6 address" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_ipset_ip_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len)
|
2016-08-12 15:24:54 +00:00
|
|
|
{
|
|
|
|
enum ws_ipset_ip_attr type = (enum ws_ipset_ip_attr) nla_type & NLA_TYPE_MASK;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_IPSET_ATTR_IPADDR_IPV4:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_ipset_ip_attr_ipv4, tvb, offset, len, ENC_BIG_ENDIAN);
|
2016-08-12 15:24:54 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_IPADDR_IPV6:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_ipset_ip_attr_ipv6, tvb, offset, len, ENC_NA);
|
2016-08-12 15:24:54 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_ipset_cadt_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
|
2016-08-12 15:24:54 +00:00
|
|
|
{
|
|
|
|
enum ws_ipset_cadt_attr type = (enum ws_ipset_cadt_attr) nla_type & NLA_TYPE_MASK;
|
|
|
|
netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_IPSET_ATTR_IP_FROM:
|
|
|
|
case WS_IPSET_ATTR_IP_TO:
|
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_ipset_ip_attr, ett_ipset_ip_attr, info, nl_data, tree, offset, len, dissect_ipset_ip_attrs);
|
2016-08-12 15:24:54 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_CIDR:
|
|
|
|
if (len == 1) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_ipset_cadt_attr_cidr, tvb, offset, len, ENC_NA);
|
2016-08-12 15:24:54 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_PORT_FROM:
|
|
|
|
case WS_IPSET_ATTR_PORT_TO:
|
|
|
|
/* TODO */
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_TIMEOUT:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_ipset_cadt_attr_timeout, tvb, offset, len, ENC_BIG_ENDIAN);
|
2016-08-12 15:24:54 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_PROTO:
|
|
|
|
/* TODO */
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_CADT_FLAGS:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_ipset_cadt_attr_cadt_flags, tvb, offset, len, ENC_BIG_ENDIAN);
|
2016-08-12 15:24:54 +00:00
|
|
|
/* TODO show bits from enum ipset_cadt_flags */
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_CADT_LINENO:
|
|
|
|
case WS_IPSET_ATTR_MARK:
|
|
|
|
case WS_IPSET_ATTR_MARKMASK:
|
|
|
|
case WS_IPSET_ATTR_GC:
|
|
|
|
case WS_IPSET_ATTR_HASHSIZE:
|
|
|
|
case WS_IPSET_ATTR_MAXELEM:
|
|
|
|
case WS_IPSET_ATTR_NETMASK:
|
|
|
|
case WS_IPSET_ATTR_PROBES:
|
|
|
|
case WS_IPSET_ATTR_RESIZE:
|
|
|
|
case WS_IPSET_ATTR_SIZE:
|
|
|
|
case WS_IPSET_ATTR_ELEMENTS:
|
|
|
|
case WS_IPSET_ATTR_REFERENCES:
|
|
|
|
case WS_IPSET_ATTR_MEMSIZE:
|
|
|
|
/* TODO */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_ipset_adt_data_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
|
2016-08-12 15:24:54 +00:00
|
|
|
{
|
|
|
|
enum ws_ipset_adt_attr type = (enum ws_ipset_adt_attr) nla_type & NLA_TYPE_MASK;
|
|
|
|
|
|
|
|
if ((nla_type & NLA_TYPE_MASK) <= WS_IPSET_ATTR_CADT_MAX)
|
2020-01-07 22:02:06 +00:00
|
|
|
return dissect_ipset_cadt_attrs(tvb, data, nl_data, tree, nla_type, offset, len);
|
2016-08-12 15:24:54 +00:00
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_IPSET_ATTR_COMMENT:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_ipset_adt_attr_comment, tvb, offset, len, ENC_UTF_8);
|
2016-08-12 15:24:54 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_ipset_adt_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
|
2016-08-12 15:24:54 +00:00
|
|
|
{
|
|
|
|
netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
|
|
|
|
|
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_ipset_adt_attr, ett_ipset_adt_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_data_attrs);
|
2016-08-12 15:24:54 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_ipset_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
|
2016-08-12 15:24:54 +00:00
|
|
|
{
|
|
|
|
