Re: [PATCH 5/8] netlink: add a basic socket diag parser of AF_INET messages

Dmitry V. Levin Tue, 13 Jun 2017 13:32:57 -0700

On Tue, Jun 13, 2017 at 10:13:22PM +0800, JingPiao Chen wrote:
> * defs.h (inet_protocols): New xlat prototype.
> * linux/inet_diag.h (inet_diag_req): New structure.
> (INET_DIAG_*): New enum.
> * netlink_sock_diag.c: Include <arpa/inet.h>, <linux/inet_diag.h>
> and "xlat/inet_diag_extended_flags.h".
> (print_inet_diag_sockid, decode_inet_diag_req_compat)
> (decode_inet_diag_req_v2, decode_inet_diag_req)
> (decode_inet_diag_msg): New functions.
> (diag_decoders): Add AF_INET.
> * xlat/inet_diag_extended_flags.in: New file.
> 
> Co-authored-by: Fabien Siron <fabien.si...@epita.fr>
> ---
>  defs.h                           |   1 +
>  linux/inet_diag.h                |  36 +++++++++++-
>  netlink_sock_diag.c              | 122 
> +++++++++++++++++++++++++++++++++++++++
>  xlat/inet_diag_extended_flags.in |  16 +++++
>  4 files changed, 174 insertions(+), 1 deletion(-)
>  create mode 100644 xlat/inet_diag_extended_flags.in
> 
> diff --git a/defs.h b/defs.h
> index f7d25f0..0b32b24 100644
> --- a/defs.h
> +++ b/defs.h
> @@ -293,6 +293,7 @@ extern const struct xlat clocknames[];
>  extern const struct xlat dirent_types[];
>  extern const struct xlat ethernet_protocols[];
>  extern const struct xlat evdev_abs[];
> +extern const struct xlat inet_protocols[];
>  extern const struct xlat msg_flags[];
>  extern const struct xlat netlink_protocols[];
>  extern const struct xlat open_access_modes[];
> diff --git a/linux/inet_diag.h b/linux/inet_diag.h
> index 69012af..7302c87 100644
> --- a/linux/inet_diag.h
> +++ b/linux/inet_diag.h
> @@ -14,7 +14,17 @@ struct inet_diag_sockid {
>       uint32_t idiag_cookie[2];
>  };
>  
> -/* Request structure */
> +/* Request structures */
> +struct inet_diag_req {
> +     uint8_t idiag_family;
> +     uint8_t idiag_src_len;
> +     uint8_t idiag_dst_len;
> +     uint8_t idiag_ext;
> +     struct inet_diag_sockid id;
> +     uint32_t idiag_states;
> +     uint32_t idiag_dbs;
> +};
> +
>  struct inet_diag_req_v2 {
>       uint8_t sdiag_family;
>       uint8_t sdiag_protocol;
> @@ -40,4 +50,28 @@ struct inet_diag_msg {
>       uint32_t idiag_inode;
>  };
>  
> +/* Extensions */
> +enum {
> +     INET_DIAG_NONE,
> +     INET_DIAG_MEMINFO,
> +     INET_DIAG_INFO,
> +     INET_DIAG_VEGASINFO,
> +     INET_DIAG_CONG,
> +     INET_DIAG_TOS,
> +     INET_DIAG_TCLASS,
> +     INET_DIAG_SKMEMINFO,
> +     INET_DIAG_SHUTDOWN,
> +     INET_DIAG_DCTCPINFO,
> +     INET_DIAG_PROTOCOL,  /* response attribute only */
> +     INET_DIAG_SKV6ONLY,
> +     INET_DIAG_LOCALS,
> +     INET_DIAG_PEERS,
> +     INET_DIAG_PAD,
> +     INET_DIAG_MARK,
> +     INET_DIAG_BBRINFO,
> +     __INET_DIAG_MAX,
> +};
> +
> +#define INET_DIAG_MAX (__INET_DIAG_MAX - 1)


I don't think we need __INET_DIAG_MAX or INET_DIAG_MAX.

> +
>  #endif /* !STRACE_LINUX_INET_DIAG_H */
> diff --git a/netlink_sock_diag.c b/netlink_sock_diag.c
> index 3f153a8..7467d1a 100644
> --- a/netlink_sock_diag.c
> +++ b/netlink_sock_diag.c
> @@ -30,11 +30,15 @@
>  #include "defs.h"
>  
>  #include <sys/socket.h>
> +#include <arpa/inet.h>
> +#include <linux/inet_diag.h>
>  #include <linux/netlink.h>
>  #include <linux/netlink_diag.h>
>  #include <linux/packet_diag.h>
>  #include <linux/unix_diag.h>
>  
> +#include "xlat/inet_diag_extended_flags.h"
> +
>  #include "xlat/tcp_states.h"
>  #include "xlat/tcp_state_flags.h"
>  
> @@ -210,9 +214,127 @@ decode_packet_diag_msg(struct tcb *const tcp,
>       return true;
>  }
>  
> +static void
> +print_inet_diag_sockid(const struct inet_diag_sockid *id, const uint8_t 
> family)
> +{
> +     tprintf("{idiag_sport=htons(%u), idiag_dport=htons(%u)",
> +             ntohs(id->idiag_sport), ntohs(id->idiag_dport));
> +     int text_size = family == AF_INET ?
> +             INET_ADDRSTRLEN : INET6_ADDRSTRLEN;
> +     char buf[text_size];
> +
> +     inet_ntop(family, id->idiag_src, buf, text_size);
> +     tprintf(", inet_pton(%s, \"%s\", idiag_src)",
> +             family == AF_INET ? "AF_INET" : "AF_INET6", buf);
> +
> +     inet_ntop(family, id->idiag_dst, buf, text_size);
> +     tprintf(", inet_pton(%s, \"%s\", idiag_dst)",
> +             family == AF_INET ? "AF_INET" : "AF_INET6", buf);

As "family" is untrusted input, we cannot assume it's either AF_INET or
AF_INET6.  In fact, inet_ntop currently supports AF_INET and AF_INET6
only, so I wouldn't bother invoking inet_ntop with any other address
family argument.


-- 
ldv

signature.asc
Description: PGP signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Strace-devel mailing list
Strace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/strace-devel

Re: [PATCH 5/8] netlink: add a basic socket diag parser of AF_INET messages

Reply via email to