Florian Westphal <fw@xxxxxxxxx> wrote: > > trace id 18162e6e ip myfw postrouting packet: oif "eth1" @ll,0,112 > > 6365045784477331379336991475712 ip saddr 192.168.254.1 ip daddr > > 64.233.177.106 On a related note, if someone has spare time and wants to contribute something, I think it would be nice to extend nftables trace to also include ct information so that the packet dump also shows something like ip saddr 1.2.3.4 ... ctstate new ctdir original when the packet has been picked up by conntrack. We could even dump ct->status info, e.g. 'assured' and the like. This would help figuring out when a packet isn't tracked even if it should be, or vice versa.
