src: display (inner) tag in --debug=proto-ctx

For easier debugging, add decoration on protocol context:

 # nft --debug=proto-ctx add rule netdev x y udp dport 4789 vxlan ip protocol icmp counter
 update link layer protocol context (inner):
  link layer          : netdev <-
  network layer       : none
  transport layer     : none
  payload data        : none

 update network layer protocol context (inner):
  link layer          : netdev
  network layer       : ip <-
  transport layer     : none
  payload data        : none

 update network layer protocol context (inner):
  link layer          : netdev
  network layer       : ip <-
  transport layer     : none
  payload data        : none

 update transport layer protocol context (inner):
  link layer          : netdev
  network layer       : ip
  transport layer     : icmp <-
  payload data        : none

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/proto.h b/include/proto.h
index 5bb7562db94be13d35e8c8653a65bca73cac35c2..32e0744854a588a6047818711220b99c1b57a153 100644 (file)
--- a/include/proto.h
+++ b/include/proto.h
@@ -190,6 +190,7 @@ extern const struct proto_desc *proto_dev_desc(uint16_t type);
 struct proto_ctx {
        unsigned int                    debug_mask;
        uint8_t                         family;
+       bool                            inner;
        union {
                struct {
                        uint8_t                 type;
@@ -209,7 +210,7 @@ struct proto_ctx {
 };
 
 extern void proto_ctx_init(struct proto_ctx *ctx, unsigned int family,
-                          unsigned int debug_mask);
+                          unsigned int debug_mask, bool inner);
 extern void proto_ctx_update(struct proto_ctx *ctx, enum proto_bases base,
                             const struct location *loc,
                             const struct proto_desc *desc);

diff --git a/src/evaluate.c b/src/evaluate.c
index b23ae89ed9d301ccd9b130ed623c14890c69020c..e98ea424ef13df0d44fc08f0656919c296eb5fbc 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -4626,9 +4626,9 @@ static int rule_evaluate(struct eval_ctx *ctx, struct rule *rule,
        struct stmt *stmt, *tstmt = NULL;
        struct error_record *erec;
 
-       proto_ctx_init(&ctx->_pctx[0], rule->handle.family, ctx->nft->debug_mask);
+       proto_ctx_init(&ctx->_pctx[0], rule->handle.family, ctx->nft->debug_mask, false);
        /* use NFPROTO_BRIDGE to set up proto_eth as base protocol. */
-       proto_ctx_init(&ctx->_pctx[1], NFPROTO_BRIDGE, ctx->nft->debug_mask);
+       proto_ctx_init(&ctx->_pctx[1], NFPROTO_BRIDGE, ctx->nft->debug_mask, true);
        memset(&ctx->ectx, 0, sizeof(ctx->ectx));
 
        ctx->rule = rule;

diff --git a/src/netlink.c b/src/netlink.c
index efbc65650c4b84097b3570dde33d127ca536663e..51de9c9c8edb2ee7ec7c2a33f314b678de299e26 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -2085,7 +2085,7 @@ static void trace_print_packet(const struct nftnl_trace *nlt,
                                 meta_expr_alloc(&netlink_location,
                                                 NFT_META_OIF), octx);
 
-       proto_ctx_init(&ctx, nftnl_trace_get_u32(nlt, NFTNL_TRACE_FAMILY), 0);
+       proto_ctx_init(&ctx, nftnl_trace_get_u32(nlt, NFTNL_TRACE_FAMILY), 0, false);
        ll_desc = ctx.protocol[PROTO_BASE_LL_HDR].desc;
        if ((ll_desc == &proto_inet || ll_desc  == &proto_netdev) &&
            nftnl_trace_is_set(nlt, NFTNL_TRACE_NFPROTO)) {

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 1cbccfa21357766e7aa921e2761cc756af2105b4..6be181e1f1cb920ff94b39bbfc39e73c7556acde 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -3213,9 +3213,9 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r
        struct expr *expr;
 
        memset(&rctx, 0, sizeof(rctx));
-       proto_ctx_init(&rctx._dl[0].pctx, rule->handle.family, ctx->debug_mask);
+       proto_ctx_init(&rctx._dl[0].pctx, rule->handle.family, ctx->debug_mask, false);
        /* use NFPROTO_BRIDGE to set up proto_eth as base protocol. */
-       proto_ctx_init(&rctx._dl[1].pctx, NFPROTO_BRIDGE, ctx->debug_mask);
+       proto_ctx_init(&rctx._dl[1].pctx, NFPROTO_BRIDGE, ctx->debug_mask, true);
 
        list_for_each_entry_safe(stmt, next, &rule->stmts, list) {
                enum stmt_types type = stmt->ops->type;

diff --git a/src/proto.c b/src/proto.c
index 1e0476bacffea1e3dfdbe99027116cdf28f24024..e6c1100bb4486bd140340e1d75a04074b6eef459 100644 (file)
--- a/src/proto.c
+++ b/src/proto.c
@@ -181,7 +181,9 @@ static void proto_ctx_debug(const struct proto_ctx *ctx, enum proto_bases base,
                        pr_debug(" %s", ctx->stacked_ll[i]->name);
        }
 
-       pr_debug("update %s protocol context:\n", proto_base_names[base]);
+       pr_debug("update %s protocol context%s:\n",
+                proto_base_names[base], ctx->inner ? " (inner)" : "");
+
        for (i = PROTO_BASE_LL_HDR; i <= PROTO_BASE_MAX; i++) {
                pr_debug(" %-20s: %s",
                         proto_base_names[i],
@@ -202,7 +204,7 @@ static void proto_ctx_debug(const struct proto_ctx *ctx, enum proto_bases base,
  * @debug_mask:        display debugging information
  */
 void proto_ctx_init(struct proto_ctx *ctx, unsigned int family,
-                   unsigned int debug_mask)
+                   unsigned int debug_mask, bool inner)
 {
        const struct hook_proto_desc *h = &hook_proto_desc[family];
 
@@ -210,6 +212,7 @@ void proto_ctx_init(struct proto_ctx *ctx, unsigned int family,
        ctx->family = family;
        ctx->protocol[h->base].desc = h->desc;
        ctx->debug_mask = debug_mask;
+       ctx->inner = inner;
 
        proto_ctx_debug(ctx, h->base, debug_mask);
 }