search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-netlink-netfilter.c
blobfb5fc360634dce9c158e87f0971030642665c2f7
1 /* packet-netlink-netfilter.c
2 *
3 * Wireshark - Network traffic analyzer
4 * By Gerald Combs <gerald@wireshark.org>
5 * Copyright 1998 Gerald Combs
6 *
7 * SPDX-License-Identifier: GPL-2.0-or-later
8 */
9
10 #include "config.h"
11
12 #include <epan/aftypes.h>
13 #include <epan/etypes.h>
14 #include <epan/packet.h>
15 #include "packet-netlink.h"
16
17 void proto_register_netlink_netfilter(void);
18 void proto_reg_handoff_netlink_netfilter(void);
19
20 typedef struct {
21 packet_info *pinfo;
22 uint16_t hw_protocol; /* protocol for NFQUEUE packet payloads. */
23 } netlink_netfilter_info_t;
24
25
26 static dissector_handle_t netlink_netfilter;
27 static dissector_handle_t nflog_handle;
28 static dissector_table_t ethertype_table;
29
30 /* nfnetlink subsystems from <include/uapi/linux/netfilter/nfnetlink.h> */
31 enum {
32 WS_NFNL_SUBSYS_NONE = 0,
33 WS_NFNL_SUBSYS_CTNETLINK = 1,
34 WS_NFNL_SUBSYS_CTNETLINK_EXP = 2,
35 WS_NFNL_SUBSYS_QUEUE = 3,
36 WS_NFNL_SUBSYS_ULOG = 4,
37 WS_NFNL_SUBSYS_OSF = 5,
38 WS_NFNL_SUBSYS_IPSET = 6,
39 WS_NFNL_SUBSYS_ACCT = 7,
40 WS_NFNL_SUBSYS_CTNETLINK_TIMEOUT = 8,
41 WS_NFNL_SUBSYS_CTHELPER = 9,
42 WS_NFNL_SUBSYS_NFTABLES = 10,
43 WS_NFNL_SUBSYS_NFT_COMPAT = 11,
44 WS_NFNL_SUBSYS_HOOK = 12,
45 WS_NFNL_SUBSYS_COUNT = 13,
46 };
47
48 /* nfnetlink ULOG subsystem types from <include/uapi/linux/netfilter/nfnetlink_log.h> */
49 enum ws_nfulnl_msg_types {
50 WS_NFULNL_MSG_PACKET = 0,
51 WS_NFULNL_MSG_CONFIG = 1
52 };
53
54 /* Macros for "hook function responses" from <include/uapi/linux/netfilter.h> */
55 enum ws_verdict_types {
56 WS_NF_DROP = 0,
57 WS_NF_ACCEPT = 1,
58 WS_NF_STOLEN = 2,
59 WS_NF_QUEUE = 3,
60 WS_NF_REPEAT = 4,
61 WS_NF_STOP = 5,
62 };
63
64 enum ws_nf_inet_hooks {
65 WS_NF_INET_PRE_ROUTING = 0,
66 WS_NF_INET_LOCAL_IN = 1,
67 WS_NF_INET_FORWARD = 2,
68 WS_NF_INET_LOCAL_OUT = 3,
69 WS_NF_INET_POST_ROUTING = 4,
70 WS_NF_INET_NUMHOOKS = 5,
71 };
72
73 /* from <include/uapi/linux/netfilter/nf_conntrack_common.h> */
74 enum ws_ip_conntrack_info {
75 WS_IP_CT_ESTABLISHED,
76 WS_IP_CT_RELATED,
77 WS_IP_CT_NEW,
78 WS_IP_CT_IS_REPLY,
79 WS_IP_CT_ESTABLISHED_REPLY = WS_IP_CT_ESTABLISHED + WS_IP_CT_IS_REPLY,
80 WS_IP_CT_RELATED_REPLY = WS_IP_CT_RELATED + WS_IP_CT_IS_REPLY,
81 WS_IP_CT_NUMBER,
82 };
83
84 enum ws_ip_conntrack_status {
85 WS_IPS_EXPECTED_BIT = 0,
86 WS_IPS_EXPECTED = (1 << WS_IPS_EXPECTED_BIT),
87 WS_IPS_SEEN_REPLY_BIT = 1,
88 WS_IPS_SEEN_REPLY = (1 << WS_IPS_SEEN_REPLY_BIT),
89 WS_IPS_ASSURED_BIT = 2,
90 WS_IPS_ASSURED = (1 << WS_IPS_ASSURED_BIT),
91 WS_IPS_CONFIRMED_BIT = 3,
92 WS_IPS_CONFIRMED = (1 << WS_IPS_CONFIRMED_BIT),
93 WS_IPS_SRC_NAT_BIT = 4,
94 WS_IPS_SRC_NAT = (1 << WS_IPS_SRC_NAT_BIT),
95 WS_IPS_DST_NAT_BIT = 5,
96 WS_IPS_DST_NAT = (1 << WS_IPS_DST_NAT_BIT),
97 WS_IPS_SEQ_ADJUST_BIT = 6,
98 WS_IPS_SEQ_ADJUST = (1 << WS_IPS_SEQ_ADJUST_BIT),
99 WS_IPS_SRC_NAT_DONE_BIT = 7,
100 WS_IPS_SRC_NAT_DONE = (1 << WS_IPS_SRC_NAT_DONE_BIT),
101 WS_IPS_DST_NAT_DONE_BIT = 8,
102 WS_IPS_DST_NAT_DONE = (1 << WS_IPS_DST_NAT_DONE_BIT),
103 WS_IPS_DYING_BIT = 9,
104 WS_IPS_DYING = (1 << WS_IPS_DYING_BIT),
105 WS_IPS_FIXED_TIMEOUT_BIT = 10,
106 WS_IPS_FIXED_TIMEOUT = (1 << WS_IPS_FIXED_TIMEOUT_BIT),
107 WS_IPS_TEMPLATE_BIT = 11,
108 WS_IPS_TEMPLATE = (1 << WS_IPS_TEMPLATE_BIT),
109 WS_IPS_UNTRACKED_BIT = 12,
110 WS_IPS_UNTRACKED = (1 << WS_IPS_UNTRACKED_BIT),
111 WS_IPS_HELPER_BIT = 13,
112 WS_IPS_HELPER = (1 << WS_IPS_HELPER_BIT),
113 WS_IPS_OFFLOAD_BIT = 14,
114 WS_IPS_OFFLOAD = (1 << WS_IPS_OFFLOAD_BIT),
115 WS_IPS_HW_OFFLOAD_BIT = 15,
116 WS_IPS_HW_OFFLOAD = (1 << WS_IPS_HW_OFFLOAD_BIT),
117 };
118
119 enum nfexp_flags {
120 WS_NF_CT_EXPECT_PERMANENT = (1 << 0),
121 WS_NF_CT_EXPECT_INACTIVE = (1 << 1),
122 WS_NF_CT_EXPECT_USERSPACE = (1 << 2),
123 };
124
125 /* from <include/uapi/linux/netfilter/nf_conntrack_tuple_common.h> */
126 enum ws_ip_conntrack_dir {
127 WS_IP_CT_DIR_ORIGINAL = 0,
128 WS_IP_CT_DIR_REPLY = 1,
129 };
130
131 /* nfnetlink QUEUE subsystem types from <include/uapi/linux/netfilter/nfnetlink_queue.h> */
132 enum ws_nfqnl_msg_types {
133 WS_NFQNL_MSG_PACKET = 0,
134 WS_NFQNL_MSG_VERDICT = 1,
135 WS_NFQNL_MSG_CONFIG = 2,
136 WS_NFQNL_MSG_VERDICT_BATCH = 3
137 };
138
139 enum ws_nfqnl_attr_type {
140 WS_NFQA_UNSPEC = 0,
141 WS_NFQA_PACKET_HDR = 1,
142 WS_NFQA_VERDICT_HDR = 2,
143 WS_NFQA_MARK = 3,
144 WS_NFQA_TIMESTAMP = 4,
145 WS_NFQA_IFINDEX_INDEV = 5,
146 WS_NFQA_IFINDEX_OUTDEV = 6,
147 WS_NFQA_IFINDEX_PHYSINDEV = 7,
148 WS_NFQA_IFINDEX_PHYSOUTDEV = 8,
149 WS_NFQA_HWADDR = 9,
150 WS_NFQA_PAYLOAD = 10,
151 WS_NFQA_CT = 11,
152 WS_NFQA_CT_INFO = 12,
153 WS_NFQA_CAP_LEN = 13,
154 WS_NFQA_SKB_INFO = 14,
155 WS_NFQA_EXP = 15,
156 WS_NFQA_UID = 16,
157 WS_NFQA_GID = 17,
158 WS_NFQA_SECCTX = 18,
159 WS_NFQA_VLAN = 19,
160 WS_NFQA_L2HDR = 20,
161 WS_NFQA_PRIORITY = 21,
162 };
163
164 enum ws_nfqnl_msg_config_cmds {
165 WS_NFQNL_CFG_CMD_NONE = 0,
166 WS_NFQNL_CFG_CMD_BIND = 1,
167 WS_NFQNL_CFG_CMD_UNBIND = 2,
168 WS_NFQNL_CFG_CMD_PF_BIND = 3,
169 WS_NFQNL_CFG_CMD_PF_UNBIND = 4,
170 };
171
172 enum ws_nfqnl_config_mode {
173 WS_NFQNL_COPY_NONE = 0,
174 WS_NFQNL_COPY_META = 1,
175 WS_NFQNL_COPY_PACKET = 2,
176 };
177
178 enum ws_nfqnl_attr_config {
179 WS_NFQA_CFG_UNSPEC = 0,
180 WS_NFQA_CFG_CMD = 1,
181 WS_NFQA_CFG_PARAMS = 2,
182 WS_NFQA_CFG_QUEUE_MAXLEN = 3,
183 WS_NFQA_CFG_MASK = 4,
184 WS_NFQA_CFG_FLAGS = 5,
185 };
186
187 /* from <include/uapi/linux/netfilter/nfnetlink_conntrack.h> */
188 enum ws_ctattr_tuple {
189 WS_CTA_TUPLE_UNSPEC = 0,
190 WS_CTA_TUPLE_IP = 1,
191 WS_CTA_TUPLE_PROTO = 2,
192 WS_CTA_TUPLE_ZONE = 3,
193 };
194
195 enum ws_ctattr_ip {
196 WS_CTA_IP_UNSPEC = 0,
197 WS_CTA_IP_V4_SRC = 1,
198 WS_CTA_IP_V4_DST = 2,
199 WS_CTA_IP_V6_SRC = 3,
200 WS_CTA_IP_V6_DST = 4,
201 };
202
203 enum ws_ctattr_l4proto {
204 WS_CTA_PROTO_UNSPEC = 0,
205 WS_CTA_PROTO_NUM = 1,
206 WS_CTA_PROTO_SRC_PORT = 2,
207 WS_CTA_PROTO_DST_PORT = 3,
208 WS_CTA_PROTO_ICMP_ID = 4,
209 WS_CTA_PROTO_ICMP_TYPE = 5,
210 WS_CTA_PROTO_ICMP_CODE = 6,
211 WS_CTA_PROTO_ICMPV6_ID = 7,
212 WS_CTA_PROTO_ICMPV6_TYPE = 8,
213 WS_CTA_PROTO_ICMPV6_CODE = 9,
214 };
215
216 enum ws_ctnl_exp_msg_types {
217 WS_IPCTNL_MSG_EXP_NEW = 0,
218 WS_IPCTNL_MSG_EXP_GET = 1,
219 WS_IPCTNL_MSG_EXP_DELETE = 2,
220 WS_IPCTNL_MSG_EXP_GET_STATS_CPU = 3,
221 };
222
223 enum ws_ctattr_expect {
224 WS_CTA_EXPECT_UNSPEC = 0,
225 WS_CTA_EXPECT_MASTER = 1,
226 WS_CTA_EXPECT_TUPLE = 2,
227 WS_CTA_EXPECT_MASK = 3,
228 WS_CTA_EXPECT_TIMEOUT = 4,
229 WS_CTA_EXPECT_ID = 5,
230 WS_CTA_EXPECT_HELP_NAME = 6,
231 WS_CTA_EXPECT_ZONE = 7,
232 WS_CTA_EXPECT_FLAGS = 8,
233 WS_CTA_EXPECT_CLASS = 9,
234 WS_CTA_EXPECT_NAT = 10,
235 WS_CTA_EXPECT_FN = 11,
236 };
237
238 enum ws_ctattr_expect_nat {
239 WS_CTA_EXPECT_NAT_UNSPEC = 0,
240 WS_CTA_EXPECT_NAT_DIR = 1,
241 WS_CTA_EXPECT_NAT_TUPLE = 2,
242 };
243
244 enum ws_ctattr_type {
245 WS_CTA_UNSPEC = 0,
246 WS_CTA_TUPLE_ORIG = 1,
247 WS_CTA_TUPLE_REPLY = 2,
248 WS_CTA_STATUS = 3,
249 WS_CTA_PROTOINFO = 4,
250 WS_CTA_HELP = 5,
251 WS_CTA_NAT_SRC = 6,
252 WS_CTA_TIMEOUT = 7,
253 WS_CTA_MARK = 8,
254 WS_CTA_COUNTERS_ORIG = 9,
255 WS_CTA_COUNTERS_REPLY = 10,
256 WS_CTA_USE = 11,
257 WS_CTA_ID = 12,
258 WS_CTA_NAT_DST = 13,
259 WS_CTA_TUPLE_MASTER = 14,
260 WS_CTA_SEQ_ADJ_ORIG = 15,
261 WS_CTA_SEQ_ADJ_REPLY = 16,
262 WS_CTA_SECMARK = 17,
263 WS_CTA_ZONE = 18,
264 WS_CTA_SECCTX = 19,
265 WS_CTA_TIMESTAMP = 20,
266 WS_CTA_MARK_MASK = 21,
267 WS_CTA_LABELS = 22,
268 WS_CTA_LABELS_MASK = 23,
269 WS_CTA_SYNPROXY = 24,
270 WS_CTA_FILTER = 25,
271 WS_CTA_STATUS_MASK = 26,
272 };
273
274 enum ws_ctattr_help {
275 WS_CTA_HELP_UNSPEC = 0,
276 WS_CTA_HELP_NAME = 1,
277 WS_CTA_HELP_INFO = 2,
278 };
279
280 enum ws_ctattr_seqadj {
281 WS_CTA_SEQADJ_UNSPEC = 0,
282 WS_CTA_SEQADJ_CORRECTION_POS = 1,
283 WS_CTA_SEQADJ_OFFSET_BEFORE = 2,
284 WS_CTA_SEQADJ_OFFSET_AFTER = 3,
285 };
286
287 /* from <include/uapi/linux/netfilter/ipset/ip_set.h> */
288 enum ws_ipset_cmd {
289 WS_IPSET_CMD_NONE = 0,
290 WS_IPSET_CMD_PROTOCOL = 1,
291 WS_IPSET_CMD_CREATE = 2,
292 WS_IPSET_CMD_DESTROY = 3,
293 WS_IPSET_CMD_FLUSH = 4,
294 WS_IPSET_CMD_RENAME = 5,
295 WS_IPSET_CMD_SWAP = 6,
296 WS_IPSET_CMD_LIST = 7,
297 WS_IPSET_CMD_SAVE = 8,
298 WS_IPSET_CMD_ADD = 9,
299 WS_IPSET_CMD_DEL = 10,
300 WS_IPSET_CMD_TEST = 11,
301 WS_IPSET_CMD_HEADER = 12,
302 WS_IPSET_CMD_TYPE = 13,
303 WS_IPSET_CMD_GET_BYNAME = 14,
304 WS_IPSET_CMD_GET_BYINDEX = 15,
305 };
306
307 /* Attributes at command level */
308 enum ws_ipset_attr {
309 WS_IPSET_ATTR_PROTOCOL = 1,
310 WS_IPSET_ATTR_SETNAME = 2,
311 WS_IPSET_ATTR_TYPENAME = 3,
312 WS_IPSET_ATTR_REVISION = 4,
313 WS_IPSET_ATTR_FAMILY = 5,
314 WS_IPSET_ATTR_FLAGS = 6,
315 WS_IPSET_ATTR_DATA = 7,
316 WS_IPSET_ATTR_ADT = 8,
317 WS_IPSET_ATTR_LINENO = 9,
318 WS_IPSET_ATTR_PROTOCOL_MIN = 10,
319 WS_IPSET_ATTR_INDEX = 11,
320 };
321
322 /* CADT-specific attributes (Create/Abstract Data Type) */
323 enum ws_ipset_cadt_attr {
324 WS_IPSET_ATTR_IP_FROM = 1,
325 WS_IPSET_ATTR_IP_TO = 2,
326 WS_IPSET_ATTR_CIDR = 3,
327 WS_IPSET_ATTR_PORT_FROM = 4,
328 WS_IPSET_ATTR_PORT_TO = 5,
329 WS_IPSET_ATTR_TIMEOUT = 6,
330 WS_IPSET_ATTR_PROTO = 7,
331 WS_IPSET_ATTR_CADT_FLAGS = 8,
332 WS_IPSET_ATTR_CADT_LINENO = 9,
