summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2008-09-17 13:07:54 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2008-09-17 13:07:54 +0200
commitfc5c992b7010a733250633d55c4a6ab4932a7125 (patch)
tree5526a56d9307359243fc51b21af205c59d5f2891
parentbfa809f6c809f30706a9718506e7a575d44052a6 (diff)
filter: check if kernel-space filtering is available
Check if the Linux kernel is >= 2.6.26, otherwise it does not support kernel-space filtering. This is not clean but we have no choice, the BSF infrastructure does not return ENOTSUPP for unsupported operations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--include/conntrackd.h1
-rw-r--r--src/main.c4
-rw-r--r--src/netlink.c17
3 files changed, 12 insertions, 10 deletions
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 23f5306..c0bb4bb 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -90,6 +90,7 @@ struct ct_conf {
unsigned int resend_queue_size; /* FTFW protocol */
unsigned int window_size;
int cache_write_through;
+ int kernel_support_netlink_bsf;
struct {
char logfile[FILENAME_MAXLEN];
int syslog_facility;
diff --git a/src/main.c b/src/main.c
index 7360b77..a53b0a8 100644
--- a/src/main.c
+++ b/src/main.c
@@ -95,6 +95,10 @@ int main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
+ /* BSF filter attaching does not report unsupported operations */
+ if (version >= 2 && major >= 6 && minor >= 26)
+ CONFIG(kernel_support_netlink_bsf) = 1;
+
for (i=1; i<argc; i++) {
switch(argv[i][1]) {
case 'd':
diff --git a/src/netlink.c b/src/netlink.c
index a4b94dd..ad26201 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -112,16 +112,13 @@ int nl_init_event_handler(void)
return -1;
if (STATE(filter)) {
- if (nfct_filter_attach(nfct_fd(STATE(event)),
- STATE(filter)) == -1) {
- dlog(LOG_NOTICE, "cannot set netlink kernel-space "
- "event filtering, defaulting to "
- "user-space. We suggest you to "
- "upgrade your Linux kernel to "
- ">= 2.6.26. Operation returns: %s",
- strerror(errno));
- /* don't fail here, old kernels don't support this */
- }
+ if (CONFIG(kernel_support_netlink_bsf)) {
+ if (nfct_filter_attach(nfct_fd(STATE(event)),
+ STATE(filter)) == -1) {
+ dlog(LOG_ERR, "cannot set event filtering: %s",
+ strerror(errno));
+ }
+ }
nfct_filter_destroy(STATE(filter));
}