netlink_netfilter: decode netfilter netlink attribute names

* xlat/nf_acct_attr_names.in: New file.
* xlat/nf_cthelper_attr_names.in: Likewise.
* xlat/nf_ctnetlink_attr_names.in: Likewise.
* xlat/nf_ctnetlink_exp_attr_names.in: Likewise.
* xlat/nf_ctnetlink_to_attr_names.in: Likewise.
* xlat/nf_ipset_attr_names.in: Likewise.
* xlat/nf_nft_compat_attr_names.in: Likewise.
* xlat/nf_nftables_msg_types.in: Likewise.
* xlat/nf_osf_attr_names.in: Likewise.
* xlat/nf_queue_attr_names.in: Likewise.
* xlat/nf_ulog_attr_names.in: Likewise.
* xlat/nft_chain_attr_names.in: Likewise.
* xlat/nft_flow_attr_names.in: Likewise.
* xlat/nft_gen_attr_names.in: Likewise.
* xlat/nft_obj_attr_names.in: Likewise.
* xlat/nft_rule_attr_names.in: Likewise.
* xlat/nft_set_attr_names.in: Likewise.
* xlat/nft_setelem_attr_names.in: Likewise.
* xlat/nft_table_attr_names.in: Likewise.
* xlat/nft_trace_attr_names.in: Likewise.
* netlink_netfilter.c (struct nfnl_decoder): New type definition.
(nft_subsystem_decoders, nfnl_subsystems): New static constants.
(decode_netlink_netfilter): Select xlat for attribute names based
on message subsystem.
* tests/netlink_netfilter.c: Update expected output.

netlink_netfilter.c

@@ -39,9 +39,123 @@
 # include <linux/netfilter/nfnetlink.h>
 
 # include "xlat/netfilter_versions.h"
+# include "xlat/nf_acct_attr_names.h"
+# include "xlat/nf_cthelper_attr_names.h"
+# include "xlat/nf_ctnetlink_attr_names.h"
+# include "xlat/nf_ctnetlink_exp_attr_names.h"
+# include "xlat/nf_ctnetlink_to_attr_names.h"
+# include "xlat/nf_ipset_attr_names.h"
+# include "xlat/nf_nft_compat_attr_names.h"
+# include "xlat/nf_osf_attr_names.h"
+# include "xlat/nf_queue_attr_names.h"
+# include "xlat/nf_ulog_attr_names.h"
+# include "xlat/nft_chain_attr_names.h"
+# include "xlat/nft_flow_attr_names.h"
+# include "xlat/nft_gen_attr_names.h"
+# include "xlat/nft_obj_attr_names.h"
+# include "xlat/nft_rule_attr_names.h"
+# include "xlat/nft_set_attr_names.h"
+# include "xlat/nft_setelem_attr_names.h"
+# include "xlat/nft_table_attr_names.h"
+# include "xlat/nft_trace_attr_names.h"
 # include "xlat/nl_netfilter_msg_types.h"
 # include "xlat/nl_netfilter_subsys_ids.h"
 
