• Pablo Neira Ayuso's avatar
    netfilter: nf_conntrack_tstamp: add flow-based timestamp extension · a992ca2a
    Pablo Neira Ayuso authored
    This patch adds flow-based timestamping for conntracks. This
    conntrack extension is disabled by default. Basically, we use
    two 64-bits variables to store the creation timestamp once the
    conntrack has been confirmed and the other to store the deletion
    time. This extension is disabled by default, to enable it, you
    have to:
    
    echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp
    
    This patch allows to save memory for user-space flow-based
    loogers such as ulogd2. In short, ulogd2 does not need to
    keep a hashtable with the conntrack in user-space to know
    when they were created and destroyed, instead we use the
    kernel timestamp. If we want to have a sane IPFIX implementation
    in user-space, this nanosecs resolution timestamps are also
    useful. Other custom user-space applications can benefit from
    this via libnetfilter_conntrack.
    
    This patch modifies the /proc output to display the delta time
    in seconds since the flow start. You can also obtain the
    flow-start date by means of the conntrack-tools.
    Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
    a992ca2a
conntrack.h 933 Bytes