On 16/10/10 11:28, Jan Engelhardt wrote: > > On Saturday 2010-10-16 10:22, Pablo Neira Ayuso wrote: >> On 16/10/10 06:07, Italo Valcy wrote: >>> Hi guys! >>> >>> Is there an way to get time counter of the connections using >>> libnetfilter-conntrack? I mean, I'd like to know how long a connection >>> had taken (since the state NEW to DESTROY). >>> >>> Any ideias? >> >> The Linux kernel does not track this connection lifetime, so you would >> have to listen to NEW events, put the ct objects into some structure >> (hashtable, tree, list, etc) and calculate the difference by yourself >> once you receive DESTROY events. >> >> It wouldn't be hard to extend the existing code to do this in kernel space. > > One could just enhance the ct struct by a genesis timestamp, > and calculate the delta once the destroy event is sent out. Indeed, a small conntrack extension would be great. This can save lots of memory for ulogd2 and it could be useful for IPFIX implementations. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
