Iptables – timestamp format of iptables recent proc-file

iptablestimestamp

I want to understand meaning of records in /proc/net/xt_recent/ip_list file (which is created by recent extension of iptables), e.g:

src=127.0.0.1 ttl: 128 last_seen: 4298627364 oldest_pkt: 3 4298623492, 4298625777, 4298627364

All fields look pretty obvious and last_look look like timestamp. But it isn't timestamp in UNIX-time format. Being converted as UNIX-time is equal 03/21/2106 18:19:24. Evidently it isn't a "last seen" time.

How can I extract correct value from last_seen time?

Thank you.

UPDATE

Just to avoid misconception:

$ date 
Mon Jun 15 14:14:00 MSK 2015

Best Answer

This should works:

FILE=iplist #This is file name of recent module output. It may vary on your system (like iplist)
TICKS=$(grep CONFIG_HZ= /boot/config-$(uname -r)|awk -F= '{print $2}') # Get current ticks per sec

printit()
{
    Len=`echo $1|wc -c`
    Date=$DATE
    Dot="."
    Loop=`echo 50-$Len|bc`
    loop=0
    while [ $loop -le $Loop ]
    do
    loop=`echo $loop+1|bc`
    Dot=`echo $Dot.`
    done
    echo "$1$Dot$DATE"
}
cat $FILE|while read LINE
do
    IP=`echo $LINE|awk '{print $1}'|awk -F= {'print $2'}`
    DATE=$(date -d@$(date +'%s'-$(echo \($(cat /proc/timer_list|grep -m1 -E '^jiffies'|cut -d" " -f2)-$(awk '{print $5}' $FILE)\)/$TICKS|bc)|bc))
    printit $IP $DATE
done

And there is an output of your example:

127.0.0.1..........................................Пн. мая 18 14:24:40 OMST 2015

Timezone may differ from you regional settings

Also you can check https://stackoverflow.com/questions/2731463/converting-jiffies-to-milli-seconds

Related Topic