• Daniel Borkmann's avatar
    netlink: specify netlink packet direction for nlmon · 604d13c9
    Daniel Borkmann authored
    In order to facilitate development for netlink protocol dissector,
    fill the unused field skb->pkt_type of the cloned skb with a hint
    of the address space of the new owner (receiver) socket in the
    notion of "to kernel" resp. "to user".
    
    At the time we invoke __netlink_deliver_tap_skb(), we already have
    set the new skb owner via netlink_skb_set_owner_r(), so we can use
    that for netlink_is_kernel() probing.
    
    In normal PF_PACKET network traffic, this field denotes if the
    packet is destined for us (PACKET_HOST), if it's broadcast
    (PACKET_BROADCAST), etc.
    
    As we only have 3 bit reserved, we can use the value (= 6) of
    PACKET_FASTROUTE as it's _not used_ anywhere in the whole kernel
    and not supported anywhere, and packets of such type were never
    exposed to user space, so there are no overlapping users of such
    kind. Thus, as wished, that seems the only way to make both
    PACKET_* values non-overlapping and therefore device agnostic.
    
    By using those two flags for netlink skbs on nlmon devices, they
    can be made available and picked up via sll_pkttype (previously
    unused in netlink context) in struct sockaddr_ll. We now have
    these two directions:
    
     - PACKET_USER (= 6)    ->  to user space
     - PACKET_KERNEL (= 7)  ->  to kernel space
    
    Partial `ip a` example strace for sa_family=AF_NETLINK with
    detected nl msg direction:
    
    syscall:                     direction:
    sendto(3,  ...) = 40         /* to kernel */
    recvmsg(3, ...) = 3404       /* to user */
    recvmsg(3, ...) = 1120       /* to user */
    recvmsg(3, ...) = 20         /* to user */
    sendto(3,  ...) = 40         /* to kernel */
    recvmsg(3, ...) = 168        /* to user */
    recvmsg(3, ...) = 144        /* to user */
    recvmsg(3, ...) = 20         /* to user */
    Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
    Signed-off-by: default avatarJakub Zawadzki <darkjames-ws@darkjames.pl>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    604d13c9
af_netlink.c 70.6 KB