PROBE::NETFILTER\&.I
Section: Networking Tapset (3stap)
Updated: November 2020
Page Index
NAME
probe::netfilter.ip.forward - Called on an incoming IP packet addressed to some other computer
SYNOPSIS
netfilter.ip.forward
VALUES
rst
-
TCP RST flag (if protocol is TCP; ipv4 only)
nf_stop
-
Constant used to signify a 'stop' verdict
protocol
-
Packet protocol from driver (ipv4 only)
saddr
-
A string representing the source IP address
iphdr
-
Address of IP header
indev
-
Address of net_device representing input device, 0 if unknown
data_str
-
A string representing the packet buffer contents
ipproto_udp
-
Constant used to signify that the packet protocol is UDP
ack
-
TCP ACK flag (if protocol is TCP; ipv4 only)
daddr
-
A string representing the destination IP address
outdev
-
Address of net_device representing output device, 0 if unknown
pf
-
Protocol family -- either
"ipv4"
or
"ipv6"
nf_stolen
-
Constant used to signify a 'stolen' verdict
data_hex
-
A hexadecimal string representing the packet buffer contents
sport
-
TCP or UDP source port (ipv4 only)
syn
-
TCP SYN flag (if protocol is TCP; ipv4 only)
outdev_name
-
Name of network device packet will be routed to (if known)
ipproto_tcp
-
Constant used to signify that the packet protocol is TCP
indev_name
-
Name of network device packet was received on (if known)
dport
-
TCP or UDP destination port (ipv4 only)
fin
-
TCP FIN flag (if protocol is TCP; ipv4 only)
nf_drop
-
Constant used to signify a 'drop' verdict
urg
-
TCP URG flag (if protocol is TCP; ipv4 only)
family
-
IP address family
nf_accept
-
Constant used to signify an 'accept' verdict
psh
-
TCP PSH flag (if protocol is TCP; ipv4 only)
nf_repeat
-
Constant used to signify a 'repeat' verdict
length
-
The length of the packet buffer contents, in bytes
nf_queue
-
Constant used to signify a 'queue' verdict
SEE ALSO
tapset::netfilter(3stap)