netlink: decode NFNL_SUBSYS_HOOK message types and flags

Introduced by Linux commit v5.14-rc1~119^2~257^2~4. * bundled/linux/include/uapi/linux/netfilter/nfnetlink_hook.h: New file, copied from headers_install'ed Linux kernel v5.14-rc4. * bundled/Makefile.am (EXTRA_DIST): Add it. * src/xlat/nf_hook_msg_types.in: New file. * src/xlat/nl_netfilter_subsys_ids.in (NFNL_SUBSYS_HOOK): New constant. * src/netlink.c: Include <linux/netfilter/nfnetlink_hook.h> and "xlat/nf_hook_msg_types.h". (nf_nlmsg_types) <[NFNL_SUBSYS_HOOK]>: New record. (decode_nlmsg_flags_netfilter) <case NFNL_SUBSYS_HOOK>: Provide flags for NFNL_MSG_HOOK_GET.
author: Eugene Syromyatnikov <evgsyr@gmail.com> 2021-08-04 13:44:43 +0200
committer: Dmitry V. Levin <ldv@strace.io> 2021-08-04 11:44:43 +0000
commit: 4fa998b179753d13fb54035d56f9618907c9c690 (patch)
tree: 1683861ed9aee584d4928badccf76e8047d8f6c1
parent: ac0b2235e4cc11934a8f2cfee81771e192e984c1 (diff)
download: strace-4fa998b179753d13fb54035d56f9618907c9c690.tar.gz
5 files changed, 70 insertions, 1 deletions
diff --git a/bundled/Makefile.am b/bundled/Makefile.am
index 422ee5943..a65d2719d 100644
--- a/bundled/Makefile.am
+++ b/bundled/Makefile.am
@@ -72,6 +72,7 @@ EXTRA_DIST = \
 	linux/include/uapi/linux/netfilter/nfnetlink_conntrack.h \
 	linux/include/uapi/linux/netfilter/nfnetlink_cthelper.h \
 	linux/include/uapi/linux/netfilter/nfnetlink_cttimeout.h \
+	linux/include/uapi/linux/netfilter/nfnetlink_hook.h \
 	linux/include/uapi/linux/netfilter/nfnetlink_log.h \
 	linux/include/uapi/linux/netfilter/nfnetlink_osf.h \
 	linux/include/uapi/linux/netfilter/nfnetlink_queue.h \
diff --git a/bundled/linux/include/uapi/linux/netfilter/nfnetlink_hook.h b/bundled/linux/include/uapi/linux/netfilter/nfnetlink_hook.h
new file mode 100644
index 000000000..912ec60b2
--- /dev/null
+++ b/bundled/linux/include/uapi/linux/netfilter/nfnetlink_hook.h
@@ -0,0 +1,55 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _NFNL_HOOK_H_
+#define _NFNL_HOOK_H_
+
+enum nfnl_hook_msg_types {
+	NFNL_MSG_HOOK_GET,
+	NFNL_MSG_HOOK_MAX,
+};
+
+/**
+ * enum nfnl_hook_attributes - netfilter hook netlink attributes
+ *
+ * @NFNLA_HOOK_HOOKNUM: netfilter hook number (NLA_U32)
+ * @NFNLA_HOOK_PRIORITY: netfilter hook priority (NLA_U32)
+ * @NFNLA_HOOK_DEV: netdevice name (NLA_STRING)
+ * @NFNLA_HOOK_FUNCTION_NAME: hook function name (NLA_STRING)
+ * @NFNLA_HOOK_MODULE_NAME: kernel module that registered this hook (NLA_STRING)
+ * @NFNLA_HOOK_CHAIN_INFO: basechain hook metadata (NLA_NESTED)
+ */
+enum nfnl_hook_attributes {
+	NFNLA_HOOK_UNSPEC,
+	NFNLA_HOOK_HOOKNUM,
+	NFNLA_HOOK_PRIORITY,
+	NFNLA_HOOK_DEV,
+	NFNLA_HOOK_FUNCTION_NAME,
+	NFNLA_HOOK_MODULE_NAME,
+	NFNLA_HOOK_CHAIN_INFO,
+	__NFNLA_HOOK_MAX
+};
+#define NFNLA_HOOK_MAX		(__NFNLA_HOOK_MAX - 1)
+
+/**
+ * enum nfnl_hook_chain_info_attributes - chain description
+ *
+ * NFNLA_HOOK_INFO_DESC: nft chain and table name (enum nft_table_attributes) (NLA_NESTED)
+ * NFNLA_HOOK_INFO_TYPE: chain type (enum nfnl_hook_chaintype) (NLA_U32)
+ */
+enum nfnl_hook_chain_info_attributes {
+	NFNLA_HOOK_INFO_UNSPEC,
+	NFNLA_HOOK_INFO_DESC,
+	NFNLA_HOOK_INFO_TYPE,
+	__NFNLA_HOOK_INFO_MAX,
+};
+#define NFNLA_HOOK_INFO_MAX (__NFNLA_HOOK_INFO_MAX - 1)
+
+/**
+ * enum nfnl_hook_chaintype - chain type
+ *
+ * @NFNL_HOOK_TYPE_NFTABLES nf_tables base chain
+ */
+enum nfnl_hook_chaintype {
+	NFNL_HOOK_TYPE_NFTABLES = 0x1,
+};
+
+#endif /* _NFNL_HOOK_H */
diff --git a/src/netlink.c b/src/netlink.c
index e8295a8c4..d8e4efece 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -22,6 +22,7 @@
 #include <linux/netfilter/nfnetlink_conntrack.h>
 #include <linux/netfilter/nfnetlink_cthelper.h>
 #include <linux/netfilter/nfnetlink_cttimeout.h>
+#include <linux/netfilter/nfnetlink_hook.h>
 #include <linux/netfilter/nfnetlink_log.h>
 #include <linux/netfilter/nfnetlink_queue.h>
 #include <linux/netfilter/nfnetlink_osf.h>
@@ -37,6 +38,7 @@
 #include "xlat/nf_ctnetlink_exp_msg_types.h"
 #include "xlat/nf_ctnetlink_msg_types.h"
 #include "xlat/nf_cttimeout_msg_types.h"
+#include "xlat/nf_hook_msg_types.h"
 #include "xlat/nf_ipset_msg_types.h"
 #include "xlat/nf_nft_compat_msg_types.h"
 #include "xlat/nf_nftables_msg_types.h"
@@ -153,7 +155,8 @@ static const struct {
 	[NFNL_SUBSYS_NFT_COMPAT] = {
 		nf_nft_compat_msg_types,
 		"NFNL_MSG_COMPAT_???"
-	}
+	},
+	[NFNL_SUBSYS_HOOK] = { nf_hook_msg_types, "NFT_MSG_HOOK_???" },
 };
 
