diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-07-22 12:13:43 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-07-22 12:13:43 +0200 |
commit | 77b1fdb824eb45213df4f57224e8e799fed43ded (patch) | |
tree | 282a395e7ab2d8fe8cfe12f34e6d09535d067101 /src/state_helper_tcp.c | |
parent | 2de606c2458067c48e72058a31af384574cf9c70 (diff) |
Major rework of the user-space event filtering
This patch reworks the user-space filtering. Although we have
kernel-space filtering since Linux kernel >= 2.6.26, we keep userspace
filtering to ensure backward compatibility. Moreover, this patch
prepares the implementation of the kernel-space filtering via
libnetfilter_conntrack's high-level berkeley socket filter API.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/state_helper_tcp.c')
-rw-r--r-- | src/state_helper_tcp.c | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/src/state_helper_tcp.c b/src/state_helper_tcp.c deleted file mode 100644 index 88af35e..0000000 --- a/src/state_helper_tcp.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * (C) 2006-2007 by Pablo Neira Ayuso <pablo@netfilter.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "conntrackd.h" -#include "state_helper.h" - -static int tcp_verdict(const struct state_replication_helper *h, - const struct nf_conntrack *ct) -{ - uint8_t t_state = nfct_get_attr_u8(ct, ATTR_TCP_STATE); - if (h->state & (1 << t_state)) - return ST_H_REPLICATE; - - return ST_H_SKIP; -} - -struct state_replication_helper tcp_state_helper = { - .proto = IPPROTO_TCP, - .verdict = tcp_verdict, -}; |