owner-Match in 2.6.20-rc5
netfilter at basti79.de
Thu Jan 25 20:16:17 CET 2007
Am Donnerstag, den 25.01.2007, 10:23 +0100 schrieb Sebastian Claßen:
> Kernel: 2.6.20-rc5
> Iptables: v1.3.7-20070118
> The owner-Match seems not to match TCP-Packets any more. Can be tested
> by inserting the rule:
> iptables -I OUTPUT -m owner --uid-owner test-user -j LOG
> Simply su to the specified user and using netcat (nc) to send UDP and
> TCP packets shows only log entried with PROTO=UDP but none with TCP.
> Anyone can reproduce this and pearhaps got a solution??
I've just found out where the problem is. In 2.6.20-rc1 changelog the
following thing was modified:
[TCP]: Don't set SKB owner in tcp_transmit_skb().
That seems to break the owner-match for TCP packets. I was able to undo
the change with the attached one-line patch which fixed the problem for
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 402 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20070125/9f707c1d/owner-fix.bin
More information about the netfilter