Re: [PATCH 3/3] xt_owner match

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Nov 19 2007 17:56, Jan Engelhardt wrote:
>>
>>> +	if (skb->sk == NULL || skb->sk->sk_socket == NULL)
>>> +		return false;
>>> +
>>> +	filp = skb->sk->sk_socket->file;
>>> +	if (filp == NULL)
>>> +		return false;
>>
>> What would be nice is to allow matching whether a socket exists,
>> without UID/GID. I had a patch for this for a long time, but
>> lost it somewhere.
>
>Do you mean xt_socket from TPROXY?

Ah, xt_socket is different. But yeah, what you suggest is already implemented.
It is a matter of adjusting the iptables part now to actually make use
of the feature (to match whether a socket exists, w/o owner/group).
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux