[Bug 775] New: -m owner ! --uid-owner False positive logging

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Thu Mar 8 14:40:57 CET 2012


           Summary: -m owner ! --uid-owner False positive logging
           Product: netfilter/iptables
           Version: unspecified
          Platform: i386
        OS/Version: other
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ip_tables (kernel)
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: kc-netfilterbugs at chadwicks.me.uk
   Estimated Hours: 0.0

On more than one machine using a grsecurity kernel 3.2.9 and iptables v1.4.12.2
though not yet verified on other kernels with the rule.

/usr/sbin/iptables -A OUTPUT -m owner ! --uid-owner bob -m limit --limit 5/sec
--limit-burst 8 -j LOG --log-uid --log-prefix "Not user bob? "

False positive logs similar to:

kernel: Not user bob? IN= OUT=eth0 SRC= DST= LEN=52
TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=59934 DPT=80 WINDOW=16404

These packets are from the bob user and yet they are logged whilst the other
parts of the connection are not correctly.

All Log output states ID=0 ACK URGP and without the UID logged.

Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list