add support for kernel-space filtering via BSF

This patch adds support for kernel-space filtering via BSF by means of the libnetfilter_conntrack's BSF high-level API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2008-07-23 16:51:39 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2008-07-23 16:51:39 +0200
commit: 167a57cb822eb6ce3759f5de3a11c59849b494e4 (patch)
tree: 77b93103a50e66fabcfe51302c9c46ac746c9e91 /src/netlink.c
parent: 77b1fdb824eb45213df4f57224e8e799fed43ded (diff)
download: conntrack-tools-167a57cb822eb6ce3759f5de3a11c59849b494e4.tar.gz
conntrack-tools-167a57cb822eb6ce3759f5de3a11c59849b494e4.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/src/netlink.c b/src/netlink.c
index 1823280..1287454 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -85,6 +85,20 @@ int nl_init_event_handler(void)
 	if (!STATE(event))
 		return -1;
 
+	if (STATE(filter)) {
+		if (nfct_filter_attach(nfct_fd(STATE(event)),
+				       STATE(filter)) == -1) {
+			dlog(LOG_NOTICE, "cannot set netlink kernel-space "
+					 "event filtering, defaulting to "
+					 "user-space. We suggest you to "
+					 "upgrade your Linux kernel to "
+					 ">= 2.6.26. Operation returns: %s", 
+					 strerror(errno));
+			/* don't fail here, old kernels don't support this */
+		}
+		nfct_filter_destroy(STATE(filter));
+	}
+
 	fcntl(nfct_fd(STATE(event)), F_SETFL, O_NONBLOCK);
 
 	/* set up socket buffer size */
author	Pablo Neira Ayuso <pablo@netfilter.org>	2008-07-23 16:51:39 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2008-07-23 16:51:39 +0200
commit	167a57cb822eb6ce3759f5de3a11c59849b494e4 (patch)
tree	77b93103a50e66fabcfe51302c9c46ac746c9e91 /src/netlink.c
parent	77b1fdb824eb45213df4f57224e8e799fed43ded (diff)
download	conntrack-tools-167a57cb822eb6ce3759f5de3a11c59849b494e4.tar.gz conntrack-tools-167a57cb822eb6ce3759f5de3a11c59849b494e4.zip