From 6d8903cbf33ac10e8e03f884a58e374adc366887 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 18 Nov 2008 10:33:33 +0100
Subject: filter: choose the filtering method via configuration file

This patch changes the current behaviour of the filtering selection.
Up to now, conntrackd has used the kernel version to select the
filtering method based on the following logic: If kernel is >= 2.6.26
we use BSF-based filtering from kernel-space, otherwise, default to
userspace.

However, this filtering method still lacks of IPv6 support and
it requires a patch that got into 2.6.29 to filter IPv6 addresses
from kernel-space. To fix this issue, we default to user-space
filtering and let the user choose the method via the configuration
file.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/read_config_lex.l | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/read_config_lex.l')

diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index 79d5b89..cbb6ca8 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -112,6 +112,9 @@ notrack		[N|n][O|o][T|t][R|r][A|a][C|c][K|k]
 "Accept"			{ return T_ACCEPT; }
 "Ignore"			{ return T_IGNORE; }
 "PurgeTimeout"			{ return T_PURGE; }
+"From"				{ return T_FROM; }
+"Userspace"			{ return T_USERSPACE; }
+"Kernelspace"			{ return T_KERNELSPACE; }
 
 {is_on}			{ return T_ON; }
 {is_off}		{ return T_OFF; }
-- 
cgit v1.2.3