[PATCH 2.6 NETFILTER] new netfilter module ipt_program.c

Patrick McHardy kaber at trash.net
Sat Sep 11 14:51:24 CEST 2004


Luke Kenneth Casson Leighton wrote:
> decided to put this into a separate module.  based on ipt_owner.c.
> does full program's pathname.  like ipt_owner, only suitable for
> outgoing connections.

I agree that it would be useful to match the full path, but
the patch is broken, as are the owner match's pid-, sid- and
command-matching options. You can't grab files->file_lock
outside of process context. Besides, we want to consolidate
functionality, not add new matches that do basically the same
as existing ones.

Regards
Patrick



More information about the netfilter-devel mailing list