netfilter: nf_tables: add packets conntrack state to debug trace info - kernel/linux.git

diff options

author	Florian Westphal <fw@strlen.de>	2025-05-22 16:49:34 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-05-23 14:57:12 +0300
commit	7e5c6aa67e6f6133c5a2c53852e1dd9af2c0c3fc (patch)
tree	413e201ebe3b7983d3bc650ad641624a1f4563f5 /tools/perf/scripts/python/export-to-sqlite.py
parent	90869f43d06dfc836def2f53850a878f829e443e (diff)
download	linux-7e5c6aa67e6f6133c5a2c53852e1dd9af2c0c3fc.tar.xz

netfilter: nf_tables: add packets conntrack state to debug trace info

Add the minimal relevant info needed for userspace ("nftables monitor trace") to provide the conntrack view of the packet: - state (new, related, established) - direction (original, reply) - status (e.g., if connection is subject to dnat) - id (allows to query ctnetlink for remaining conntrack state info) Example: trace id a62 inet filter PRE_RAW packet: iif "enp0s3" ether [..] [..] trace id a62 inet filter PRE_MANGLE conntrack: ct direction original ct state new ct id 32 trace id a62 inet filter PRE_MANGLE packet: [..] [..] trace id a62 inet filter IN conntrack: ct direction original ct state new ct status dnat-done ct id 32 [..] In this case one can see that while NAT is active, the new connection isn't subject to a translation. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'tools/perf/scripts/python/export-to-sqlite.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: