By

文章目录
  1. 1. 前提条件
    1. 1.1. 步骤 1: 标记要跟踪的数据包
      1. 1.1.1. DNS端口示例
    2. 1.2. 目标示例
    3. 1.3. 步骤 2 (可选): 查看iptables跟踪配置
    4. 1.4. 步骤 3: 激活跟踪
    5. 1.5. 步骤 4: 查看跟踪日志
      1. 1.5.1. 用端口过滤
      2. 1.5.2. 按目标过滤
    6. 1.6. 步骤 5: 关闭跟踪
      1. 1.6.1. 步骤 5.1: 查看规则
      2. 1.6.2. 步骤 5.2: 删除规则

前提条件

  • iptables已开启并激活

步骤 1: 标记要跟踪的数据包

DNS端口示例

1
2
3
4
5
6
7
PORT=53
which sudo || alias sudo='$@'

sudo iptables -t raw -A OUTPUT     -p udp --dport $PORT -j TRACE
sudo iptables -t raw -A OUTPUT     -p tcp --dport $PORT -j TRACE
sudo iptables -t raw -A PREROUTING -p udp --dport $PORT -j TRACE
sudo iptables -t raw -A PREROUTING -p tcp --dport $PORT -j TRACE

目标示例

1
2
3
4
5
DEST=10.44.0.47
which sudo || alias sudo='$@'

sudo iptables -t raw -A OUTPUT     -d $DEST -j TRACE
sudo iptables -t raw -A PREROUTING -d $DEST -j TRACE

步骤 2 (可选): 查看iptables跟踪配置

1
2
3
4
5
6
7
sudo iptables -t raw -L PREROUTING --line-numbers

# output (DNS example):
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    TRACE      udp  --  anywhere             anywhere             udp dpt:domain
2    TRACE      tcp  --  anywhere             anywhere             tcp dpt:domain

步骤 3: 激活跟踪

1
2
3
4
5
modprobe nf_log_ipv4
sudo sysctl net.netfilter.nf_log.2=nf_log_ipv4

# output:
net.netfilter.nf_log.2 = nf_log_ipv4

步骤 4: 查看跟踪日志

未过滤

1
dmesg | grep TRACE

或者查看 messages:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
sudo tail -f /var/log/messages | grep TRACE

