On Fri, Jan 2, 2015 at 12:14 AM, Dennis Jacobfeuerborn <dennisml@xxxxxxxxxxxx> wrote: > Hi, > I'm trying to write a small python script that creates some statistics > from the current conntrack entries of a system. The problem I've run > into is that I cannot find a good description of the output format of > the conntrack tool and while I initially though the format is reasonably > straightforward to deduce I ran into some snags. > > The format of a line not only changes with protocol and entry state but > even entries with the same protocol and state seem to have different > formats: > > tcp 6 3 CLOSE src=<IP1> dst=<IP2> sport=X dport=Y src=<IP2> > dst=<IP1> sport=Y dport=X mark=0 use=1 > > vs > > tcp 6 3 CLOSE src=<IP1> dst=<IP2> sport=X dport=Y src=<IP2> > dst=<IP1> sport=Y dport=X [ASSURED] mark=0 use=1 > > Why does one entry contain the [ASSURED] but the other does not? > > Also for some connections I see the [ASSURED] near the end of the line > but for others I see an [UNREPLIED] in the *middle* of the line and no > flag near the end of the line. You have had a look at conntrack -E's output to see those transitions happening in the [UPDATES]s? > > What is the meaning of the "use" field? > > What is the best way to parse this information in a reliable way? > > Regards, > Dennis > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html