 static void
@@ -357,6 +360,12 @@ decode_nlmsg_flags_netfilter(const uint16_t type)
 			return netlink_get_flags;
 		}
 		break;
+	case NFNL_SUBSYS_HOOK:
+		switch (msg_type) {
+		case NFNL_MSG_HOOK_GET:
+			return netlink_get_flags;
+		}
+		break;
 	}
 
 	return NULL;
diff --git a/src/xlat/nf_hook_msg_types.in b/src/xlat/nf_hook_msg_types.in
new file mode 100644
index 000000000..5769bcca8
--- /dev/null
+++ b/src/xlat/nf_hook_msg_types.in
@@ -0,0 +1,3 @@
+#unconditional
+#value_indexed
+NFNL_MSG_HOOK_GET
diff --git a/src/xlat/nl_netfilter_subsys_ids.in b/src/xlat/nl_netfilter_subsys_ids.in
index 995dcd02f..513b41c8e 100644
--- a/src/xlat/nl_netfilter_subsys_ids.in
+++ b/src/xlat/nl_netfilter_subsys_ids.in
@@ -12,3 +12,4 @@ NFNL_SUBSYS_CTNETLINK_TIMEOUT
 NFNL_SUBSYS_CTHELPER
 NFNL_SUBSYS_NFTABLES
 NFNL_SUBSYS_NFT_COMPAT
+NFNL_SUBSYS_HOOK
author	Eugene Syromyatnikov <evgsyr@gmail.com>	2021-08-04 13:44:43 +0200
committer	Dmitry V. Levin <ldv@strace.io>	2021-08-04 11:44:43 +0000
commit	4fa998b179753d13fb54035d56f9618907c9c690 (patch)
tree	1683861ed9aee584d4928badccf76e8047d8f6c1
parent	ac0b2235e4cc11934a8f2cfee81771e192e984c1 (diff)
download	strace-4fa998b179753d13fb54035d56f9618907c9c690.tar.gz