From 2bbb1655e38646d9a9a6f839d6ca22e4e554d2f2 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 17 Feb 2011 16:46:05 +0100 Subject: conntrack: add -o ktimestamp option (it requires linux >= 2.6.38) This option requires Linux kernel >= 2.6.38, you have to enable conntrack timestamping with: echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp # conntrack -L -o ktimestamp udp 17 59 src=192.168.1.128 dst=192.168.1.1 sport=52050 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=52050 [ASSURED] mark=0 delta-time=121 [start=Thu Feb 17 17:41:18 2011] use=1 # conntrack -L conntrack v0.9.15 (conntrack-tools): 20 flow entries have been shown. udp 17 31 src=192.168.1.128 dst=192.168.1.1 sport=52050 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=52050 [ASSURED] mark=0 delta-time=149 use=1 # conntrack -E -o ktimestamp ... [DESTROY] udp 17 src=192.168.1.128 dst=192.168.1.1 sport=40162 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=40162 [ASSURED] delta-time=3 [start=Thu Feb 17 17:44:57 2011] [stop=Thu Feb 17 17:45:00 2011] # conntrack -E [DESTROY] udp 17 src=192.168.1.128 dst=77.226.252.14 sport=123 dport=123 src=77.226.252.14 dst=192.168.1.128 sport=123 dport=123 delta-time=8 Signed-off-by: Pablo Neira Ayuso --- src/conntrack.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src/conntrack.c') diff --git a/src/conntrack.c b/src/conntrack.c index 2527953..9565ee4 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -669,6 +669,7 @@ enum { _O_EXT = (1 << 1), _O_TMS = (1 << 2), _O_ID = (1 << 3), + _O_KTMS = (1 << 4), }; enum { @@ -687,8 +688,8 @@ static struct parse_parameter { { IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED} }, { {"ALL", "NEW", "UPDATES", "DESTROY"}, 4, { CT_EVENT_F_ALL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_EVENT_F_DEL } }, - { {"xml", "extended", "timestamp", "id" }, 4, - { _O_XML, _O_EXT, _O_TMS, _O_ID }, + { {"xml", "extended", "timestamp", "id", "ktimestamp"}, 5, + { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS }, }, }; @@ -1024,6 +1025,8 @@ static int event_cb(enum nf_conntrack_msg_type type, } else op_flags |= NFCT_OF_TIME; } + if (output_mask & _O_KTMS) + op_flags |= NFCT_OF_TIMESTAMP; if (output_mask & _O_ID) op_flags |= NFCT_OF_ID; @@ -1063,6 +1066,8 @@ static int dump_cb(enum nf_conntrack_msg_type type, } if (output_mask & _O_EXT) op_flags = NFCT_OF_SHOW_LAYER3; + if (output_mask & _O_KTMS) + op_flags |= NFCT_OF_TIMESTAMP; if (output_mask & _O_ID) op_flags |= NFCT_OF_ID; -- cgit v1.2.3