Re: [PATCH 3/3] xt_owner match

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jan Engelhardt wrote:
On Nov 19 2007 16:43, Patrick McHardy wrote:

+	filp = skb->sk->sk_socket->file;
+	if (filp == NULL)
+		return false;
What would be nice is to allow matching whether a socket exists,
without UID/GID. I had a patch for this for a long time, but
lost it somewhere.

Do you mean xt_socket from TPROXY?


Well, xt_socket does a lookup. What my patch did was allow matching
on the existance of a socket related to that packet (simply:
iptables ... -m owner -j .... Your patch actually already allows that,
but doesn't allow inversion for this. But now that you mention it,
I did use it for incoming packets combined with a socket lookup,
its probably not that useful for outgoing packets. It would only
require a single new flag to properly support this though.


-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux