Recent kernels support conntrack time stamping, which is a helpful
feature to determine the duration of a flow without building a flow
cache in your user space application, just to keep the 'start' time of
your flow.

Timestamps are recorded with nanosecond resolution once this feature
is enabled.

This patch adds optional support for the CTA_TIMESTAMP, then
modifies the dump routine to write that info in a format similar
to /proc/net/nf_conntrack.  This is an example output when using
NL_DUMP_LINE:

  udp 10.128.128.28:56836 <-> 10.128.129.255:8612 delta-time 30

Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>

Index: libnl/include/netlink-private/netlink.h
===================================================================
--- libnl.orig/include/netlink-private/netlink.h
+++ libnl/include/netlink-private/netlink.h
@@ -67,6 +67,8 @@
 #include <netlink-private/cache-api.h>
 #include <netlink-private/types.h>
 
+#define NSEC_PER_SEC	1000000000L
+
 struct trans_tbl {
 	int i;
 	const char *a;
Index: libnl/include/netlink-private/types.h
===================================================================
--- libnl.orig/include/netlink-private/types.h
+++ libnl/include/netlink-private/types.h
@@ -19,6 +19,7 @@
 #include <netlink/route/rtnl.h>
 #include <netlink/route/route.h>
 #include <netlink/idiag/idiagnl.h>
+#include <netlink/netfilter/ct.h>
 #include <netlink-private/route/tc-api.h>
 
 #define NL_SOCK_BUFSIZE_SET	(1<<0)
@@ -794,6 +795,8 @@ struct nfnl_ct {
 
 	struct nfnl_ct_dir	ct_orig;
 	struct nfnl_ct_dir	ct_repl;
+
+	struct nfnl_ct_timestamp ct_tstamp;
 };
 
 union nfnl_exp_protodata {
Index: libnl/include/netlink/netfilter/ct.h
===================================================================
--- libnl.orig/include/netlink/netfilter/ct.h
+++ libnl/include/netlink/netfilter/ct.h
@@ -25,6 +25,11 @@ extern "C" {
 
 struct nfnl_ct;
 
+struct nfnl_ct_timestamp {
+	uint64_t		start;
+	uint64_t		stop;
+};
+
 extern struct nl_object_ops ct_obj_ops;
 
 extern struct nfnl_ct *	nfnl_ct_alloc(void);
@@ -119,6 +124,10 @@ extern void	nfnl_ct_set_bytes(struct nfn
 extern int	nfnl_ct_test_bytes(const struct nfnl_ct *, int);
 extern uint64_t	nfnl_ct_get_bytes(const struct nfnl_ct *, int);
 
+extern void nfnl_ct_set_timestamp(struct nfnl_ct *, uint64_t, uint64_t);
+extern int nfnl_ct_test_timestamp(const struct nfnl_ct *);
+extern const struct nfnl_ct_timestamp *nfnl_ct_get_timestamp(const struct nfnl_ct *);
+
 #ifdef __cplusplus
 }
 #endif
Index: libnl/lib/netfilter/ct.c
===================================================================
--- libnl.orig/lib/netfilter/ct.c
+++ libnl/lib/netfilter/ct.c
@@ -102,6 +102,11 @@ static struct nla_policy ct_counters_pol
 	[CTA_COUNTERS32_BYTES]	= { .type = NLA_U32 },
 };
 
+static struct nla_policy ct_timestamp_policy[CTA_TIMESTAMP_MAX + 1] = {
+	[CTA_TIMESTAMP_START]	= { .type = NLA_U64 },
+	[CTA_TIMESTAMP_STOP]	= { .type = NLA_U64 },
+};
+
 static int ct_parse_ip(struct nfnl_ct *ct, int repl, struct nlattr *attr)
 {
 	struct nlattr *tb[CTA_IP_MAX+1];
@@ -300,6 +305,24 @@ int nfnlmsg_ct_group(struct nlmsghdr *nl
 	}
 }
 
+static int ct_parse_timestamp(struct nfnl_ct *ct, struct nlattr *attr)
+{
+	struct nlattr *tb[CTA_TIMESTAMP_MAX + 1];
+	int err;
+
+	err = nla_parse_nested(tb, CTA_TIMESTAMP_MAX, attr,
+			       ct_timestamp_policy);
+	if (err < 0)
+		return err;
+
+	if (tb[CTA_TIMESTAMP_START] && tb[CTA_TIMESTAMP_STOP])
+		nfnl_ct_set_timestamp(ct,
+			      ntohll(nla_get_u64(tb[CTA_TIMESTAMP_START])),
+			      ntohll(nla_get_u64(tb[CTA_TIMESTAMP_STOP])));
+
+	return 0;
+}
+
 int nfnlmsg_ct_parse(struct nlmsghdr *nlh, struct nfnl_ct **result)
 {
 	struct nfnl_ct *ct;
@@ -358,6 +381,12 @@ int nfnlmsg_ct_parse(struct nlmsghdr *nl
 		if (err < 0)
 			goto errout;
 	}
+
+	if (tb[CTA_TIMESTAMP]) {
+		err = ct_parse_timestamp(ct, tb[CTA_TIMESTAMP]);
+		if (err < 0)
+			goto errout;
+	}
 
 	*result = ct;
 	return 0;
Index: libnl/lib/netfilter/ct_obj.c
===================================================================
--- libnl.orig/lib/netfilter/ct_obj.c
+++ libnl/lib/netfilter/ct_obj.c
@@ -51,6 +51,7 @@
 #define CT_ATTR_REPL_ICMP_CODE	(1UL << 23)
 #define CT_ATTR_REPL_PACKETS	(1UL << 24)
 #define CT_ATTR_REPL_BYTES	(1UL << 25)
+#define CT_ATTR_TIMESTAMP	(1UL << 26)
 /** @endcond */
 
 static void ct_free_data(struct nl_object *c)
@@ -192,6 +193,17 @@ static void ct_dump_line(struct nl_objec
 	if (nfnl_ct_test_mark(ct) && nfnl_ct_get_mark(ct))
 		nl_dump(p, "mark %u ", nfnl_ct_get_mark(ct));
 
+	if (nfnl_ct_test_timestamp(ct)) {
+		const struct nfnl_ct_timestamp *tstamp = nfnl_ct_get_timestamp(ct);
+		int64_t delta_time = tstamp->stop - tstamp->start;
+
+		if (delta_time > 0)
+			delta_time /= NSEC_PER_SEC;
+		else
+			delta_time = 0;
+		nl_dump(p, "delta-time %llu ", delta_time);
+	}
+
 	nl_dump(p, "\n");
 }
 
@@ -777,6 +789,23 @@ uint64_t nfnl_ct_get_bytes(const struct
 	return dir->bytes;
 }
 
+void nfnl_ct_set_timestamp(struct nfnl_ct *ct, uint64_t start, uint64_t stop)
+{
+	ct->ct_tstamp.start = start;
+	ct->ct_tstamp.stop = stop;
+	ct->ce_mask |= CT_ATTR_TIMESTAMP;
+}
+
+int nfnl_ct_test_timestamp(const struct nfnl_ct *ct)
+{
+	return !!(ct->ce_mask & CT_ATTR_TIMESTAMP);
+}
+
+const struct nfnl_ct_timestamp *nfnl_ct_get_timestamp(const struct nfnl_ct *ct)
+{
+	return &ct->ct_tstamp;
+}
+
 /** @} */
 
 struct nl_object_ops ct_obj_ops = {