conntrack: add -o userspace option to tag user-triggered events

The following command:

 # conntrack -E -o userspace &
 # conntrack -F
 [DESTROY] tcp      6 src=122.127.186.172 dst=192.168.10.195 sport=443 dport=48232 packets=56 bytes=5313 src=192.168.10.195 dst=122.127.186.172 sport=48232 dport=443 packets=49 bytes=5174 [ASSURED] [USERSPACE]

prints the [USERSPACE] tag at the end of the event, this tells users if
this event has been triggered by process, eg. via conntrack command
invocation.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 2 insertions, 1 deletions

diff --git a/conntrack.8 b/conntrack.8
index e069dfe..3c1e960 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -109,13 +109,14 @@ Show the in-kernel connection tracking system statistics.
 Atomically zero counters after reading them.  This option is only valid in
 combination with the "\-L, \-\-dump" command options.
 .TP
-.BI "-o, --output [extended,xml,timestamp,id,ktimestamp,labels] "
+.BI "-o, --output [extended,xml,timestamp,id,ktimestamp,labels,userspace] "
 Display output in a certain format. With the extended output option, this tool
 displays the layer 3 information. With ktimestamp, it displays the in-kernel
 timestamp available since 2.6.38 (you can enable it via the \fBsysctl(8)\fP
 key \fBnet.netfilter.nf_conntrack_timestamp\fP).
 The labels output option tells \fBconntrack\fP to show the names of connection
 tracking labels that might be present.
+The userspace output options tells if the event has been triggered by a process.
 .TP
 .BI "-e, --event-mask " "[ALL|NEW|UPDATES|DESTROY][,...]"
 Set the bitmask of events that are to be generated by the in-kernel ctnetlink