enum ws_ipset_attr type = (enum ws_ipset_attr) nla_type & NLA_TYPE_MASK;
|
|
|
|
netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WS_IPSET_ATTR_PROTOCOL:
|
|
|
|
/* TODO */
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_SETNAME:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_ipset_attr_setname, tvb, offset, len, ENC_UTF_8);
|
2016-08-12 15:24:54 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_TYPENAME:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_ipset_attr_typename, tvb, offset, len, ENC_UTF_8);
|
2016-08-12 15:24:54 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_REVISION:
|
|
|
|
/* TODO */
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_FAMILY:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_ipset_attr_family, tvb, offset, len, ENC_BIG_ENDIAN);
|
2016-08-12 15:24:54 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_FLAGS:
|
|
|
|
if (len == 4) {
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(tree, hf_ipset_attr_flags, tvb, offset, len, ENC_BIG_ENDIAN);
|
2016-08-12 15:24:54 +00:00
|
|
|
/* TODO show bits from enum ipset_cmd_flags */
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_DATA:
|
|
|
|
/* See ipset lib/PROTOCOL, CADT attributes only follow for some commands */
|
|
|
|
if (nla_type & NLA_F_NESTED) {
|
2020-01-07 22:02:06 +00:00
|
|
|
guint16 command = nl_data->type & 0xffff;
|
2016-08-12 15:24:54 +00:00
|
|
|
|
|
|
|
if (command == WS_IPSET_CMD_CREATE ||
|
|
|
|
command == WS_IPSET_CMD_LIST ||
|
|
|
|
command == WS_IPSET_CMD_SAVE)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_ipset_cadt_attr, ett_ipset_cadt_attr, info, nl_data, tree, offset, len, dissect_ipset_cadt_attrs);
|
2016-08-12 15:24:54 +00:00
|
|
|
else
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_ipset_adt_attr, ett_ipset_adt_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_data_attrs);
|
2016-08-12 15:24:54 +00:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_ADT:
|
|
|
|
/* Following this, there will be an IPSET_ATTR_DATA with regular ADT attributes, not CADT */
|
|
|
|
if (nla_type & NLA_F_NESTED)
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes(tvb, hf_ipset_attr, ett_ipset_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_attrs);
|
2016-08-12 15:24:54 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
case WS_IPSET_ATTR_LINENO:
|
|
|
|
case WS_IPSET_ATTR_PROTOCOL_MIN:
|
2019-12-27 22:36:56 +00:00
|
|
|
case WS_IPSET_ATTR_INDEX:
|
2016-08-12 15:24:54 +00:00
|
|
|
/* TODO */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_netfilter_ipset(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset)
|
2016-08-12 15:24:54 +00:00
|
|
|
{
|
|
|
|
offset = dissect_netlink_netfilter_header(tvb, tree, offset);
|
2021-12-11 15:33:27 +00:00
|
|
|
return dissect_netlink_attributes_to_end(tvb, hf_ipset_attr, ett_ipset_attr, info, nl_data, tree, offset, dissect_ipset_attrs);
|
2016-08-12 15:24:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-12-11 20:48:18 +00:00
|
|
|
static const value_string netlink_netfilter_subsystem_vals[] = {
|
2016-08-06 23:03:17 +00:00
|
|
|
{ WS_NFNL_SUBSYS_NONE, "None" },
|
|
|
|
{ WS_NFNL_SUBSYS_CTNETLINK, "Conntrack" },
|
|
|
|
{ WS_NFNL_SUBSYS_CTNETLINK_EXP, "Conntrack expect" },
|
|
|
|
{ WS_NFNL_SUBSYS_QUEUE, "Netfilter packet queue" },
|
|
|
|
{ WS_NFNL_SUBSYS_ULOG, "Netfilter userspace logging" },
|
|
|
|
{ WS_NFNL_SUBSYS_OSF, "OS fingerprint" },
|
|
|
|
{ WS_NFNL_SUBSYS_IPSET, "IP set" },
|
|
|
|
{ WS_NFNL_SUBSYS_ACCT, "Extended Netfilter accounting infrastructure" },
|
2013-12-11 20:48:18 +00:00
|
|
|
{ WS_NFNL_SUBSYS_CTNETLINK_TIMEOUT, "Extended Netfilter Connection Tracking timeout tuning" },
|
2016-08-06 23:03:17 +00:00
|
|
|
{ WS_NFNL_SUBSYS_CTHELPER, "Connection Tracking Helpers" },
|
|
|
|
{ WS_NFNL_SUBSYS_NFTABLES, "Netfilter tables" },
|
|
|
|
