Hi everybody, recently I wondered why there is no way to trace packet flow in iptables like in pf (packet filter on BSD systems) with the pflog pseudo-interface (or can you?). So, I did some research for a proof-of-concept and found the TRACE target aswell as ulogd with the pcap-plugin. Then I defined a new format (like the pflog format), wrote a plugin for ulogd2 and a dissector for wireshark and there we go. So, the links to look up my work so far are: header description: http://code.stapelberg.de/git/tracetables/tree/HEADER the output plugin: http://code.stapelberg.de/git/tracetables/tree/ulogd2-output-iptlog wireshark dissector: http://code.stapelberg.de/git/tracetables/tree/0001-add-dissector-for-iptlog.patch So, here comes my first question: Is this the right way to implement it? Am I missing some obvious better alternative? The question which is probably harder to answer: Because one wants to include the iptables rule in human readable format in the iptlog file aswell, I want to get the string representation of a rule somehow. iptables-save provides such a representation, but directly calls printf() when generating it. So, my first try was to just copy its code and adapt it to buffers and sprintf. However, I discovered that modules provide a save() callback which also directly calls printf. So, there is no way to capture the output of the save callback without modifying each module, right? So, what should I do about this? Change the API to tell the module to call my own function with the string instead of directly calling printf? Best regards, Michael -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