+# define XLAT_MACROS_ONLY
+#  include "xlat/nl_netfilter_subsys_ids.h"
+#  include "xlat/nf_nftables_msg_types.h"
+# undef XLAT_MACROS_ONLY
+
+struct nfnl_decoder {
+	const struct xlat *name_xlat;
+	const char *dflt;
+
+	const nla_decoder_t *decoders;
+	size_t decoders_sz;
+
+	const struct nfnl_decoder *subdecoder;
+	size_t subdecoder_sz;
+};
+
+static const struct nfnl_decoder nft_subsystem_decoders[] = {
+	[NFT_MSG_NEWTABLE] =
+		{ nft_table_attr_names,		"NFTA_TABLE_???", },
+	[NFT_MSG_GETTABLE] =
+		{ nft_table_attr_names,		"NFTA_TABLE_???", },
+	[NFT_MSG_DELTABLE] =
+		{ nft_table_attr_names,		"NFTA_TABLE_???", },
+	[NFT_MSG_NEWCHAIN] =
+		{ nft_chain_attr_names,		"NFTA_CHAIN_???", },
+	[NFT_MSG_GETCHAIN] =
+		{ nft_chain_attr_names,		"NFTA_CHAIN_???", },
+	[NFT_MSG_DELCHAIN] =
+		{ nft_chain_attr_names,		"NFTA_CHAIN_???", },
+	[NFT_MSG_NEWRULE] =
+		{ nft_rule_attr_names,		"NFTA_RULE_???", },
+	[NFT_MSG_GETRULE] =
+		{ nft_rule_attr_names,		"NFTA_RULE_???", },
+	[NFT_MSG_DELRULE] =
+		{ nft_rule_attr_names,		"NFTA_RULE_???", },
+	[NFT_MSG_NEWSET] =
+		{ nft_set_attr_names,		"NFTA_SET_???", },
+	[NFT_MSG_GETSET] =
+		{ nft_set_attr_names,		"NFTA_SET_???", },
+	[NFT_MSG_DELSET] =
+		{ nft_set_attr_names,		"NFTA_SET_???", },
+	[NFT_MSG_NEWSETELEM] =
+		{ nft_setelem_attr_names,	"NFTA_SET_ELEM_???", },
+	[NFT_MSG_GETSETELEM] =
+		{ nft_setelem_attr_names,	"NFTA_SET_ELEM_???", },
+	[NFT_MSG_DELSETELEM] =
+		{ nft_setelem_attr_names,	"NFTA_SET_ELEM_???", },
+	[NFT_MSG_NEWGEN] =
+		{ nft_gen_attr_names,		"NFTA_GEN_???", },
+	[NFT_MSG_GETGEN] =
+		{ nft_gen_attr_names,		"NFTA_GEN_???", },
+	[NFT_MSG_TRACE] =
+		{ nft_trace_attr_names,		"NFTA_TRACE_???", },
+	[NFT_MSG_NEWOBJ] =
+		{ nft_obj_attr_names,		"NFTA_OBJ_???", },
+	[NFT_MSG_GETOBJ] =
+		{ nft_obj_attr_names,		"NFTA_OBJ_???", },
+	[NFT_MSG_DELOBJ] =
+		{ nft_obj_attr_names,		"NFTA_OBJ_???", },
+	[NFT_MSG_GETOBJ_RESET] =
+		{ nft_obj_attr_names,		"NFTA_OBJ_???", },
+	[NFT_MSG_NEWFLOWTABLE] =
+		{ nft_flow_attr_names,		"NFTA_FLOW_???", },
+	[NFT_MSG_GETFLOWTABLE] =
+		{ nft_flow_attr_names,		"NFTA_FLOW_???", },
+	[NFT_MSG_DELFLOWTABLE] =
+		{ nft_flow_attr_names,		"NFTA_FLOW_???", },
+};
+
+static const struct nfnl_decoder nfnl_subsystems[] = {
+	[NFNL_SUBSYS_CTNETLINK] =
+		{ nf_ctnetlink_attr_names,	"CTA_???", },
+	[NFNL_SUBSYS_CTNETLINK_EXP] =
+		{ nf_ctnetlink_exp_attr_names,	"CTA_EXPECT_???", },
+	[NFNL_SUBSYS_QUEUE] =
+		{ nf_queue_attr_names,		"NFQA_???", },
+	[NFNL_SUBSYS_ULOG] =
+		{ nf_ulog_attr_names,		"NFULA_???", },
+	[NFNL_SUBSYS_OSF] =
+		{ nf_osf_attr_names,		"OSF_???", },
+	[NFNL_SUBSYS_IPSET] =
+		{ nf_ipset_attr_names,		"IPSET_ATTR_???", },
+	[NFNL_SUBSYS_ACCT] =
+		{ nf_acct_attr_names,		"NFACCT_???", },
+	[NFNL_SUBSYS_CTNETLINK_TIMEOUT] =
+		{ nf_ctnetlink_to_attr_names,	"CTA_TIMEOUT_???", },
+	[NFNL_SUBSYS_CTHELPER] =
+		{ nf_cthelper_attr_names,	"NFCTH_???" },
+	[NFNL_SUBSYS_NFTABLES] =
+		{ NULL, "NFT_???", NULL, 0,
+		  ARRSZ_PAIR(nft_subsystem_decoders) },
+	[NFNL_SUBSYS_NFT_COMPAT] =
+		{ nf_nft_compat_attr_names,	"NFTA_COMPAT_???" },
+};
+
 bool
 decode_netlink_netfilter(struct tcb *const tcp,
 			 const struct nlmsghdr *const nlmsghdr,
@@ -56,7 +170,8 @@ decode_netlink_netfilter(struct tcb *const tcp,
 	if (len < sizeof(nfmsg))
 		printstr_ex(tcp, addr, len, QUOTE_FORCE_HEX);
 	else if (!umove_or_printaddr(tcp, addr, &nfmsg)) {
-		const uint8_t subsys_id = (uint8_t) (nlmsghdr->nlmsg_type >> 8);
+		const uint8_t subsys_id = nlmsghdr->nlmsg_type >> 8;
+		const uint8_t msg_type = nlmsghdr->nlmsg_type;
 		uint16_t res_id = ntohs(nfmsg.res_id);
 