333 WS_IPSET_ATTR_MARK = 10,
334 WS_IPSET_ATTR_MARKMASK = 11,
335 WS_IPSET_ATTR_BITMASK = 12,
336 /* (reserved up to 16) */
337 #define WS_IPSET_ATTR_CADT_MAX 16
338 WS_IPSET_ATTR_INITVAL = 17,
339 WS_IPSET_ATTR_HASHSIZE = 18,
340 WS_IPSET_ATTR_MAXELEM = 19,
341 WS_IPSET_ATTR_NETMASK = 20,
342 WS_IPSET_ATTR_BUCKETSIZE = 21,
343 WS_IPSET_ATTR_RESIZE = 22,
344 WS_IPSET_ATTR_SIZE = 23,
345 WS_IPSET_ATTR_ELEMENTS = 24,
346 WS_IPSET_ATTR_REFERENCES = 25,
347 WS_IPSET_ATTR_MEMSIZE = 26,
348 };
349
350 /* ADT-specific attributes */
351 enum ws_ipset_adt_attr {
352 WS_IPSET_ATTR_ETHER = 17,
353 WS_IPSET_ATTR_NAME = 18,
354 WS_IPSET_ATTR_NAMEREF = 19,
355 WS_IPSET_ATTR_IP2 = 20,
356 WS_IPSET_ATTR_CIDR2 = 21,
357 WS_IPSET_ATTR_IP2_TO = 22,
358 WS_IPSET_ATTR_IFACE = 23,
359 WS_IPSET_ATTR_BYTES = 24,
360 WS_IPSET_ATTR_PACKETS = 25,
361 WS_IPSET_ATTR_COMMENT = 26,
362 WS_IPSET_ATTR_SKBMARK = 27,
363 WS_IPSET_ATTR_SKBPRIO = 28,
364 WS_IPSET_ATTR_SKBQUEUE = 29,
365 WS_IPSET_ATTR_PAD = 30,
366 };
367
368 /* IP specific attributes */
369 enum ws_ipset_ip_attr {
370 WS_IPSET_ATTR_IPADDR_IPV4 = 1,
371 WS_IPSET_ATTR_IPADDR_IPV6 = 2,
372 };
373
374 /* Netfilter commands from <include/uapi/linux/netfilter/netfilter.h> */
375 enum nf_tables_msg_types {
376 WS_NFT_MSG_NEWTABLE = 0,
377 WS_NFT_MSG_GETTABLE = 1,
378 WS_NFT_MSG_DELTABLE = 2,
379 WS_NFT_MSG_NEWCHAIN = 3,
380 WS_NFT_MSG_GETCHAIN = 4,
381 WS_NFT_MSG_DELCHAIN = 5,
382 WS_NFT_MSG_NEWRULE = 6,
383 WS_NFT_MSG_GETRULE = 7,
384 WS_NFT_MSG_DELRULE = 8,
385 WS_NFT_MSG_NEWSET = 9,
386 WS_NFT_MSG_GETSET = 10,
387 WS_NFT_MSG_DELSET = 11,
388 WS_NFT_MSG_NEWSETELEM = 12,
389 WS_NFT_MSG_GETSETELEM = 13,
390 WS_NFT_MSG_DELSETELEM = 14,
391 WS_NFT_MSG_NEWGEN = 15,
392 WS_NFT_MSG_GETGEN = 16,
393 WS_NFT_MSG_TRACE = 17,
394 WS_NFT_MSG_NEWOBJ = 18,
395 WS_NFT_MSG_GETOBJ = 19,
396 WS_NFT_MSG_DELOBJ = 20,
397 WS_NFT_MSG_GETOBJ_RESET = 21,
398 WS_NFT_MSG_NEWFLOWTABLE = 22,
399 WS_NFT_MSG_GETFLOWTABLE = 23,
400 WS_NFT_MSG_DELFLOWTABLE = 24,
401 WS_NFT_MSG_GETRULE_RESET = 25,
402 WS_NFT_MSG_DESTROYTABLE = 26,
403 WS_NFT_MSG_DESTROYCHAIN = 27,
404 WS_NFT_MSG_DESTROYRULE = 28,
405 WS_NFT_MSG_DESTROYSET = 29,
406 WS_NFT_MSG_DESTROYSETELEM = 30,
407 WS_NFT_MSG_DESTROYOBJ = 31,
408 WS_NFT_MSG_DESTROYFLOWTABLE = 32,
409 WS_NFT_MSG_GETSETELEM_RESET = 33,
410 };
411
412 static int proto_netlink_netfilter;
413
414 static int hf_ipset_adt_attr;
415 static int hf_ipset_adt_attr_comment;
416 static int hf_ipset_attr;
417 static int hf_ipset_attr_family;
418 static int hf_ipset_attr_flags;
419 static int hf_ipset_attr_setname;
420 static int hf_ipset_attr_typename;
421 static int hf_ipset_cadt_attr;
422 static int hf_ipset_cadt_attr_cadt_flags;
423 static int hf_ipset_cadt_attr_cidr;
424 static int hf_ipset_cadt_attr_timeout;
425 static int hf_ipset_command;
426 static int hf_ipset_ip_attr;
427 static int hf_ipset_ip_attr_ipv4;
428 static int hf_ipset_ip_attr_ipv6;
429 static int hf_netlink_netfilter_family;
430 static int hf_netlink_netfilter_resid;
431 static int hf_netlink_netfilter_subsys;
432 static int hf_netlink_netfilter_ulog_type;
433 static int hf_netlink_netfilter_version;
434 static int hf_nfct_attr;
435 static int hf_nfct_attr_id;
436 static int hf_nfct_attr_status;
437 static int hf_nfct_attr_status_flag_assured;
438 static int hf_nfct_attr_status_flag_confirmed;
439 static int hf_nfct_attr_status_flag_dst_nat;
440 static int hf_nfct_attr_status_flag_dst_nat_done;
441 static int hf_nfct_attr_status_flag_dying;
442 static int hf_nfct_attr_status_flag_expected;
443 static int hf_nfct_attr_status_flag_fixed_timeout;
444 static int hf_nfct_attr_status_flag_helper;
445 static int hf_nfct_attr_status_flag_hw_offload;
446 static int hf_nfct_attr_status_flag_offload;
447 static int hf_nfct_attr_status_flag_seen_reply;
448 static int hf_nfct_attr_status_flag_seq_adjust;
449 static int hf_nfct_attr_status_flag_src_nat;
450 static int hf_nfct_attr_status_flag_src_nat_done;
451 static int hf_nfct_attr_status_flag_template;
452 static int hf_nfct_attr_status_flag_untracked;
453 static int hf_nfct_attr_timeout;
454 static int hf_nfct_help_attr;
455 static int hf_nfct_help_attr_help_name;
456 static int hf_nfct_seqadj_attr;
457 static int hf_nfct_seqadj_attr_correction_pos;
458 static int hf_nfct_seqadj_attr_offset_after;
459 static int hf_nfct_seqadj_attr_offset_before;
460 static int hf_nfct_tuple_attr;
461 static int hf_nfct_tuple_ip_attr;
462 static int hf_nfct_tuple_ip_attr_ipv4;
463 static int hf_nfct_tuple_ip_attr_ipv6;
464 static int hf_nfct_tuple_proto_attr;
465 static int hf_nfct_tuple_proto_dst_port_attr;
466 static int hf_nfct_tuple_proto_num_attr;
467 static int hf_nfct_tuple_proto_src_port_attr;
468 static int hf_nfct_tuple_zone_attr;
469 static int hf_nfexp_attr;
470 static int hf_nfexp_attr_class;
471 static int hf_nfexp_attr_flag_inactive;
472 static int hf_nfexp_attr_flag_permanent;
473 static int hf_nfexp_attr_flag_userspace;
474 static int hf_nfexp_attr_flags;
475 static int hf_nfexp_attr_fn;
476 static int hf_nfexp_attr_id;
477 static int hf_nfexp_attr_timeout;
478 static int hf_nfexp_attr_zone;
479 static int hf_nfexp_nat_attr;
480 static int hf_nfexp_nat_attr_dir;
481 static int hf_nfexp_type;
482 static int hf_nfq_attr;
483 static int hf_nfq_caplen;
484 static int hf_nfq_config_attr;
485 static int hf_nfq_config_command_command;
486 static int hf_nfq_config_command_pf;
487 static int hf_nfq_config_flags;
488 static int hf_nfq_config_mask;
489 static int hf_nfq_config_params_copymode;
490 static int hf_nfq_config_params_copyrange;
491 static int hf_nfq_config_queue_maxlen;
492 static int hf_nfq_ctinfo;
493 static int hf_nfq_gid;
494 static int hf_nfq_hwaddr_addr;
495 static int hf_nfq_hwaddr_len;
496 static int hf_nfq_ifindex_indev;
497 static int hf_nfq_ifindex_outdev;
498 static int hf_nfq_ifindex_physindev;
499 static int hf_nfq_ifindex_physoutdev;
500 static int hf_nfq_nfmark;
501 static int hf_nfq_packet_hook;
502 static int hf_nfq_packet_hwprotocol;
503 static int hf_nfq_packet_id;
504 static int hf_nfq_timestamp;
505 static int hf_nfq_type;
506 static int hf_nfq_uid;
507 static int hf_nfq_verdict_id;
508 static int hf_nfq_verdict_verdict;
509 static int hf_nftables_command;
510 static int hf_padding;
511
512 static int ett_netlink_netfilter;
513 static int ett_nfct_attr;
514 static int ett_nfct_help_attr;
515 static int ett_nfct_seqadj_attr;
516 static int ett_nfct_status_attr;
517 static int ett_nfct_tuple_attr;
518 static int ett_nfct_tuple_ip_attr;
519 static int ett_nfct_tuple_proto_attr;
520 static int ett_nfq_config_attr;
521 static int ett_nfq_attr;
522 static int ett_nfexp_attr;
523 static int ett_nfexp_flags_attr;
524 static int ett_nfexp_nat_attr;
525 static int ett_ipset_attr;
526 static int ett_ipset_cadt_attr;
527 static int ett_ipset_adt_attr;
528 static int ett_ipset_ip_attr;
529
530 static int dissect_netlink_netfilter_header(tvbuff_t *tvb, proto_tree *tree, int offset)
531 {
532 proto_tree_add_item(tree, hf_netlink_netfilter_family, tvb, offset, 1, ENC_NA);
533 offset++;
534
535 proto_tree_add_item(tree, hf_netlink_netfilter_version, tvb, offset, 1, ENC_NA);
536 offset++;
537
538 proto_tree_add_item(tree, hf_netlink_netfilter_resid, tvb, offset, 2, ENC_BIG_ENDIAN);
539 offset += 2;
540
541 return offset;
542 }
543
544 /* tuple attribute, used by EXP and QUEUE */
545
546 static const value_string nfct_tuple_attr_vals[] = {
547 { WS_CTA_TUPLE_IP, "IP address" },
548 { WS_CTA_TUPLE_PROTO, "L4 protocol info" },
549 { WS_CTA_TUPLE_ZONE, "Zone" },
550 { 0, NULL }
551 };
552
553 static const value_string nfct_tuple_ip_attr_vals[] = {
554 { WS_CTA_IP_V4_SRC, "IPv4 source address" },
555 { WS_CTA_IP_V4_DST, "IPv4 destination address" },
556 { WS_CTA_IP_V6_SRC, "IPv6 source address" },
557 { WS_CTA_IP_V6_DST, "IPv6 destination address" },
558 { 0, NULL }
559 };
560
561 static const value_string nfct_tuple_l4proto_attr_vals[] = {
562 { WS_CTA_PROTO_NUM, "IP protocol number" },
563 { WS_CTA_PROTO_SRC_PORT, "Source port" },
564 { WS_CTA_PROTO_DST_PORT, "Destination port" },
565 { WS_CTA_PROTO_ICMP_ID, "ICMPv4 ID" },
566 { WS_CTA_PROTO_ICMP_TYPE, "ICMPv4 type" },
567 { WS_CTA_PROTO_ICMP_CODE, "ICMPv4 code" },
568 { WS_CTA_PROTO_ICMPV6_ID, "ICMPv6 ID" },
569 { WS_CTA_PROTO_ICMPV6_TYPE, "ICMPv6 type" },
570 { WS_CTA_PROTO_ICMPV6_CODE, "ICMPv6 code" },
571 { 0, NULL }
572 };
573
574 static int
575 dissect_nfct_tuple_proto_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len)
576 {
577 enum ws_ctattr_ip type = (enum ws_ctattr_ip) nla_type & NLA_TYPE_MASK;
578
579 switch (type) {
580 case WS_CTA_PROTO_NUM:
581 proto_tree_add_item(tree, hf_nfct_tuple_proto_num_attr, tvb, offset, len, ENC_BIG_ENDIAN);
582 return 1;
583
584 case WS_CTA_PROTO_SRC_PORT:
585 proto_tree_add_item(tree, hf_nfct_tuple_proto_src_port_attr, tvb, offset, len, ENC_BIG_ENDIAN);
586 return 1;
587
588 case WS_CTA_PROTO_DST_PORT:
589 proto_tree_add_item(tree, hf_nfct_tuple_proto_dst_port_attr, tvb, offset, len, ENC_BIG_ENDIAN);
590 return 1;
591
592 default:
593 return 0;
594 }
595 }
596
597 static int
598 dissect_nfct_tuple_ip_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len)
599 {
600 enum ws_ctattr_ip type = (enum ws_ctattr_ip) nla_type & NLA_TYPE_MASK;
601
602 switch (type) {
603 case WS_CTA_IP_V4_SRC:
