OK, I am a bit confused as to what to use and patch.
I took a look at libctnetlink and ctrace and it looks like a program based on these using the event notification could be used quite easily to produce the sort of connection logging that would be very useful. The patch from http://www.roughtrade.net/linux/ provides a patch to ctnetlink that adds countrers per tuple, but you are saying that is included in the latest version of ctnetlink has that already? Would the patch at roughtrade.net for ctrace work with these stats? And finally, the nfnetlink patch (NETLINK.patch in the base directory) includes all of the ctnetlink stuff so you don't need/shouldn't use the ctnetlink patch---is this correct? (though adding Martin's patches would be prudent) Or did I miss something? ('cause I didn't see much similar in the NETLINK patch) Thanks, Alex On Thu, 2002-04-11 at 08:49, Jay Schulist wrote: > On 10 Apr 2002, Martin Josefsson wrote: > > > There is partital support for this in the ctnetlink patch. > > together with a program called ctrace you can monitor the creation and > > ending of connections. It doesn't have support for bytes/packets out of > > the box but there's a patch that adds that. I don't know exactly what it > > can report as I havn't used ctnetlink for that, I've only tested it > > briefly and saw that it reported stuff :) > > > > The ctnetlink patch has been integrated into a more general nfnetlink > patch, nfnetlink provides the same functionallity as ctnetlink and more. > > In the latest version of ctnetlink packet and byte statistics are kept on > a per tuple basis. Basically all the information in the ip_conntrack > kernel structure is available to the user through ctnetlink. > > J. > > >