 		PRINT_FIELD_XVAL("{", nfmsg, nfgen_family, addrfams, "AF_???");
@@ -83,12 +198,24 @@ decode_netlink_netfilter(struct tcb *const tcp,
 			tprints(", ");
 			if ((nlmsghdr->nlmsg_type >= NFNL_MSG_BATCH_BEGIN
 			     && nlmsghdr->nlmsg_type <= NFNL_MSG_BATCH_END)
-			    || nlmsghdr->nlmsg_type < NLMSG_MIN_TYPE)
+			    || nlmsghdr->nlmsg_type < NLMSG_MIN_TYPE) {
 				printstr_ex(tcp, addr + offset,
 					    len - offset, QUOTE_FORCE_HEX);
-			else
+			} else {
+				static const struct nfnl_decoder def;
+				const struct nfnl_decoder *subsys = &def;
+
+				if (subsys_id < ARRAY_SIZE(nfnl_subsystems))
+					subsys = nfnl_subsystems + subsys_id;
+				if (subsys->subdecoder
+				    && (msg_type < subsys->subdecoder_sz))
+					subsys = subsys->subdecoder + msg_type;
+
 				decode_nlattr(tcp, addr + offset, len - offset,
-					      NULL, NULL, NULL, 0, NULL);
+					      subsys->name_xlat, subsys->dflt,
+					      subsys->decoders,
+					      subsys->decoders_sz, NULL);
+			}
 		}
 	}
 

tests/netlink_netfilter.c

@@ -183,7 +183,7 @@ test_nfgenmsg(const int fd)
 		      printf("{nfgen_family=AF_UNIX");
 		      printf(", version=NFNETLINK_V0");
 		      printf(", res_id=htons(NFNL_SUBSYS_NFTABLES)"
-			     ", {nla_len=%d, nla_type=%#x}",
+			     ", {nla_len=%d, nla_type=%#x /* NFT_??? */}",
 			     nla.nla_len, nla.nla_type));
 }
 

xlat/nf_acct_attr_names.in

@@ -0,0 +1,9 @@
+NFACCT_UNSPEC		0
+NFACCT_NAME		1
+NFACCT_PKTS		2
+NFACCT_BYTES		3
+NFACCT_USE		4
+NFACCT_FLAGS		5
+NFACCT_QUOTA		6
+NFACCT_FILTER		7
+NFACCT_PAD		8

xlat/nf_cthelper_attr_names.in

@@ -0,0 +1,7 @@
+NFCTH_UNSPEC		0
+NFCTH_NAME		1
+NFCTH_TUPLE		2
+NFCTH_QUEUE_NUM		3
+NFCTH_POLICY		4
+NFCTH_PRIV_DATA_LEN	5
+NFCTH_STATUS		6

xlat/nf_ctnetlink_attr_names.in

@@ -0,0 +1,25 @@
+CTA_UNSPEC		0
+CTA_TUPLE_ORIG		1
+CTA_TUPLE_REPLY		2
+CTA_STATUS		3
+CTA_PROTOINFO		4
+CTA_HELP		5
+CTA_NAT_SRC		6
+CTA_TIMEOUT		7
+CTA_MARK		8
+CTA_COUNTERS_ORIG	9
+CTA_COUNTERS_REPLY	10
+CTA_USE			11
+CTA_ID			12
+CTA_NAT_DST		13
+CTA_TUPLE_MASTER	14
+CTA_SEQ_ADJ_ORIG	15
+CTA_SEQ_ADJ_REPLY	16
+CTA_SECMARK		17
+CTA_ZONE		18
+CTA_SECCTX		19
+CTA_TIMESTAMP		20
+CTA_MARK_MASK		21
+CTA_LABELS		22
+CTA_LABELS_MASK		23
+CTA_SYNPROXY		24

xlat/nf_ctnetlink_exp_attr_names.in

@@ -0,0 +1,12 @@
+CTA_EXPECT_UNSPEC	0
+CTA_EXPECT_MASTER	1
+CTA_EXPECT_TUPLE	2
+CTA_EXPECT_MASK		3
+CTA_EXPECT_TIMEOUT	4
+CTA_EXPECT_ID		5
+CTA_EXPECT_HELP_NAME	6
+CTA_EXPECT_ZONE		7
+CTA_EXPECT_FLAGS	8
+CTA_EXPECT_CLASS	9
+CTA_EXPECT_NAT		10
+CTA_EXPECT_FN		11

