filter: do not filter in user-space if kernel supports BSF

This patch avoids a double filtering in user-space and kernel-space if the kernel support BSF. Since we do not use BSF for dumps and resyncs, we add a new parameter to ignore_conntrack to indicate if we have to perform the filtering in user-space or not. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2008-10-21 19:11:42 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2008-10-21 19:11:42 +0200
commit: 50162d3c19e38a491d95ec26767438ec25bab0dc (patch)
tree: ccd81e73eeb254cf6fb9ab00c35be2628fe9bc3a /src/stats-mode.c
parent: 6d6ebd1247076c88ceeb8d9528d62cd38a5e909a (diff)
download: conntrack-tools-50162d3c19e38a491d95ec26767438ec25bab0dc.tar.gz
conntrack-tools-50162d3c19e38a491d95ec26767438ec25bab0dc.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/stats-mode.c b/src/stats-mode.c
index 1650d5d..763afe0 100644
--- a/src/stats-mode.c
+++ b/src/stats-mode.c
@@ -104,7 +104,7 @@ static int overrun_stats(enum nf_conntrack_msg_type type,
 			 struct nf_conntrack *ct,
 			 void *data)
 {
-	if (ignore_conntrack(ct))
+	if (ignore_conntrack(ct, 1))
 		return NFCT_CB_CONTINUE;
 
 	/* This is required by kernels < 2.6.20 */
author	Pablo Neira Ayuso <pablo@netfilter.org>	2008-10-21 19:11:42 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2008-10-21 19:11:42 +0200
commit	50162d3c19e38a491d95ec26767438ec25bab0dc (patch)
tree	ccd81e73eeb254cf6fb9ab00c35be2628fe9bc3a /src/stats-mode.c
parent	6d6ebd1247076c88ceeb8d9528d62cd38a5e909a (diff)
download	conntrack-tools-50162d3c19e38a491d95ec26767438ec25bab0dc.tar.gz conntrack-tools-50162d3c19e38a491d95ec26767438ec25bab0dc.zip