Family `conntrack` netlink 规范 ¶

概要 ¶

基于 nfnetlink 的 Netfilter 连接跟踪子系统

操作 ¶

get ¶

获取/转储条目

attribute-set:

conntrack-attrs

fixed-header:

do:

request

attributes:: [tuple-orig, tuple-reply, zone]

reply

attributes:: [tuple-orig, tuple-reply, status, protoinfo, help, nat-src, nat-dst, timeout, mark, counter-orig, counter-reply, use, id, nat-dst, tuple-master, seq-adj-orig, seq-adj-reply, zone, secctx, labels, synproxy]

dump:

request

attributes:: [nfgen-family, mark, filter, status, zone]

reply

attributes:: [tuple-orig, tuple-reply, status, protoinfo, help, nat-src, nat-dst, timeout, mark, counter-orig, counter-reply, use, id, nat-dst, tuple-master, seq-adj-orig, seq-adj-reply, zone, secctx, labels, synproxy]

get-stats ¶

转储 pcpu conntrack 统计信息

attribute-set:

conntrack-stats-attrs

fixed-header:

dump:

request

reply

attributes:: [searched, found, insert, insert-failed, drop, early-drop, error, search-restart, clash-resolve, chain-toolong]

定义 ¶

nfgenmsg ¶

type:

struct

members:

nfgen-family (u8):
version (u8):
res-id (u16):

nf-ct-tcp-flags-mask ¶

type:

struct

members:

flags (u8):
mask (u8):

nf-ct-tcp-flags ¶

type:

flags

entries:

window-scale
sack-perm
close-init
be-liberal
unacked
maxack
challenge-ack
simultaneous-open

nf-ct-tcp-state ¶

type:

enum

entries:

none
syn-sent
syn-recv
established
fin-wait
close-wait
last-ack
time-wait
close
syn-sent2
max
ignore
retrans
unack
timeout-max

nf-ct-sctp-state ¶

type:

enum

entries:

none
cloned
cookie-wait
cookie-echoed
established
shutdown-sent
shutdown-received
shutdown-ack-sent
shutdown-heartbeat-sent

nf-ct-status ¶

type:

flags

entries:

expected
seen-reply
assured
confirmed
src-nat
dst-nat
seq-adj
src-nat-done
dst-nat-done
dying
fixed-timeout
template
nat-clash
helper
offload
hw-offload

