From 2217eb4c53a54eabbc09e043209181c483e2eace Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 23 Oct 2010 17:35:57 +0200
Subject: conntrack: add timestamp support

This patch adds the connection tracking extension that allows
conntrack timestamping.

This requires a Linux kernel >= 2.6.38.

We have now 65 attributes, we need 96 bits to store what attributes
are set in the objects.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/snprintf_default.c | 56 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

(limited to 'src/conntrack/snprintf_default.c')

diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c
index abb9d9f..8523bd1 100644
--- a/src/conntrack/snprintf_default.c
+++ b/src/conntrack/snprintf_default.c
@@ -231,6 +231,47 @@ __snprintf_secctx(char *buf, unsigned int len, const struct nf_conntrack *ct)
 	return (snprintf(buf, len, "secctx=%s ", ct->secctx));
 }
 
+static int
+__snprintf_timestamp_start(char *buf, unsigned int len,
+			   const struct nf_conntrack *ct)
+{
+	time_t start = (time_t)(ct->timestamp.start / NSEC_PER_SEC);
+	char *tmp = ctime(&start);
+
+	/* overwrite \n in the ctime() output. */
+	tmp[strlen(tmp)-1] = '\0';
+	return (snprintf(buf, len, "[start=%s] ", tmp));
+}
+
+static int
+__snprintf_timestamp_stop(char *buf, unsigned int len,
+			  const struct nf_conntrack *ct)
+{
+	time_t stop = (time_t)(ct->timestamp.stop / NSEC_PER_SEC);
+	char *tmp = ctime(&stop);
+
+	/* overwrite \n in the ctime() output. */
+	tmp[strlen(tmp)-1] = '\0';
+	return (snprintf(buf, len, "[stop=%s] ", tmp));
+}
+
+static int
+__snprintf_timestamp_delta(char *buf, unsigned int len,
+			   const struct nf_conntrack *ct)
+{
+	time_t delta_time, stop;
+
+	if (ct->timestamp.stop == 0)
+		time(&stop);
+	else
+		stop = (time_t)(ct->timestamp.stop / NSEC_PER_SEC);
+
+	delta_time = stop - (time_t)(ct->timestamp.start / NSEC_PER_SEC);
+
+	return (snprintf(buf, len, "delta-time=%llu ",
+			(unsigned long long)delta_time));
+}
+
 int __snprintf_conntrack_default(char *buf, 
 				 unsigned int len,
 				 const struct nf_conntrack *ct,
@@ -337,6 +378,21 @@ int __snprintf_conntrack_default(char *buf,
 		BUFFER_SIZE(ret, size, len, offset);
 	}
 
+	if (test_bit(ATTR_TIMESTAMP_START, ct->set)) {
+		ret = __snprintf_timestamp_delta(buf+offset, len, ct);
+		BUFFER_SIZE(ret, size, len, offset);
+	}
+	if (flags & NFCT_OF_TIMESTAMP) {
+		if (test_bit(ATTR_TIMESTAMP_START, ct->set)) {
+			ret = __snprintf_timestamp_start(buf+offset, len, ct);
+			BUFFER_SIZE(ret, size, len, offset);
+		}
+		if (test_bit(ATTR_TIMESTAMP_STOP, ct->set)) {
+			ret = __snprintf_timestamp_stop(buf+offset, len, ct);
+			BUFFER_SIZE(ret, size, len, offset);
+		}
+	}
+
 	if (test_bit(ATTR_USE, ct->set)) {
 		ret = __snprintf_use(buf+offset, len, ct);
 		BUFFER_SIZE(ret, size, len, offset);
-- 
cgit v1.2.3