summaryrefslogtreecommitdiffstats
path: root/src/conntrack/api.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2010-10-23 17:35:57 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2011-02-17 00:57:54 +0100
commit2217eb4c53a54eabbc09e043209181c483e2eace (patch)
treeb8f0b8da65e53b562993f6a373fb71826ec0cbf9 /src/conntrack/api.c
parentc2ddcf3225edcc13699131820f90b063161ff2ca (diff)
conntrack: add timestamp support
This patch adds the connection tracking extension that allows conntrack timestamping. This requires a Linux kernel >= 2.6.38. We have now 65 attributes, we need 96 bits to store what attributes are set in the objects. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/api.c')
-rw-r--r--src/conntrack/api.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 6b73817..2262974 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -356,6 +356,7 @@ void nfct_callback_unregister2(struct nfct_handle *h)
* - ATTR_ID
* - ATTR_*_COUNTER_*
* - ATTR_SECCTX
+ * - ATTR_TIMESTAMP_*
* The call of this function for such attributes do nothing.
*/
void nfct_set_attr(struct nf_conntrack *ct,
@@ -970,7 +971,20 @@ int nfct_catch(struct nfct_handle *h)
* The output flags are:
* - NFCT_OF_SHOW_LAYER3: include layer 3 information in the output,
* this is *only* required by NFCT_O_DEFAULT.
- * - NFCT_OF_TIME: display time.
+ * - NFCT_OF_TIME: display current time.
+ * - NFCT_OF_ID: display the ID number.
+ * - NFCT_OF_TIMESTAMP: display creation and (if exists) deletion time.
+ *
+ * To use NFCT_OF_TIMESTAMP, you have to:
+ * \verbatim
+ * $ echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp
+\endverbatim
+ * This requires a Linux kernel >= 2.6.38.
+ *
+ * Note that NFCT_OF_TIME displays the current time when nfct_snprintf() has
+ * been called. Thus, it can be used to know when a flow was destroy if you
+ * print the message just after you receive the destroy event. If you want
+ * more accurate timestamping, use NFCT_OF_TIMESTAMP.
*
* This function returns the size of the information that _would_ have been
* written to the buffer, even if there was no room for it. Thus, the