xlat/nf_ctnetlink_to_attr_names.in

@@ -0,0 +1,6 @@
+CTA_TIMEOUT_UNSPEC	0
+CTA_TIMEOUT_NAME	1
+CTA_TIMEOUT_L3PROTO	2
+CTA_TIMEOUT_L4PROTO	3
+CTA_TIMEOUT_DATA	4
+CTA_TIMEOUT_USE		5

xlat/nf_ipset_attr_names.in

@@ -0,0 +1,11 @@
+IPSET_ATTR_UNSPEC		0
+IPSET_ATTR_PROTOCOL		1
+IPSET_ATTR_SETNAME		2
+IPSET_ATTR_TYPENAME		3
+IPSET_ATTR_REVISION		4
+IPSET_ATTR_FAMILY		5
+IPSET_ATTR_FLAGS		6
+IPSET_ATTR_DATA			7
+IPSET_ATTR_ADT			8
+IPSET_ATTR_LINENO		9
+IPSET_ATTR_PROTOCOL_MIN		10

xlat/nf_nft_compat_attr_names.in

@@ -0,0 +1,4 @@
+NFTA_COMPAT_UNSPEC	0
+NFTA_COMPAT_NAME	1
+NFTA_COMPAT_REV		2
+NFTA_COMPAT_TYPE	3

xlat/nf_nftables_msg_types.in

@@ -20,3 +20,6 @@ NFT_MSG_NEWOBJ		18
 NFT_MSG_GETOBJ		19
 NFT_MSG_DELOBJ		20
 NFT_MSG_GETOBJ_RESET	21
+NFT_MSG_NEWFLOWTABLE	22
+NFT_MSG_GETFLOWTABLE	23
+NFT_MSG_DELFLOWTABLE	24

xlat/nf_osf_attr_names.in

@@ -0,0 +1,2 @@
+OSF_ATTR_UNSPEC	0
+OSF_ATTR_FINGER	1

xlat/nf_queue_attr_names.in

@@ -0,0 +1,21 @@
+NFQA_UNSPEC		0
+NFQA_PACKET_HDR		1
+NFQA_VERDICT_HDR	2
+NFQA_MARK		3
+NFQA_TIMESTAMP		4
+NFQA_IFINDEX_INDEV	5
+NFQA_IFINDEX_OUTDEV	6
+NFQA_IFINDEX_PHYSINDEV	7
+NFQA_IFINDEX_PHYSOUTDEV	8
+NFQA_HWADDR		9
+NFQA_PAYLOAD		10
+NFQA_CT			11
+NFQA_CT_INFO		12
+NFQA_CAP_LEN		13
+NFQA_SKB_INFO		14
+NFQA_EXP		15
+NFQA_UID		16
+NFQA_GID		17
+NFQA_SECCTX		18
+NFQA_VLAN		19
+NFQA_L			20

xlat/nf_ulog_attr_names.in

@@ -0,0 +1,20 @@
+NFULA_UNSPEC			0
+NFULA_PACKET_HDR		1
+NFULA_MARK			2
+NFULA_TIMESTAMP			3
+NFULA_IFINDEX_INDEV		4
+NFULA_IFINDEX_OUTDEV		5
+NFULA_IFINDEX_PHYSINDEV		6
+NFULA_IFINDEX_PHYSOUTDEV	7
+NFULA_HWADDR			8
+NFULA_PAYLOAD			9
+NFULA_PREFIX			10
+NFULA_UID			11
+NFULA_SEQ			12
+NFULA_SEQ_GLOBAL		13
+NFULA_GID			14
+NFULA_HWTYPE			15
+NFULA_HWHEADER			16
+NFULA_HWLEN			17
+NFULA_CT			18
+NFULA_CT_INFO			19

xlat/nft_chain_attr_names.in

@@ -0,0 +1,10 @@
+NFTA_CHAIN_UNSPEC	0
+NFTA_CHAIN_TABLE	1
+NFTA_CHAIN_HANDLE	2
+NFTA_CHAIN_NAME		3
+NFTA_CHAIN_HOOK		4
+NFTA_CHAIN_POLICY	5
+NFTA_CHAIN_USE		6
+NFTA_CHAIN_TYPE		7
+NFTA_CHAIN_COUNTERS	8
+NFTA_CHAIN_PAD		9

