owner-Match in 2.6.20-rc5
Sebastian
netfilter at basti79.de
Thu Jan 25 20:16:17 CET 2007
Am Donnerstag, den 25.01.2007, 10:23 +0100 schrieb Sebastian Claßen:
> Hi...
>
> Kernel: 2.6.20-rc5
> Iptables: v1.3.7-20070118
>
> The owner-Match seems not to match TCP-Packets any more. Can be tested
> by inserting the rule:
> iptables -I OUTPUT -m owner --uid-owner test-user -j LOG
>
> Simply su to the specified user and using netcat (nc) to send UDP and
> TCP packets shows only log entried with PROTO=UDP but none with TCP.
>
> Anyone can reproduce this and pearhaps got a solution??
>
> Greets
> Sebastian.
>
Hi again...
I've just found out where the problem is. In 2.6.20-rc1 changelog the
following thing was modified:
[TCP]: Don't set SKB owner in tcp_transmit_skb().
That seems to break the owner-match for TCP packets. I was able to undo
the change with the attached one-line patch which fixed the problem for
me.
Greets
Sebastian.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owner-fix.diff
Type: text/x-patch
Size: 402 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20070125/9f707c1d/owner-fix.bin
More information about the netfilter
mailing list