[PATCH 2.6 NETFILTER] new netfilter module ipt_program.c
kaber at trash.net
Sat Sep 11 14:51:24 CEST 2004
Luke Kenneth Casson Leighton wrote:
> decided to put this into a separate module. based on ipt_owner.c.
> does full program's pathname. like ipt_owner, only suitable for
> outgoing connections.
I agree that it would be useful to match the full path, but
the patch is broken, as are the owner match's pid-, sid- and
command-matching options. You can't grab files->file_lock
outside of process context. Besides, we want to consolidate
functionality, not add new matches that do basically the same
as existing ones.
More information about the netfilter-devel