Extracting network and TCP/IP sockets information (xportshow) ============================================================= The xportshow program available in the PyKdump framework can be used to extract detailed information about network connections, sockets, routing table, TCP retransmissions, various statistics, sysctl network parameters, etc. Options provided by ‘xportshow’:: crash> xportshow -h usage: xportshow [-h] [-a] [-v] [-r] [--program PROGRAM] [--pid [PID]] [--netfilter] [--softnet] [--summary] [-s] [-i] [--interface IF1] [--decode DECODE [DECODE ...]] [--port PORT] [-l] [-t] [--tcpstate TCPSTATE] [--retransonly] [-u] [-w] [-x] [--sysctl] [--devpack] [--arp] [--rtcache] [--skbuffhead SKBUFFHEAD] [--netns NETNS] [--version] [--everything] optional arguments: -h, --help show this help message and exit -a print all sockets -v verbose output -r Print routing table. Adding -v prints all routing tables and policies --program PROGRAM print sockets for cmdname --pid [PID] print sockets for PID --netfilter Print Netfilter Hooks --softnet Print Softnet Queues --summary Print A Summary -s, --statistics Print Statistics -i Print Interface Info --interface IF1 Limit output to the specified interface only --decode DECODE [DECODE ...] Decode iph/th/uh --port PORT Limit output to the specified port (src or dst) -l, --listening Print LISTEN sockets only -t Print TCP Info --tcpstate TCPSTATE Limit display for this state only, e.g. SYN_SENT --retransonly Show only TCP retransmissions -u, --udp Print UDP Info -w, --raw Print RAW Info -x, --unix Print UNIX Info --sysctl Print sysctl info for net. --devpack Print dev_pack info --arp Print ARP & Neighbouring info --rtcache Print the routing cache --skbuffhead SKBUFFHEAD Print sk_buff_head --netns NETNS Set net ns address --version Print program version and exit --everything Run all functions available for regression testing ** Execution took 2.35s (real) 2.24s (CPU) crash> * `Print all sockets (-a)`_ * `Print routing table (-r)`_ * `Print the sockets used by programs (--program, --pid)`_ * `Print Netfilter Hooks (--netfilter)`_ * `Print Softnet Queues (--softnet)`_ * `Print a summary of network connections (--summary)`_ * `Show TCP, UDP, ICMP statistics (--statistics)`_ * `Print network interface details (-i)`_ * `Decode iph/th/uh (--decode)`_ * `Limit output to the specified port (--port)`_ * `Print LISTEN sockets only (-l)`_ * `Print TCP sockets details (-t)`_ * `List the sockets with specific state (--tcpstate)`_ * `Show only TCP retransmissions (--retransonly)`_ * `Print UDP/RAW/UNIX sockets info (-u, -w, -x)`_ * `Print network sysctl parameters (--sysctl)`_ * `Print dev_pack info (--devpack)`_ * `Print ARP & Neighbouring info (--arp)`_ * `Set net ns address (--netns)`_ * `Run all functions in single command (--everything)`_ Print all sockets (-a) ---------------------- The '-a' option lists the TCP, UDP, and RAW sockets used on the system:: crash> xportshow -a tcp6 :::36590 :::* LISTEN tcp 0.0.0.0:36463 0.0.0.0:* LISTEN tcp6 :::111 :::* LISTEN tcp 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0.0.0.0:42096 0.0.0.0:* LISTEN tcp 192.168.122.1:53 0.0.0.0:* LISTEN tcp6 :::22 :::* LISTEN tcp 0.0.0.0:22 0.0.0.0:* LISTEN tcp 127.0.0.1:631 0.0.0.0:* LISTEN tcp6 ::1:631 :::* LISTEN tcp6 :::43161 :::* LISTEN tcp6 ::1:25 :::* LISTEN tcp 127.0.0.1:25 0.0.0.0:* LISTEN tcp 172.25.0.45:22 172.25.0.47:58532 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58538 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58530 ESTABLISHED tcp 172.25.0.45:726 172.25.0.43:2049 ESTABLISHED tcp 172.25.0.45:769 172.25.0.43:2049 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58504 ESTABLISHED udp6 :::908 :::* st=7 udp 0.0.0.0:908 0.0.0.0:* st=7 udp6 :::39875 :::* st=7 udp 192.168.122.1:53 0.0.0.0:* st=7 udp 0.0.0.0:67 0.0.0.0:* st=7 udp 0.0.0.0:68 0.0.0.0:* st=7 udp6 :::111 :::* st=7 udp 0.0.0.0:111 0.0.0.0:* st=7 udp 0.0.0.0:42164 0.0.0.0:* st=7 udp 0.0.0.0:5353 0.0.0.0:* st=7 udp6 ::1:323 :::* st=7 udp 127.0.0.1:323 0.0.0.0:* st=7 udp 0.0.0.0:39238 0.0.0.0:* st=7 udp 0.0.0.0:59726 0.0.0.0:* st=7 udp6 :::50703 :::* st=7 udp 127.0.0.1:809 0.0.0.0:* st=7 raw6 :::58 :::* st=7 ** Execution took 0.39s (real) 0.32s (CPU) crash> Using the '-v' option provides more verbose information about each of these sockets:: crash> xportshow -a -v ------------------------------------------------------------------------------ TCP tcp6 :::36590 :::* LISTEN family=PF_INET6 backlog=0(128) max_qlen_log=8 qlen=0 qlen_young=0 ------------------------------------------------------------------------------ TCP tcp 0.0.0.0:36463 0.0.0.0:* LISTEN family=PF_INET backlog=0(128) max_qlen_log=8 qlen=0 qlen_young=0 ------------------------------------------------------------------------------ TCP tcp6 :::111 :::* LISTEN family=PF_INET6 backlog=0(128) max_qlen_log=8 qlen=0 qlen_young=0 ------------------------------------------------------------------------------ TCP tcp 0.0.0.0:111 0.0.0.0:* LISTEN family=PF_INET backlog=0(128) max_qlen_log=8 qlen=0 qlen_young=0 [...] ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:769 172.25.0.43:2049 ESTABLISHED windows: rcv=182272, snd=1077376 advmss=1448 rcv_ws=7 snd_ws=7 nonagle=1 sack_ok=7 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=815224 rcvbuf=367360, sndbuf=1296896 rcv_tstamp=17.65 s, lsndtime=4.88 s ago, RTO=12928 ms -- Retransmissions -- retransmits=6, ca_state=TCP_CA_Loss, 17.43 s since first retransmission |user_data| 0xffff8800356cc800 ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:22 172.25.0.47:58504 ESTABLISHED windows: rcv=45696, snd=64128 advmss=1448 rcv_ws=7 snd_ws=7 nonagle=1 sack_ok=3 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=0 rcvbuf=369280, sndbuf=87040 rcv_tstamp=13.46 s, lsndtime=13.46 s ago, RTO=201 ms udp6 :::908 :::* st=7 ------------------------------------------------------------------------------ [...] Using '-vv' will provide even more detailed information, e.g. write queue, skbuff, data length, retransmissions, etc.:: crash> xportshow -a -vv ------------------------------------------------------------------------------ TCP tcp6 :::36590 :::* LISTEN family=PF_INET6 backlog=0(128) max_qlen_log=8 qlen=0 qlen_young=0 ------------------------------------------------------------------------------ TCP tcp 0.0.0.0:36463 0.0.0.0:* LISTEN family=PF_INET backlog=0(128) max_qlen_log=8 qlen=0 qlen_young=0 [...] ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:22 172.25.0.47:58530 ESTABLISHED windows: rcv=45696, snd=64128 advmss=1448 rcv_ws=7 snd_ws=7 --- Emulating __tcp_select_window --- rcv_mss=1376 free_space=184640 allowed_space=184640 full_space=183180 rcv_ssthresh=45616, so free_space->45616 rcv_wscale=7 window is not changed nonagle=1 sack_ok=3 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=0 rcvbuf=369280, sndbuf=87040 rcv_tstamp=9.94 s, lsndtime=9.94 s ago, RTO=201 ms ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:726 172.25.0.43:2049 ESTABLISHED windows: rcv=182272, snd=2323072 advmss=1448 rcv_ws=7 snd_ws=7 --- Emulating __tcp_select_window --- rcv_mss=1448 free_space=183680 allowed_space=183680 full_space=182232 rcv_ssthresh=182232, so free_space->182232 rcv_wscale=7 window is not changed nonagle=1 sack_ok=7 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=995976 rcvbuf=367360, sndbuf=1584128 rcv_tstamp=17.64 s, lsndtime=0.76 s ago, RTO=17088 ms ** Write Queue (skbuff, data length) 1200 1448 1448 1448 1448 1448 1448 1448 1448 1448 1448 1448 1448 [...] 1448 1448 1448 1448 -- Retransmissions -- retransmits=6, ca_state=TCP_CA_Loss, 17.36 s since first retransmission |user_data| 0xffff8800791be000 ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:769 172.25.0.43:2049 ESTABLISHED windows: rcv=182272, snd=1077376 advmss=1448 rcv_ws=7 snd_ws=7 --- Emulating __tcp_select_window --- rcv_mss=1448 free_space=183680 allowed_space=183680 full_space=182232 rcv_ssthresh=182232, so free_space->182232 rcv_wscale=7 window is not changed nonagle=1 sack_ok=7 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=815224 rcvbuf=367360, sndbuf=1296896 rcv_tstamp=17.65 s, lsndtime=4.88 s ago, RTO=12928 ms ** Write Queue (skbuff, data length) 1448 1448 1448 1448 1448 1448 1448 [...] Print routing table (-r) ------------------------ The '-r' option prints routing table information. Users can increase the verbosity of these details using '-v':: crash> xportshow -r Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.25.0.2 0.0.0.0 UG 100 0 0 ens3 172.25.0.0 0.0.0.0 255.255.0.0 U 100 0 0 ens3 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 ** Execution took 0.69s (real) 0.63s (CPU) crash> crash> xportshow -r -v ==== RT_TABLE_MAIN Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.25.0.2 0.0.0.0 UG 100 0 0 ens3 172.25.0.0 0.0.0.0 255.255.0.0 U 100 0 0 ens3 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 ==== RT_TABLE_LOCAL Destination Gateway Genmask Flags Metric Ref Use Iface 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo 172.25.0.45 0.0.0.0 255.255.255.255 UH 0 0 0 ens3 192.168.122.1 0.0.0.0 255.255.255.255 UH 0 0 0 virbr0 === Policy Rules -- -- RT_TABLE_LOCAL src 0.0.0.0 srcmask 0.0.0.0 src_len 0 dst 0.0.0.0 dstmask 0.0.0.0 dst_len 0 action 1iifindex 0 oifindex 0 -- RT_TABLE_MAIN src 0.0.0.0 srcmask 0.0.0.0 src_len 0 dst 0.0.0.0 dstmask 0.0.0.0 dst_len 0 action 1iifindex 0 oifindex 0 -- RT_TABLE_DEFAULT src 0.0.0.0 srcmask 0.0.0.0 src_len 0 dst 0.0.0.0 dstmask 0.0.0.0 dst_len 0 action 1iifindex 0 oifindex 0 ** Execution took 0.24s (real) 0.17s (CPU) crash> Print the sockets used by programs (--program, --pid) --------------------------------------------------------- To get the details about sockets used by a specific program, use '--program'. For example, to view the sockets associated with a specific process, use 'xportshow --program ':: crash> ps | less [...] 2003 1700 0 ffff88000013dee0 IN 0.3 472080 5340 pool 2005 1 0 ffff88005a388000 IN 0.3 419396 6304 gmain 2009 1 0 ffff88005a38bf40 IN 0.3 419396 6304 gdbus 2013 1 0 ffff88005a38af70 IN 0.1 54452 1304 spice-vdagentd 2018 1862 0 ffff88005a3f0fd0 IN 0.2 302056 3560 ibus-engine-sim 2021 1862 0 ffff88005a3f0000 IN 0.2 302056 3560 gmain 2022 1862 0 ffff88005a3f3f40 IN 0.2 302056 3560 gdbus 2085 1082 0 ffff88005a3f5ee0 IN 0.3 161008 5832 sshd [...] Checking sockets used by 'spice-vdagentd':: crash> xportshow --program spice-vdagentd -----PID=2013 COMM=spice-vdagentd fd file socket -- ---- ------ 3 0xffff88007af8b900 0xffff88007b64cf00 PF_FILE SOCK_STREAM UNIX 5 0xffff88005a1e0300 0xffff880061304500 PF_FILE SOCK_STREAM UNIX 6 0xffff88005c255500 0xffff880061304a00 PF_FILE SOCK_STREAM UNIX 8 0xffff88005c0a4f00 0xffff880061305400 PF_FILE SOCK_DGRAM UNIX ** Execution took 0.16s (real) 0.09s (CPU) crash> crash> xportshow --program spice-vdagent -----PID=1999 COMM=spice-vdagent fd file socket -- ---- ------ 3 0xffff88005d758200 0xffff8800612f2a00 PF_FILE SOCK_STREAM UNIX 4 0xffff88005c39c800 0xffff8800612f2c80 PF_FILE SOCK_STREAM UNIX 5 0xffff88005a1f3b00 0xffff880061293180 PF_FILE SOCK_DGRAM UNIX ** Execution took 0.09s (real) 0.04s (CPU) crash> crash> xportshow --program ibus-engine-sim -----PID=2018 COMM=ibus-engine-sim (3 threads) fd file socket -- ---- ------ 6 0xffff88005a1f3200 0xffff880061304c80 PF_FILE SOCK_STREAM UNIX ** Execution took 0.09s (real) 0.03s (CPU) crash> Similar information about the sockets used by a process can also be obtained by using '--pid':: crash> xportshow --pid 2013 -----PID=2013 COMM=spice-vdagentd fd file socket -- ---- ------ 3 0xffff88007af8b900 0xffff88007b64cf00 PF_FILE SOCK_STREAM UNIX 5 0xffff88005a1e0300 0xffff880061304500 PF_FILE SOCK_STREAM UNIX 6 0xffff88005c255500 0xffff880061304a00 PF_FILE SOCK_STREAM UNIX 8 0xffff88005c0a4f00 0xffff880061305400 PF_FILE SOCK_DGRAM UNIX ** Execution took 0.04s (real) 0.05s (CPU) crash> The '--pid' option also supports the verbose flag (-v). It prints additional information, e.g. name of the socket file being used by the process:: crash> xportshow --pid 2013 -vv -----PID=2013 COMM=spice-vdagentd fd file socket -- ---- ------ 3 0xffff88007af8b900 0xffff88007b64cf00 PF_FILE SOCK_STREAM UNIX +----------------------------------------------------------------- | state i_ino Path +----------------------------------------------------------------- |sock LISTEN 16384 /var/run/spice-vdagentd/spice-vdagent-sock +----------------------------------------------------------------- 5 0xffff88005a1e0300 0xffff880061304500 PF_FILE SOCK_STREAM UNIX +----------------------------------------------------------------- | state i_ino Path +----------------------------------------------------------------- |sock ESTABLISHED 30768 +----------------------------------------------------------------- |peer ESTABLISHED 30769 /run/dbus/system_bus_socket | | PID=741 CMD=dbus-daemon +----------------------------------------------------------------- 6 0xffff88005c255500 0xffff880061304a00 PF_FILE SOCK_STREAM UNIX +----------------------------------------------------------------- | state i_ino Path +----------------------------------------------------------------- |sock ESTABLISHED 30775 /var/run/spice-vdagentd/spice-vdagent-sock +----------------------------------------------------------------- |peer ESTABLISHED 30523 | | PID=1999 CMD=spice-vdagent +----------------------------------------------------------------- 8 0xffff88005c0a4f00 0xffff880061305400 PF_FILE SOCK_DGRAM UNIX +----------------------------------------------------------------- | state i_ino Path +----------------------------------------------------------------- |sock CLOSE 30847 +----------------------------------------------------------------- |peer CLOSE 7160 /dev/log | | PID=1 CMD=systemd | PID=509 CMD=systemd-journal +----------------------------------------------------------------- ** Execution took 0.22s (real) 0.15s (CPU) crash> Print Netfilter Hooks (--netfilter) ------------------------------------- To view the netfilter hooks information, use '--netfilter':: crash> xportshow --netfilter NPROTO=13, NF_MAX_HOOKS=8 =====PROTO= PF_INET NF_IP_PRE_ROUTING prio=-400, hook=ipv4_conntrack_defrag prio=-200, hook=ipv4_conntrack_in prio=-150, hook=iptable_mangle_hook prio=-100, hook=iptable_nat_ipv4_in NF_IP_LOCAL_IN prio=-150, hook=iptable_mangle_hook prio=0, hook=iptable_filter_hook prio=100, hook=iptable_nat_ipv4_fn prio=300, hook=ipv4_helper prio=2147483647, hook=ipv4_confirm NF_IP_FORWARD prio=-225, hook=selinux_ipv4_forward prio=-150, hook=iptable_mangle_hook prio=0, hook=iptable_filter_hook NF_IP_LOCAL_OUT prio=-400, hook=ipv4_conntrack_defrag prio=-225, hook=selinux_ipv4_output prio=-200, hook=ipv4_conntrack_local prio=-150, hook=iptable_mangle_hook prio=-100, hook=iptable_nat_ipv4_local_fn prio=0, hook=iptable_filter_hook NF_IP_POST_ROUTING prio=-150, hook=iptable_mangle_hook prio=100, hook=iptable_nat_ipv4_out prio=225, hook=selinux_ipv4_postroute prio=300, hook=ipv4_helper prio=2147483647, hook=ipv4_confirm =====PROTO= PF_BRIDGE NF_IP_LOCAL_IN prio=-200, hook=ebt_in_hook NF_IP_FORWARD prio=-200, hook=ebt_in_hook NF_IP_LOCAL_OUT prio=200, hook=ebt_out_hook =====PROTO= PF_INET6 NF_IP_LOCAL_IN prio=0, hook=ip6table_filter_hook NF_IP_FORWARD prio=-225, hook=selinux_ipv6_forward prio=0, hook=ip6table_filter_hook NF_IP_LOCAL_OUT prio=0, hook=ip6table_filter_hook NF_IP_POST_ROUTING prio=225, hook=selinux_ipv6_postroute ** Execution took 0.23s (real) 0.16s (CPU) crash> Print Softnet Queues (--softnet) -------------------------------- To print the per-cpu softnet data, use '--softnet':: crash> xportshow --softnet --CPU=0 ..input_pkt_queue has 0 elements ..Completion queue ** Execution took 0.03s (real) 0.05s (CPU) crash> Print a summary of network connections (--summary) ---------------------------------------------------- Users can get a detailed summary of network connections, TCP, UDP, RAW, and UNIX sockets using the '--summary' option:: crash> xportshow --summary TCP Connection Info ------------------- ESTABLISHED 6 LISTEN 13 NAGLE disabled (TCP_NODELAY): 6 user_data set (NFS etc.): 4 Unusual Situations: Doing Retransmission: 2 (run xportshow --retrans for details) UDP Connection Info ------------------- 16 UDP sockets, 0 in ESTABLISHED user_data set (NFS etc.): 2 Unix Connection Info ------------------------ ESTABLISHED 405 CLOSE 50 LISTEN 59 Raw sockets info -------------------- ESTABLISHED 1 Interfaces Info --------------- How long ago (in seconds) interfaces transmitted/received? Name RX TX ---- ---------- --------- lo 861.9 1161.5 ens3 861.9 0.0 virbr0 861.9 861.9 virbr0-nic 861.9 1127.6 ** Execution took 0.20s (real) 0.17s (CPU) crash> Show TCP, UDP, ICMP statistics (--statistics) ----------------------------------------------- :: crash> xportshow --statistics -------------------- ip_statistics -------------------- InReceives 582574 InHdrErrors 0 InAddrErrors 0 ForwDatagrams 0 InUnknownProtos 0 InDiscards 0 InDelivers 582572 OutRequests 2484936 OutDiscards 84 OutNoRoutes 65 ReasmTimeout 0 ReasmReqds 0 ReasmOKs 0 ReasmFails 0 FragOKs 0 FragFails 0 FragCreates 0 -------------------- icmp_statistics -------------------- not implemented yet -------------------- tcp_statistics -------------------- RtoAlgorithm 1 RtoMin 200 RtoMax 120000 MaxConn -1 ActiveOpens 7 PassiveOpens 4 AttemptFails 0 EstabResets 0 CurrEstab 6 InSegs 582175 OutSegs 2483329 RetransSegs 1218 InErrs 0 OutRsts 0 InCsumErrors 0 -------------------- udp_statistics -------------------- InDatagrams 42 NoPorts 176 InErrors 0 OutDatagrams 208 RcvbufErrors 0 SndbufErrors 0 InCsumErrors 0 -------------------- net_statistics -------------------- SyncookiesSent 0 SyncookiesRecv 0 SyncookiesFailed 0 EmbryonicRsts 0 PruneCalled 0 [...] TCPACKSkippedTimeWait 0 TCPACKSkippedChallenge 0 ** Execution took 0.03s (real) 0.03s (CPU) crash> Print network interface details (-i) ------------------------------------ This option can be used to view network interface details, e.g. IP address, MAC address, pointer to the 'net_device' structure, and net_device_flags:: crash> xportshow -i ====================== lo ============ lo 127.0.0.1/8 mtu=65536 LOOPBACK inet6 addr: ::1/128 flags= features= ====================== ens3 ========== ens3 172.25.0.45/16 mtu=1500 52:54:00:c4:05:90 ETHER inet6 addr: fe80::a148:5899:c318:e13a/64 flags= features= ====================== virbr0 ======== virbr0 192.168.122.1/24 mtu=1500 52:54:00:66:46:70 ETHER flags= features= ====================== virbr0-nic ==== virbr0-nic mtu=1500 52:54:00:66:46:70 ETHER flags= features= ** Execution took 0.03s (real) 0.03s (CPU) crash> Using the verbose flag (-v) with '-i' provides even more detailed information about the interfaces. These details include multicast address, link state, MTU, network packets sent/received, etc:: crash> xportshow -i -v ====================== lo ============ lo 127.0.0.1/8 mtu=65536 LOOPBACK inet6 addr: ::1/128 flags= features= --------mcast------------ inet: 224.0.0.1 users=1 inet6: ff02::1 inet6: ff01::1 ------------------------- LINK_STATE 3 (XOFF|START) open=, stats= mtu=65536 promisc=0 last_rx 4295829.24 s ago trans_start 1161.46 s ago RX -= Stats =- TX ----------------------- ------------------------ --CPU 0 rx_packets 356 tx_packets 356 rx_bytes 28024 tx_bytes 28024 .................. | tx queue 0 .................. | rx_queue ====================== ens3 ========== ens3 172.25.0.45/16 mtu=1500 52:54:00:c4:05:90 ETHER inet6 addr: fe80::a148:5899:c318:e13a/64 flags= features= --------mcast------------ link: 01:00:5e:00:00:01 link: 33:33:00:00:00:01 link: 33:33:ff:18:e1:3a link: 01:00:5e:00:00:fb inet: 224.0.0.251 users=1 inet: 224.0.0.1 users=1 inet6: ff02::1:ff18:e13a inet6: ff02::1 inet6: ff01::1 ------------------------- LINK_STATE 3 (XOFF|START) open=, stats= mtu=1500 promisc=0 last_rx 4295829.24 s ago trans_start 0.00 s ago .................. | tx queue 0 ............................................................. qlen=0 enqueue= dequeue= qlen=0 backlog=0 drops=0 requeues=0 overlimits=0 == Bands == sk_buff_head=0xffff88007a0a8948 len=0 sk_buff_head=0xffff88007a0a8960 len=0 sk_buff_head=0xffff88007a0a8978 len=0 .................. | rx_queue ............................................................. qlen=0 enqueue= dequeue= qlen=0 backlog=0 drops=0 requeues=0 overlimits=0 == Bands == sk_buff_head=0xffff88007a0a8948 len=0 sk_buff_head=0xffff88007a0a8960 len=0 sk_buff_head=0xffff88007a0a8978 len=0 ====================== virbr0 ======== virbr0 192.168.122.1/24 mtu=1500 52:54:00:66:46:70 ETHER flags= features= --------mcast------------ link: 01:00:5e:00:00:01 link: 01:00:5e:00:00:fb inet: 224.0.0.251 users=1 inet: 224.0.0.1 users=1 inet6: ff02::1 inet6: ff01::1 ------------------------- LINK_STATE 7 (XOFF|START|PRESENT) open=, stats= mtu=1500 promisc=0 last_rx 4295829.24 s ago .................. | tx queue 0 ............................................................. qlen=0 enqueue= dequeue= qlen=0 backlog=0 drops=0 requeues=0 overlimits=0 .................. | rx_queue [...] Decode iph/th/uh (--decode) ----------------------------- The contents of an 'iphdr' structure can be decoded using the '--decode' option as shown below:: crash> xportshow --decode iph 0xffff882fdb99a810 IPv4 tos=0 id=1742 fl=2 frag=0 ttl=1 proto=17 saddr=172.29.23.38 daddr=172.18.101.1 Limit output to the specified port (--port) --------------------------------------------- TCP socket details printed by xportshow can also be filtered using port numbers. For example, the following output will only show the TCP sockets used by port 2049:: crash> xportshow -a --port 2049 tcp 172.25.0.45:726 172.25.0.43:2049 ESTABLISHED tcp 172.25.0.45:769 172.25.0.43:2049 ESTABLISHED [...] Filtering the TCP sockets used by port 22:: crash> xportshow -a --port 22 tcp6 :::22 :::* LISTEN tcp 0.0.0.0:22 0.0.0.0:* LISTEN tcp 172.25.0.45:22 172.25.0.47:58532 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58538 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58530 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58504 ESTABLISHED udp6 :::908 :::* st=7 udp 0.0.0.0:908 0.0.0.0:* st=7 udp6 :::39875 :::* st=7 udp 192.168.122.1:53 0.0.0.0:* st=7 udp 0.0.0.0:67 0.0.0.0:* st=7 [...] Print LISTEN sockets only (-l) ------------------------------ The '-l' option with xportshow only lists the sockets in 'LISTEN' state:: crash> xportshow -l tcp6 :::36590 :::* LISTEN tcp 0.0.0.0:36463 0.0.0.0:* LISTEN tcp6 :::111 :::* LISTEN tcp 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0.0.0.0:42096 0.0.0.0:* LISTEN tcp 192.168.122.1:53 0.0.0.0:* LISTEN tcp6 :::22 :::* LISTEN tcp 0.0.0.0:22 0.0.0.0:* LISTEN tcp 127.0.0.1:631 0.0.0.0:* LISTEN tcp6 ::1:631 :::* LISTEN tcp6 :::43161 :::* LISTEN tcp6 ::1:25 :::* LISTEN tcp 127.0.0.1:25 0.0.0.0:* LISTEN udp6 :::908 :::* st=7 udp 0.0.0.0:908 0.0.0.0:* st=7 udp6 :::39875 :::* st=7 udp 192.168.122.1:53 0.0.0.0:* st=7 udp 0.0.0.0:67 0.0.0.0:* st=7 udp 0.0.0.0:68 0.0.0.0:* st=7 udp6 :::111 :::* st=7 udp 0.0.0.0:111 0.0.0.0:* st=7 udp 0.0.0.0:42164 0.0.0.0:* st=7 udp 0.0.0.0:5353 0.0.0.0:* st=7 udp6 ::1:323 :::* st=7 udp 127.0.0.1:323 0.0.0.0:* st=7 udp 0.0.0.0:39238 0.0.0.0:* st=7 udp 0.0.0.0:59726 0.0.0.0:* st=7 udp6 :::50703 :::* st=7 udp 127.0.0.1:809 0.0.0.0:* st=7 raw6 :::58 :::* st=7 ** Execution took 0.07s (real) 0.07s (CPU) crash> To get more verbose information about the sockets in 'LISTEN' state, use '-v' :: crash> xportshow -l -v ------------------------------------------------------------------------------ TCP tcp6 :::36590 :::* LISTEN family=PF_INET6 backlog=0(128) max_qlen_log=8 qlen=0 qlen_young=0 ------------------------------------------------------------------------------ TCP tcp 0.0.0.0:36463 0.0.0.0:* LISTEN family=PF_INET backlog=0(128) max_qlen_log=8 qlen=0 qlen_young=0 ------------------------------------------------------------------------------ TCP tcp6 :::111 :::* LISTEN family=PF_INET6 backlog=0(128) max_qlen_log=8 qlen=0 qlen_young=0 ------------------------------------------------------------------------------ TCP tcp 0.0.0.0:111 0.0.0.0:* LISTEN family=PF_INET backlog=0(128) max_qlen_log=8 qlen=0 qlen_young=0 [...] Print TCP sockets details (-t) ------------------------------ The '-t' option lists all TCP sockets:: crash> xportshow -t tcp 172.25.0.45:22 172.25.0.47:58532 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58538 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58530 ESTABLISHED tcp 172.25.0.45:726 172.25.0.43:2049 ESTABLISHED tcp 172.25.0.45:769 172.25.0.43:2049 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58504 ESTABLISHED [...] To get more verbose information about the TCP sockets, use '-v':: crash> xportshow -t -v ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:22 172.25.0.47:58532 ESTABLISHED windows: rcv=45696, snd=64128 advmss=1448 rcv_ws=7 snd_ws=7 nonagle=1 sack_ok=3 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=0 rcvbuf=369280, sndbuf=87040 rcv_tstamp=7.12 s, lsndtime=7.12 s ago, RTO=202 ms ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:22 172.25.0.47:58538 ESTABLISHED windows: rcv=42880, snd=64128 advmss=1448 rcv_ws=7 snd_ws=7 nonagle=1 sack_ok=3 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=0 rcvbuf=369280, sndbuf=87040 