diff options
Diffstat (limited to 'src/conntrack/api.c')
-rw-r--r-- | src/conntrack/api.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 6b73817..2262974 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -356,6 +356,7 @@ void nfct_callback_unregister2(struct nfct_handle *h) * - ATTR_ID * - ATTR_*_COUNTER_* * - ATTR_SECCTX + * - ATTR_TIMESTAMP_* * The call of this function for such attributes do nothing. */ void nfct_set_attr(struct nf_conntrack *ct, @@ -970,7 +971,20 @@ int nfct_catch(struct nfct_handle *h) * The output flags are: * - NFCT_OF_SHOW_LAYER3: include layer 3 information in the output, * this is *only* required by NFCT_O_DEFAULT. - * - NFCT_OF_TIME: display time. + * - NFCT_OF_TIME: display current time. + * - NFCT_OF_ID: display the ID number. + * - NFCT_OF_TIMESTAMP: display creation and (if exists) deletion time. + * + * To use NFCT_OF_TIMESTAMP, you have to: + * \verbatim + * $ echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp +\endverbatim + * This requires a Linux kernel >= 2.6.38. + * + * Note that NFCT_OF_TIME displays the current time when nfct_snprintf() has + * been called. Thus, it can be used to know when a flow was destroy if you + * print the message just after you receive the destroy event. If you want + * more accurate timestamping, use NFCT_OF_TIMESTAMP. * * This function returns the size of the information that _would_ have been * written to the buffer, even if there was no room for it. Thus, the |