604 case WS_CTA_IP_V4_DST:
605 proto_tree_add_item(tree, hf_nfct_tuple_ip_attr_ipv4, tvb, offset, len, ENC_BIG_ENDIAN);
606 return 1;
607
608 case WS_CTA_IP_V6_SRC:
609 case WS_CTA_IP_V6_DST:
610 proto_tree_add_item(tree, hf_nfct_tuple_ip_attr_ipv6, tvb, offset, len, ENC_NA);
611 return 1;
612
613 default:
614 return 0;
615 }
616 }
617
618 static int
619 dissect_nfct_tuple_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
620 {
621 enum ws_ctattr_tuple type = (enum ws_ctattr_tuple) nla_type & NLA_TYPE_MASK;
622 netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
623
624 switch (type) {
625 case WS_CTA_TUPLE_IP:
626 if (nla_type & NLA_F_NESTED)
627 return dissect_netlink_attributes(tvb, hf_nfct_tuple_ip_attr, ett_nfct_tuple_ip_attr, info, nl_data,
628 tree, offset, len, dissect_nfct_tuple_ip_attrs);
629 return 0;
630
631 case WS_CTA_TUPLE_PROTO:
632 if (nla_type & NLA_F_NESTED)
633 return dissect_netlink_attributes(tvb, hf_nfct_tuple_proto_attr, ett_nfct_tuple_proto_attr, info, nl_data,
634 tree, offset, len, dissect_nfct_tuple_proto_attrs);
635 return 0;
636
637 case WS_CTA_TUPLE_ZONE:
638 proto_tree_add_item(tree, hf_nfct_tuple_zone_attr, tvb, offset, len, ENC_BIG_ENDIAN);
639 return 1;
640
641 default:
642 return 0;
643 }
644 }
645
646 /* conntrack attributes, used by QUEUE and CT */
647
648 static const value_string nfct_attr_vals[] = {
649 { WS_CTA_TUPLE_ORIG, "Original IP tuple" },
650 { WS_CTA_TUPLE_REPLY, "Reply IP tuple" },
651 { WS_CTA_STATUS, "Connection status" },
652 { WS_CTA_PROTOINFO, "Protocol-specific info" },
653 { WS_CTA_HELP, "Helper" },
654 { WS_CTA_NAT_SRC, "SNAT setup" },
655 { WS_CTA_TIMEOUT, "Timeout" },
656 { WS_CTA_MARK, "Mark" },
657 { WS_CTA_COUNTERS_ORIG, "COUNTERS_ORIG" },
658 { WS_CTA_COUNTERS_REPLY, "COUNTERS_REPLY" },
659 { WS_CTA_USE, "Use count" },
660 { WS_CTA_ID, "ID" },
661 { WS_CTA_NAT_DST, "DNAT setup" },
662 { WS_CTA_TUPLE_MASTER, "Master IP tuple" },
663 { WS_CTA_SEQ_ADJ_ORIG, "Sequence number adjustment (original direction)" },
664 { WS_CTA_SEQ_ADJ_REPLY, "Sequence number adjustment (reply direction)" },
665 { WS_CTA_SECMARK, "Security mark" },
666 { WS_CTA_ZONE, "Zone" },
667 { WS_CTA_SECCTX, "Security context" },
668 { WS_CTA_TIMESTAMP, "Timestamp" },
669 { WS_CTA_MARK_MASK, "Mark mask" },
670 { WS_CTA_LABELS, "LABELS" },
671 { WS_CTA_LABELS_MASK, "LABELS_MASK" },
672 { WS_CTA_SYNPROXY, "SYNPROXY" },
673 { WS_CTA_FILTER, "FILTER" },
674 { WS_CTA_STATUS_MASK, "STATUS_MASK" },
675 { 0, NULL }
676 };
677
678 static const value_string nfct_help_attr_vals[] = {
679 { WS_CTA_HELP_NAME, "Helper name" },
680 { WS_CTA_HELP_INFO, "Helper info" },
681 { 0, NULL }
682 };
683
684 static const value_string nfct_seqadj_attr_vals[] = {
685 { WS_CTA_SEQADJ_UNSPEC, "Unspecified" },
686 { WS_CTA_SEQADJ_CORRECTION_POS, "Correction position" },
687 { WS_CTA_SEQADJ_OFFSET_BEFORE, "Offset before" },
688 { WS_CTA_SEQADJ_OFFSET_AFTER, "Offset after" },
689 { 0, NULL }
690 };
691
692 static int * const hf_nfct_attr_status_flags[] = {
693 &hf_nfct_attr_status_flag_hw_offload,
694 &hf_nfct_attr_status_flag_offload,
695 &hf_nfct_attr_status_flag_helper,
696 &hf_nfct_attr_status_flag_untracked,
697 &hf_nfct_attr_status_flag_template,
698 &hf_nfct_attr_status_flag_fixed_timeout,
699 &hf_nfct_attr_status_flag_dying,
700 &hf_nfct_attr_status_flag_dst_nat_done,
701 &hf_nfct_attr_status_flag_src_nat_done,
702 &hf_nfct_attr_status_flag_seq_adjust,
703 &hf_nfct_attr_status_flag_dst_nat,
704 &hf_nfct_attr_status_flag_src_nat,
705 &hf_nfct_attr_status_flag_confirmed,
706 &hf_nfct_attr_status_flag_assured,
707 &hf_nfct_attr_status_flag_seen_reply,
708 &hf_nfct_attr_status_flag_expected,
709 NULL
710 };
711
712 static int
713 dissect_nfct_help_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len)
714 {
715 enum ws_ctattr_help type = (enum ws_ctattr_help) nla_type & NLA_TYPE_MASK;
716
717 switch (type) {
718 case WS_CTA_HELP_NAME:
719 proto_tree_add_item(tree, hf_nfct_help_attr_help_name, tvb, offset, len, ENC_UTF_8);
720 return 1;
721
722 default:
723 break;
724 }
725
726 return 0;
727 }
728
729 static int
730 dissect_nfct_seqadj_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len)
731 {
732 enum ws_ctattr_seqadj type = (enum ws_ctattr_seqadj) nla_type & NLA_TYPE_MASK;
733
734 switch (type) {
735 case WS_CTA_SEQADJ_CORRECTION_POS:
736 proto_tree_add_item(tree, hf_nfct_seqadj_attr_correction_pos, tvb, offset, len, ENC_BIG_ENDIAN);
737 return 1;
738
739 case WS_CTA_SEQADJ_OFFSET_BEFORE:
740 proto_tree_add_item(tree, hf_nfct_seqadj_attr_offset_before, tvb, offset, len, ENC_BIG_ENDIAN);
741 return 1;
742
743 case WS_CTA_SEQADJ_OFFSET_AFTER:
744 proto_tree_add_item(tree, hf_nfct_seqadj_attr_offset_after, tvb, offset, len, ENC_BIG_ENDIAN);
745 return 1;
746
747 default:
748 break;
749 }
750
751 return 0;
752 }
753
754 static int
755 dissect_nfct_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
756 {
757 enum ws_ctattr_type type = (enum ws_ctattr_type) nla_type & NLA_TYPE_MASK;
758 netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
759
760 switch (type) {
761 case WS_CTA_STATUS:
762 proto_tree_add_bitmask(tree, tvb, offset, hf_nfct_attr_status,
763 ett_nfct_status_attr, hf_nfct_attr_status_flags, ENC_BIG_ENDIAN);
764 return 1;
765
766 case WS_CTA_TIMEOUT:
767 proto_tree_add_item(tree, hf_nfct_attr_timeout, tvb, offset, len, ENC_BIG_ENDIAN);
768 return 1;
769
770 case WS_CTA_ID:
771 proto_tree_add_item(tree, hf_nfct_attr_id, tvb, offset, len, ENC_BIG_ENDIAN);
772 return 1;
773
774 case WS_CTA_HELP:
775 if (nla_type & NLA_F_NESTED)
776 return dissect_netlink_attributes(tvb, hf_nfct_help_attr, ett_nfct_help_attr, info, nl_data,
777 tree, offset, len, dissect_nfct_help_attrs);
778 return 0;
779
780 case WS_CTA_SEQ_ADJ_ORIG:
781 case WS_CTA_SEQ_ADJ_REPLY:
782 if (nla_type & NLA_F_NESTED)
783 return dissect_netlink_attributes(tvb, hf_nfct_seqadj_attr, ett_nfct_seqadj_attr, info, nl_data,
784 tree, offset, len, dissect_nfct_seqadj_attrs);
785 return 0;
786
787 case WS_CTA_TUPLE_ORIG:
788 case WS_CTA_TUPLE_REPLY:
789 case WS_CTA_TUPLE_MASTER:
790 if (nla_type & NLA_F_NESTED)
791 return dissect_netlink_attributes(tvb, hf_nfct_tuple_attr, ett_nfct_tuple_attr, info, nl_data,
792 tree, offset, len, dissect_nfct_tuple_attrs);
793 return 0;
794
795 default:
796 return 0;
797 }
798 }
799
800 /* CT - main */
801
802 static int
803 dissect_netfilter_ct(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset)
804 {
805 offset = dissect_netlink_netfilter_header(tvb, tree, offset);
806 return dissect_netlink_attributes_to_end(tvb, hf_nfct_attr, ett_nfct_attr, info, nl_data,
807 tree, offset, dissect_nfct_attrs);
808 }
809
810 /* EXP */
811
812 static const value_string nfexp_type_vals[] = {
813 { WS_IPCTNL_MSG_EXP_NEW, "New" },
814 { WS_IPCTNL_MSG_EXP_GET, "Get" },
815 { WS_IPCTNL_MSG_EXP_DELETE, "Delete" },
816 { WS_IPCTNL_MSG_EXP_GET_STATS_CPU, "Get CPU stats" },
817 { 0, NULL }
818 };
819
820 static const value_string nfexp_attr_vals[] = {
821 { WS_CTA_EXPECT_MASTER, "Master IP tuple" },
822 { WS_CTA_EXPECT_TUPLE, "IP tuple" },
823 { WS_CTA_EXPECT_MASK, "IP mask tuple" },
824 { WS_CTA_EXPECT_TIMEOUT, "Timeout" },
825 { WS_CTA_EXPECT_ID, "ID" },
826 { WS_CTA_EXPECT_HELP_NAME, "Helper name" },
827 { WS_CTA_EXPECT_ZONE, "Zone" },
828 { WS_CTA_EXPECT_FLAGS, "Flags" },
829 { WS_CTA_EXPECT_CLASS, "Class" },
830 { WS_CTA_EXPECT_NAT, "NAT" },
831 { WS_CTA_EXPECT_FN, "Expect function" },
832 { 0, NULL }
833 };
834
835 static const value_string nfexp_nat_attr_vals[] = {
836 { WS_CTA_EXPECT_NAT_DIR, "Direction" },
837 { WS_CTA_EXPECT_NAT_TUPLE, "IP tuple" },
838 { 0, NULL }
839 };
840
841 static const value_string nfexp_conntrack_dir_vals[] = {
842 { WS_IP_CT_DIR_ORIGINAL, "Original direction" },
843 { WS_IP_CT_DIR_REPLY, "Reply direction" },
844 { 0, NULL }
845 };
846
847 static int
848 dissect_nfexp_nat_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
849 {
850 enum ws_ctattr_expect type = (enum ws_ctattr_expect) nla_type & NLA_TYPE_MASK;
851 netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
852
853 switch (type) {
854 case WS_CTA_EXPECT_NAT_DIR:
855 proto_tree_add_item(tree, hf_nfexp_nat_attr_dir, tvb, offset, len, ENC_BIG_ENDIAN);
856 return 1;
857
858 case WS_CTA_EXPECT_NAT_TUPLE:
859 if (nla_type & NLA_F_NESTED)
860 return dissect_netlink_attributes(tvb, hf_nfct_tuple_attr, ett_nfct_tuple_attr, info, nl_data,
861 tree, offset, len, dissect_nfct_tuple_attrs);
862 return 0;
863
864 default:
865 return 0;
866 }
867 }
868
869 /* CTA_EXPECT_FLAGS bitfield */
870 static int * const hf_nfexp_attr_flags_bitfield[] = {
871 &hf_nfexp_attr_flag_userspace,
872 &hf_nfexp_attr_flag_inactive,
873 &hf_nfexp_attr_flag_permanent,
874 NULL
875 };
876
877 static int
878 dissect_nfexp_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
879 {
880 enum ws_ctattr_expect type = (enum ws_ctattr_expect) nla_type & NLA_TYPE_MASK;
881 netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
882
883 switch (type) {
884 case WS_CTA_EXPECT_TUPLE:
885 case WS_CTA_EXPECT_MASK:
886 case WS_CTA_EXPECT_MASTER:
887 if (nla_type & NLA_F_NESTED)
888 return dissect_netlink_attributes(tvb, hf_nfct_tuple_attr, ett_nfct_tuple_attr, info, nl_data,
889 tree, offset, len, dissect_nfct_tuple_attrs);
890 return 0;
891
892 case WS_CTA_EXPECT_NAT:
