summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVadim Kochan <vadim4j@gmail.com>2015-09-02 02:31:17 +0300
committerTobias Klauser <tklauser@distanz.ch>2015-09-03 16:41:58 +0200
commite152b5e421db14e020b3cf60679361cb902dbb8b (patch)
treea4d71410845191d024f5abdcadb2d7fed0d92651
parent03d998b99b9a008c1b7215d9e4a2092946bedc61 (diff)
flowtop: Enable flow timestamp on start
Allow setting start/stop timestamp for new flows by enabling: /proc/sys/net/netfilter/nf_conntrack_timestamp on start and resetting it on exit or panic. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Remove unnecessary cast of void pointer] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
-rw-r--r--flowtop.c45
1 files changed, 36 insertions, 9 deletions
diff --git a/flowtop.c b/flowtop.c
index 274a6d1..0d36a0a 100644
--- a/flowtop.c
+++ b/flowtop.c
@@ -88,11 +88,16 @@ struct flow_list {
#define INCLUDE_ICMP (1 << 5)
#define INCLUDE_SCTP (1 << 6)
+struct sysctl_params_ctx {
+ int nfct_acct;
+ int nfct_tstamp;
+};
+
static volatile bool is_flow_collecting;
static volatile sig_atomic_t sigint = 0;
static int what = INCLUDE_IPV4 | INCLUDE_IPV6 | INCLUDE_TCP, show_src = 0;
static struct flow_list flow_list;
-static int nfct_acct_val = -1;
+static struct sysctl_params_ctx sysctl = { -1, -1 };
static const char *short_options = "vhTUsDIS46u";
static const struct option long_options[] = {
@@ -1102,12 +1107,17 @@ static int flow_event_cb(enum nf_conntrack_msg_type type,
return NFCT_CB_CONTINUE;
}
-static void restore_sysctl(void *value)
+static void restore_sysctl(void *obj)
{
- int int_val = *(int *)value;
+ struct sysctl_params_ctx *sysctl_ctx = obj;
- if (int_val == 0)
- sysctl_set_int("net/netfilter/nf_conntrack_acct", int_val);
+ if (sysctl_ctx->nfct_acct == 0)
+ sysctl_set_int("net/netfilter/nf_conntrack_acct",
+ sysctl_ctx->nfct_acct);
+
+ if (sysctl_ctx->nfct_tstamp == 0)
+ sysctl_set_int("net/netfilter/nf_conntrack_timestamp",
+ sysctl_ctx->nfct_tstamp);
}
static void on_panic_handler(void *arg)
@@ -1119,12 +1129,12 @@ static void on_panic_handler(void *arg)
static void conntrack_acct_enable(void)
{
/* We can still work w/o traffic accounting so just warn about error */
- if (sysctl_get_int("net/netfilter/nf_conntrack_acct", &nfct_acct_val)) {
+ if (sysctl_get_int("net/netfilter/nf_conntrack_acct", &sysctl.nfct_acct)) {
fprintf(stderr, "Can't read net/netfilter/nf_conntrack_acct: %s\n",
strerror(errno));
}
- if (nfct_acct_val == 1)
+ if (sysctl.nfct_acct == 1)
return;
if (sysctl_set_int("net/netfilter/nf_conntrack_acct", 1)) {
@@ -1133,6 +1143,22 @@ static void conntrack_acct_enable(void)
}
}
+static void conntrack_tstamp_enable(void)
+{
+ if (sysctl_get_int("net/netfilter/nf_conntrack_timestamp", &sysctl.nfct_tstamp)) {
+ fprintf(stderr, "Can't read net/netfilter/nf_conntrack_timestamp: %s\n",
+ strerror(errno));
+ }
+
+ if (sysctl.nfct_tstamp == 1)
+ return;
+
+ if (sysctl_set_int("net/netfilter/nf_conntrack_timestamp", 1)) {
+ fprintf(stderr, "Can't write net/netfilter/nf_conntrack_timestamp: %s\n",
+ strerror(errno));
+ }
+}
+
static int flow_update_cb(enum nf_conntrack_msg_type type,
struct nf_conntrack *ct, void *data __maybe_unused)
{
@@ -1435,9 +1461,10 @@ int main(int argc, char **argv)
register_signal(SIGTERM, signal_handler);
register_signal(SIGHUP, signal_handler);
- panic_handler_add(on_panic_handler, &nfct_acct_val);
+ panic_handler_add(on_panic_handler, &sysctl);
conntrack_acct_enable();
+ conntrack_tstamp_enable();
init_geoip(1);
@@ -1449,7 +1476,7 @@ int main(int argc, char **argv)
destroy_geoip();
- restore_sysctl(&nfct_acct_val);
+ restore_sysctl(&sysctl);
return 0;
}