diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-10-23 17:35:57 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-17 00:57:54 +0100 |
| commit | 2217eb4c53a54eabbc09e043209181c483e2eace (patch) | |
| tree | b8f0b8da65e53b562993f6a373fb71826ec0cbf9 /include | |
| parent | c2ddcf3225edcc13699131820f90b063161ff2ca (diff) | |
conntrack: add timestamp support
This patch adds the connection tracking extension that allows
conntrack timestamping.
This requires a Linux kernel >= 2.6.38.
We have now 65 attributes, we need 96 bits to store what attributes
are set in the objects.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/internal/internal.h | 4 | ||||
| -rw-r--r-- | include/internal/object.h | 8 | ||||
| -rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 5 | ||||
| -rw-r--r-- | include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h | 9 |
4 files changed, 25 insertions, 1 deletions
diff --git a/include/internal/internal.h b/include/internal/internal.h index c335afd..a984e6b 100644 --- a/include/internal/internal.h +++ b/include/internal/internal.h @@ -77,4 +77,8 @@ #define likely(x) __builtin_expect((x),1) #define unlikely(x) __builtin_expect((x),0) +#ifndef NSEC_PER_SEC +#define NSEC_PER_SEC 1000000000L +#endif + #endif diff --git a/include/internal/object.h b/include/internal/object.h index 76a0566..5dce9d0 100644 --- a/include/internal/object.h +++ b/include/internal/object.h @@ -175,7 +175,13 @@ struct nf_conntrack { struct __nfct_nat snat; struct __nfct_nat dnat; -#define __NFCT_BITSET 2 + struct { + u_int64_t start; + u_int64_t stop; + } timestamp; + +/* we've got more than 64 attributes now, we need 96 bits to store them. */ +#define __NFCT_BITSET 3 u_int32_t set[__NFCT_BITSET]; }; diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 698b0ae..f09e03b 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -128,6 +128,8 @@ enum nf_conntrack_attr { ATTR_TCP_WSCALE_REPL = 60, /* u8 bits */ ATTR_ZONE, /* u16 bits */ ATTR_SECCTX, /* string */ + ATTR_TIMESTAMP_START, /* u64 bits, linux >= 2.6.38 */ + ATTR_TIMESTAMP_STOP = 64, /* u64 bits, linux >= 2.6.38 */ ATTR_MAX }; @@ -344,6 +346,9 @@ enum { NFCT_OF_ID_BIT = 2, NFCT_OF_ID = (1 << NFCT_OF_ID_BIT), + + NFCT_OF_TIMESTAMP_BIT = 3, + NFCT_OF_TIMESTAMP = (1 << NFCT_OF_TIMESTAMP_BIT), }; extern int nfct_snprintf(char *buf, diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h index 3b0c009..abab4a0 100644 --- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h +++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h @@ -46,6 +46,7 @@ enum ctattr_type { CTA_SECMARK, /* obsolete */ CTA_ZONE, CTA_SECCTX, + CTA_TIMESTAMP, __CTA_MAX }; #define CTA_MAX (__CTA_MAX - 1) @@ -131,6 +132,14 @@ enum ctattr_counters { }; #define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1) +enum ctattr_tstamp { + CTA_TIMESTAMP_UNSPEC, + CTA_TIMESTAMP_START, + CTA_TIMESTAMP_STOP, + __CTA_TIMESTAMP_MAX +}; +#define CTA_TIMESTAMP_MAX (__CTA_TIMESTAMP_MAX - 1) + enum ctattr_nat { CTA_NAT_UNSPEC, CTA_NAT_MINIP, |