xlat/nft_flow_attr_names.in

@@ -0,0 +1,7 @@
+NFTA_FLOWTABLE_UNSPEC		0
+NFTA_FLOWTABLE_TABLE		1
+NFTA_FLOWTABLE_NAME		2
+NFTA_FLOWTABLE_HOOK		3
+NFTA_FLOWTABLE_USE		4
+NFTA_FLOWTABLE_HANDLE		5
+NFTA_FLOWTABLE_PAD		6

xlat/nft_gen_attr_names.in

@@ -0,0 +1,4 @@
+NFTA_GEN_UNSPEC		0
+NFTA_GEN_ID		1
+NFTA_GEN_PROC_PID	2
+NFTA_GEN_PROC_NAME	3

xlat/nft_obj_attr_names.in

@@ -0,0 +1,8 @@
+NFTA_OBJ_UNSPEC		0
+NFTA_OBJ_TABLE		1
+NFTA_OBJ_NAME		2
+NFTA_OBJ_TYPE		3
+NFTA_OBJ_DATA		4
+NFTA_OBJ_USE		5
+NFTA_OBJ_HANDLE		6
+NFTA_OBJ_PAD		7

xlat/nft_rule_attr_names.in

@@ -0,0 +1,10 @@
+NFTA_RULE_UNSPEC	0
+NFTA_RULE_TABLE		1
+NFTA_RULE_CHAIN		2
+NFTA_RULE_HANDLE	3
+NFTA_RULE_EXPRESSIONS	4
+NFTA_RULE_COMPAT	5
+NFTA_RULE_POSITION	6
+NFTA_RULE_USERDATA	7
+NFTA_RULE_PAD		8
+NFTA_RULE_ID		9

xlat/nft_set_attr_names.in

@@ -0,0 +1,17 @@
+NFTA_SET_UNSPEC		0
+NFTA_SET_TABLE		1
+NFTA_SET_NAME		2
+NFTA_SET_FLAGS		3
+NFTA_SET_KEY_TYPE	4
+NFTA_SET_KEY_LEN	5
+NFTA_SET_DATA_TYPE	6
+NFTA_SET_DATA_LEN	7
+NFTA_SET_POLICY		8
+NFTA_SET_DESC		9
+NFTA_SET_ID		10
+NFTA_SET_TIMEOUT	11
+NFTA_SET_GC_INTERVAL	12
+NFTA_SET_USERDATA	13
+NFTA_SET_PAD		14
+NFTA_SET_OBJ_TYPE	15
+NFTA_SET_HANDLE		16

xlat/nft_setelem_attr_names.in

@@ -0,0 +1,10 @@
+NFTA_SET_ELEM_UNSPEC		0
+NFTA_SET_ELEM_KEY		1
+NFTA_SET_ELEM_DATA		2
+NFTA_SET_ELEM_FLAGS		3
+NFTA_SET_ELEM_TIMEOUT		4
+NFTA_SET_ELEM_EXPIRATION	5
+NFTA_SET_ELEM_USERDATA		6
+NFTA_SET_ELEM_EXPR		7
+NFTA_SET_ELEM_PAD		8
+NFTA_SET_ELEM_OBJREF		9

xlat/nft_table_attr_names.in

@@ -0,0 +1,6 @@
+NFTA_TABLE_UNSPEC	0
+NFTA_TABLE_NAME		1
+NFTA_TABLE_FLAGS	2
+NFTA_TABLE_USE		3
+NFTA_TABLE_HANDLE	4
+NFTA_TABLE_PAD		5

xlat/nft_trace_attr_names.in

@@ -0,0 +1,18 @@
+NFTA_TRACE_UNSPEC		0
+NFTA_TRACE_TABLE		1
+NFTA_TRACE_CHAIN		2
+NFTA_TRACE_RULE_HANDLE		3
+NFTA_TRACE_TYPE			4
+NFTA_TRACE_VERDICT		5
+NFTA_TRACE_ID			6
+NFTA_TRACE_LL_HEADER		7
+NFTA_TRACE_NETWORK_HEADER	8
+NFTA_TRACE_TRANSPORT_HEADER	9
+NFTA_TRACE_IIF			10
+NFTA_TRACE_IIFTYPE		11
+NFTA_TRACE_OIF			12
+NFTA_TRACE_OIFTYPE		13
+NFTA_TRACE_MARK			14
+NFTA_TRACE_NFPROTO		15
+NFTA_TRACE_POLICY		16
+NFTA_TRACE_PAD			17