From 50162d3c19e38a491d95ec26767438ec25bab0dc Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 21 Oct 2008 19:11:42 +0200
Subject: filter: do not filter in user-space if kernel supports BSF

This patch avoids a double filtering in user-space and kernel-space if
the kernel support BSF. Since we do not use BSF for dumps and resyncs,
we add a new parameter to ignore_conntrack to indicate if we have to
perform the filtering in user-space or not.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/sync-mode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/sync-mode.c')

diff --git a/src/sync-mode.c b/src/sync-mode.c
index db199bc..4c22745 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -432,7 +432,7 @@ static int overrun_sync(enum nf_conntrack_msg_type type,
 {
 	struct us_conntrack *u;
 
-	if (ignore_conntrack(ct))
+	if (ignore_conntrack(ct, 1))
 		return NFCT_CB_CONTINUE;
 
 	/* This is required by kernels < 2.6.20 */
-- 
cgit v1.2.3