{ WS_NFNL_SUBSYS_NFT_COMPAT, "x_tables compatibility layer for nf_tables" },
|
2019-12-27 22:36:56 +00:00
|
|
|
{ WS_NFNL_SUBSYS_COUNT, "Count" },
|
2013-12-11 20:48:18 +00:00
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
2020-01-07 22:02:06 +00:00
|
|
|
dissect_netlink_netfilter(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
2013-12-11 20:48:18 +00:00
|
|
|
{
|
2020-01-07 22:02:06 +00:00
|
|
|
struct packet_netlink_data *nl_data = (struct packet_netlink_data *)data;
|
2013-12-11 21:30:23 +00:00
|
|
|
netlink_netfilter_info_t info;
|
2017-04-04 19:30:45 +00:00
|
|
|
proto_tree *nlmsg_tree;
|
|
|
|
proto_item *pi;
|
|
|
|
int offset = 0;
|
2013-12-11 20:48:18 +00:00
|
|
|
|
2020-01-07 22:02:06 +00:00
|
|
|
DISSECTOR_ASSERT(nl_data && nl_data->magic == PACKET_NETLINK_MAGIC);
|
2013-12-11 20:48:18 +00:00
|
|
|
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Netlink netfilter");
|
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
|
|
|
|
2021-12-10 00:56:19 +00:00
|
|
|
pi = proto_tree_add_item(tree, proto_netlink_netfilter, tvb, 0, -1, ENC_NA);
|
2017-04-04 19:30:45 +00:00
|
|
|
nlmsg_tree = proto_item_add_subtree(pi, ett_netlink_netfilter);
|
2013-12-11 20:48:18 +00:00
|
|
|
|
2017-04-04 19:30:45 +00:00
|
|
|
/* Netlink message header (nlmsghdr) */
|
2021-12-11 14:05:11 +00:00
|
|
|
offset = dissect_netlink_header(tvb, nlmsg_tree, offset, nl_data->encoding, -1, NULL);
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(nlmsg_tree, hf_netlink_netfilter_subsys, tvb, 4, 2, nl_data->encoding);
|
2020-01-07 22:02:06 +00:00
|
|
|
switch (nl_data->type >> 8) {
|
2017-12-04 00:09:17 +00:00
|
|
|
case WS_NFNL_SUBSYS_CTNETLINK_EXP:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(nlmsg_tree, hf_nfexp_type, tvb, 4, 2, nl_data->encoding);
|
2017-12-04 00:09:17 +00:00
|
|
|
break;
|
|
|
|
|
2016-08-06 23:03:17 +00:00
|
|
|
case WS_NFNL_SUBSYS_QUEUE:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(nlmsg_tree, hf_nfq_type, tvb, 4, 2, nl_data->encoding);
|
2016-08-06 23:03:17 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFNL_SUBSYS_ULOG:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(nlmsg_tree, hf_netlink_netfilter_ulog_type, tvb, 4, 2, nl_data->encoding);
|
2016-08-06 23:03:17 +00:00
|
|
|
break;
|
2016-08-12 15:24:54 +00:00
|
|
|
|
|
|
|
case WS_NFNL_SUBSYS_IPSET:
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_tree_add_item(nlmsg_tree, hf_ipset_command, tvb, 4, 2, nl_data->encoding);
|
2016-08-12 15:24:54 +00:00
|
|
|
break;
|
2013-12-11 20:48:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
info.pinfo = pinfo;
|
2016-08-06 23:03:17 +00:00
|
|
|
info.hw_protocol = 0;
|
2013-12-11 20:48:18 +00:00
|
|
|
|
2020-01-07 22:02:06 +00:00
|
|
|
switch (nl_data->type >> 8) {
|
2017-12-04 00:09:17 +00:00
|
|
|
case WS_NFNL_SUBSYS_CTNETLINK:
|
2020-01-07 22:02:06 +00:00
|
|
|
offset = dissect_netfilter_ct(tvb, &info, nl_data, nlmsg_tree, offset);
|
2017-12-04 00:09:17 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case WS_NFNL_SUBSYS_CTNETLINK_EXP:
|
2020-01-07 22:02:06 +00:00
|
|
|
offset = dissect_netfilter_exp(tvb, &info, nl_data, nlmsg_tree, offset);
|
2017-12-04 00:09:17 +00:00
|
|
|
break;
|
|
|
|
|
2013-12-11 21:30:23 +00:00
|
|
|
case WS_NFNL_SUBSYS_QUEUE:
|
2020-01-07 22:02:06 +00:00
|
|
|
offset = dissect_netfilter_queue(tvb, &info, nl_data, nlmsg_tree, offset);
|
2013-12-11 21:30:23 +00:00
|
|
|
break;
|
|
|
|
|
2013-12-11 20:48:18 +00:00
|
|
|
case WS_NFNL_SUBSYS_ULOG:
|
2020-01-07 22:02:06 +00:00
|
|
|
offset = dissect_netfilter_ulog(tvb, &info, nl_data, nlmsg_tree, offset);
|
2013-12-11 20:48:18 +00:00
|
|
|
break;
|
2016-08-12 15:24:54 +00:00
|
|
|
|
|
|
|
case WS_NFNL_SUBSYS_IPSET:
|
2020-01-07 22:02:06 +00:00
|
|
|
offset = dissect_netfilter_ipset(tvb, &info, nl_data, nlmsg_tree, offset);
|
2017-04-04 19:30:45 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