# output (DNS example on a kubernets system nslookup from a container to coredns):
Mar 30 19:33:27 dev-node1 kernel: TRACE: raw:PREROUTING:policy:3 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70
Mar 30 19:33:27 dev-node1 kernel: TRACE: nat:PREROUTING:rule:1 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70
Mar 30 19:33:27 dev-node1 kernel: TRACE: nat:KUBE-SERVICES:rule:13 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70
Mar 30 19:33:27 dev-node1 kernel: TRACE: nat:KUBE-MARK-MASQ:rule:1 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70
Mar 30 19:33:27 dev-node1 kernel: TRACE: nat:KUBE-MARK-MASQ:return:2 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x4000
Mar 30 19:33:27 dev-node1 kernel: TRACE: nat:KUBE-SERVICES:rule:14 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x4000
Mar 30 19:33:27 dev-node1 kernel: TRACE: nat:KUBE-SVC-TCOU7JCQXEZGVUNU:rule:2 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x4000
Mar 30 19:33:27 dev-node1 kernel: TRACE: nat:KUBE-SEP-VQ37SWWSIRRGCSAM:rule:2 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x4000
Mar 30 19:33:27 dev-node1 kernel: TRACE: filter:FORWARD:rule:1 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x4000
Mar 30 19:33:27 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS:rule:5 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x4000
Mar 30 19:33:27 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-DEFAULT:rule:35 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x4000
Mar 30 19:33:27 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-ACCEPT:rule:1 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x4000
Mar 30 19:33:27 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-ACCEPT:return:2 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x44000
Mar 30 19:33:27 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-DEFAULT:rule:36 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x44000
Mar 30 19:33:27 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS:return:9 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x44000
Mar 30 19:33:27 dev-node1 kernel: TRACE: filter:FORWARD:rule:2 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x44000
Mar 30 19:33:27 dev-node1 kernel: TRACE: filter:WEAVE-NPC:rule:4 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x44000
Mar 30 19:33:27 dev-node1 kernel: TRACE: filter:WEAVE-NPC-DEFAULT:rule:21 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x44000
Mar 30 19:33:27 dev-node1 kernel: TRACE: nat:POSTROUTING:rule:1 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x44000
Mar 30 19:33:27 dev-node1 kernel: TRACE: nat:CNI-HOSTPORT-MASQ:return:2 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x44000
Mar 30 19:33:27 dev-node1 kernel: TRACE: nat:POSTROUTING:rule:2 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x44000
Mar 30 19:33:27 dev-node1 kernel: TRACE: nat:KUBE-POSTROUTING:rule:1 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b SRC=10.44.0.44 DST=10.44.0.47 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=20539 PROTO=UDP SPT=43834 DPT=53 LEN=70 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: raw:PREROUTING:policy:3 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:PREROUTING:rule:1 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-SERVICES:rule:13 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-MARK-MASQ:rule:1 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-MARK-MASQ:return:2 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-SERVICES:rule:14 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-SVC-TCOU7JCQXEZGVUNU:rule:1 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-SEP-LRVEW52VMYCOUSMZ:rule:2 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:FORWARD:rule:1 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge MAC=aa:c8:81:ae:ca:48:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS:rule:5 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge MAC=aa:c8:81:ae:ca:48:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-DEFAULT:rule:35 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge MAC=aa:c8:81:ae:ca:48:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-ACCEPT:rule:1 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge MAC=aa:c8:81:ae:ca:48:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-ACCEPT:return:2 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge MAC=aa:c8:81:ae:ca:48:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-DEFAULT:rule:36 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge MAC=aa:c8:81:ae:ca:48:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS:return:9 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge MAC=aa:c8:81:ae:ca:48:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:FORWARD:rule:2 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge MAC=aa:c8:81:ae:ca:48:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC:rule:3 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge MAC=aa:c8:81:ae:ca:48:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:POSTROUTING:rule:1 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:CNI-HOSTPORT-MASQ:return:2 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:POSTROUTING:rule:2 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-POSTROUTING:rule:1 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwe-bridge SRC=10.44.0.44 DST=10.32.0.7 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20790 PROTO=UDP SPT=57769 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: raw:PREROUTING:policy:3 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:PREROUTING:rule:1 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-SERVICES:rule:13 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-MARK-MASQ:rule:1 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-MARK-MASQ:return:2 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-SERVICES:rule:14 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-SVC-TCOU7JCQXEZGVUNU:rule:2 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-SEP-VQ37SWWSIRRGCSAM:rule:2 IN=weave OUT= PHYSIN=vethwepl84ee671 MAC=c6:1c:a7:ba:ed:1e:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.96.0.10 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:FORWARD:rule:1 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS:rule:5 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-DEFAULT:rule:35 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-ACCEPT:rule:1 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x4000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-ACCEPT:return:2 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS-DEFAULT:rule:36 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-EGRESS:return:9 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:FORWARD:rule:2 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC:rule:4 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: filter:WEAVE-NPC-DEFAULT:rule:21 IN=weave OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b MAC=36:3c:8f:4d:5f:c3:fe:fe:b6:71:c4:b7:08:00 SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:POSTROUTING:rule:1 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:CNI-HOSTPORT-MASQ:return:2 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:POSTROUTING:rule:2 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x44000
Mar 30 19:33:28 dev-node1 kernel: TRACE: nat:KUBE-POSTROUTING:rule:1 IN= OUT=weave PHYSIN=vethwepl84ee671 PHYSOUT=vethwepl907d81b SRC=10.44.0.44 DST=10.44.0.47 LEN=82 TOS=0x00 PREC=0x00 TTL=64 ID=20808 PROTO=UDP SPT=53495 DPT=53 LEN=62 MARK=0x44000

用端口过滤

1
PORT=53 tail -f /var/log/messages | grep "DPT=$PORT"

按目标过滤

1
DEST=10.44.0.47 tail -f /var/log/messages | grep "D=$DEST"

步骤 5: 关闭跟踪

步骤 5.1: 查看规则

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
sudo iptables -t raw -L PREROUTING --line-numbers
# output (DNS example):
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    TRACE      udp  --  anywhere             anywhere             udp dpt:domain
2    TRACE      tcp  --  anywhere             anywhere             tcp dpt:domain

-----

sudo iptables -t raw -L OUTPUT --line-numbers 
# output (DNS example):
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    TRACE      udp  --  anywhere             anywhere             udp dpt:domain
2    TRACE      tcp  --  anywhere             anywhere             tcp dpt:domain

步骤 5.2: 删除规则

1
2
3
4
sudo iptables -t raw -D PREROUTING 2
sudo iptables -t raw -D PREROUTING 1
sudo iptables -t raw -D OUTPUT     2
sudo iptables -t raw -D OUTPUT
文章目录
  1. 1. 前提条件
    1. 1.1. 步骤 1: 标记要跟踪的数据包
      1. 1.1.1. DNS端口示例
    2. 1.2. 目标示例
    3. 1.3. 步骤 2 (可选): 查看iptables跟踪配置
    4. 1.4. 步骤 3: 激活跟踪
    5. 1.5. 步骤 4: 查看跟踪日志
      1. 1.5.1. 用端口过滤
      2. 1.5.2. 按目标过滤
    6. 1.6. 步骤 5: 关闭跟踪
      1. 1.6.1. 步骤 5.1: 查看规则
      2. 1.6.2. 步骤 5.2: 删除规则