conntrack display problem [Was Re: [ANNOUNCE] Release of
libnfnetlink, libnfnetlink_conntrack and conntrack]
Pablo Neira
pablo at netfilter.org
Wed Oct 5 18:39:24 CEST 2005
Krzysztof Oledzki wrote:
> It seems that conntrack is not able to display properly counters for
> incoming packets:
>
> # conntrack -L
> tcp 6 431999 ESTABLISHED src=192.168.0.33 dst=192.168.11.74
> sport=33328 dport=22 packets=2025 bytes=292027 src=192.168.11.74
> dst=192.168.0.33 sport=22 dport=33328 packets=0 bytes=0 [ASSURED] mark=0
> use=1 id=42
>
> # cat /proc/net/ip_conntrack
> tcp 6 431999 ESTABLISHED src=192.168.0.33 dst=192.168.11.74
> sport=33328 dport=22 packets=3106 bytes=218222 src=192.168.11.74
> dst=192.168.0.33 sport=22 dport=33328 packets=2015 bytes=290691
> [ASSURED] mark=0 use=1
Already fixed, please check SVN.
> BTW: Is it possible to use "id" to delete a conntrack?
Not yet but it will be soon. Then it could be possible to use the id
together with one of the tuples (original or reply) to kill conntracks.
--
Pablo
More information about the netfilter-devel
mailing list