call_data_dissector(tvb_new_subset_remaining(tvb, offset), pinfo, nlmsg_tree);
|
|
|
|
offset = tvb_reported_length(tvb);
|
2016-08-12 15:24:54 +00:00
|
|
|
break;
|
2013-12-11 20:48:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_netlink_netfilter(void)
|
|
|
|
{
|
2021-12-11 15:33:27 +00:00
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_netlink_netfilter_family,
|
|
|
|
{ "Address family", "netlink-netfilter.family",
|
|
|
|
FT_UINT8, BASE_DEC | BASE_EXT_STRING, &linux_af_vals_ext, 0x00,
|
|
|
|
"nfnetlink address family", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_netlink_netfilter_version,
|
|
|
|
{ "Version", "netlink-netfilter.version",
|
|
|
|
FT_UINT8, BASE_DEC, NULL, 0x00,
|
|
|
|
"nfnetlink version", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_netlink_netfilter_resid,
|
|
|
|
{ "Resource id", "netlink-netfilter.res_id",
|
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_tuple_proto_num_attr,
|
|
|
|
{ "Protocol", "netlink-netfilter.nfct_tuple.proto.num",
|
|
|
|
FT_UINT8, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_tuple_proto_src_port_attr,
|
|
|
|
{ "Port", "netlink-netfilter.nfct_tuple.proto.src_port",
|
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_tuple_proto_dst_port_attr,
|
|
|
|
{ "Port", "netlink-netfilter.nfct_tuple.proto.dst_port",
|
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_tuple_proto_attr,
|
|
|
|
{ "Type", "netlink-netfilter.nfct_tuple.proto",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfct_tuple_l4proto_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_tuple_ip_attr_ipv4,
|
|
|
|
{ "IPv4 address", "netlink-netfilter.nfct_tuple.ip.ip_addr",
|
|
|
|
FT_IPv4, BASE_NONE, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_tuple_ip_attr_ipv6,
|
|
|
|
{ "IPv6 address", "netlink-netfilter.nfct_tuple.ip.ip6_addr",
|
|
|
|
FT_IPv6, BASE_NONE, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_tuple_ip_attr,
|
|
|
|
{ "Type", "netlink-netfilter.nfct_tuple.ip",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfct_tuple_ip_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_tuple_zone_attr,
|
|
|
|
{ "Zone", "netlink-netfilter.nfct_tuple.zone",
|
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_tuple_attr,
|
|
|
|
{ "Type", "netlink-netfilter.nfct_tuple",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfct_tuple_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_timeout,
|
|
|
|
{ "Timeout", "netlink-netfilter.ct_attr.timeout",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_id,
|
|
|
|
{ "ID", "netlink-netfilter.ct_attr.id",
|
|
|
|
FT_UINT32, BASE_HEX, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_expected,
|
|
|
|
{ "Expected", "netlink-netfilter.ct_attr.status.expected",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_EXPECTED,
|
|
|
|
"It is an expected connection", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_seen_reply,
|
|
|
|
{ "Seen reply", "netlink-netfilter.ct_attr.status.seen_reply",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_SEEN_REPLY,
|
|
|
|
"Packets going in both directions have been seen", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_assured,
|
|
|
|
{ "Assured", "netlink-netfilter.ct_attr.status.assured",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_ASSURED,
|
|
|
|
"Conntrack should never be early-expired", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_confirmed,
|
|
|
|
{ "Confirmed", "netlink-netfilter.ct_attr.status.confirmed",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_CONFIRMED,
|
|
|
|
"Connection is confirmed: originating packet has left box", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_src_nat,
|
|
|
|
{ "Source NAT", "netlink-netfilter.ct_attr.status.src_nat",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_SRC_NAT,
