summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2011-02-17 16:46:05 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2011-02-17 16:46:05 +0100
commit2bbb1655e38646d9a9a6f839d6ca22e4e554d2f2 (patch)
treef7ece5b3e9d95e02a8d1492d056cbf738da5cf85
parent016bfd317d0984331e53fa71d042af39d3049162 (diff)
downloadconntrack-tools-2bbb1655e38646d9a9a6f839d6ca22e4e554d2f2.tar.gz
conntrack-tools-2bbb1655e38646d9a9a6f839d6ca22e4e554d2f2.zip
conntrack: add -o ktimestamp option (it requires linux >= 2.6.38)
This option requires Linux kernel >= 2.6.38, you have to enable conntrack timestamping with: echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp # conntrack -L -o ktimestamp udp 17 59 src=192.168.1.128 dst=192.168.1.1 sport=52050 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=52050 [ASSURED] mark=0 delta-time=121 [start=Thu Feb 17 17:41:18 2011] use=1 # conntrack -L conntrack v0.9.15 (conntrack-tools): 20 flow entries have been shown. udp 17 31 src=192.168.1.128 dst=192.168.1.1 sport=52050 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=52050 [ASSURED] mark=0 delta-time=149 use=1 # conntrack -E -o ktimestamp ... [DESTROY] udp 17 src=192.168.1.128 dst=192.168.1.1 sport=40162 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=40162 [ASSURED] delta-time=3 [start=Thu Feb 17 17:44:57 2011] [stop=Thu Feb 17 17:45:00 2011] # conntrack -E [DESTROY] udp 17 src=192.168.1.128 dst=77.226.252.14 sport=123 dport=123 src=77.226.252.14 dst=192.168.1.128 sport=123 dport=123 delta-time=8 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--conntrack.87
-rw-r--r--src/conntrack.c9
2 files changed, 12 insertions, 4 deletions
diff --git a/conntrack.8 b/conntrack.8
index f485619..0565907 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -88,8 +88,11 @@ Show the in-kernel connection tracking system statistics.
Atomically zero counters after reading them. This option is only valid in
combination with the "-L, --dump" command options.
.TP
-.BI "-o, --output [extended,xml,timestamp,id] "
-Display output in a certain format.
+.BI "-o, --output [extended,xml,timestamp,id,ktimestamp] "
+Display output in a certain format. With the extended output option, this tool
+displays the layer 3 information. With ktimestamp, it displays the in-kernel
+timestamp available since 2.6.38 (you can enable it via echo 1 >
+/proc/sys/net/netfilter/nf_conntrack_timestamp).
.TP
.BI "-e, --event-mask " "[ALL|NEW|UPDATES|DESTROY][,...]"
Set the bitmask of events that are to be generated by the in-kernel ctnetlink
diff --git a/src/conntrack.c b/src/conntrack.c
index 2527953..9565ee4 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -669,6 +669,7 @@ enum {
_O_EXT = (1 << 1),
_O_TMS = (1 << 2),
_O_ID = (1 << 3),
+ _O_KTMS = (1 << 4),
};
enum {
@@ -687,8 +688,8 @@ static struct parse_parameter {
{ IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED} },
{ {"ALL", "NEW", "UPDATES", "DESTROY"}, 4,
{ CT_EVENT_F_ALL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_EVENT_F_DEL } },
- { {"xml", "extended", "timestamp", "id" }, 4,
- { _O_XML, _O_EXT, _O_TMS, _O_ID },
+ { {"xml", "extended", "timestamp", "id", "ktimestamp"}, 5,
+ { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS },
},
};
@@ -1024,6 +1025,8 @@ static int event_cb(enum nf_conntrack_msg_type type,
} else
op_flags |= NFCT_OF_TIME;
}
+ if (output_mask & _O_KTMS)
+ op_flags |= NFCT_OF_TIMESTAMP;
if (output_mask & _O_ID)
op_flags |= NFCT_OF_ID;
@@ -1063,6 +1066,8 @@ static int dump_cb(enum nf_conntrack_msg_type type,
}
if (output_mask & _O_EXT)
op_flags = NFCT_OF_SHOW_LAYER3;
+ if (output_mask & _O_KTMS)
+ op_flags |= NFCT_OF_TIMESTAMP;
if (output_mask & _O_ID)
op_flags |= NFCT_OF_ID;