893 if (nla_type & NLA_F_NESTED)
894 return dissect_netlink_attributes(tvb, hf_nfexp_nat_attr, ett_nfexp_nat_attr, info, nl_data,
895 tree, offset, len, dissect_nfexp_nat_attrs);
896 return 0;
897
898 case WS_CTA_EXPECT_TIMEOUT:
899 proto_tree_add_item(tree, hf_nfexp_attr_timeout, tvb, offset, len, ENC_BIG_ENDIAN);
900 return 1;
901
902 case WS_CTA_EXPECT_ID:
903 proto_tree_add_item(tree, hf_nfexp_attr_id, tvb, offset, len, ENC_BIG_ENDIAN);
904 return 1;
905
906 case WS_CTA_EXPECT_CLASS:
907 proto_tree_add_item(tree, hf_nfexp_attr_class, tvb, offset, len, ENC_BIG_ENDIAN);
908 return 1;
909
910 case WS_CTA_EXPECT_ZONE:
911 proto_tree_add_item(tree, hf_nfexp_attr_zone, tvb, offset, len, ENC_BIG_ENDIAN);
912 return 1;
913
914 case WS_CTA_EXPECT_FN:
915 proto_tree_add_item(tree, hf_nfexp_attr_fn, tvb, offset, len, ENC_UTF_8);
916 return 1;
917
918 case WS_CTA_EXPECT_FLAGS:
919 proto_tree_add_bitmask(tree, tvb, offset, hf_nfexp_attr_flags,
920 ett_nfexp_flags_attr, hf_nfexp_attr_flags_bitfield, ENC_BIG_ENDIAN);
921 return 1;
922
923 default:
924 return 0;
925 }
926 }
927
928 /* EXP - main */
929
930 static int
931 dissect_netfilter_exp(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset)
932 {
933 //enum ws_ctnl_exp_msg_types type = (enum ws_ctnl_exp_msg_types) (info->data->type & 0xff);
934
935 offset = dissect_netlink_netfilter_header(tvb, tree, offset);
936 return dissect_netlink_attributes_to_end(tvb, hf_nfexp_attr, ett_nfexp_attr, info, nl_data,
937 tree, offset, dissect_nfexp_attrs);
938 }
939
940 /* QUEUE */
941
942 /* QUEUE - Config */
943
944 static const value_string nfq_type_vals[] = {
945 { WS_NFQNL_MSG_PACKET, "Packet" },
946 { WS_NFQNL_MSG_VERDICT, "Verdict" },
947 { WS_NFQNL_MSG_CONFIG, "Config" },
948 { WS_NFQNL_MSG_VERDICT_BATCH, "Verdict (batch)" },
949 { 0, NULL }
950 };
951
952 static const value_string nfq_config_command_vals[] = {
953 { WS_NFQNL_CFG_CMD_NONE, "None" },
954 { WS_NFQNL_CFG_CMD_BIND, "Bind" },
955 { WS_NFQNL_CFG_CMD_UNBIND, "Unbind" },
956 { WS_NFQNL_CFG_CMD_PF_BIND, "PF bind" },
957 { WS_NFQNL_CFG_CMD_PF_UNBIND, "PF unbind" },
958 { 0, NULL }
959 };
960
961 static const value_string nfq_config_attr_vals[] = {
962 { WS_NFQA_CFG_UNSPEC, "Unspecified" },
963 { WS_NFQA_CFG_CMD, "Command" },
964 { WS_NFQA_CFG_PARAMS, "Parameters" },
965 { WS_NFQA_CFG_QUEUE_MAXLEN, "Maximum queue length" },
966 { WS_NFQA_CFG_MASK, "Mask" },
967 { WS_NFQA_CFG_FLAGS, "Flags" },
968 { 0, NULL }
969 };
970
971 static const value_string nfq_config_mode_vals[] = {
972 { WS_NFQNL_COPY_NONE, "None" },
973 { WS_NFQNL_COPY_META, "Meta" },
974 { WS_NFQNL_COPY_PACKET, "Packet" },
975 { 0, NULL }
976 };
977
978 static int
979 dissect_nfq_config_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
980 {
981 enum ws_nfqnl_attr_config type = (enum ws_nfqnl_attr_config) nla_type;
982
983 switch (type) {
984 case WS_NFQA_CFG_UNSPEC:
985 break;
986
987 case WS_NFQA_CFG_CMD:
988 if (len == 4) {
989 proto_tree_add_item(tree, hf_nfq_config_command_command, tvb, offset, 1, ENC_NA);
990 offset += 1;
991 proto_tree_add_item(tree, hf_padding, tvb, offset, 1, ENC_NA);
992 offset += 1;
993
994 proto_tree_add_item(tree, hf_nfq_config_command_pf, tvb, offset, 2, ENC_BIG_ENDIAN);
995 offset += 2;
996 }
997 break;
998
999 case WS_NFQA_CFG_PARAMS:
1000 if (len == 5) {
1001 proto_tree_add_item(tree, hf_nfq_config_params_copyrange, tvb, offset, 4, ENC_BIG_ENDIAN);
1002 offset += 4;
1003
1004 proto_tree_add_item(tree, hf_nfq_config_params_copymode, tvb, offset, 1, ENC_NA);
1005 offset++;
1006 }
1007 break;
1008
1009 case WS_NFQA_CFG_QUEUE_MAXLEN:
1010 if (len == 4) {
1011 proto_tree_add_item(tree, hf_nfq_config_queue_maxlen, tvb, offset, 4, nl_data->encoding);
1012 offset += 4;
1013 }
1014 break;
1015
1016 case WS_NFQA_CFG_MASK:
1017 if (len == 4) {
1018 proto_tree_add_item(tree, hf_nfq_config_mask, tvb, offset, 4, nl_data->encoding);
1019 offset += 4;
1020 }
1021 break;
1022
1023 case WS_NFQA_CFG_FLAGS:
1024 if (len == 4) {
1025 proto_tree_add_item(tree, hf_nfq_config_flags, tvb, offset, 4, nl_data->encoding);
1026 offset += 4;
1027 }
1028 break;
1029 }
1030
1031 return offset;
1032 }
1033
1034 /* QUEUE - Packet and verdict */
1035
1036 static const value_string nfq_attr_vals[] = {
1037 { WS_NFQA_UNSPEC, "Unspecified" },
1038 { WS_NFQA_PACKET_HDR, "Packet header" },
1039 { WS_NFQA_VERDICT_HDR, "Verdict header" },
1040 { WS_NFQA_MARK, "Mark" },
1041 { WS_NFQA_TIMESTAMP, "Timestamp" },
1042 { WS_NFQA_IFINDEX_INDEV, "NFQA_IFINDEX_INDEV" },
1043 { WS_NFQA_IFINDEX_OUTDEV, "NFQA_IFINDEX_OUTDEV" },
1044 { WS_NFQA_IFINDEX_PHYSINDEV, "NFQA_IFINDEX_PHYSINDEV" },
1045 { WS_NFQA_IFINDEX_PHYSOUTDEV, "NFQA_IFINDEX_PHYSOUTDEV" },
1046 { WS_NFQA_HWADDR, "Hardware address" },
1047 { WS_NFQA_PAYLOAD, "Payload" },
1048 { WS_NFQA_CT, "NFQA_CT" },
1049 { WS_NFQA_CT_INFO, "Conntrack info" },
1050 { WS_NFQA_CAP_LEN, "Length of captured packet" },
1051 { WS_NFQA_SKB_INFO, "SKB meta information" },
1052 { WS_NFQA_EXP, "Conntrack expectation" },
1053 { WS_NFQA_UID, "SK UID" },
1054 { WS_NFQA_GID, "SK GID" },
1055 { WS_NFQA_SECCTX, "Security context string" },
1056 { WS_NFQA_VLAN, "Packet VLAN info" },
1057 { WS_NFQA_L2HDR, "Full L2 header" },
1058 { WS_NFQA_PRIORITY, "Priority" },
1059 { 0, NULL }
1060 };
1061
1062 static const value_string nfq_verdict_vals[] = {
1063 { WS_NF_DROP, "DROP" },
1064 { WS_NF_ACCEPT, "ACCEPT" },
1065 { WS_NF_STOLEN, "STOLEN" },
1066 { WS_NF_QUEUE, "QUEUE" },
1067 { WS_NF_REPEAT, "REPEAT" },
1068 { WS_NF_STOP, "STOP" },
1069 { 0, NULL }
1070 };
1071
1072 const value_string netfilter_hooks_vals[] = {
1073 { WS_NF_INET_PRE_ROUTING, "Pre-routing" },
1074 { WS_NF_INET_LOCAL_IN, "Local in" },
1075 { WS_NF_INET_FORWARD, "Forward" },
1076 { WS_NF_INET_LOCAL_OUT, "Local out" },
1077 { WS_NF_INET_POST_ROUTING, "Post-routing" },
1078 { WS_NF_INET_NUMHOOKS, "Number of hooks" },
1079 { 0, NULL }
1080 };
1081
1082 const value_string nfproto_family_vals[] = {
1083 { WS_NFPROTO_UNSPEC, "Unspecified" },
1084 { WS_NFPROTO_INET, "IPv4/IPv6" },
1085 { WS_NFPROTO_IPV4, "IPv4" },
1086 { WS_NFPROTO_ARP, "ARP" },
1087 { WS_NFPROTO_NETDEV, "Netdev" },
1088 { WS_NFPROTO_BRIDGE, "Bridge" },
1089 { WS_NFPROTO_IPV6, "IPv6" },
1090 { WS_NFPROTO_DECNET, "DECNET" },
1091 { 0, NULL }
1092 };
1093
1094 static const value_string nfq_ctinfo_vals[] = {
1095 { WS_IP_CT_ESTABLISHED, "ESTABLISHED" },
1096 { WS_IP_CT_RELATED, "RELATED" },
1097 { WS_IP_CT_NEW, "NEW" },
1098 { WS_IP_CT_IS_REPLY, "IS_REPLY" },
1099 /* { WS_IP_CT_ESTABLISHED_REPLY, "ESTABLISHED_REPLY" }, XXX - duplicate of WS_IP_CT_ESTABLISHED */
1100 { WS_IP_CT_RELATED_REPLY, "RELATED_REPLY" },
1101 { WS_IP_CT_NUMBER, "NUMBER" },
1102 { 0, NULL }
1103 };
1104
1105 static int
1106 dissect_nfq_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
1107 {
1108 enum ws_nfqnl_attr_type type = (enum ws_nfqnl_attr_type) nla_type & NLA_TYPE_MASK;
1109 netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
1110
1111 switch (type) {
1112 case WS_NFQA_UNSPEC:
1113 break;
1114
1115 case WS_NFQA_PACKET_HDR:
1116 if (len == 7) {
1117 proto_tree_add_item(tree, hf_nfq_packet_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1118 offset += 4;
1119
1120 proto_tree_add_item(tree, hf_nfq_packet_hwprotocol, tvb, offset, 2, ENC_BIG_ENDIAN);
1121 info->hw_protocol = tvb_get_ntohs(tvb, offset);
1122 offset += 2;
1123
1124 proto_tree_add_item(tree, hf_nfq_packet_hook, tvb, offset, 1, ENC_NA);
1125 offset++;
1126 }
1127 break;
1128
1129 case WS_NFQA_VERDICT_HDR:
1130 if (len == 8) {
1131 proto_tree_add_item(tree, hf_nfq_verdict_verdict, tvb, offset, 4, ENC_BIG_ENDIAN);
1132 offset += 4;
1133
1134 proto_tree_add_item(tree, hf_nfq_verdict_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1135 offset += 4;
1136 }
1137 break;
1138
1139 case WS_NFQA_MARK:
1140 if (len == 4) {
1141 proto_tree_add_item(tree, hf_nfq_nfmark, tvb, offset, 4, ENC_BIG_ENDIAN);
1142 offset += 4;
1143 }
1144 break;
1145
1146 case WS_NFQA_TIMESTAMP:
1147 if (len == 16) {
1148 proto_tree_add_item(tree, hf_nfq_timestamp, tvb, offset, 16, ENC_TIME_SECS_NSECS|ENC_BIG_ENDIAN);
1149 offset += 16;
1150 }
1151 break;
1152
1153 case WS_NFQA_IFINDEX_INDEV:
1154 if (len == 4) {
1155 proto_tree_add_item(tree, hf_nfq_ifindex_indev, tvb, offset, 4, ENC_BIG_ENDIAN);
1156 offset += 4;
1157 }
1158 break;
1159
1160 case WS_NFQA_IFINDEX_OUTDEV:
1161 if (len == 4) {
1162 proto_tree_add_item(tree, hf_nfq_ifindex_outdev, tvb, offset, 4, ENC_BIG_ENDIAN);
1163 offset += 4;
1164 }
1165 break;
1166
1167 case WS_NFQA_IFINDEX_PHYSINDEV:
1168 if (len == 4) {
1169 proto_tree_add_item(tree, hf_nfq_ifindex_physindev, tvb, offset, 4, ENC_BIG_ENDIAN);
1170 offset += 4;
1171 }
1172 break;
1173
1174 case WS_NFQA_IFINDEX_PHYSOUTDEV:
1175 if (len == 4) {
1176 proto_tree_add_item(tree, hf_nfq_ifindex_physoutdev, tvb, offset, 4, ENC_BIG_ENDIAN);
1177 offset += 4;
1178 }
1179 break;
1180
1181 case WS_NFQA_HWADDR:
1182 if (len >= 4) {
1183 uint16_t addrlen;
1184
1185 proto_tree_add_item(tree, hf_nfq_hwaddr_len, tvb, offset, 2, ENC_BIG_ENDIAN);
1186 addrlen = tvb_get_ntohs(tvb, offset);
1187 offset += 2;
1188 proto_tree_add_item(tree, hf_padding, tvb, offset, 2, ENC_NA);
1189 offset += 2;
1190
1191
1192 /* XXX expert info if 4 + addrlen > len. */
1193 addrlen = MIN(addrlen, len - 4);
1194 proto_tree_add_item(tree, hf_nfq_hwaddr_addr, tvb, offset, addrlen, ENC_NA);
1195 offset += addrlen;
1196 }
1197 break;
1198
1199 case WS_NFQA_PAYLOAD:
1200 if (len > 0) {
1201 tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, len);
1202 proto_tree *parent_tree = proto_item_get_parent(tree);
1203
1204 if (!dissector_try_uint(ethertype_table, info->hw_protocol, next_tvb, info->pinfo, parent_tree))
1205 call_data_dissector(next_tvb, info->pinfo, parent_tree);
1206 offset += len;
1207 }
1208 break;
1209
1210 case WS_NFQA_CT:
1211 if (nla_type & NLA_F_NESTED)
1212 return dissect_netlink_attributes(tvb, hf_nfct_attr, ett_nfct_attr, info, nl_data,
1213 tree, offset, len, dissect_nfct_attrs);
1214 break;
1215
1216 case WS_NFQA_CT_INFO:
1217 if (len == 4) {
1218 proto_tree_add_item(tree, hf_nfq_ctinfo, tvb, offset, 4, ENC_BIG_ENDIAN);
1219 offset += 4;
1220 }
1221 break;
1222
1223 case WS_NFQA_CAP_LEN:
1224 if (len == 4) {
1225 proto_tree_add_item(tree, hf_nfq_caplen, tvb, offset, 4, ENC_BIG_ENDIAN);
1226 offset += 4;
1227 }
1228 break;
1229
1230 case WS_NFQA_SKB_INFO:
1231 case WS_NFQA_EXP:
1232 /* TODO */
1233 break;
1234
1235 case WS_NFQA_UID:
1236 if (len == 4) {
1237 proto_tree_add_item(tree, hf_nfq_uid, tvb, offset, 4, ENC_BIG_ENDIAN);
1238 offset += 4;
1239 }
1240 break;
1241
1242 case WS_NFQA_GID:
1243 if (len == 4) {
1244 proto_tree_add_item(tree, hf_nfq_gid, tvb, offset, 4, ENC_BIG_ENDIAN);
1245 offset += 4;
1246 }
1247 break;
1248
1249 case WS_NFQA_SECCTX:
1250 case WS_NFQA_VLAN:
1251 case WS_NFQA_L2HDR:
1252 case WS_NFQA_PRIORITY:
1253 /* TODO */
1254 break;
1255 }
1256
1257 return offset;
1258 }
1259
1260 /* QUEUE - main */
1261
1262 static int
1263 dissect_netfilter_queue(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset)
1264 {
1265 enum ws_nfqnl_msg_types type = (enum ws_nfqnl_msg_types) (nl_data->type & 0xff);
1266
1267 offset = dissect_netlink_netfilter_header(tvb, tree, offset);
1268
1269 switch (type) {
1270 case WS_NFQNL_MSG_CONFIG:
1271 return dissect_netlink_attributes_to_end(tvb, hf_nfq_config_attr, ett_nfq_config_attr, info, nl_data, tree, offset, dissect_nfq_config_attrs);
1272
1273 case WS_NFQNL_MSG_PACKET:
1274 case WS_NFQNL_MSG_VERDICT:
1275 return dissect_netlink_attributes_to_end(tvb, hf_nfq_attr, ett_nfq_attr, info, nl_data, tree, offset, dissect_nfq_attrs);
1276
1277 case WS_NFQNL_MSG_VERDICT_BATCH:
1278 /* TODO */
1279 break;
1280 }
1281
1282 return offset;
1283 }
1284
1285 /* ULOG */
1286
1287 static const value_string netlink_netfilter_ulog_type_vals[] = {
1288 { WS_NFULNL_MSG_PACKET, "Packet" },
1289 { WS_NFULNL_MSG_CONFIG, "Config" },
1290 { 0, NULL }
1291 };
1292
1293 static int
1294 dissect_netfilter_ulog(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset)
1295 {
1296 enum ws_nfulnl_msg_types type = (enum ws_nfulnl_msg_types) (nl_data->type & 0xff);
1297 tvbuff_t *next_tvb;
1298
1299 switch (type) {
1300 case WS_NFULNL_MSG_PACKET:
1301 /* Note that NFLOG dissects the nfgenmsg header */
1302 next_tvb = tvb_new_subset_remaining(tvb, offset);
1303 call_dissector(nflog_handle, next_tvb, info->pinfo, tree);
1304 offset = tvb_reported_length(tvb);
1305 break;
1306
1307 default:
1308 break;
1309 }
1310
1311 return offset;
1312 }
1313
1314 /* IPSET */
1315
1316 static const value_string ipset_command_vals[] = {
1317 { WS_IPSET_CMD_NONE, "None" },
1318 { WS_IPSET_CMD_PROTOCOL, "Return protocol version" },
1319 { WS_IPSET_CMD_CREATE, "Create a new (empty) set" },
1320 { WS_IPSET_CMD_DESTROY, "Destroy a (empty) set" },
1321 { WS_IPSET_CMD_FLUSH, "Remove all elements from a set" },
1322 { WS_IPSET_CMD_RENAME, "Rename a set" },
1323 { WS_IPSET_CMD_SWAP, "Swap two sets" },
1324 { WS_IPSET_CMD_LIST, "List sets" },
1325 { WS_IPSET_CMD_SAVE, "Save sets" },
1326 { WS_IPSET_CMD_ADD, "Add an element to a set" },
1327 { WS_IPSET_CMD_DEL, "Delete an element from a set" },
1328 { WS_IPSET_CMD_TEST, "Test an element in a set" },
1329 { WS_IPSET_CMD_HEADER, "Get set header data only" },
1330 { WS_IPSET_CMD_TYPE, "Get set type" },
1331 { WS_IPSET_CMD_GET_BYNAME, "Get set by name" },
1332 { WS_IPSET_CMD_GET_BYINDEX, "Get set by index" },
1333 { 0, NULL }
1334 };
1335
1336 static const value_string ipset_attr_vals[] = {
1337 { WS_IPSET_ATTR_PROTOCOL, "Protocol version" },
1338 { WS_IPSET_ATTR_SETNAME, "Name of the set" },
1339 { WS_IPSET_ATTR_TYPENAME, "Typename" },
1340 { WS_IPSET_ATTR_REVISION, "Settype revision" },
1341 { WS_IPSET_ATTR_FAMILY, "Settype family" },
1342 { WS_IPSET_ATTR_FLAGS, "Flags at command level" },
1343 { WS_IPSET_ATTR_DATA, "Nested attributes" },
1344 { WS_IPSET_ATTR_ADT, "Multiple data containers" },
1345 { WS_IPSET_ATTR_LINENO, "Restore lineno" },
1346 { WS_IPSET_ATTR_PROTOCOL_MIN, "Minimal supported version number" },
1347 { WS_IPSET_ATTR_INDEX, "Index" },
1348 { 0, NULL }
1349 };
1350
1351 static const value_string ipset_cadt_attr_vals[] = {
1352 { WS_IPSET_ATTR_IP_FROM, "IP_FROM" },
1353 { WS_IPSET_ATTR_IP_TO, "IP_TO" },
1354 { WS_IPSET_ATTR_CIDR, "CIDR" },
1355 { WS_IPSET_ATTR_PORT_FROM, "PORT_FROM" },
1356 { WS_IPSET_ATTR_PORT_TO, "PORT_TO" },
1357 { WS_IPSET_ATTR_TIMEOUT, "TIMEOUT" },
1358 { WS_IPSET_ATTR_PROTO, "PROTO" },
1359 { WS_IPSET_ATTR_CADT_FLAGS, "CADT_FLAGS" },
1360 { WS_IPSET_ATTR_CADT_LINENO, "CADT_LINENO" },
1361 { WS_IPSET_ATTR_MARK, "MARK" },
1362 { WS_IPSET_ATTR_MARKMASK, "MARKMASK" },
1363 { WS_IPSET_ATTR_BITMASK, "BITMASK" },
1364 /* up to 16 is reserved. */
1365 { WS_IPSET_ATTR_INITVAL, "INITVAL" },
1366 { WS_IPSET_ATTR_HASHSIZE, "HASHSIZE" },
1367 { WS_IPSET_ATTR_MAXELEM, "MAXELEM" },
1368 { WS_IPSET_ATTR_NETMASK, "NETMASK" },
1369 { WS_IPSET_ATTR_BUCKETSIZE, "BUCKETSIZE" },
1370 { WS_IPSET_ATTR_RESIZE, "RESIZE" },
1371 { WS_IPSET_ATTR_SIZE, "SIZE" },
1372 { WS_IPSET_ATTR_ELEMENTS, "ELEMENTS" },
1373 { WS_IPSET_ATTR_REFERENCES, "REFERENCES" },
1374 { WS_IPSET_ATTR_MEMSIZE, "MEMSIZE" },
1375 { 0, NULL }
1376 };
1377
1378 static const value_string ipset_adt_attr_vals[] = {
1379 /* Nasty! Duplication from CADT above... */
1380 { WS_IPSET_ATTR_IP_FROM, "IP_FROM" },
1381 { WS_IPSET_ATTR_IP_TO, "IP_TO" },
1382 { WS_IPSET_ATTR_CIDR, "CIDR" },
1383 { WS_IPSET_ATTR_PORT_FROM, "PORT_FROM" },
1384 { WS_IPSET_ATTR_PORT_TO, "PORT_TO" },
1385 { WS_IPSET_ATTR_TIMEOUT, "TIMEOUT" },
1386 { WS_IPSET_ATTR_PROTO, "PROTO" },
1387 { WS_IPSET_ATTR_CADT_FLAGS, "CADT_FLAGS" },
1388 { WS_IPSET_ATTR_CADT_LINENO, "CADT_LINENO" },
1389 { WS_IPSET_ATTR_MARK, "MARK" },
1390 { WS_IPSET_ATTR_MARKMASK, "MARKMASK" },
1391 /* End of duplication, other attributes follow. */
1392 { WS_IPSET_ATTR_ETHER, "ETHER" },
1393 { WS_IPSET_ATTR_NAME, "NAME" },
1394 { WS_IPSET_ATTR_NAMEREF, "NAMEREF" },
1395 { WS_IPSET_ATTR_IP2, "IP2" },
1396 { WS_IPSET_ATTR_CIDR2, "CIDR2" },
1397 { WS_IPSET_ATTR_IP2_TO, "IP2_TO" },
1398 { WS_IPSET_ATTR_IFACE, "IFACE" },
1399 { WS_IPSET_ATTR_BYTES, "BYTES" },
1400 { WS_IPSET_ATTR_PACKETS, "PACKETS" },
1401 { WS_IPSET_ATTR_COMMENT, "COMMENT" },
1402 { WS_IPSET_ATTR_SKBMARK, "SKBMARK" },
1403 { WS_IPSET_ATTR_SKBPRIO, "SKBPRIO" },
1404 { WS_IPSET_ATTR_SKBQUEUE, "SKBQUEUE" },
1405 { WS_IPSET_ATTR_PAD, "PAD" },
1406 { 0, NULL }
1407 };
1408
1409 static const value_string ipset_ip_attr_vals[] = {
1410 { WS_IPSET_ATTR_IPADDR_IPV4, "IPv4 address" },
1411 { WS_IPSET_ATTR_IPADDR_IPV6, "IPv6 address" },
1412 { 0, NULL }
1413 };
1414
1415 static int
1416 dissect_ipset_ip_attrs(tvbuff_t *tvb, void *data _U_, struct packet_netlink_data *nl_data _U_, proto_tree *tree, int nla_type, int offset, int len)
1417 {
1418 enum ws_ipset_ip_attr type = (enum ws_ipset_ip_attr) nla_type & NLA_TYPE_MASK;
1419
1420 switch (type) {
1421 case WS_IPSET_ATTR_IPADDR_IPV4:
1422 proto_tree_add_item(tree, hf_ipset_ip_attr_ipv4, tvb, offset, len, ENC_BIG_ENDIAN);
1423 return 1;
1424
1425 case WS_IPSET_ATTR_IPADDR_IPV6:
1426 proto_tree_add_item(tree, hf_ipset_ip_attr_ipv6, tvb, offset, len, ENC_NA);
1427 return 1;
1428 }
1429
1430 return 0;
1431 }
1432
1433 static int
1434 dissect_ipset_cadt_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
1435 {
1436 enum ws_ipset_cadt_attr type = (enum ws_ipset_cadt_attr) nla_type & NLA_TYPE_MASK;
1437 netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
1438
1439 switch (type) {
1440 case WS_IPSET_ATTR_IP_FROM:
1441 case WS_IPSET_ATTR_IP_TO:
1442 if (nla_type & NLA_F_NESTED)
1443 return dissect_netlink_attributes(tvb, hf_ipset_ip_attr, ett_ipset_ip_attr, info, nl_data, tree, offset, len, dissect_ipset_ip_attrs);
1444 return 0;
1445
1446 case WS_IPSET_ATTR_CIDR:
1447 if (len == 1) {
1448 proto_tree_add_item(tree, hf_ipset_cadt_attr_cidr, tvb, offset, len, ENC_NA);
1449 return 1;
1450 }
1451 return 0;
1452
1453 case WS_IPSET_ATTR_PORT_FROM:
1454 case WS_IPSET_ATTR_PORT_TO:
1455 /* TODO */
1456 return 0;
1457
1458 case WS_IPSET_ATTR_TIMEOUT:
1459 if (len == 4) {
1460 proto_tree_add_item(tree, hf_ipset_cadt_attr_timeout, tvb, offset, len, ENC_BIG_ENDIAN);
1461 return 1;
1462 }
1463 return 0;
1464
1465 case WS_IPSET_ATTR_PROTO:
1466 /* TODO */
1467 return 0;
1468
1469 case WS_IPSET_ATTR_CADT_FLAGS:
1470 if (len == 4) {
1471 proto_tree_add_item(tree, hf_ipset_cadt_attr_cadt_flags, tvb, offset, len, ENC_BIG_ENDIAN);
1472 /* TODO show bits from enum ipset_cadt_flags */
1473 return 1;
1474 }
1475 return 0;
1476
1477 case WS_IPSET_ATTR_CADT_LINENO:
1478 case WS_IPSET_ATTR_MARK:
1479 case WS_IPSET_ATTR_MARKMASK:
1480 case WS_IPSET_ATTR_BITMASK:
1481 case WS_IPSET_ATTR_INITVAL:
1482 case WS_IPSET_ATTR_HASHSIZE:
1483 case WS_IPSET_ATTR_MAXELEM:
1484 case WS_IPSET_ATTR_NETMASK:
1485 case WS_IPSET_ATTR_BUCKETSIZE:
1486 case WS_IPSET_ATTR_RESIZE:
1487 case WS_IPSET_ATTR_SIZE:
1488 case WS_IPSET_ATTR_ELEMENTS:
1489 case WS_IPSET_ATTR_REFERENCES:
1490 case WS_IPSET_ATTR_MEMSIZE:
1491 /* TODO */
1492 return 0;
1493 }
1494
1495 return 0;
1496 }
1497
1498 static int
1499 dissect_ipset_adt_data_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
1500 {
1501 enum ws_ipset_adt_attr type = (enum ws_ipset_adt_attr) nla_type & NLA_TYPE_MASK;
1502
1503 if ((nla_type & NLA_TYPE_MASK) <= WS_IPSET_ATTR_CADT_MAX)
1504 return dissect_ipset_cadt_attrs(tvb, data, nl_data, tree, nla_type, offset, len);
1505
1506 switch (type) {
1507 case WS_IPSET_ATTR_COMMENT:
1508 proto_tree_add_item(tree, hf_ipset_adt_attr_comment, tvb, offset, len, ENC_UTF_8);
1509 return 1;
1510
1511 default:
1512 return 0;
1513 }
1514
1515 return 0;
1516 }
1517
1518 static int
1519 dissect_ipset_adt_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
1520 {
1521 netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
1522
1523 if (nla_type & NLA_F_NESTED)
1524 return dissect_netlink_attributes(tvb, hf_ipset_adt_attr, ett_ipset_adt_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_data_attrs);
1525 return 0;
1526 }
1527
1528 static int
1529 dissect_ipset_attrs(tvbuff_t *tvb, void *data, struct packet_netlink_data *nl_data, proto_tree *tree, int nla_type, int offset, int len)
1530 {
1531 enum ws_ipset_attr type = (enum ws_ipset_attr) nla_type & NLA_TYPE_MASK;
1532 netlink_netfilter_info_t *info = (netlink_netfilter_info_t *) data;
1533
1534 switch (type) {
1535 case WS_IPSET_ATTR_PROTOCOL:
1536 /* TODO */
1537 return 0;
1538
1539 case WS_IPSET_ATTR_SETNAME:
1540 proto_tree_add_item(tree, hf_ipset_attr_setname, tvb, offset, len, ENC_UTF_8);
1541 return 1;
1542
1543 case WS_IPSET_ATTR_TYPENAME:
1544 proto_tree_add_item(tree, hf_ipset_attr_typename, tvb, offset, len, ENC_UTF_8);
1545 return 1;
1546
1547 case WS_IPSET_ATTR_REVISION:
1548 /* TODO */
1549 return 0;
1550
1551 case WS_IPSET_ATTR_FAMILY:
1552 proto_tree_add_item(tree, hf_ipset_attr_family, tvb, offset, len, ENC_BIG_ENDIAN);
1553 return 1;
1554
1555 case WS_IPSET_ATTR_FLAGS:
1556 if (len == 4) {
1557 proto_tree_add_item(tree, hf_ipset_attr_flags, tvb, offset, len, ENC_BIG_ENDIAN);
1558 /* TODO show bits from enum ipset_cmd_flags */
1559 return 1;
1560 }
1561 return 0;
1562
1563 case WS_IPSET_ATTR_DATA:
1564 /* See ipset lib/PROTOCOL, CADT attributes only follow for some commands */
1565 if (nla_type & NLA_F_NESTED) {
1566 uint16_t command = nl_data->type & 0xffff;
1567
1568 if (command == WS_IPSET_CMD_CREATE ||
1569 command == WS_IPSET_CMD_LIST ||
1570 command == WS_IPSET_CMD_SAVE)
1571 return dissect_netlink_attributes(tvb, hf_ipset_cadt_attr, ett_ipset_cadt_attr, info, nl_data, tree, offset, len, dissect_ipset_cadt_attrs);
1572 else
1573 return dissect_netlink_attributes(tvb, hf_ipset_adt_attr, ett_ipset_adt_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_data_attrs);
1574 }
1575 return 0;
1576
1577 case WS_IPSET_ATTR_ADT:
1578 /* Following this, there will be an IPSET_ATTR_DATA with regular ADT attributes, not CADT */
1579 if (nla_type & NLA_F_NESTED)
1580 return dissect_netlink_attributes(tvb, hf_ipset_attr, ett_ipset_attr, info, nl_data, tree, offset, len, dissect_ipset_adt_attrs);
1581 return 0;
1582
1583 case WS_IPSET_ATTR_LINENO:
1584 case WS_IPSET_ATTR_PROTOCOL_MIN:
1585 case WS_IPSET_ATTR_INDEX:
1586 /* TODO */
1587 return 0;
1588 }
1589
1590 return 0;
1591 }
1592
1593 static int
1594 dissect_netfilter_ipset(tvbuff_t *tvb, netlink_netfilter_info_t *info, struct packet_netlink_data *nl_data, proto_tree *tree, int offset)
1595 {
1596 offset = dissect_netlink_netfilter_header(tvb, tree, offset);
1597 return dissect_netlink_attributes_to_end(tvb, hf_ipset_attr, ett_ipset_attr, info, nl_data, tree, offset, dissect_ipset_attrs);
1598 }
1599
1600 /* NFTABLES */
1601
1602 static const value_string nftables_command_vals[] = {
1603 { WS_NFT_MSG_NEWTABLE, "New table" },
1604 { WS_NFT_MSG_GETTABLE, "Get table" },
1605 { WS_NFT_MSG_DELTABLE, "Delete table" },
1606 { WS_NFT_MSG_NEWCHAIN, "New chain" },
1607 { WS_NFT_MSG_GETCHAIN, "Get chain" },
1608 { WS_NFT_MSG_DELCHAIN, "Delete chain" },
1609 { WS_NFT_MSG_NEWRULE, "New rule" },
1610 { WS_NFT_MSG_GETRULE, "Get rule" },
1611 { WS_NFT_MSG_DELRULE, "Delete rule" },
1612 { WS_NFT_MSG_NEWSET, "New set" },
1613 { WS_NFT_MSG_GETSET, "Get set" },
1614 { WS_NFT_MSG_DELSET, "Delete set" },
1615 { WS_NFT_MSG_NEWSETELEM, "New set element" },
1616 { WS_NFT_MSG_GETSETELEM, "Get set element" },
1617 { WS_NFT_MSG_DELSETELEM, "Delete set element" },
1618 { WS_NFT_MSG_NEWGEN, "New rule-set generation" },
1619 { WS_NFT_MSG_GETGEN, "Get rule-set generation" },
1620 { WS_NFT_MSG_TRACE, "Trace" },
1621 { WS_NFT_MSG_NEWOBJ, "New stateful object" },
1622 { WS_NFT_MSG_GETOBJ, "Get stateful object" },
1623 { WS_NFT_MSG_DELOBJ, "Delete stateful object" },
1624 { WS_NFT_MSG_GETOBJ_RESET, "Get and reset stateful object" },
1625 { WS_NFT_MSG_NEWFLOWTABLE, "New flow table" },
1626 { WS_NFT_MSG_GETFLOWTABLE, "Get flow table" },
1627 { WS_NFT_MSG_DELFLOWTABLE, "Delete flow table" },
1628 { WS_NFT_MSG_GETRULE_RESET, "Get rules and reset stateful expressions" },
1629 { WS_NFT_MSG_DESTROYTABLE, "Destroy table" },
1630 { WS_NFT_MSG_DESTROYCHAIN, "Destroy chain" },
1631 { WS_NFT_MSG_DESTROYRULE, "Destroy rule" },
1632 { WS_NFT_MSG_DESTROYSET, "Destroy set" },
1633 { WS_NFT_MSG_DESTROYSETELEM, "Destroy set element" },
1634 { WS_NFT_MSG_DESTROYOBJ, "Destroy stateful object" },
1635 { WS_NFT_MSG_DESTROYFLOWTABLE, "Destroy flow table" },
1636 { WS_NFT_MSG_GETSETELEM_RESET, "Get set elements and reset stateful expressions" },
1637 { 0, NULL }
1638 };
1639
1640
1641 static const value_string netlink_netfilter_subsystem_vals[] = {
1642 { WS_NFNL_SUBSYS_NONE, "None" },
1643 { WS_NFNL_SUBSYS_CTNETLINK, "Conntrack" },
1644 { WS_NFNL_SUBSYS_CTNETLINK_EXP, "Conntrack expect" },
1645 { WS_NFNL_SUBSYS_QUEUE, "Netfilter packet queue" },
1646 { WS_NFNL_SUBSYS_ULOG, "Netfilter userspace logging" },
1647 { WS_NFNL_SUBSYS_OSF, "OS fingerprint" },
1648 { WS_NFNL_SUBSYS_IPSET, "IP set" },
1649 { WS_NFNL_SUBSYS_ACCT, "Extended Netfilter accounting infrastructure" },
1650 { WS_NFNL_SUBSYS_CTNETLINK_TIMEOUT, "Extended Netfilter Connection Tracking timeout tuning" },
1651 { WS_NFNL_SUBSYS_CTHELPER, "Connection Tracking Helpers" },
1652 { WS_NFNL_SUBSYS_NFTABLES, "Netfilter tables" },
1653 { WS_NFNL_SUBSYS_NFT_COMPAT, "x_tables compatibility layer for nf_tables" },
1654 { WS_NFNL_SUBSYS_HOOK, "Hook" },
1655 { WS_NFNL_SUBSYS_COUNT, "Count" },
1656 { 0, NULL }
1657 };
1658
1659 static int
1660 dissect_netlink_netfilter(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1661 {
1662 struct packet_netlink_data *nl_data = (struct packet_netlink_data *)data;
1663 netlink_netfilter_info_t info;
1664 proto_tree *nlmsg_tree;
1665 proto_item *pi;
1666 int offset = 0;
1667
1668 DISSECTOR_ASSERT(nl_data && nl_data->magic == PACKET_NETLINK_MAGIC);
1669
1670 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Netlink netfilter");
1671 col_clear(pinfo->cinfo, COL_INFO);
1672
1673 pi = proto_tree_add_item(tree, proto_netlink_netfilter, tvb, 0, -1, ENC_NA);
1674 nlmsg_tree = proto_item_add_subtree(pi, ett_netlink_netfilter);
1675
1676 /* Netlink message header (nlmsghdr) */
1677 offset = dissect_netlink_header(tvb, nlmsg_tree, offset, nl_data->encoding, -1, NULL);
1678 proto_tree_add_item(nlmsg_tree, hf_netlink_netfilter_subsys, tvb, 4, 2, nl_data->encoding);
1679 switch (nl_data->type >> 8) {
1680 case WS_NFNL_SUBSYS_CTNETLINK_EXP:
1681 proto_tree_add_item(nlmsg_tree, hf_nfexp_type, tvb, 4, 2, nl_data->encoding);
1682 break;
1683
1684 case WS_NFNL_SUBSYS_QUEUE:
1685 proto_tree_add_item(nlmsg_tree, hf_nfq_type, tvb, 4, 2, nl_data->encoding);
1686 break;
1687
1688 case WS_NFNL_SUBSYS_ULOG:
1689 proto_tree_add_item(nlmsg_tree, hf_netlink_netfilter_ulog_type, tvb, 4, 2, nl_data->encoding);
1690 break;
1691
1692 case WS_NFNL_SUBSYS_IPSET:
1693 proto_tree_add_item(nlmsg_tree, hf_ipset_command, tvb, 4, 2, nl_data->encoding);
1694 break;
1695
1696 case WS_NFNL_SUBSYS_NFTABLES:
1697 proto_tree_add_item(nlmsg_tree, hf_nftables_command, tvb, 4, 2, nl_data->encoding);
1698 break;
1699 }
1700
1701 info.pinfo = pinfo;
1702 info.hw_protocol = 0;
1703
1704 switch (nl_data->type >> 8) {
1705 case WS_NFNL_SUBSYS_CTNETLINK:
1706 offset = dissect_netfilter_ct(tvb, &info, nl_data, nlmsg_tree, offset);
1707 break;
1708
1709 case WS_NFNL_SUBSYS_CTNETLINK_EXP:
1710 offset = dissect_netfilter_exp(tvb, &info, nl_data, nlmsg_tree, offset);
1711 break;
1712
1713 case WS_NFNL_SUBSYS_QUEUE:
1714 offset = dissect_netfilter_queue(tvb, &info, nl_data, nlmsg_tree, offset);
1715 break;
1716
1717 case WS_NFNL_SUBSYS_ULOG:
1718 offset = dissect_netfilter_ulog(tvb, &info, nl_data, nlmsg_tree, offset);
1719 break;
1720
1721 case WS_NFNL_SUBSYS_IPSET:
1722 offset = dissect_netfilter_ipset(tvb, &info, nl_data, nlmsg_tree, offset);
1723 break;
1724
1725 default:
1726 call_data_dissector(tvb_new_subset_remaining(tvb, offset), pinfo, nlmsg_tree);
