From fc5c992b7010a733250633d55c4a6ab4932a7125 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 17 Sep 2008 13:07:54 +0200 Subject: filter: check if kernel-space filtering is available Check if the Linux kernel is >= 2.6.26, otherwise it does not support kernel-space filtering. This is not clean but we have no choice, the BSF infrastructure does not return ENOTSUPP for unsupported operations. Signed-off-by: Pablo Neira Ayuso --- include/conntrackd.h | 1 + src/main.c | 4 ++++ src/netlink.c | 17 +++++++---------- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/include/conntrackd.h b/include/conntrackd.h index 23f5306..c0bb4bb 100644 --- a/include/conntrackd.h +++ b/include/conntrackd.h @@ -90,6 +90,7 @@ struct ct_conf { unsigned int resend_queue_size; /* FTFW protocol */ unsigned int window_size; int cache_write_through; + int kernel_support_netlink_bsf; struct { char logfile[FILENAME_MAXLEN]; int syslog_facility; diff --git a/src/main.c b/src/main.c index 7360b77..a53b0a8 100644 --- a/src/main.c +++ b/src/main.c @@ -95,6 +95,10 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } + /* BSF filter attaching does not report unsupported operations */ + if (version >= 2 && major >= 6 && minor >= 26) + CONFIG(kernel_support_netlink_bsf) = 1; + for (i=1; i= 2.6.26. Operation returns: %s", - strerror(errno)); - /* don't fail here, old kernels don't support this */ - } + if (CONFIG(kernel_support_netlink_bsf)) { + if (nfct_filter_attach(nfct_fd(STATE(event)), + STATE(filter)) == -1) { + dlog(LOG_ERR, "cannot set event filtering: %s", + strerror(errno)); + } + } nfct_filter_destroy(STATE(filter)); } -- cgit v1.2.3