path: root/include
diff options
authorPablo Neira Ayuso <>2008-11-18 10:33:33 +0100
committerPablo Neira Ayuso <>2008-11-18 10:33:33 +0100
commit6d8903cbf33ac10e8e03f884a58e374adc366887 (patch)
tree23c0ae1222a109b6d91da3377f6e7a91e81a4ce0 /include
parentd6f1b4be37e97dabb5de2d9ae664ef8afeec37ae (diff)
filter: choose the filtering method via configuration file
This patch changes the current behaviour of the filtering selection. Up to now, conntrackd has used the kernel version to select the filtering method based on the following logic: If kernel is >= 2.6.26 we use BSF-based filtering from kernel-space, otherwise, default to userspace. However, this filtering method still lacks of IPv6 support and it requires a patch that got into 2.6.29 to filter IPv6 addresses from kernel-space. To fix this issue, we default to user-space filtering and let the user choose the method via the configuration file. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'include')
1 files changed, 1 insertions, 1 deletions
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 448d594..dc992db 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -91,7 +91,7 @@ struct ct_conf {
unsigned int resend_queue_size; /* FTFW protocol */
unsigned int window_size;
int cache_write_through;
- int kernel_support_netlink_bsf;
+ int filter_from_kernelspace;
struct {
char logfile[FILENAME_MAXLEN];
int syslog_facility;