1727 offset = tvb_reported_length(tvb);
1728 break;
1729 }
1730
1731 return offset;
1732 }
1733
1734 void
1735 proto_register_netlink_netfilter(void)
1736 {
1737 static hf_register_info hf[] = {
1738 { &hf_netlink_netfilter_family,
1739 { "Address family", "netlink-netfilter.family",
1740 FT_UINT8, BASE_DEC | BASE_EXT_STRING, &linux_af_vals_ext, 0x00,
1741 "nfnetlink address family", HFILL }
1742 },
1743 { &hf_netlink_netfilter_version,
1744 { "Version", "netlink-netfilter.version",
1745 FT_UINT8, BASE_DEC, NULL, 0x00,
1746 "nfnetlink version", HFILL }
1747 },
1748 { &hf_netlink_netfilter_resid,
1749 { "Resource id", "netlink-netfilter.res_id",
1750 FT_UINT16, BASE_DEC, NULL, 0x00,
1751 NULL, HFILL }
1752 },
1753 { &hf_nfct_tuple_proto_num_attr,
1754 { "Protocol", "netlink-netfilter.nfct_tuple.proto.num",
1755 FT_UINT8, BASE_DEC, NULL, 0x00,
1756 NULL, HFILL }
1757 },
1758 { &hf_nfct_tuple_proto_src_port_attr,
1759 { "Port", "netlink-netfilter.nfct_tuple.proto.src_port",
1760 FT_UINT16, BASE_DEC, NULL, 0x00,
1761 NULL, HFILL }
1762 },
1763 { &hf_nfct_tuple_proto_dst_port_attr,
1764 { "Port", "netlink-netfilter.nfct_tuple.proto.dst_port",
1765 FT_UINT16, BASE_DEC, NULL, 0x00,
1766 NULL, HFILL }
1767 },
1768 { &hf_nfct_tuple_proto_attr,
1769 { "Type", "netlink-netfilter.nfct_tuple.proto",
1770 FT_UINT16, BASE_DEC, VALS(nfct_tuple_l4proto_attr_vals), NLA_TYPE_MASK,
1771 NULL, HFILL }
1772 },
1773 { &hf_nfct_tuple_ip_attr_ipv4,
1774 { "IPv4 address", "netlink-netfilter.nfct_tuple.ip.ip_addr",
1775 FT_IPv4, BASE_NONE, NULL, 0x00,
1776 NULL, HFILL }
1777 },
1778 { &hf_nfct_tuple_ip_attr_ipv6,
1779 { "IPv6 address", "netlink-netfilter.nfct_tuple.ip.ip6_addr",
1780 FT_IPv6, BASE_NONE, NULL, 0x00,
1781 NULL, HFILL }
1782 },
1783 { &hf_nfct_tuple_ip_attr,
1784 { "Type", "netlink-netfilter.nfct_tuple.ip",
1785 FT_UINT16, BASE_DEC, VALS(nfct_tuple_ip_attr_vals), NLA_TYPE_MASK,
1786 NULL, HFILL }
1787 },
1788 { &hf_nfct_tuple_zone_attr,
1789 { "Zone", "netlink-netfilter.nfct_tuple.zone",
1790 FT_UINT16, BASE_DEC, NULL, 0x00,
1791 NULL, HFILL }
1792 },
1793 { &hf_nfct_tuple_attr,
1794 { "Type", "netlink-netfilter.nfct_tuple",
1795 FT_UINT16, BASE_DEC, VALS(nfct_tuple_attr_vals), NLA_TYPE_MASK,
1796 NULL, HFILL }
1797 },
1798 { &hf_nfct_attr_timeout,
1799 { "Timeout", "netlink-netfilter.ct_attr.timeout",
1800 FT_UINT32, BASE_DEC, NULL, 0x00,
1801 NULL, HFILL }
1802 },
1803 { &hf_nfct_attr_id,
1804 { "ID", "netlink-netfilter.ct_attr.id",
1805 FT_UINT32, BASE_HEX, NULL, 0x00,
1806 NULL, HFILL }
1807 },
1808 { &hf_nfct_attr_status_flag_expected,
1809 { "Expected", "netlink-netfilter.ct_attr.status.expected",
1810 FT_UINT32, BASE_DEC, NULL, WS_IPS_EXPECTED,
1811 "It is an expected connection", HFILL }
1812 },
1813 { &hf_nfct_attr_status_flag_seen_reply,
1814 { "Seen reply", "netlink-netfilter.ct_attr.status.seen_reply",
1815 FT_UINT32, BASE_DEC, NULL, WS_IPS_SEEN_REPLY,
1816 "Packets going in both directions have been seen", HFILL }
1817 },
1818 { &hf_nfct_attr_status_flag_assured,
1819 { "Assured", "netlink-netfilter.ct_attr.status.assured",
1820 FT_UINT32, BASE_DEC, NULL, WS_IPS_ASSURED,
1821 "Conntrack should never be early-expired", HFILL }
1822 },
1823 { &hf_nfct_attr_status_flag_confirmed,
1824 { "Confirmed", "netlink-netfilter.ct_attr.status.confirmed",
1825 FT_UINT32, BASE_DEC, NULL, WS_IPS_CONFIRMED,
1826 "Connection is confirmed: originating packet has left box", HFILL }
1827 },
1828 { &hf_nfct_attr_status_flag_src_nat,
1829 { "Source NAT", "netlink-netfilter.ct_attr.status.src_nat",
1830 FT_UINT32, BASE_DEC, NULL, WS_IPS_SRC_NAT,
1831 "Connection needs source NAT in orig dir.", HFILL }
1832 },
1833 { &hf_nfct_attr_status_flag_dst_nat,
1834 { "Destination NAT", "netlink-netfilter.ct_attr.status.dst_nat",
1835 FT_UINT32, BASE_DEC, NULL, WS_IPS_DST_NAT,
1836 "Connection needs destination NAT in orig dir.", HFILL }
1837 },
1838 { &hf_nfct_attr_status_flag_seq_adjust,
1839 { "Sequence adjust", "netlink-netfilter.ct_attr.status.seq_adjust",
1840 FT_UINT32, BASE_DEC, NULL, WS_IPS_SEQ_ADJUST,
1841 "Connection needs TCP sequence adjusted", HFILL }
1842 },
1843 { &hf_nfct_attr_status_flag_src_nat_done,
1844 { "Source NAT done", "netlink-netfilter.ct_attr.status.src_nat_done",
1845 FT_UINT32, BASE_DEC, NULL, WS_IPS_SRC_NAT_DONE,
1846 "Source NAT has been initialized", HFILL }
1847 },
1848 { &hf_nfct_attr_status_flag_dst_nat_done,
1849 { "Destination NAT done", "netlink-netfilter.ct_attr.status.dst_nat_done",
1850 FT_UINT32, BASE_DEC, NULL, WS_IPS_DST_NAT_DONE,
1851 "Destination NAT has been initialized", HFILL }
1852 },
1853 { &hf_nfct_attr_status_flag_dying,
1854 { "Dying", "netlink-netfilter.ct_attr.status.dying",
1855 FT_UINT32, BASE_DEC, NULL, WS_IPS_DYING,
1856 "Connection is dying (removed from lists)", HFILL }
1857 },
1858 { &hf_nfct_attr_status_flag_fixed_timeout,
1859 { "Fixed timeout", "netlink-netfilter.ct_attr.status.fixed_timeout",
1860 FT_UINT32, BASE_DEC, NULL, WS_IPS_FIXED_TIMEOUT,
1861 "Connection has fixed timeout", HFILL }
1862 },
1863 { &hf_nfct_attr_status_flag_template,
1864 { "Template", "netlink-netfilter.ct_attr.status.template",
1865 FT_UINT32, BASE_DEC, NULL, WS_IPS_TEMPLATE,
1866 "Conntrack is a template", HFILL }
1867 },
1868 { &hf_nfct_attr_status_flag_untracked,
1869 { "Untracked", "netlink-netfilter.ct_attr.status.untracked",
1870 FT_UINT32, BASE_DEC, NULL, WS_IPS_UNTRACKED,
1871 "Conntrack is a fake untracked entry. Obsolete and not used anymore", HFILL }
1872 },
1873 { &hf_nfct_attr_status_flag_helper,
1874 { "Helper", "netlink-netfilter.ct_attr.status.helper",
1875 FT_UINT32, BASE_DEC, NULL, WS_IPS_HELPER,
1876 "Conntrack got a helper explicitly attached via CT target", HFILL }
1877 },
1878 { &hf_nfct_attr_status_flag_offload,
1879 { "Offload", "netlink-netfilter.ct_attr.status.offload",
1880 FT_UINT32, BASE_DEC, NULL, WS_IPS_OFFLOAD,
1881 NULL, HFILL }
1882 },
1883 { &hf_nfct_attr_status_flag_hw_offload,
1884 { "HW offload", "netlink-netfilter.ct_attr.status.hw_offload",
1885 FT_UINT32, BASE_DEC, NULL, WS_IPS_HW_OFFLOAD,
1886 NULL, HFILL }
1887 },
1888 { &hf_nfct_attr_status,
1889 { "Status", "netlink-netfilter.ct_attr.status",
1890 FT_UINT32, BASE_HEX, NULL, 0x00,
1891 NULL, HFILL }
1892 },
1893 { &hf_nfct_help_attr_help_name,
1894 { "Helper name", "netlink-netfilter.ct_help_attr.help_name",
1895 FT_STRINGZ, BASE_NONE, NULL, 0x0,
1896 NULL, HFILL }
1897 },
1898 { &hf_nfct_help_attr,
1899 { "Helper", "netlink-netfilter.ct_help_attr",
1900 FT_UINT16, BASE_DEC, VALS(nfct_help_attr_vals), NLA_TYPE_MASK,
1901 NULL, HFILL }
1902 },
1903 { &hf_nfct_seqadj_attr_correction_pos,
1904 { "Position", "netlink-netfilter.ct_seqadj_correction_pos",
1905 FT_UINT32, BASE_DEC, NULL, 0x00,
1906 NULL, HFILL }
1907 },
1908 { &hf_nfct_seqadj_attr_offset_before,
1909 { "Offset", "netlink-netfilter.ct_seqadj_offset_before",
1910 FT_INT32, BASE_DEC, NULL, 0x00,
1911 NULL, HFILL }
1912 },
1913 { &hf_nfct_seqadj_attr_offset_after,
1914 { "Offset", "netlink-netfilter.ct_seqadj_offset_after",
1915 FT_INT32, BASE_DEC, NULL, 0x00,
1916 NULL, HFILL }
1917 },
1918 { &hf_nfct_seqadj_attr,
1919 { "Adjustment", "netlink-netfilter.ct_seqadj_attr",
1920 FT_UINT16, BASE_DEC, VALS(nfct_seqadj_attr_vals), NLA_TYPE_MASK,
1921 NULL, HFILL }
1922 },
1923 { &hf_nfct_attr,
1924 { "Type", "netlink-netfilter.ct.attr",
1925 FT_UINT16, BASE_DEC, VALS(nfct_attr_vals), NLA_TYPE_MASK,
1926 NULL, HFILL }
1927 },
1928 { &hf_nfexp_nat_attr_dir,
1929 { "Direction", "netlink-netfilter.nfexp.nat.dir",
1930 FT_UINT32, BASE_DEC, VALS(nfexp_conntrack_dir_vals), 0x00,
1931 NULL, HFILL }
1932 },
1933 { &hf_nfexp_nat_attr,
1934 { "Type", "netlink-netfilter.nfexp.nat",
1935 FT_UINT16, BASE_DEC, VALS(nfexp_nat_attr_vals), NLA_TYPE_MASK,
1936 NULL, HFILL }
1937 },
1938 { &hf_nfexp_attr_timeout,
1939 { "Timeout", "netlink-netfilter.nfexp.timeout",
1940 FT_UINT32, BASE_DEC, NULL, 0x00,
1941 NULL, HFILL }
1942 },
1943 { &hf_nfexp_attr_id,
1944 { "ID", "netlink-netfilter.nfexp.id",
1945 FT_UINT32, BASE_HEX, NULL, 0x00,
1946 NULL, HFILL }
1947 },
1948 { &hf_nfexp_attr_class,
1949 { "Class", "netlink-netfilter.nfexp.class",
1950 FT_UINT32, BASE_DEC, NULL, 0x00,
1951 NULL, HFILL }
1952 },
1953 { &hf_nfexp_attr_zone,
1954 { "Zone", "netlink-netfilter.nfexp.zone",
1955 FT_UINT16, BASE_DEC, NULL, 0x00,
1956 NULL, HFILL }
1957 },
1958 { &hf_nfexp_attr_fn,
1959 { "Name", "netlink-netfilter.nfexp.fn",
1960 FT_STRINGZ, BASE_NONE, NULL, 0x0,
1961 NULL, HFILL }
1962 },
1963 { &hf_nfexp_attr_flag_permanent,
1964 { "Permanent", "netlink-netfilter.nfexp.flags.permanent",
1965 FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_PERMANENT,
1966 NULL, HFILL }
1967 },
1968 { &hf_nfexp_attr_flag_inactive,
1969 { "Inactive", "netlink-netfilter.nfexp.flags.inactive",
1970 FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_INACTIVE,
1971 NULL, HFILL }
1972 },
1973 { &hf_nfexp_attr_flag_userspace,
1974 { "Userspace", "netlink-netfilter.nfexp.flags.userspace",
1975 FT_UINT32, BASE_DEC, NULL, WS_NF_CT_EXPECT_USERSPACE,
1976 NULL, HFILL }
1977 },
1978 { &hf_nfexp_attr_flags,
1979 { "Flags", "netlink-netfilter.nfexp.flags",
1980 FT_UINT32, BASE_HEX, NULL, 0x00,
1981 NULL, HFILL }
1982 },
1983 { &hf_nfexp_attr,
1984 { "Type", "netlink-netfilter.exp.attr",
