Hello Pablo, I'm just rewriting input plugin ulog_inppkt_NFLOG.c to include conntrack params. I successfully included CT flags from enum ip_conntrack_status (assured, reply seen, ...) and CT state and direction from NFULA_CT_INFO. However, in NFULA_CT few counters from enum nf_conntrack_attr are still 0 value. For ex. ATTR_TIMESTAMP_START / STOP and ATTR_ORIG/REPL_COUNTER_PACKETS/BYTES. Is it normal, or am I missing some bug at parsing? ne 15. 8. 2021 o 18:23 Blažej Krajňák <blazej.krajnak@xxxxxxxxx> napísal(a): > > ne 15. 8. 2021 o 16:31 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote > > > > From the example ulogd2 configuration file in the tree: > > > > http://git.netfilter.org/ulogd2/tree/ulogd.conf.in#n77 > > > > # this is a stack for flow-based logging via XML > > #stack=ct1:NFCT,xml1:XML > > At first, thank you for fast response. Of course I saw this example, > but I have situation, where I need to know packet details (pktlen, > mac, ifindex) along with information of conntrack entry which this > packet triggered. > I modified one of the libnetfilter_log example utilities to print both > (packet and conntrack) information together. > https://drive.google.com/file/d/1wx_LAjH57czHyFwTBSUvSnOkMchWEiiq/view?usp=sharing > > Is there any way to do the same in ulogd?
