From 77b1fdb824eb45213df4f57224e8e799fed43ded Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 22 Jul 2008 12:13:43 +0200 Subject: Major rework of the user-space event filtering This patch reworks the user-space filtering. Although we have kernel-space filtering since Linux kernel >= 2.6.26, we keep userspace filtering to ensure backward compatibility. Moreover, this patch prepares the implementation of the kernel-space filtering via libnetfilter_conntrack's high-level berkeley socket filter API. Signed-off-by: Pablo Neira Ayuso --- src/read_config_lex.l | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'src/read_config_lex.l') diff --git a/src/read_config_lex.l b/src/read_config_lex.l index bdde3b6..584a4a3 100644 --- a/src/read_config_lex.l +++ b/src/read_config_lex.l @@ -68,11 +68,6 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k] "HashLimit" { return T_HASHLIMIT; } "Path" { return T_PATH; } "IgnoreProtocol" { return T_IGNORE_PROTOCOL; } -"UDP" { return T_UDP; } -"ICMP" { return T_ICMP; } -"VRRP" { return T_VRRP; } -"IGMP" { return T_IGMP; } -"TCP" { return T_TCP; } "IgnoreTrafficFor" { return T_IGNORE_TRAFFIC; } "StripNAT" { return T_STRIP_NAT; } "Backlog" { return T_BACKLOG; } @@ -103,12 +98,19 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k] "CLOSE_WAIT" { return T_CLOSE_WAIT; } "LAST_ACK" { return T_LAST_ACK; } "TIME_WAIT" { return T_TIME_WAIT; } -"CLOSE" { return T_CLOSE; } +"CLOSE" { return T_CLOSE; /* alias of CLOSED */ } +"CLOSED" { return T_CLOSE; } "LISTEN" { return T_LISTEN; } "LogFileBufferSize" { return T_STAT_BUFFER_SIZE; } "DestroyTimeout" { return T_DESTROY_TIMEOUT; } "McastSndSocketBuffer" { return T_MCAST_SNDBUFF; } "McastRcvSocketBuffer" { return T_MCAST_RCVBUFF; } +"Filter" { return T_FILTER; } +"Protocol" { return T_PROTOCOL; } +"Address" { return T_ADDRESS; } +"State" { return T_STATE; } +"Accept" { return T_ACCEPT; } +"Ignore" { return T_IGNORE; } {is_on} { return T_ON; } {is_off} { return T_OFF; } -- cgit v1.2.3