[Bug 775] -m owner ! --uid-owner False positive logging

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Fri May 31 15:54:11 CEST 2013


Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
                 CC|                            |netfilter at linuxace.com

--- Comment #1 from Phil Oester <netfilter at linuxace.com> 2013-05-31 15:54:11 CEST ---
If the socket is in TCP_TIME_WAIT, then the uid will not be logged as it cannot
be determined:

        if (!sk || sk->sk_state == TCP_TIME_WAIT)

So you would need to figure out what state this socket is in when these "false
positives" are logged.  I would suggest that given this limitation, you either
live with the extra logging, or be more selective in what you log (e.g. by
using the ctstate match first?)

Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list