filter: check if kernel-space filtering is available

Check if the Linux kernel is >= 2.6.26, otherwise it does not support kernel-space filtering. This is not clean but we have no choice, the BSF infrastructure does not return ENOTSUPP for unsupported operations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2008-09-17 13:07:54 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2008-09-17 13:07:54 +0200
commit: fc5c992b7010a733250633d55c4a6ab4932a7125 (patch)
tree: 5526a56d9307359243fc51b21af205c59d5f2891 /src/netlink.c
parent: bfa809f6c809f30706a9718506e7a575d44052a6 (diff)
1 files changed, 7 insertions, 10 deletions
diff --git a/src/netlink.c b/src/netlink.c
index a4b94dd..ad26201 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -112,16 +112,13 @@ int nl_init_event_handler(void)
 		return -1;
 
 	if (STATE(filter)) {
-		if (nfct_filter_attach(nfct_fd(STATE(event)),
-				       STATE(filter)) == -1) {
-			dlog(LOG_NOTICE, "cannot set netlink kernel-space "
-					 "event filtering, defaulting to "
-					 "user-space. We suggest you to "
-					 "upgrade your Linux kernel to "
-					 ">= 2.6.26. Operation returns: %s", 
-					 strerror(errno));
-			/* don't fail here, old kernels don't support this */
-		}
+		if (CONFIG(kernel_support_netlink_bsf)) {
+			if (nfct_filter_attach(nfct_fd(STATE(event)),
+					       STATE(filter)) == -1) {
+				dlog(LOG_ERR, "cannot set event filtering: %s",
+				     strerror(errno));
+			}
+		} 
 		nfct_filter_destroy(STATE(filter));
 	}
author	Pablo Neira Ayuso <pablo@netfilter.org>	2008-09-17 13:07:54 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2008-09-17 13:07:54 +0200
commit	fc5c992b7010a733250633d55c4a6ab4932a7125 (patch)
tree	5526a56d9307359243fc51b21af205c59d5f2891 /src/netlink.c
parent	bfa809f6c809f30706a9718506e7a575d44052a6 (diff)