conntrack: add -o ktimestamp option (it requires linux >= 2.6.38)
This option requires Linux kernel >= 2.6.38, you have to enable conntrack timestamping with: echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp # conntrack -L -o ktimestamp udp 17 59 src= dst= sport=52050 dport=53 src= dst= sport=53 dport=52050 [ASSURED] mark=0 delta-time=121 [start=Thu Feb 17 17:41:18 2011] use=1 # conntrack -L conntrack v0.9.15 (conntrack-tools): 20 flow entries have been shown. udp 17 31 src= dst= sport=52050 dport=53 src= dst= sport=53 dport=52050 [ASSURED] mark=0 delta-time=149 use=1 # conntrack -E -o ktimestamp ... [DESTROY] udp 17 src= dst= sport=40162 dport=53 src= dst= sport=53 dport=40162 [ASSURED] delta-time=3 [start=Thu Feb 17 17:44:57 2011] [stop=Thu Feb 17 17:45:00 2011] # conntrack -E [DESTROY] udp 17 src= dst= sport=123 dport=123 src= dst= sport=123 dport=123 delta-time=8 Signed-off-by: Pablo Neira Ayuso <>
