ip conn tracking stats
Patrick Schaaf
bof@bof.de
Tue, 29 Jan 2002 09:18:57 +0100
> Is there a way to use the ip_conntrack proc file to log per connection byte
> counts?
You could extend the source code. There is no per-conntrack packet or
byte counter implemented in iptables. (It's a conntracking system,
not an accounting system.)
> Where can I find documentation of the ip_conntrack format?
See net/ipv4/netfilter/ip_conntrack_standalone.c, function print_conntrack().
> Using the
> line below, I've surmised that the 6 in position 2 is the protocol number,
> but what does the next number represent (e.g. 43200), the idle ttl for the
> connection?
>...
> tcp 6 432000 ESTABLISHED src=x.x.x.x dst=x.x.x.x sport=1069 dport=22
> src=x.x.x.x dst=x.x.x.x sport=22 dport=1069 [ASSURED] use=1
The number is the instantaneous timeout for the connection. It decrements
all the time. When it reaches 0, the conntrack goes away.
You can find the timers for the various guessed TCP states in
net/ipv4/netfilter/ip_conntrack_proto_tcp.c, in the definition
of the tcp_timeouts[] array.
> What are all the valid values for the state value within the [ ]
Snipping from include/linux/netfilter_ipv4/ip_conntrack.h:
/* It's an expected connection: bit 0 set. This bit never changed */
IPS_EXPECTED_BIT = 0,
/* We've seen packets both ways: bit 1 set. Can be set, not unset. */
IPS_SEEN_REPLY_BIT = 1,
/* Conntrack should never be early-expired. */
IPS_ASSURED_BIT = 2,
best regards
Patrick