rcv_tstamp=0.00 s, lsndtime=75.70 s ago, RTO=209 ms ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:22 172.25.0.47:58530 ESTABLISHED windows: rcv=45696, snd=64128 advmss=1448 rcv_ws=7 snd_ws=7 nonagle=1 sack_ok=3 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=0 rcvbuf=369280, sndbuf=87040 rcv_tstamp=9.94 s, lsndtime=9.94 s ago, RTO=201 ms [...] List the sockets with specific state (--tcpstate) ------------------------------------------------- The '--tcpstate' option can be used to list the TCP sockets with matching state. For example, the below command will only list the TCP sockets in ESTABLISHED state:: crash> xportshow --tcpstate ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58532 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58538 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58530 ESTABLISHED tcp 172.25.0.45:726 172.25.0.43:2049 ESTABLISHED tcp 172.25.0.45:769 172.25.0.43:2049 ESTABLISHED tcp 172.25.0.45:22 172.25.0.47:58504 ESTABLISHED ** Execution took 0.03s (real) 0.02s (CPU) Similar to other options, users can use '-v' to get more verbose details of the sockets:: crash> xportshow --tcpstate ESTABLISHED -v ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:22 172.25.0.47:58532 ESTABLISHED windows: rcv=45696, snd=64128 advmss=1448 rcv_ws=7 snd_ws=7 nonagle=1 sack_ok=3 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=0 rcvbuf=369280, sndbuf=87040 rcv_tstamp=7.12 s, lsndtime=7.12 s ago, RTO=202 ms ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:22 172.25.0.47:58538 ESTABLISHED windows: rcv=42880, snd=64128 advmss=1448 rcv_ws=7 snd_ws=7 nonagle=1 sack_ok=3 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=0 rcvbuf=369280, sndbuf=87040 rcv_tstamp=0.00 s, lsndtime=75.70 s ago, RTO=209 ms ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:22 172.25.0.47:58530 ESTABLISHED windows: rcv=45696, snd=64128 advmss=1448 rcv_ws=7 snd_ws=7 nonagle=1 sack_ok=3 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=0 rcvbuf=369280, sndbuf=87040 rcv_tstamp=9.94 s, lsndtime=9.94 s ago, RTO=201 ms ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:726 172.25.0.43:2049 ESTABLISHED windows: rcv=182272, snd=2323072 advmss=1448 rcv_ws=7 snd_ws=7 nonagle=1 sack_ok=7 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=995976 rcvbuf=367360, sndbuf=1584128 rcv_tstamp=17.64 s, lsndtime=0.76 s ago, RTO=17088 ms -- Retransmissions -- retransmits=6, ca_state=TCP_CA_Loss, 17.36 s since first retransmission |user_data| 0xffff8800791be000 [...] Show only TCP retransmissions (--retransonly) ----------------------------------------------- To check the TCP retransmissions, use '--retransonly':: crash> xportshow --retransonly tcp 172.25.0.45:726 172.25.0.43:2049 ESTABLISHED retransmits=6, ca_state=TCP_CA_Loss, 17.36 s since first retransmission tcp 172.25.0.45:769 172.25.0.43:2049 ESTABLISHED retransmits=6, ca_state=TCP_CA_Loss, 17.43 s since first retransmission ** Execution took 0.05s (real) 0.06s (CPU) crash> Getting more verbose information with the '-v' option:: crash> xportshow --retransonly -v ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:726 172.25.0.43:2049 ESTABLISHED windows: rcv=182272, snd=2323072 advmss=1448 rcv_ws=7 snd_ws=7 nonagle=1 sack_ok=7 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=995976 rcvbuf=367360, sndbuf=1584128 rcv_tstamp=17.64 s, lsndtime=0.76 s ago, RTO=17088 ms -- Retransmissions -- retransmits=6, ca_state=TCP_CA_Loss, 17.36 s since first retransmission |user_data| 0xffff8800791be000 ------------------------------------------------------------------------------ TCP tcp 172.25.0.45:769 172.25.0.43:2049 ESTABLISHED windows: rcv=182272, snd=1077376 advmss=1448 rcv_ws=7 snd_ws=7 nonagle=1 sack_ok=7 tstamp_ok=1 rmem_alloc=0, wmem_alloc=1 rx_queue=0, tx_queue=815224 rcvbuf=367360, sndbuf=1296896 rcv_tstamp=17.65 s, lsndtime=4.88 s ago, RTO=12928 ms -- Retransmissions -- retransmits=6, ca_state=TCP_CA_Loss, 17.43 s since first retransmission |user_data| 0xffff8800356cc800 ** Execution took 0.04s (real) 0.04s (CPU) crash> Print UDP/RAW/UNIX sockets info (-u, -w, -x) -------------------------------------------- To print the UDP sockets used on the system, use '-u':: crash> xportshow -u udp6 ::1:38596 ::1:38596 ESTABLISHED udp6 ::1:40392 ::1:40392 ESTABLISHED udp6 ::1:47437 ::1:47437 ESTABLISHED udp6 ::1:35280 ::1:35280 ESTABLISHED udp6 ::1:35665 ::1:35665 ESTABLISHED udp6 ::1:59348 ::1:59348 ESTABLISHED [...] To get more verbose information about the UDP sockets, add '-v':: crash> xportshow -u -v udp6 ::1:38596 ::1:38596 ESTABLISHED ------------------------------------------------------------------------------ UDP rx_queue=0, tx_queue=1 rcvbuf=21299200, sndbuf=21299200 pending=0, corkflag=0, len=0 udp6 ::1:40392 ::1:40392 ESTABLISHED ------------------------------------------------------------------------------ UDP rx_queue=0, tx_queue=1 rcvbuf=21299200, sndbuf=21299200 pending=0, corkflag=0, len=0 udp6 ::1:47437 ::1:47437 ESTABLISHED [...] Getting a list of UNIX sockets using the '-x' option:: crash> xportshow -x unix State i_ino Path ---------------------------------- unix CLOSE 12300 /run/systemd/shutdownd unix CLOSE 20002 /var/run/chrony/chronyd.sock unix CLOSE 7138 /run/systemd/notify unix CLOSE 7140 /run/systemd/cgroups-agent unix CLOSE 7158 /run/systemd/journal/socket unix CLOSE 7160 /dev/log unix ESTABLISHED 25890 unix ESTABLISHED 28490 @/tmp/.X11-unix/X0 unix ESTABLISHED 20457 unix CLOSE 13956 unix ESTABLISHED 28061 unix ESTABLISHED 30769 /run/dbus/system_bus_socket unix ESTABLISHED 25891 unix ESTABLISHED 24719 /run/systemd/journal/stdout unix ESTABLISHED 20458 /run/dbus/system_bus_socket unix ESTABLISHED 27566 @/tmp/.X11-unix/X0 unix ESTABLISHED 30829 @/tmp/dbus-rfPFUuaY unix ESTABLISHED 28013 /run/systemd/journal/stdout unix ESTABLISHED 25888 unix ESTABLISHED 24718 unix ESTABLISHED 28489 @/tmp/dbus-rfPFUuaY unix ESTABLISHED 25942 unix ESTABLISHED 28058 @/tmp/.X11-unix/X0 unix ESTABLISHED 30828 unix ESTABLISHED 28488 unix ESTABLISHED 25943 unix ESTABLISHED 20755 /run/dbus/system_bus_socket [...] Similarly, the details for RAW sockets can be obtained by using '-w'. Print network sysctl parameters (--sysctl) ------------------------------------------ To get a full list of network-related sysctl parameters, use '--sysctl':: crash> xportshow --sysctl|head -100 net.core.core.bpf_jit_enable 0 net.core.core.busy_poll 0 net.core.core.busy_read 0 net.core.core.default_qdisc (?) net.core.core.dev_weight 64 net.core.core.message_burst 10 net.core.core.message_cost 5 net.core.core.netdev_budget 300 net.core.core.netdev_max_backlog 1000 net.core.core.netdev_rss_key 0 net.core.core.netdev_tstamp_prequeue 1 net.core.core.optmem_max 20480 net.core.core.rmem_default 212992 net.core.core.rmem_max 212992 net.core.core.rps_sock_flow_entries (?) net.core.core.somaxconn 128 net.core.core.warnings 1 net.core.core.wmem_default 212992 net.core.core.wmem_max 212992 net.core.core.xfrm_acq_expires 30 net.core.core.xfrm_aevent_etime 10 net.core.core.xfrm_aevent_rseqth 2 net.core.core.xfrm_larval_drop 1 net.core.ipv4.cipso_cache_bucket_size 10 net.core.ipv4.cipso_cache_enable 1 net.core.ipv4.cipso_rbm_optfmt 0 net.core.ipv4.cipso_rbm_strictvalid 1 net.core.ipv4.conf.all.accept_local 0 net.core.ipv4.conf.all.accept_redirects 0 net.core.ipv4.conf.all.accept_source_route 0 net.core.ipv4.conf.all.arp_accept 0 net.core.ipv4.conf.all.arp_announce 0 net.core.ipv4.conf.all.arp_filter 0 net.core.ipv4.conf.all.arp_ignore 0 net.core.ipv4.conf.all.arp_notify 0 net.core.ipv4.conf.all.bootp_relay 0 net.core.ipv4.conf.all.disable_policy 0 net.core.ipv4.conf.all.disable_xfrm 0 net.core.ipv4.conf.all.force_igmp_version 0 net.core.ipv4.conf.all.forwarding 1 net.core.ipv4.conf.all.log_martians 0 net.core.ipv4.conf.all.mc_forwarding 0 net.core.ipv4.conf.all.medium_id 0 net.core.ipv4.conf.all.promote_secondaries 1 net.core.ipv4.conf.all.proxy_arp 0 net.core.ipv4.conf.all.proxy_arp_pvlan 0 net.core.ipv4.conf.all.route_localnet 0 net.core.ipv4.conf.all.rp_filter 1 net.core.ipv4.conf.all.secure_redirects 1 net.core.ipv4.conf.all.send_redirects 1 net.core.ipv4.conf.all.shared_media 1 net.core.ipv4.conf.all.src_valid_mark 0 net.core.ipv4.conf.all.tag 0 net.core.ipv4.conf.default.accept_local 0 net.core.ipv4.conf.default.accept_redirects 1 net.core.ipv4.conf.default.accept_source_route 0 net.core.ipv4.conf.default.arp_accept 0 net.core.ipv4.conf.default.arp_announce 0 [...] net.core.ipv4.conf.default.src_valid_mark 0 net.core.ipv4.conf.default.tag 0 net.core.ipv4.conf.ens3.accept_local 0 net.core.ipv4.conf.ens3.accept_redirects 1 net.core.ipv4.conf.ens3.accept_source_route 0 net.core.ipv4.conf.ens3.arp_accept 0 net.core.ipv4.conf.ens3.arp_announce 0 net.core.ipv4.conf.ens3.arp_filter 0 net.core.ipv4.conf.ens3.arp_ignore 0 net.core.ipv4.conf.ens3.arp_notify 0 net.core.ipv4.conf.ens3.bootp_relay 0 [...] Print dev_pack info (--devpack) --------------------------------- The '--devpack' option prints network packet details from the lists viz. ptype_all and ptype_base containing protocol handlers for generic and specific packet types:: crash> xportshow --devpack --------ptype_all------------------------------------------- type=0x0003 dev=0xffff880077be5000 func=packet_rcv pid=850, command=dhclient --------ptype_base------------------------------------------- (bucket=0) type=0x0800 dev=0x0 func=ip_rcv (bucket=1) type=0x0011 dev=0x0 func=llc_rcv (bucket=4) type=0x0004 dev=0x0 func=llc_rcv (bucket=6) type=0x0806 dev=0xffff88007afa2000 func=packet_rcv (bucket=6) type=0x0806 dev=0x0 func=arp_rcv (bucket=13) type=0x86dd dev=0x0 func=ipv6_rcv ** Execution took 0.07s (real) 0.07s (CPU) crash> Print ARP & Neighbouring info (--arp) --------------------------------------- Users can get the ARP table data with the '--arp' option:: crash> xportshow --arp === PF_INET6 nd_tbl IP ADDRESS HW TYPE HW ADDRESS DEVICE STATE ---------- ------- ---------- ------ ----- ff02::1:ff18:e13a ETHER 33:33:ff:18:e1:3a ens3 NOARP ff02::2 ETHER 33:33:00:00:00:02 ens3 NOARP ff02::16 ETHER 33:33:00:00:00:16 ens3 NOARP === PF_INET arp_tbl IP ADDRESS HW TYPE HW ADDRESS DEVICE STATE ---------- ------- ---------- ------ ----- 224.0.0.22 ETHER 01:00:5e:00:00:16 ens3 NOARP 172.25.0.43 ETHER 52:54:00:81:02:2f ens3 REACHABLE 224.0.0.22 ETHER 01:00:5e:00:00:16 virbr0 NOARP 172.25.0.47 ETHER e8:6a:64:a3:72:4b ens3 REACHABLE 224.0.0.251 ETHER 01:00:5e:00:00:fb ens3 NOARP 127.0.0.1 LOOPBACK 00:00:00:00:00:00 lo NOARP 224.0.0.251 ETHER 01:00:5e:00:00:fb virbr0 NOARP 172.25.0.2 ETHER 40:8d:5c:c4:9e:72 ens3 STALE ** Execution took 0.20s (real) 0.20s (CPU) crash> Use the verbose (-v) flag to view more detailed information e.g. pointer to struct neighbour, neigh_table, and arp_queue_len:: crash> xportshow --arp -v === PF_INET6 nd_tbl IP ADDRESS HW TYPE HW ADDRESS DEVICE STATE ---------- ------- ---------- ------ ----- ff02::1:ff18:e13a ETHER 33:33:ff:18:e1:3a ens3 NOARP arp_queue_len=0 ------------------------------------------------------------------------------ ff02::2 ETHER 33:33:00:00:00:02 ens3 NOARP arp_queue_len=0 ------------------------------------------------------------------------------ ff02::16 ETHER 33:33:00:00:00:16 ens3 NOARP arp_queue_len=0 ------------------------------------------------------------------------------ === PF_INET arp_tbl IP ADDRESS HW TYPE HW ADDRESS DEVICE STATE ---------- ------- ---------- ------ ----- 224.0.0.22 ETHER 01:00:5e:00:00:16 ens3 NOARP arp_queue_len=0 ------------------------------------------------------------------------------ 172.25.0.43 ETHER 52:54:00:81:02:2f ens3 REACHABLE arp_queue_len=0 ------------------------------------------------------------------------------ 224.0.0.22 ETHER 01:00:5e:00:00:16 virbr0 NOARP arp_queue_len=0 ------------------------------------------------------------------------------ 172.25.0.47 ETHER e8:6a:64:a3:72:4b ens3 REACHABLE arp_queue_len=0 ------------------------------------------------------------------------------ 224.0.0.251 ETHER 01:00:5e:00:00:fb ens3 NOARP arp_queue_len=0 ------------------------------------------------------------------------------ 127.0.0.1 LOOPBACK 00:00:00:00:00:00 lo NOARP arp_queue_len=0 ------------------------------------------------------------------------------ 224.0.0.251 ETHER 01:00:5e:00:00:fb virbr0 NOARP arp_queue_len=0 ------------------------------------------------------------------------------ 172.25.0.2 ETHER 40:8d:5c:c4:9e:72 ens3 STALE arp_queue_len=0 ------------------------------------------------------------------------------ ** Execution took 0.03s (real) 0.05s (CPU) crash> Set net ns address (--netns) ------------------------------ The netns (network namespace) address can be changed using the '--netns' option as shown below:: crash> xportshow --netns 0xffffffff81ae2d80 *=*=* Using crash> xportshow --netns 0xffff88007bbc8000 *=*=* Using The xportshow program also verifies whether the mentioned netns address is valid or not. In case of an invalid address, it will just log an error and refuse to change the network namespace:: crash> xportshow --netns 0xffff88007bbc8010 Invalid net ns 0xffff88007bbc8010 ** Execution took 0.01s (real) 0.01s (CPU) crash> Run all functions in single command (--everything) ---------------------------------------------------- Users can also run all the above options in a single command by using '--everything':: crash> xportshow --everything | head -100 NPROTO=13, NF_MAX_HOOKS=8 =====PROTO= PF_INET NF_IP_PRE_ROUTING prio=-400, hook=ipv4_conntrack_defrag prio=-200, hook=ipv4_conntrack_in prio=-150, hook=iptable_mangle_hook prio=-100, hook=iptable_nat_ipv4_in NF_IP_LOCAL_IN prio=-150, hook=iptable_mangle_hook prio=0, hook=iptable_filter_hook prio=100, hook=iptable_nat_ipv4_fn prio=300, hook=ipv4_helper prio=2147483647, hook=ipv4_confirm NF_IP_FORWARD prio=-225, hook=selinux_ipv4_forward prio=-150, hook=iptable_mangle_hook prio=0, hook=iptable_filter_hook NF_IP_LOCAL_OUT prio=-400, hook=ipv4_conntrack_defrag prio=-225, hook=selinux_ipv4_output prio=-200, hook=ipv4_conntrack_local prio=-150, hook=iptable_mangle_hook prio=-100, hook=iptable_nat_ipv4_local_fn prio=0, hook=iptable_filter_hook NF_IP_POST_ROUTING prio=-150, hook=iptable_mangle_hook prio=100, hook=iptable_nat_ipv4_out prio=225, hook=selinux_ipv4_postroute prio=300, hook=ipv4_helper prio=2147483647, hook=ipv4_confirm =====PROTO= PF_BRIDGE NF_IP_LOCAL_IN prio=-200, hook=ebt_in_hook NF_IP_FORWARD prio=-200, hook=ebt_in_hook NF_IP_LOCAL_OUT prio=200, hook=ebt_out_hook =====PROTO= PF_INET6 NF_IP_LOCAL_IN prio=0, hook=ip6table_filter_hook NF_IP_FORWARD prio=-225, hook=selinux_ipv6_forward prio=0, hook=ip6table_filter_hook NF_IP_LOCAL_OUT prio=0, hook=ip6table_filter_hook NF_IP_POST_ROUTING prio=225, hook=selinux_ipv6_postroute net.core.core.bpf_jit_enable 0 net.core.core.busy_poll 0 net.core.core.busy_read 0 net.core.core.default_qdisc (?) net.core.core.dev_weight 64 net.core.core.message_burst 10 net.core.core.message_cost 5 net.core.core.netdev_budget 300 net.core.core.netdev_max_backlog 1000 net.core.core.netdev_rss_key 0 net.core.core.netdev_tstamp_prequeue 1 [...]