path: root/epan/dissectors
diff options
authorJaap Keuter <jaap.keuter@xs4all.nl>2020-01-09 22:31:02 +0100
committerAnders Broman <a.broman58@gmail.com>2020-01-10 04:53:18 +0000
commit0db890ba59b713e9fd362cb898eac154f1949a11 (patch)
tree1092c9749278ad7bbbbd61b16bd3b70d57d35abb /epan/dissectors
parentc227279d33da06f42133f2fd6b0317d34635bef7 (diff)
Netlink: Properly interpret and mask out attribute type
The netlink attribute type is a 16 bit field, of which the two top most bits are booleans. Interpret them as such. The remaining 14 bits form the attribute type value. Due to the flexible way the interpretation is setup, through the use of family specific code, the header field for the attribute type value has to have a proper mask. Otherwise the two top bits are taken (incorrectly) as part of the value. Since this may not be obvious to the netlink family dissector creator better enforce it by adding the masked value in the underlying netlink dissector, using whatever header field is given for this. Change-Id: I791f9b1de01505d4a4793abbcf62e596b864e2f0 Reviewed-on: https://code.wireshark.org/review/35725 Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors')
1 files changed, 10 insertions, 5 deletions
diff --git a/epan/dissectors/packet-netlink.c b/epan/dissectors/packet-netlink.c
index 88cdab64dd..78c65044b1 100644
--- a/epan/dissectors/packet-netlink.c
+++ b/epan/dissectors/packet-netlink.c
@@ -166,12 +166,12 @@ static header_field_info hfi_netlink_attr_type NETLINK_HFI_INIT =
NULL, 0x0000, "Netlink Attribute type", HFILL };
static header_field_info hfi_netlink_attr_type_nested NETLINK_HFI_INIT =
- { "Nested", "netlink.attr_type.nested", FT_UINT16, BASE_DEC,
- NULL, NLA_F_NESTED, "Carries nested attributes", HFILL };
+ { "Nested", "netlink.attr_type.nested", FT_BOOLEAN, 16,
+ TFS(&tfs_true_false), NLA_F_NESTED, "Carries nested attributes", HFILL };
static header_field_info hfi_netlink_attr_type_net_byteorder NETLINK_HFI_INIT =
- { "Network byte order", "netlink.attr_type.net_byteorder", FT_UINT16, BASE_DEC,
- NULL, NLA_F_NET_BYTEORDER, "Payload stored in network byte order", HFILL };
+ { "Network byte order", "netlink.attr_type.net_byteorder", FT_BOOLEAN, 16,
+ TFS(&tfs_true_false), NLA_F_NET_BYTEORDER, "Payload stored in host or network byte order", HFILL };
static header_field_info hfi_netlink_attr_index NETLINK_HFI_INIT =
{ "Index", "netlink.attr_index", FT_UINT16, BASE_DEC,
@@ -281,7 +281,12 @@ dissect_netlink_attributes_common(tvbuff_t *tvb, header_field_info *hfi_type, in
type_tree = proto_item_add_subtree(type_item, ett_netlink_attr_type);
proto_tree_add_item(type_tree, &hfi_netlink_attr_type_nested, tvb, offset, 2, encoding);
proto_tree_add_item(type_tree, &hfi_netlink_attr_type_net_byteorder, tvb, offset, 2, encoding);
- proto_tree_add_item(type_tree, hfi_type, tvb, offset, 2, encoding);
+ /* The hfi_type _must_ have NLA_TYPE_MASK in it's definition, otherwise the nested/net_byteorder
+ * flags influence the retrieved value. Since this is impossible to enforce (apart from using
+ * a nasty DISSECTOR_ASSERT perhaps) we'll just have to make sure to feed in the properly
+ * masked value. Luckily we already have it: 'type' is the value we need.
+ */
+ proto_tree_add_uint(type_tree, hfi_type, tvb, offset, 2, type);
offset += 2;
if (rta_type & NLA_F_NESTED)