|
|
|
|
"Connection needs source NAT in orig dir.", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_dst_nat,
|
|
|
|
{ "Destination NAT", "netlink-netfilter.ct_attr.status.dst_nat",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_DST_NAT,
|
|
|
|
"Connection needs destination NAT in orig dir.", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_seq_adjust,
|
|
|
|
{ "Sequence adjust", "netlink-netfilter.ct_attr.status.seq_adjust",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_SEQ_ADJUST,
|
|
|
|
"Connection needs TCP sequence adjusted", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_src_nat_done,
|
|
|
|
{ "Source NAT done", "netlink-netfilter.ct_attr.status.src_nat_done",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_SRC_NAT_DONE,
|
|
|
|
"Source NAT has been initialized", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_dst_nat_done,
|
|
|
|
{ "Destination NAT done", "netlink-netfilter.ct_attr.status.dst_nat_done",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_DST_NAT_DONE,
|
|
|
|
"Destination NAT has been initialized", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_dying,
|
|
|
|
{ "Dying", "netlink-netfilter.ct_attr.status.dying",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_DYING,
|
|
|
|
"Connection is dying (removed from lists)", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_fixed_timeout,
|
|
|
|
{ "Fixed timeout", "netlink-netfilter.ct_attr.status.fixed_timeout",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_FIXED_TIMEOUT,
|
|
|
|
"Connection has fixed timeout", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_template,
|
|
|
|
{ "Template", "netlink-netfilter.ct_attr.status.template",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_TEMPLATE,
|
|
|
|
"Conntrack is a template", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_untracked,
|
|
|
|
{ "Untracked", "netlink-netfilter.ct_attr.status.untracked",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_UNTRACKED,
|
|
|
|
"Conntrack is a fake untracked entry. Obsolete and not used anymore", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_helper,
|
|
|
|
{ "Helper", "netlink-netfilter.ct_attr.status.helper",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_HELPER,
|
|
|
|
"Conntrack got a helper explicitly attached via CT target", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status_flag_offload,
|
|
|
|
{ "Offload", "netlink-netfilter.ct_attr.status.offload",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_IPS_OFFLOAD,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr_status,
|
|
|
|
{ "Status", "netlink-netfilter.ct_attr.status",
|
|
|
|
FT_UINT32, BASE_HEX, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_help_attr_help_name,
|
|
|
|
{ "Helper name", "netlink-netfilter.ct_help_attr.help_name",
|
|
|
|
FT_STRINGZ, BASE_NONE, NULL, 0x0,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_help_attr,
|
|
|
|
{ "Helper", "netlink-netfilter.ct_help_attr",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfct_help_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_seqadj_attr_correction_pos,
|
|
|
|
{ "Position", "netlink-netfilter.ct_seqadj_correction_pos",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_seqadj_attr_offset_before,
|
|
|
|
{ "Offset", "netlink-netfilter.ct_seqadj_offset_before",
|
|
|
|
FT_INT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_seqadj_attr_offset_after,
|
|
|
|
{ "Offset", "netlink-netfilter.ct_seqadj_offset_after",
|
|
|
|
FT_INT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_seqadj_attr,
|
|
|
|
{ "Adjustment", "netlink-netfilter.ct_seqadj_attr",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfct_seqadj_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfct_attr,
|
|
|
|