属性集 ¶

counter-attrs ¶

packets (`u64`)¶

byte-order:: big-endian

bytes (`u64`)¶

byte-order:: big-endian

packets-old (`u32`)¶

bytes-old (`u32`)¶

pad (`pad`)¶

tuple-proto-attrs ¶

proto-num (`u8`)¶

doc:: l4 协议号

proto-src-port (`u16`)¶

byte-order:: big-endian
doc:: l4 源端口

proto-dst-port (`u16`)¶

byte-order:: big-endian
doc:: l4 源端口

proto-icmp-id (`u16`)¶

byte-order:: big-endian
doc:: l4 icmp id

proto-icmp-type (`u8`)¶

proto-icmp-code (`u8`)¶

proto-icmpv6-id (`u16`)¶

byte-order:: big-endian
doc:: l4 icmp id

proto-icmpv6-type (`u8`)¶

proto-icmpv6-code (`u8`)¶

tuple-ip-attrs ¶

ip-v4-src (`u32`)¶

byte-order:: big-endian
display-hint:: ipv4
doc:: ipv4 源地址

ip-v4-dst (`u32`)¶

byte-order:: big-endian
display-hint:: ipv4
doc:: ipv4 目的地址

ip-v6-src (`binary`)¶

byte-order:: big-endian
display-hint:: ipv6
doc:: ipv6 源地址

ip-v6-dst (`binary`)¶

byte-order:: big-endian
display-hint:: ipv6
doc:: ipv6 目的地址

tuple-attrs ¶

tuple-ip (`nest`)¶

nested-attributes:: tuple-ip-attrs
doc:: conntrack l3 信息

tuple-proto (`nest`)¶

nested-attributes:: tuple-proto-attrs
doc:: conntrack l4 信息

tuple-zone (`u16`)¶

byte-order:: big-endian
doc:: conntrack 区域 ID

protoinfo-tcp-attrs ¶

tcp-state (`u8`)¶

enum:: nf-ct-tcp-state
doc:: tcp 连接状态

tcp-wscale-original (`u8`)¶

doc:: 原始方向的窗口缩放因子

tcp-wscale-reply (`u8`)¶

doc:: 回复方向的窗口缩放因子

tcp-flags-original (`binary`)¶

struct:: nf-ct-tcp-flags-mask

tcp-flags-reply (`binary`)¶

struct:: nf-ct-tcp-flags-mask

protoinfo-dccp-attrs ¶

dccp-state (`u8`)¶

doc:: dccp 连接状态

dccp-role (`u8`)¶

dccp-handshake-seq (`u64`)¶

byte-order:: big-endian

dccp-pad (`pad`)¶

protoinfo-sctp-attrs ¶

sctp-state (`u8`)¶

doc:: sctp 连接状态
enum:: nf-ct-sctp-state

vtag-original (`u32`)¶

byte-order:: big-endian

vtag-reply (`u32`)¶

byte-order:: big-endian

protoinfo-attrs ¶

protoinfo-tcp (`nest`)¶

nested-attributes:: protoinfo-tcp-attrs
doc:: conntrack tcp 状态信息

protoinfo-dccp (`nest`)¶

nested-attributes:: protoinfo-dccp-attrs
doc:: conntrack dccp 状态信息

protoinfo-sctp (`nest`)¶

nested-attributes:: protoinfo-sctp-attrs
doc:: conntrack sctp 状态信息

help-attrs ¶

help-name (`string`)¶

doc:: helper 名称

nat-proto-attrs ¶

nat-port-min (`u16`)¶

byte-order:: big-endian

nat-port-max (`u16`)¶

byte-order:: big-endian

nat-attrs ¶

nat-v4-minip (`u32`)¶

byte-order:: big-endian

nat-v4-maxip (`u32`)¶

byte-order:: big-endian

nat-v6-minip (`binary`)¶

nat-v6-maxip (`binary`)¶

nat-proto (`nest`)¶

nested-attributes:: nat-proto-attrs

seqadj-attrs ¶

correction-pos (`u32`)¶

byte-order:: big-endian

offset-before (`u32`)¶

byte-order:: big-endian

offset-after (`u32`)¶

byte-order:: big-endian

secctx-attrs ¶

secctx-name (`string`)¶

synproxy-attrs ¶

isn (`u32`)¶

byte-order:: big-endian

its (`u32`)¶

byte-order:: big-endian

tsoff (`u32`)¶

byte-order:: big-endian

conntrack-attrs ¶

tuple-orig (`nest`)¶

nested-attributes:: tuple-attrs
doc:: conntrack l3+l4 协议信息，原始方向

tuple-reply (`nest`)¶

nested-attributes:: tuple-attrs
doc:: conntrack l3+l4 协议信息，回复方向

status (`u32`)¶

byte-order:: big-endian
enum:: nf-ct-status
enum-as-flags:: True
doc:: conntrack 标志位

protoinfo (`nest`)¶

nested-attributes:: protoinfo-attrs

help (`nest`)¶

nested-attributes:: help-attrs

nat-src (`nest`)¶

nested-attributes:: nat-attrs

timeout (`u32`)¶

byte-order:: big-endian

mark (`u32`)¶

byte-order:: big-endian

counters-orig (`nest`)¶

nested-attributes:: counter-attrs

counters-reply (`nest`)¶

nested-attributes:: counter-attrs

use (`u32`)¶

byte-order:: big-endian

id (`u32`)¶

byte-order:: big-endian

nat-dst (`nest`)¶

nested-attributes:: nat-attrs

tuple-master (`nest`)¶

nested-attributes:: tuple-attrs

seq-adj-orig (`nest`)¶

nested-attributes:: seqadj-attrs

seq-adj-reply (`nest`)¶

nested-attributes:: seqadj-attrs

secmark (`binary`)¶

doc:: 已过时

zone (`u16`)¶

byte-order:: big-endian
doc:: conntrack 区域 ID

secctx (`nest`)¶

nested-attributes:: secctx-attrs

timestamp (`u64`)¶

byte-order:: big-endian

mark-mask (`u32`)¶

byte-order:: big-endian

labels (`binary`)¶

labels mask (`binary`)¶

synproxy (`nest`)¶

nested-attributes:: synproxy-attrs

filter (`nest`)¶

nested-attributes:: tuple-attrs

status-mask (`u32`)¶

byte-order:: big-endian
enum:: nf-ct-status
enum-as-flags:: True
doc:: 要更改的 conntrack 标志位

timestamp-event (`u64`)¶

byte-order:: big-endian

conntrack-stats-attrs ¶

searched (`u32`)¶

byte-order:: big-endian
doc:: 已过时

found (`u32`)¶

byte-order:: big-endian

new (`u32`)¶

byte-order:: big-endian
doc:: 已过时

invalid (`u32`)¶

byte-order:: big-endian
doc:: 已过时

ignore (`u32`)¶

byte-order:: big-endian
doc:: 已过时

delete (`u32`)¶

byte-order:: big-endian
doc:: 已过时

delete-list (`u32`)¶

byte-order:: big-endian
doc:: 已过时

insert (`u32`)¶

byte-order:: big-endian

insert-failed (`u32`)¶

byte-order:: big-endian

drop (`u32`)¶

byte-order:: big-endian

early-drop (`u32`)¶

byte-order:: big-endian

error (`u32`)¶

byte-order:: big-endian

search-restart (`u32`)¶

byte-order:: big-endian

clash-resolve (`u32`)¶

byte-order:: big-endian

chain-toolong (`u32`)¶

byte-order:: big-endian