0 Hi Did you enable sysctl parameters. sysctl -w nf_conntrack_acct=1 sysctl -w nf_conntrack_timestamp=1 On 8/17/21, Blažej Krajňák <blazej.krajnak@xxxxxxxxx> wrote: > Hello Pablo, > > I'm just rewriting input plugin ulog_inppkt_NFLOG.c to include > conntrack params. I successfully included CT flags from enum > ip_conntrack_status (assured, reply seen, ...) and CT state and > direction from NFULA_CT_INFO. > > However, in NFULA_CT few counters from enum nf_conntrack_attr are > still 0 value. For ex. ATTR_TIMESTAMP_START / STOP and > ATTR_ORIG/REPL_COUNTER_PACKETS/BYTES. > Is it normal, or am I missing some bug at parsing? > > ne 15. 8. 2021 o 18:23 Blažej Krajňák <blazej.krajnak@xxxxxxxxx> > napísal(a): >> >> ne 15. 8. 2021 o 16:31 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote >> > >> > From the example ulogd2 configuration file in the tree: >> > >> > http://git.netfilter.org/ulogd2/tree/ulogd.conf.in#n77 >> > >> > # this is a stack for flow-based logging via XML >> > #stack=ct1:NFCT,xml1:XML >> >> At first, thank you for fast response. Of course I saw this example, >> but I have situation, where I need to know packet details (pktlen, >> mac, ifindex) along with information of conntrack entry which this >> packet triggered. >> I modified one of the libnetfilter_log example utilities to print both >> (packet and conntrack) information together. >> https://drive.google.com/file/d/1wx_LAjH57czHyFwTBSUvSnOkMchWEiiq/view?usp=sharing >> >> Is there any way to do the same in ulogd? >