{ "Type", "netlink-netfilter.ct.attr",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfct_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_nat_attr_dir,
|
|
|
|
{ "Direction", "netlink-netfilter.nfexp.nat.dir",
|
|
|
|
FT_UINT32, BASE_DEC, VALS(nfexp_conntrack_dir_vals), 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_nat_attr,
|
|
|
|
{ "Type", "netlink-netfilter.nfexp.nat",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfexp_nat_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_attr_timeout,
|
|
|
|
{ "Timeout", "netlink-netfilter.nfexp.timeout",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_attr_id,
|
|
|
|
{ "ID", "netlink-netfilter.nfexp.id",
|
|
|
|
FT_UINT32, BASE_HEX, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_attr_class,
|
|
|
|
{ "Class", "netlink-netfilter.nfexp.class",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_attr_zone,
|
|
|
|
{ "Zone", "netlink-netfilter.nfexp.zone",
|
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_attr_fn,
|
|
|
|
{ "Name", "netlink-netfilter.nfexp.fn",
|
|
|
|
FT_STRINGZ, BASE_NONE, NULL, 0x0,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_attr_flag_permanent,
|
|
|
|
{ "Permanent", "netlink-netfilter.nfexp.flags.permanent",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_PERMANENT,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_attr_flag_inactive,
|
|
|
|
{ "Inactive", "netlink-netfilter.nfexp.flags.inactive",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_INACTIVE,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_attr_flag_userspace,
|
|
|
|
{ "Userspace", "netlink-netfilter.nfexp.flags.userspace",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_USERSPACE,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_attr_flags,
|
|
|
|
{ "Flags", "netlink-netfilter.nfexp.flags",
|
|
|
|
FT_UINT32, BASE_HEX, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_attr,
|
|
|
|
{ "Type", "netlink-netfilter.exp.attr",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfexp_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_config_command_command,
|
|
|
|
{ "Command", "netlink-netfilter.queue.config.command.command",
|
|
|
|
FT_UINT8, BASE_DEC, VALS(nfq_config_command_vals), 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_config_command_pf,
|
|
|
|
{ "Protocol family", "netlink-netfilter.queue.config.command.pf",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfproto_family_vals), 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_config_params_copyrange,
|
|
|
|
{ "Copy range", "netlink-netfilter.queue.config.params.copy_range",
|
|
|
|
FT_UINT32, BASE_HEX, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_config_params_copymode,
|
|
|
|
{ "Copy mode", "netlink-netfilter.queue.config.params.copy_mode",
|
|
|
|
FT_UINT8, BASE_DEC, VALS(nfq_config_mode_vals), 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_config_queue_maxlen,
|
|
|
|
{ "Maximum queue length", "netlink-netfilter.queue.config.queue_maxlen",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_config_mask,
|
|
|
|
{ "Flags mask", "netlink-netfilter.queue.config.mask",
|
|
|
|
FT_UINT32, BASE_HEX, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_config_flags,
|
|
|
|
{ "Flags", "netlink-netfilter.queue.config.flags",
|
|
|
|
FT_UINT32, BASE_HEX, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_config_attr,
|
|
|
|
{ "Type", "netlink-netfilter.queue.config_attr",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfq_config_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_verdict_verdict,
|
|
|
|
{ "Verdict", "netlink-netfilter.queue.verdict.verdict",
|
|
|
|
FT_UINT32, BASE_DEC, VALS(nfq_verdict_vals), 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_verdict_id,
|
|
|
|
{ "Verdict ID", "netlink-netfilter.queue.verdict.id",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_packet_id,
|
|
|
|
