From caac620ea64f1cf9022e580225e574b72aa16236 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Thu, 21 Sep 2023 12:43:32 +0200
Subject: [PATCH] shinobu/router: Add tracing infrastructure

---
 machines/shinobu/services/router.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/machines/shinobu/services/router.nix b/machines/shinobu/services/router.nix
index afaed2c..ca3bcbe 100644
--- a/machines/shinobu/services/router.nix
+++ b/machines/shinobu/services/router.nix
@@ -137,6 +137,25 @@ in
             oifname $PHYSICAL_WAN counter drop
           }
         }
+
+        # Tracing infrastructure, can be used for debugging (nft monitor trace)
+        table inet trace {
+          chain prerouting {
+            type filter hook prerouting priority raw - 1
+            jump common
+          }
+
+          chain output {
+            type filter hook output priority raw - 1
+            jump common
+          }
+
+          chain common {
+            # Add tracing rule here
+            # … meta nftrace set 1
+            # DO NOT COMMIT ANY TRACING RULES
+          }
+        }
       '';
     };
   };