[PATCH conntrack-tools 3/3] conntrack: add -o userspace option to tag user-triggered events

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following command:

 # conntrack -E -o userspace &
 # conntrack -F
 [DESTROY] tcp      6 src=122.127.186.172 dst=192.168.10.195 sport=443 dport=48232 packets=56 bytes=5313 src=192.168.10.195 dst=122.127.186.172 sport=48232 dport=443 packets=49 bytes=5174 [ASSURED] [USERSPACE]

prints the [USERSPACE] tag at the end of the event, this tells users if
this event has been triggered by process, eg. via conntrack command
invocation.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 conntrack.8     |  3 ++-
 src/conntrack.c | 19 ++++++++++++++-----
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/conntrack.8 b/conntrack.8
index e069dfe3809e..3c1e960e910e 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -109,13 +109,14 @@ Show the in-kernel connection tracking system statistics.
 Atomically zero counters after reading them.  This option is only valid in
 combination with the "\-L, \-\-dump" command options.
 .TP
-.BI "-o, --output [extended,xml,timestamp,id,ktimestamp,labels] "
+.BI "-o, --output [extended,xml,timestamp,id,ktimestamp,labels,userspace] "
 Display output in a certain format. With the extended output option, this tool
 displays the layer 3 information. With ktimestamp, it displays the in-kernel
 timestamp available since 2.6.38 (you can enable it via the \fBsysctl(8)\fP
 key \fBnet.netfilter.nf_conntrack_timestamp\fP).
 The labels output option tells \fBconntrack\fP to show the names of connection
 tracking labels that might be present.
+The userspace output options tells if the event has been triggered by a process.
 .TP
 .BI "-e, --event-mask " "[ALL|NEW|UPDATES|DESTROY][,...]"
 Set the bitmask of events that are to be generated by the in-kernel ctnetlink
diff --git a/src/conntrack.c b/src/conntrack.c
index e3abe9ff698e..daa93dbbdfe2 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -854,6 +854,7 @@ enum {
 	_O_ID	= (1 << 3),
 	_O_KTMS	= (1 << 4),
 	_O_CL	= (1 << 5),
+	_O_US	= (1 << 6),
 };
 
 enum {
@@ -864,16 +865,16 @@ enum {
 };
 
 static struct parse_parameter {
-	const char	*parameter[6];
+	const char	*parameter[7];
 	size_t  size;
-	unsigned int value[6];
+	unsigned int value[7];
 } parse_array[PARSE_MAX] = {
 	{ {"ASSURED", "SEEN_REPLY", "UNSET", "FIXED_TIMEOUT", "EXPECTED"}, 5,
 	  { IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED} },
 	{ {"ALL", "NEW", "UPDATES", "DESTROY"}, 4,
 	  { CT_EVENT_F_ALL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_EVENT_F_DEL } },
-	{ {"xml", "extended", "timestamp", "id", "ktimestamp", "labels", }, 6,
-	  { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS, _O_CL },
+	{ {"xml", "extended", "timestamp", "id", "ktimestamp", "labels", "userspace" }, 7,
+	  { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS, _O_CL, _O_US },
 	},
 };
 
@@ -1427,6 +1428,7 @@ static int event_cb(const struct nlmsghdr *nlh, void *data)
 	enum nf_conntrack_msg_type type;
 	unsigned int op_flags = 0;
 	struct nf_conntrack *ct;
+	bool userspace = false;
 	char buf[1024];
 
 	switch(nlh->nlmsg_type & 0xff) {
@@ -1480,7 +1482,14 @@ static int event_cb(const struct nlmsghdr *nlh, void *data)
 
 	nfct_snprintf_labels(buf, sizeof(buf), ct, type, op_type, op_flags, labelmap);
 
-	printf("%s\n", buf);
+	if (output_mask & _O_US) {
+		if (nlh->nlmsg_pid)
+			userspace = true;
+		else
+			userspace = false;
+	}
+
+	printf("%s%s\n", buf, userspace ? " [USERSPACE]" : "");
 	fflush(stdout);
 
 	counter++;
-- 
2.11.0




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux