From: Vadim Kochan <vadi...@gmail.com> Allow set start/stop timestamp for new flows by setting:
/proc/sys/net/netfilter/nf_conntrack_timestamp on start and reset it on exit or panic. Signed-off-by: Vadim Kochan <vadi...@gmail.com> --- flowtop.c | 45 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/flowtop.c b/flowtop.c index d073715..cbeecea 100644 --- a/flowtop.c +++ b/flowtop.c @@ -88,11 +88,16 @@ struct flow_list { #define INCLUDE_ICMP (1 << 5) #define INCLUDE_SCTP (1 << 6) +struct sysctl_params_ctx { + int nfct_acct; + int nfct_tstamp; +}; + static volatile bool is_flow_collecting; static volatile sig_atomic_t sigint = 0; static int what = INCLUDE_IPV4 | INCLUDE_IPV6 | INCLUDE_TCP, show_src = 0; static struct flow_list flow_list; -static int nfct_acct_val = -1; +static struct sysctl_params_ctx sysctl = { -1, -1 }; static const char *short_options = "vhTUsDIS46u"; static const struct option long_options[] = { @@ -1107,12 +1112,17 @@ static int flow_event_cb(enum nf_conntrack_msg_type type, return NFCT_CB_CONTINUE; } -static void restore_sysctl(void *value) +static void restore_sysctl(void *obj) { - int int_val = *(int *)value; + struct sysctl_params_ctx *sysctl_ctx = (struct sysctl_params_ctx *)obj; - if (int_val == 0) - sysctl_set_int("net/netfilter/nf_conntrack_acct", int_val); + if (sysctl_ctx->nfct_acct == 0) + sysctl_set_int("net/netfilter/nf_conntrack_acct", + sysctl_ctx->nfct_acct); + + if (sysctl_ctx->nfct_tstamp == 0) + sysctl_set_int("net/netfilter/nf_conntrack_timestamp", + sysctl_ctx->nfct_tstamp); } static void on_panic_handler(void *arg) @@ -1124,12 +1134,12 @@ static void on_panic_handler(void *arg) static void conntrack_acct_enable(void) { /* We can still work w/o traffic accounting so just warn about error */ - if (sysctl_get_int("net/netfilter/nf_conntrack_acct", &nfct_acct_val)) { + if (sysctl_get_int("net/netfilter/nf_conntrack_acct", &sysctl.nfct_acct)) { fprintf(stderr, "Can't read net/netfilter/nf_conntrack_acct: %s\n", strerror(errno)); } - if (nfct_acct_val == 1) + if (sysctl.nfct_acct == 1) return; if (sysctl_set_int("net/netfilter/nf_conntrack_acct", 1)) { @@ -1138,6 +1148,22 @@ static void conntrack_acct_enable(void) } } +static void conntrack_tstamp_enable(void) +{ + if (sysctl_get_int("net/netfilter/nf_conntrack_timestamp", &sysctl.nfct_tstamp)) { + fprintf(stderr, "Can't read net/netfilter/nf_conntrack_timestamp: %s\n", + strerror(errno)); + } + + if (sysctl.nfct_tstamp == 1) + return; + + if (sysctl_set_int("net/netfilter/nf_conntrack_timestamp", 1)) { + fprintf(stderr, "Can't write net/netfilter/nf_conntrack_timestamp: %s\n", + strerror(errno)); + } +} + static int flow_update_cb(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data __maybe_unused) { @@ -1440,9 +1466,10 @@ int main(int argc, char **argv) register_signal(SIGTERM, signal_handler); register_signal(SIGHUP, signal_handler); - panic_handler_add(on_panic_handler, &nfct_acct_val); + panic_handler_add(on_panic_handler, &sysctl); conntrack_acct_enable(); + conntrack_tstamp_enable(); init_geoip(1); @@ -1454,7 +1481,7 @@ int main(int argc, char **argv) destroy_geoip(); - restore_sysctl(&nfct_acct_val); + restore_sysctl(&sysctl); return 0; } -- 2.4.2 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.