Hi all, I was hoping to get the last TCP state in a conntrack destroy event, however it seems to be unavailable. Through libnetfilter_conntrack the value retrieved at ATTR_TCP_STATE is always 0. Using the conntrack command I see the same behavior: destroy doesn't have it (conntrack -E -e destroy -p tcp): [DESTROY] tcp 6 src=218.65.30.38 dst=192.168.178.254 sport=61063 dport=22 packets=11 bytes=820 src=192.168.0.123 dst=218.65.30.38 sport=22 dport=61063 packets=8 bytes=424 [ASSURED] mark=3 delta-time=77 update does (conntrack -E -e updates -p tcp): [UPDATE] tcp 6 120 FIN_WAIT src=192.168.0.53 dst=x.x.x.x sport=52958 dport=443 src=x.x.x.x dst=192.168.178.254 sport=443 dport=52958 [ASSURED] mark=3 Is this intentional? My goal is to create connection log that includes a hint about why the connection is gone. -- --------------------------------------------- Victor Julien http://www.inliniac.net/ PGP: http://www.inliniac.net/victorjulien.asc --------------------------------------------- -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
