summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/main.c4
-rw-r--r--src/netlink.c8
-rw-r--r--src/read_config_lex.l3
-rw-r--r--src/read_config_yy.y16
4 files changed, 23 insertions, 8 deletions
diff --git a/src/main.c b/src/main.c
index d6aa938..f811acf 100644
--- a/src/main.c
+++ b/src/main.c
@@ -97,10 +97,6 @@ int main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
- /* BSF filter attaching does not report unsupported operations */
- if (version >= 2 && major >= 6 && minor >= 26)
- CONFIG(kernel_support_netlink_bsf) = 1;
-
for (i=1; i<argc; i++) {
switch(argv[i][1]) {
case 'd':
diff --git a/src/netlink.c b/src/netlink.c
index 89a4ebc..b8a2a02 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -80,7 +80,7 @@ static int event_handler(enum nf_conntrack_msg_type type,
void *data)
{
/* skip user-space filtering if already do it in the kernel */
- if (ignore_conntrack(ct, !CONFIG(kernel_support_netlink_bsf)))
+ if (ignore_conntrack(ct, !CONFIG(filter_from_kernelspace)))
return NFCT_CB_STOP;
switch(type) {
@@ -113,14 +113,16 @@ int nl_init_event_handler(void)
return -1;
if (STATE(filter)) {
- if (CONFIG(kernel_support_netlink_bsf)) {
+ if (CONFIG(filter_from_kernelspace)) {
if (nfct_filter_attach(nfct_fd(STATE(event)),
STATE(filter)) == -1) {
dlog(LOG_ERR, "cannot set event filtering: %s",
strerror(errno));
}
dlog(LOG_NOTICE, "using kernel-space event filtering");
- }
+ } else
+ dlog(LOG_NOTICE, "using user-space event filtering");
+
nfct_filter_destroy(STATE(filter));
}
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index 79d5b89..cbb6ca8 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -112,6 +112,9 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k]
"Accept" { return T_ACCEPT; }
"Ignore" { return T_IGNORE; }
"PurgeTimeout" { return T_PURGE; }
+"From" { return T_FROM; }
+"Userspace" { return T_USERSPACE; }
+"Kernelspace" { return T_KERNELSPACE; }
{is_on} { return T_ON; }
{is_off} { return T_OFF; }
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 0f6ffdc..06ada52 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -58,6 +58,7 @@ static void __kernel_filter_add_state(int value);
%token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE T_DESTROY_TIMEOUT
%token T_MCAST_RCVBUFF T_MCAST_SNDBUFF T_NOTRACK
%token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE
+%token T_FROM T_USERSPACE T_KERNELSPACE
%token <string> T_IP T_PATH_VAL
%token <val> T_NUMBER
@@ -686,7 +687,20 @@ family : T_FAMILY T_STRING
conf.family = AF_INET;
};
-filter : T_FILTER '{' filter_list '}';
+filter : T_FILTER '{' filter_list '}'
+{
+ CONFIG(filter_from_kernelspace) = 0;
+};
+
+filter : T_FILTER T_FROM T_USERSPACE '{' filter_list '}'
+{
+ CONFIG(filter_from_kernelspace) = 0;
+};
+
+filter : T_FILTER T_FROM T_KERNELSPACE '{' filter_list '}'
+{
+ CONFIG(filter_from_kernelspace) = 1;
+};
filter_list :
| filter_list filter_item;