diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-10-23 17:35:57 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-17 00:57:54 +0100 |
commit | 2217eb4c53a54eabbc09e043209181c483e2eace (patch) | |
tree | b8f0b8da65e53b562993f6a373fb71826ec0cbf9 /src/conntrack/api.c | |
parent | c2ddcf3225edcc13699131820f90b063161ff2ca (diff) |
conntrack: add timestamp support
This patch adds the connection tracking extension that allows
conntrack timestamping.
This requires a Linux kernel >= 2.6.38.
We have now 65 attributes, we need 96 bits to store what attributes
are set in the objects.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/api.c')
-rw-r--r-- | src/conntrack/api.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 6b73817..2262974 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -356,6 +356,7 @@ void nfct_callback_unregister2(struct nfct_handle *h) * - ATTR_ID * - ATTR_*_COUNTER_* * - ATTR_SECCTX + * - ATTR_TIMESTAMP_* * The call of this function for such attributes do nothing. */ void nfct_set_attr(struct nf_conntrack *ct, @@ -970,7 +971,20 @@ int nfct_catch(struct nfct_handle *h) * The output flags are: * - NFCT_OF_SHOW_LAYER3: include layer 3 information in the output, * this is *only* required by NFCT_O_DEFAULT. - * - NFCT_OF_TIME: display time. + * - NFCT_OF_TIME: display current time. + * - NFCT_OF_ID: display the ID number. + * - NFCT_OF_TIMESTAMP: display creation and (if exists) deletion time. + * + * To use NFCT_OF_TIMESTAMP, you have to: + * \verbatim + * $ echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp +\endverbatim + * This requires a Linux kernel >= 2.6.38. + * + * Note that NFCT_OF_TIME displays the current time when nfct_snprintf() has + * been called. Thus, it can be used to know when a flow was destroy if you + * print the message just after you receive the destroy event. If you want + * more accurate timestamping, use NFCT_OF_TIMESTAMP. * * This function returns the size of the information that _would_ have been * written to the buffer, even if there was no room for it. Thus, the |