From 167a57cb822eb6ce3759f5de3a11c59849b494e4 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 23 Jul 2008 16:51:39 +0200
Subject: add support for kernel-space filtering via BSF

This patch adds support for kernel-space filtering via BSF by means of
the libnetfilter_conntrack's BSF high-level API.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'src/netlink.c')

diff --git a/src/netlink.c b/src/netlink.c
index 1823280..1287454 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -85,6 +85,20 @@ int nl_init_event_handler(void)
 	if (!STATE(event))
 		return -1;
 
+	if (STATE(filter)) {
+		if (nfct_filter_attach(nfct_fd(STATE(event)),
+				       STATE(filter)) == -1) {
+			dlog(LOG_NOTICE, "cannot set netlink kernel-space "
+					 "event filtering, defaulting to "
+					 "user-space. We suggest you to "
+					 "upgrade your Linux kernel to "
+					 ">= 2.6.26. Operation returns: %s", 
+					 strerror(errno));
+			/* don't fail here, old kernels don't support this */
+		}
+		nfct_filter_destroy(STATE(filter));
+	}
+
 	fcntl(nfct_fd(STATE(event)), F_SETFL, O_NONBLOCK);
 
 	/* set up socket buffer size */
-- 
cgit v1.2.3