1985 FT_UINT16, BASE_DEC, VALS(nfexp_attr_vals), NLA_TYPE_MASK,
1986 NULL, HFILL }
1987 },
1988 { &hf_nfq_config_command_command,
1989 { "Command", "netlink-netfilter.queue.config.command.command",
1990 FT_UINT8, BASE_DEC, VALS(nfq_config_command_vals), 0x00,
1991 NULL, HFILL }
1992 },
1993 { &hf_nfq_config_command_pf,
1994 { "Protocol family", "netlink-netfilter.queue.config.command.pf",
1995 FT_UINT16, BASE_DEC, VALS(nfproto_family_vals), 0x00,
1996 NULL, HFILL }
1997 },
1998 { &hf_nfq_config_params_copyrange,
1999 { "Copy range", "netlink-netfilter.queue.config.params.copy_range",
2000 FT_UINT32, BASE_HEX, NULL, 0x00,
2001 NULL, HFILL }
2002 },
2003 { &hf_nfq_config_params_copymode,
2004 { "Copy mode", "netlink-netfilter.queue.config.params.copy_mode",
2005 FT_UINT8, BASE_DEC, VALS(nfq_config_mode_vals), 0x00,
2006 NULL, HFILL }
2007 },
2008 { &hf_nfq_config_queue_maxlen,
2009 { "Maximum queue length", "netlink-netfilter.queue.config.queue_maxlen",
2010 FT_UINT32, BASE_DEC, NULL, 0x00,
2011 NULL, HFILL }
2012 },
2013 { &hf_nfq_config_mask,
2014 { "Flags mask", "netlink-netfilter.queue.config.mask",
2015 FT_UINT32, BASE_HEX, NULL, 0x00,
2016 NULL, HFILL }
2017 },
2018 { &hf_nfq_config_flags,
2019 { "Flags", "netlink-netfilter.queue.config.flags",
2020 FT_UINT32, BASE_HEX, NULL, 0x00,
2021 NULL, HFILL }
2022 },
2023 { &hf_nfq_config_attr,
2024 { "Type", "netlink-netfilter.queue.config_attr",
2025 FT_UINT16, BASE_DEC, VALS(nfq_config_attr_vals), NLA_TYPE_MASK,
2026 NULL, HFILL }
2027 },
2028 { &hf_nfq_verdict_verdict,
2029 { "Verdict", "netlink-netfilter.queue.verdict.verdict",
2030 FT_UINT32, BASE_DEC, VALS(nfq_verdict_vals), 0x00,
2031 NULL, HFILL }
2032 },
2033 { &hf_nfq_verdict_id,
2034 { "Verdict ID", "netlink-netfilter.queue.verdict.id",
2035 FT_UINT32, BASE_DEC, NULL, 0x00,
2036 NULL, HFILL }
2037 },
2038 { &hf_nfq_packet_id,
2039 { "Packet ID", "netlink-netfilter.queue.packet.id",
2040 FT_UINT32, BASE_DEC, NULL, 0x00,
2041 NULL, HFILL }
2042 },
2043 { &hf_nfq_packet_hwprotocol,
2044 { "HW protocol", "netlink-netfilter.queue.packet.protocol",
2045 FT_UINT16, BASE_HEX, VALS(etype_vals), 0x00,
2046 NULL, HFILL }
2047 },
2048 { &hf_nfq_packet_hook,
2049 { "Netfilter hook", "netlink-netfilter.queue.packet.hook",
2050 FT_UINT8, BASE_DEC, VALS(netfilter_hooks_vals), 0x00,
2051 NULL, HFILL }
2052 },
2053 { &hf_nfq_nfmark,
2054 { "Mark", "netlink-netfilter.queue.nfmark",
2055 FT_UINT32, BASE_DEC, NULL, 0x00,
2056 NULL, HFILL }
2057 },
2058 { &hf_nfq_timestamp,
2059 { "Timestamp", "netlink-netfilter.queue.timestamp",
2060 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x00,
2061 NULL, HFILL }
2062 },
2063 { &hf_nfq_ifindex_indev,
2064 { "IFINDEX_INDEV", "netlink-netfilter.queue.ifindex_indev",
2065 FT_UINT32, BASE_DEC, NULL, 0x00,
2066 NULL, HFILL }
2067 },
2068 { &hf_nfq_ifindex_outdev,
2069 { "IFINDEX_OUTDEV", "netlink-netfilter.queue.ifindex_outdev",
2070 FT_UINT32, BASE_DEC, NULL, 0x00,
2071 NULL, HFILL }
2072 },
2073 { &hf_nfq_ifindex_physindev,
2074 { "IFINDEX_PHYSINDEV", "netlink-netfilter.queue.ifindex_physindev",
2075 FT_UINT32, BASE_DEC, NULL, 0x00,
2076 NULL, HFILL }
2077 },
2078 { &hf_nfq_ifindex_physoutdev,
2079 { "IFINDEX_PHYSOUTDEV", "netlink-netfilter.queue.ifindex_physoutdev",
2080 FT_UINT32, BASE_DEC, NULL, 0x00,
2081 NULL, HFILL }
2082 },
2083 { &hf_nfq_hwaddr_len,
2084 { "Address length", "netlink-netfilter.queue.hwaddr.len",
2085 FT_UINT16, BASE_DEC, NULL, 0x00,
2086 NULL, HFILL }
2087 },
2088 { &hf_nfq_hwaddr_addr,
2089 { "Address", "netlink-netfilter.queue.hwaddr.addr",
2090 FT_ETHER, BASE_NONE, NULL, 0x00,
2091 NULL, HFILL }
2092 },
2093 { &hf_nfq_ctinfo,
2094 { "Conntrack info", "netlink-netfilter.queue.ct_info",
2095 FT_UINT32, BASE_DEC, VALS(nfq_ctinfo_vals), 0x00,
2096 "Connection state tracking info", HFILL }
2097 },
2098 { &hf_nfq_caplen,
2099 { "Length of captured packet", "netlink-netfilter.queue.caplen",
2100 FT_UINT32, BASE_DEC, NULL, 0x00,
2101 "Length of captured, untruncated packet", HFILL }
2102 },
2103 { &hf_nfq_uid,
2104 { "UID", "netlink-netfilter.queue.uid",
2105 FT_UINT32, BASE_DEC, NULL, 0x00,
2106 NULL, HFILL }
2107 },
2108 { &hf_nfq_gid,
2109 { "GID", "netlink-netfilter.queue.gid",
2110 FT_UINT32, BASE_DEC, NULL, 0x00,
2111 NULL, HFILL }
2112 },
2113 { &hf_nfq_attr,
2114 { "Type", "netlink-netfilter.queue.attr",
2115 FT_UINT16, BASE_DEC, VALS(nfq_attr_vals), NLA_TYPE_MASK,
2116 NULL, HFILL }
2117 },
2118 { &hf_netlink_netfilter_ulog_type,
2119 { "Type", "netlink-netfilter.ulog_type",
2120 FT_UINT16, BASE_DEC, VALS(netlink_netfilter_ulog_type_vals), 0x00FF,
2121 NULL, HFILL }
2122 },
2123 { &hf_ipset_attr,
2124 { "Type", "netlink-netfilter.ipset_attr",
2125 FT_UINT16, BASE_DEC, VALS(ipset_attr_vals), NLA_TYPE_MASK,
2126 NULL, HFILL }
2127 },
2128 { &hf_ipset_cadt_attr,
2129 { "Type", "netlink-netfilter.ipset_cadt_attr",
2130 FT_UINT16, BASE_DEC, VALS(ipset_cadt_attr_vals), NLA_TYPE_MASK,
2131 NULL, HFILL }
2132 },
2133 { &hf_ipset_cadt_attr_cidr,
2134 { "CIDR", "netlink-netfilter.ipset.cidr",
2135 FT_UINT8, BASE_DEC, NULL, 0x0,
2136 NULL, HFILL }
2137 },
2138 { &hf_ipset_cadt_attr_timeout,
2139 { "Timeout", "netlink-netfilter.ipset.timeout",
2140 FT_UINT32, BASE_DEC, NULL, 0x0,
2141 NULL, HFILL }
2142 },
2143 { &hf_ipset_cadt_attr_cadt_flags,
2144 { "Flags", "netlink-netfilter.ipset.cadt_flags",
2145 FT_UINT32, BASE_HEX, NULL, 0x0,
2146 NULL, HFILL }
2147 },
2148 { &hf_ipset_attr_setname,
2149 { "Setname", "netlink-netfilter.ipset.setname",
2150 FT_STRINGZ, BASE_NONE, NULL, 0x0,
2151 NULL, HFILL }
2152 },
2153 { &hf_ipset_attr_typename,
2154 { "Typename", "netlink-netfilter.ipset.typename",
2155 FT_STRINGZ, BASE_NONE, NULL, 0x0,
2156 NULL, HFILL }
2157 },
2158 { &hf_ipset_attr_family,
2159 { "Settype family", "netlink-netfilter.ipset.family",
2160 FT_UINT8, BASE_DEC, VALS(nfproto_family_vals), 0x00,
2161 NULL, HFILL }
2162 },
2163 { &hf_ipset_attr_flags,
2164 { "Flags", "netlink-netfilter.ipset.flags",
2165 FT_UINT32, BASE_HEX, NULL, 0x0,
2166 NULL, HFILL }
2167 },
2168 { &hf_ipset_adt_attr,
2169 { "Type", "netlink-netfilter.ipset_adt_attr",
2170 FT_UINT16, BASE_DEC, VALS(ipset_adt_attr_vals), NLA_TYPE_MASK,
2171 NULL, HFILL }
2172 },
2173 { &hf_ipset_adt_attr_comment,
2174 { "Comment", "netlink-netfilter.ipset.comment",
2175 FT_STRINGZ, BASE_NONE, NULL, 0x0,
2176 NULL, HFILL }
2177 },
2178 { &hf_ipset_ip_attr,
2179 { "Type", "netlink-netfilter.ipset_ip_attr",
2180 FT_UINT16, BASE_DEC, VALS(ipset_ip_attr_vals), NLA_TYPE_MASK,
2181 NULL, HFILL }
2182 },
2183 { &hf_ipset_ip_attr_ipv4,
2184 { "IPv4 address", "netlink-netfilter.ipset.ip_addr",
2185 FT_IPv4, BASE_NONE, NULL, 0x00,
2186 NULL, HFILL }
2187 },
2188 { &hf_ipset_ip_attr_ipv6,
2189 { "IPv6 address", "netlink-netfilter.ipset.ip6_addr",
2190 FT_IPv6, BASE_NONE, NULL, 0x00,
2191 NULL, HFILL }
2192 },
2193 { &hf_nfexp_type,
2194 { "Type", "netlink-netfilter.exp_type",
2195 FT_UINT16, BASE_DEC, VALS(nfexp_type_vals), 0x00FF,
2196 NULL, HFILL }
2197 },
2198 { &hf_nfq_type,
2199 { "Type", "netlink-netfilter.queue_type",
2200 FT_UINT16, BASE_DEC, VALS(nfq_type_vals), 0x00FF,
2201 NULL, HFILL }
2202 },
2203 { &hf_ipset_command,
2204 { "Command", "netlink-netfilter.ipset_command",
2205 FT_UINT16, BASE_DEC, VALS(ipset_command_vals), 0x00FF,
2206 NULL, HFILL }
2207 },
2208 { &hf_nftables_command,
2209 { "Command", "netlink-netfilter.nftables_command",
2210 FT_UINT16, BASE_DEC, VALS(nftables_command_vals), 0x00FF,
2211 NULL, HFILL }
2212 },
2213 { &hf_netlink_netfilter_subsys,
2214 { "Subsystem", "netlink-netfilter.subsys",
2215 FT_UINT16, BASE_DEC, VALS(netlink_netfilter_subsystem_vals), 0xFF00,
2216 NULL, HFILL }
2217 },
2218 { &hf_padding,
2219 { "Padding", "netlink-netfilter.padding",
2220 FT_BYTES, BASE_NONE, NULL, 0x0,
2221 NULL, HFILL }
2222 }
2223 };
2224
2225 static int *ett[] = {
2226 &ett_netlink_netfilter,
2227 &ett_nfct_attr,
2228 &ett_nfct_help_attr,
2229 &ett_nfct_seqadj_attr,
2230 &ett_nfct_status_attr,
2231 &ett_nfct_tuple_attr,
2232 &ett_nfct_tuple_ip_attr,
2233 &ett_nfct_tuple_proto_attr,
2234 &ett_nfq_config_attr,
2235 &ett_nfq_attr,
2236 &ett_nfexp_attr,
2237 &ett_nfexp_flags_attr,
2238 &ett_nfexp_nat_attr,
2239 &ett_ipset_attr,
2240 &ett_ipset_cadt_attr,
2241 &ett_ipset_adt_attr,
2242 &ett_ipset_ip_attr,
2243 };
2244
2245 proto_netlink_netfilter = proto_register_protocol("Linux netlink netfilter protocol", "netfilter", "netlink-netfilter" );
2246 proto_register_field_array(proto_netlink_netfilter, hf, array_length(hf));
2247 proto_register_subtree_array(ett, array_length(ett));
2248
2249 netlink_netfilter = register_dissector("netfilter", dissect_netlink_netfilter, proto_netlink_netfilter);
2250 }
2251
2252 void
2253 proto_reg_handoff_netlink_netfilter(void)
2254 {
2255 dissector_add_uint("netlink.protocol", WS_NETLINK_NETFILTER, netlink_netfilter);
2256
2257 nflog_handle = find_dissector_add_dependency("nflog", proto_netlink_netfilter);
2258 ethertype_table = find_dissector_table("ethertype");
2259 }
2260
2261 /*
2262 * Editor modelines - https://www.wireshark.org/tools/modelines.html
2263 *
2264 * Local variables:
2265 * c-basic-offset: 8
2266 * tab-width: 8
2267 * indent-tabs-mode: t
2268 * End:
2269 *
2270 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
2271 * :indentSize=8:tabSize=8:noTabs=false:
2272 */
Metzes wireshark repo