{ "Packet ID", "netlink-netfilter.queue.packet.id",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_packet_hwprotocol,
|
|
|
|
{ "HW protocol", "netlink-netfilter.queue.packet.protocol",
|
|
|
|
FT_UINT16, BASE_HEX, VALS(etype_vals), 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_packet_hook,
|
|
|
|
{ "Netfilter hook", "netlink-netfilter.queue.packet.hook",
|
|
|
|
FT_UINT8, BASE_DEC, VALS(netfilter_hooks_vals), 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_nfmark,
|
|
|
|
{ "Mark", "netlink-netfilter.queue.nfmark",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_timestamp,
|
|
|
|
{ "Timestamp", "netlink-netfilter.queue.timestamp",
|
|
|
|
FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_ifindex_indev,
|
|
|
|
{ "IFINDEX_INDEV", "netlink-netfilter.queue.ifindex_indev",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_ifindex_outdev,
|
|
|
|
{ "IFINDEX_OUTDEV", "netlink-netfilter.queue.ifindex_outdev",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_ifindex_physindev,
|
|
|
|
{ "IFINDEX_PHYSINDEV", "netlink-netfilter.queue.ifindex_physindev",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_ifindex_physoutdev,
|
|
|
|
{ "IFINDEX_PHYSOUTDEV", "netlink-netfilter.queue.ifindex_physoutdev",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_hwaddr_len,
|
|
|
|
{ "Address length", "netlink-netfilter.queue.hwaddr.len",
|
|
|
|
FT_UINT16, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_hwaddr_addr,
|
|
|
|
{ "Address", "netlink-netfilter.queue.hwaddr.addr",
|
|
|
|
FT_ETHER, BASE_NONE, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_ctinfo,
|
|
|
|
{ "Conntrack info", "netlink-netfilter.queue.ct_info",
|
|
|
|
FT_UINT32, BASE_DEC, VALS(nfq_ctinfo_vals), 0x00,
|
|
|
|
"Connection state tracking info", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_caplen,
|
|
|
|
{ "Length of captured packet", "netlink-netfilter.queue.caplen",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
"Length of captured, untruncated packet", HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_uid,
|
|
|
|
{ "UID", "netlink-netfilter.queue.uid",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_gid,
|
|
|
|
{ "GID", "netlink-netfilter.queue.gid",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_attr,
|
|
|
|
{ "Type", "netlink-netfilter.queue.attr",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfq_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_netlink_netfilter_ulog_type,
|
|
|
|
{ "Type", "netlink-netfilter.ulog_type",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(netlink_netfilter_ulog_type_vals), 0x00FF,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_attr,
|
|
|
|
{ "Type", "netlink-netfilter.ipset_attr",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(ipset_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_cadt_attr,
|
|
|
|
{ "Type", "netlink-netfilter.ipset_cadt_attr",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(ipset_cadt_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_cadt_attr_cidr,
|
|
|
|
{ "CIDR", "netlink-netfilter.ipset.cidr",
|
|
|
|
FT_UINT8, BASE_DEC, NULL, 0x0,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_cadt_attr_timeout,
|
|
|
|
{ "Timeout", "netlink-netfilter.ipset.timeout",
|
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_cadt_attr_cadt_flags,
|
|
|
|
{ "Flags", "netlink-netfilter.ipset.cadt_flags",
|
|
|
|
FT_UINT32, BASE_HEX, NULL, 0x0,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_attr_setname,
|
|
|
|
{ "Setname", "netlink-netfilter.ipset.setname",
|
|
|
|
FT_STRINGZ, BASE_NONE, NULL, 0x0,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_attr_typename,
|
|
|
|
{ "Typename", "netlink-netfilter.ipset.typename",
|
|
|
|
FT_STRINGZ, BASE_NONE, NULL, 0x0,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_attr_family,
|
|
|
|
