On Nov 19 2007 17:56, Jan Engelhardt wrote: >> >>> + if (skb->sk == NULL || skb->sk->sk_socket == NULL) >>> + return false; >>> + >>> + filp = skb->sk->sk_socket->file; >>> + if (filp == NULL) >>> + return false; >> >> What would be nice is to allow matching whether a socket exists, >> without UID/GID. I had a patch for this for a long time, but >> lost it somewhere. > >Do you mean xt_socket from TPROXY? Ah, xt_socket is different. But yeah, what you suggest is already implemented. It is a matter of adjusting the iptables part now to actually make use of the feature (to match whether a socket exists, w/o owner/group). - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html