diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/main.c | 4 | ||||
| -rw-r--r-- | src/netlink.c | 8 | ||||
| -rw-r--r-- | src/read_config_lex.l | 3 | ||||
| -rw-r--r-- | src/read_config_yy.y | 16 |
4 files changed, 23 insertions, 8 deletions
@@ -97,10 +97,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - /* BSF filter attaching does not report unsupported operations */ - if (version >= 2 && major >= 6 && minor >= 26) - CONFIG(kernel_support_netlink_bsf) = 1; - for (i=1; i<argc; i++) { switch(argv[i][1]) { case 'd': diff --git a/src/netlink.c b/src/netlink.c index 89a4ebc..b8a2a02 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -80,7 +80,7 @@ static int event_handler(enum nf_conntrack_msg_type type, void *data) { /* skip user-space filtering if already do it in the kernel */ - if (ignore_conntrack(ct, !CONFIG(kernel_support_netlink_bsf))) + if (ignore_conntrack(ct, !CONFIG(filter_from_kernelspace))) return NFCT_CB_STOP; switch(type) { @@ -113,14 +113,16 @@ int nl_init_event_handler(void) return -1; if (STATE(filter)) { - if (CONFIG(kernel_support_netlink_bsf)) { + if (CONFIG(filter_from_kernelspace)) { if (nfct_filter_attach(nfct_fd(STATE(event)), STATE(filter)) == -1) { dlog(LOG_ERR, "cannot set event filtering: %s", strerror(errno)); } dlog(LOG_NOTICE, "using kernel-space event filtering"); - } + } else + dlog(LOG_NOTICE, "using user-space event filtering"); + nfct_filter_destroy(STATE(filter)); } diff --git a/src/read_config_lex.l b/src/read_config_lex.l index 79d5b89..cbb6ca8 100644 --- a/src/read_config_lex.l +++ b/src/read_config_lex.l @@ -112,6 +112,9 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k] "Accept" { return T_ACCEPT; } "Ignore" { return T_IGNORE; } "PurgeTimeout" { return T_PURGE; } +"From" { return T_FROM; } +"Userspace" { return T_USERSPACE; } +"Kernelspace" { return T_KERNELSPACE; } {is_on} { return T_ON; } {is_off} { return T_OFF; } diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 0f6ffdc..06ada52 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -58,6 +58,7 @@ static void __kernel_filter_add_state(int value); %token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE T_DESTROY_TIMEOUT %token T_MCAST_RCVBUFF T_MCAST_SNDBUFF T_NOTRACK %token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE +%token T_FROM T_USERSPACE T_KERNELSPACE %token <string> T_IP T_PATH_VAL %token <val> T_NUMBER @@ -686,7 +687,20 @@ family : T_FAMILY T_STRING conf.family = AF_INET; }; -filter : T_FILTER '{' filter_list '}'; +filter : T_FILTER '{' filter_list '}' +{ + CONFIG(filter_from_kernelspace) = 0; +}; + +filter : T_FILTER T_FROM T_USERSPACE '{' filter_list '}' +{ + CONFIG(filter_from_kernelspace) = 0; +}; + +filter : T_FILTER T_FROM T_KERNELSPACE '{' filter_list '}' +{ + CONFIG(filter_from_kernelspace) = 1; +}; filter_list : | filter_list filter_item; |