diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-17 16:46:05 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-17 16:46:05 +0100 |
| commit | 2bbb1655e38646d9a9a6f839d6ca22e4e554d2f2 (patch) | |
| tree | f7ece5b3e9d95e02a8d1492d056cbf738da5cf85 /conntrack.8 | |
| parent | 016bfd317d0984331e53fa71d042af39d3049162 (diff) | |
| download | conntrack-tools-2bbb1655e38646d9a9a6f839d6ca22e4e554d2f2.tar.gz conntrack-tools-2bbb1655e38646d9a9a6f839d6ca22e4e554d2f2.zip | |
conntrack: add -o ktimestamp option (it requires linux >= 2.6.38)
This option requires Linux kernel >= 2.6.38, you have to enable conntrack
timestamping with:
echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp
# conntrack -L -o ktimestamp
udp 17 59 src=192.168.1.128 dst=192.168.1.1 sport=52050 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=52050 [ASSURED] mark=0 delta-time=121 [start=Thu Feb 17 17:41:18 2011] use=1
# conntrack -L
conntrack v0.9.15 (conntrack-tools): 20 flow entries have been shown.
udp 17 31 src=192.168.1.128 dst=192.168.1.1 sport=52050 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=52050 [ASSURED] mark=0 delta-time=149 use=1
# conntrack -E -o ktimestamp
...
[DESTROY] udp 17 src=192.168.1.128 dst=192.168.1.1 sport=40162 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=40162 [ASSURED] delta-time=3 [start=Thu Feb 17 17:44:57 2011] [stop=Thu Feb 17 17:45:00 2011]
# conntrack -E
[DESTROY] udp 17 src=192.168.1.128 dst=77.226.252.14 sport=123 dport=123 src=77.226.252.14 dst=192.168.1.128 sport=123 dport=123 delta-time=8
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'conntrack.8')
| -rw-r--r-- | conntrack.8 | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/conntrack.8 b/conntrack.8 index f485619..0565907 100644 --- a/conntrack.8 +++ b/conntrack.8 @@ -88,8 +88,11 @@ Show the in-kernel connection tracking system statistics. Atomically zero counters after reading them. This option is only valid in combination with the "-L, --dump" command options. .TP -.BI "-o, --output [extended,xml,timestamp,id] " -Display output in a certain format. +.BI "-o, --output [extended,xml,timestamp,id,ktimestamp] " +Display output in a certain format. With the extended output option, this tool +displays the layer 3 information. With ktimestamp, it displays the in-kernel +timestamp available since 2.6.38 (you can enable it via echo 1 > +/proc/sys/net/netfilter/nf_conntrack_timestamp). .TP .BI "-e, --event-mask " "[ALL|NEW|UPDATES|DESTROY][,...]" Set the bitmask of events that are to be generated by the in-kernel ctnetlink |