{ "Settype family", "netlink-netfilter.ipset.family",
|
|
|
|
FT_UINT8, BASE_DEC, VALS(nfproto_family_vals), 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_attr_flags,
|
|
|
|
{ "Flags", "netlink-netfilter.ipset.flags",
|
|
|
|
FT_UINT32, BASE_HEX, NULL, 0x0,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_adt_attr,
|
|
|
|
{ "Type", "netlink-netfilter.ipset_adt_attr",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(ipset_adt_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_adt_attr_comment,
|
|
|
|
{ "Comment", "netlink-netfilter.ipset.comment",
|
|
|
|
FT_STRINGZ, BASE_NONE, NULL, 0x0,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_ip_attr,
|
|
|
|
{ "Type", "netlink-netfilter.ipset_ip_attr",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(ipset_ip_attr_vals), NLA_TYPE_MASK,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_ip_attr_ipv4,
|
|
|
|
{ "IPv4 address", "netlink-netfilter.ipset.ip_addr",
|
|
|
|
FT_IPv4, BASE_NONE, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_ip_attr_ipv6,
|
|
|
|
{ "IPv6 address", "netlink-netfilter.ipset.ip6_addr",
|
|
|
|
FT_IPv6, BASE_NONE, NULL, 0x00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfexp_type,
|
|
|
|
{ "Type", "netlink-netfilter.exp_type",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfexp_type_vals), 0x00FF,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_nfq_type,
|
|
|
|
{ "Type", "netlink-netfilter.queue_type",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(nfq_type_vals), 0x00FF,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_ipset_command,
|
|
|
|
{ "Command", "netlink-netfilter.ipset_command",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(ipset_command_vals), 0x00FF,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
|
|
|
{ &hf_netlink_netfilter_subsys,
|
|
|
|
{ "Subsystem", "netlink-netfilter.subsys",
|
|
|
|
FT_UINT16, BASE_DEC, VALS(netlink_netfilter_subsystem_vals), 0xFF00,
|
|
|
|
NULL, HFILL }
|
|
|
|
},
|
2013-12-11 20:48:18 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_netlink_netfilter,
|
2017-12-04 00:09:17 +00:00
|
|
|
&ett_nfct_attr,
|
|
|
|
&ett_nfct_help_attr,
|
|
|
|
&ett_nfct_seqadj_attr,
|
|
|
|
&ett_nfct_status_attr,
|
|
|
|
&ett_nfct_tuple_attr,
|
|
|
|
&ett_nfct_tuple_ip_attr,
|
|
|
|
&ett_nfct_tuple_proto_attr,
|
2016-08-06 23:03:17 +00:00
|
|
|
&ett_nfq_config_attr,
|
|
|
|
&ett_nfq_attr,
|
2017-12-04 00:09:17 +00:00
|
|
|
&ett_nfexp_attr,
|
|
|
|
&ett_nfexp_flags_attr,
|
|
|
|
&ett_nfexp_nat_attr,
|
2016-08-12 15:24:54 +00:00
|
|
|
&ett_ipset_attr,
|
|
|
|
&ett_ipset_cadt_attr,
|
|
|
|
&ett_ipset_adt_attr,
|
|
|
|
&ett_ipset_ip_attr,
|
2013-12-11 20:48:18 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
proto_netlink_netfilter = proto_register_protocol("Linux netlink netfilter protocol", "netfilter", "netlink-netfilter" );
|
2021-12-11 15:33:27 +00:00
|
|
|
proto_register_field_array(proto_netlink_netfilter, hf, array_length(hf));
|
2013-12-11 20:48:18 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
|
2015-12-09 03:49:44 +00:00
|
|
|
netlink_netfilter = create_dissector_handle(dissect_netlink_netfilter, proto_netlink_netfilter);
|
2013-12-11 20:48:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_netlink_netfilter(void)
|
|
|
|
{
|
|
|
|
dissector_add_uint("netlink.protocol", WS_NETLINK_NETFILTER, netlink_netfilter);
|
|
|
|
|
2021-12-11 15:33:27 +00:00
|
|
|
nflog_handle = find_dissector_add_dependency("nflog", proto_netlink_netfilter);
|
2016-08-06 23:03:17 +00:00
|
|
|
ethertype_table = find_dissector_table("ethertype");
|
2013-12-11 20:48:18 +00:00
|
|
|
}
|
2014-10-05 19:57:05 +00:00
|
|
|
|
|
|
|
/*
|
2019-07-26 18:43:17 +00:00
|
|
|
* Editor modelines - https://www.wireshark.org/tools/modelines.html
|
2014-10-05 19:57:05 +00:00
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
*/
|