diff options
author | Patrick McHardy <kaber@trash.net> | 2016-03-26 10:04:48 +0000 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2016-04-24 22:15:10 +0100 |
commit | be5d9120e81e4a9a6d44457990112f30d0d214bb (patch) | |
tree | e3b9c85ae1dda70abe0f10a720b4608c2491aa4a /include/rule.h | |
parent | 7f9cd6f5841132109aa1d514a0624eeb89747011 (diff) |
nft monitor [ trace ]
... can now display nftables nftrace debug information.
$ nft filter input tcp dport 10000 nftrace set 1
$ nft filter input icmp type echo-request nftrace set 1
$ nft -nn monitor trace
trace id e1f5055f ip filter input packet: iif eth0 ether saddr 63:f6:4b:00:54:52 ether daddr c9:4b:a9:00:54:52 ip saddr 192.168.122.1 ip daddr 192.168.122.83 ip tos 0 ip ttl 64 ip id 32315 ip length 84 icmp type echo-request icmp code 0 icmp id 10087 icmp sequence 1
trace id e1f5055f ip filter input rule icmp type echo-request nftrace set 1 (verdict continue)
trace id e1f5055f ip filter input verdict continue
trace id e1f5055f ip filter input
trace id 74e47ad2 ip filter input packet: iif vlan0 ether saddr 63:f6:4b:00:54:52 ether daddr c9:4b:a9:00:54:52 vlan pcp 0 vlan cfi 1 vlan id 1000 ip saddr 10.0.0.1 ip daddr 10.0.0.2 ip tos 0 ip ttl 64 ip id 49030 ip length 84 icmp type echo-request icmp code 0 icmp id 10095 icmp sequence 1
trace id 74e47ad2 ip filter input rule icmp type echo-request nftrace set 1 (verdict continue)
trace id 74e47ad2 ip filter input verdict continue
trace id 74e47ad2 ip filter input
trace id 3030de23 ip filter input packet: iif vlan0 ether saddr 63:f6:4b:00:54:52 ether daddr c9:4b:a9:00:54:52 vlan pcp 0 vlan cfi 1 vlan id 1000 ip saddr 10.0.0.1 ip daddr 10.0.0.2 ip tos 16 ip ttl 64 ip id 59062 ip length 60 tcp sport 55438 tcp dport 10000 tcp flags == syn tcp window 29200
trace id 3030de23 ip filter input rule tcp dport 10000 nftrace set 1 (verdict continue)
trace id 3030de23 ip filter input verdict continue
trace id 3030de23 ip filter input
Based on a patch from Florian Westphal, which again was based on a patch
from Markus Kötter.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/rule.h')
-rw-r--r-- | include/rule.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h index 6dbde130..09b3ff70 100644 --- a/include/rule.h +++ b/include/rule.h @@ -192,6 +192,7 @@ extern struct rule *rule_alloc(const struct location *loc, const struct handle *h); extern void rule_free(struct rule *rule); extern void rule_print(const struct rule *rule); +extern struct rule *rule_lookup(const struct chain *chain, uint64_t handle); /** * enum set_flags |