Re: [PATCH 3/3] xt_owner match

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Nov 19 2007 16:43, Patrick McHardy wrote:
>
> Please keep both.
>
Right.

>> +config NETFILTER_XT_MATCH_OWNER
>> +	tristate '"owner" match support'
>> +	depends on NETFILTER_XTABLES
>> +	---help---
>> +	Socket owner matching allows you to match locally-generated packets
>> +	based on who created the socket: the user, group, process or session.
>
> Only user and group are supported.
>
>> +	if (skb->sk == NULL || skb->sk->sk_socket == NULL)
>> +		return false;
>> +
>> +	filp = skb->sk->sk_socket->file;
>> +	if (filp == NULL)
>> +		return false;
>
> What would be nice is to allow matching whether a socket exists,
> without UID/GID. I had a patch for this for a long time, but
> lost it somewhere.

Do you mean xt_socket from TPROXY?

>> +static struct xt_match owner_mt_reg[] __read_mostly = {
>> +	{
>> +		.name       = "owner",
>> +		.revision   = 0,
>> +		.family     = AF_INET,
>> +		.match      = owner_mt_v0,
>> +		.matchsize  = sizeof(struct ipt_owner_info),
>> +		.checkentry = owner_mt_check_v0,
>> +		.hooks      = (1 << NF_IP_LOCAL_OUT) |
>> +		              (1 << NF_IP_POST_ROUTING),
>
> This needs to use NF_INET_...
>
> Please resend all your patches when you want me to apply them.
> Thanks.
>

Will do.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux