Merge branch 'master' of https://github.com/rdenniston/zeek

* 'master' of https://github.com/rdenniston/zeek: Add linux netfilter NFLOG capture functionality initial commit I made modifications: - Formatting / code style - More error handling and validity checks - The Type and Length value of TLVs is technically host order - Changed / fixed the Length value padding check: it's generally 32-bit alignment, not just aligning any TLV less than 8 bytes.
2025-10-02 14:48:21 +00:00 · 2019-03-19 19:12:47 -07:00 · 2019-03-19 19:12:47 -07:00 · a262ed8d9c
commit a262ed8d9c
parent eb9a05cd25 5262237c3b
9 changed files with 132 additions and 4 deletions
--- a/src/iosource/pcap/Source.cc
+++ b/src/iosource/pcap/Source.cc
@ -247,10 +247,20 @@ bool PcapSource::SetFilter(int index)
 		return false;
 		}

-	if ( pcap_setfilter(pd, code->GetProgram()) < 0 )
+	if ( LinkType() == DLT_NFLOG )
 		{
-		PcapError();
-		return false;
+		// No-op, NFLOG does not support BPF filters.
+		// Raising a warning might be good, but it would also be noisy
+		// since the default scripts will always attempt to compile
+		// and install a default filter
+		}
+	else
+		{
+		if ( pcap_setfilter(pd, code->GetProgram()) < 0 )
+			{
+			PcapError();
+			return false;
+			}
 		}

 #ifndef HAVE_LINUX