IP packets debug with netfilter(ebtables)

gistfile1.sh

#!/bin/sh
#
#
#
nic=${1:-'eth0'}
#vif-jly0dfqe
protocol_maps="
 ip4=ip4
 ip6=ip6
 arp=arp
 rarp=0x8035
"


#
# flush
#
sudo ebtables --init-table

#
# main
#
chains="
 s_${nic}
 d_${nic}
 s_${nic}_d_hst
 d_${nic}_s_hst
"


# base chain
for chain in ${chains}; do
  sudo ebtables -N ${chain}

  for protocol_map in ${protocol_maps}; do
    k=${protocol_map%%=*}
    v=${protocol_map##*=}
    sudo ebtables -N ${chain}_${k}
  done
done

sudo ebtables -A FORWARD -i ${nic} -j s_${nic}
sudo ebtables -A FORWARD -o ${nic} -j d_${nic}
sudo ebtables -A INPUT   -i ${nic} -j s_${nic}_d_hst
sudo ebtables -A OUTPUT  -o ${nic} -j d_${nic}_s_hst


# protocol routing
for protocol_map in ${protocol_maps}; do
  k=${protocol_map%%=*}
  v=${protocol_map##*=}
  sudo ebtables -A s_${nic}       -p ${v} -j s_${nic}_${k}
  sudo ebtables -A d_${nic}       -p ${v} -j d_${nic}_${k}
  sudo ebtables -A s_${nic}_d_hst -p ${v} -j s_${nic}_d_hst_${k}
  sudo ebtables -A d_${nic}_s_hst -p ${v} -j d_${nic}_s_hst_${k}
done


# log
for chain in ${chains}; do
  #sudo ebtables -A ${chain} --log-level warning --log-ip --log-arp --log-prefix "# ${chain}:" -j CONTINUE
  for protocol_map in ${protocol_maps}; do
    k=${protocol_map%%=*}
    v=${protocol_map##*=}
    sudo ebtables -A ${chain}_${k} --log-level warning --log-ip --log-arp --log-prefix "# ${chain}_${k}:" -j CONTINUE
  done
done


# dump rules
sudo ebtables -L


exit 0