Hi, I have an iptables rule: iptables -I OUTPUT 1 -m state --state NEW -m owner --gid-owner test -j NFQUEUE --queue-num 11223 an an appropriate nfq handler for queue 11223 in the code. Group "test" does not have any users in it. The only executable on my system that has its gid=="test" proceeds to open 10000s of non-blocking sockets and firing off connect()s. I see all those connect's being processed by the nfq handler. However, every once and again, the nfq handler will process a packet which comes from some random already running process on my machine. I can tell that the packet is from a different process, because at the time when nfq triggers, I look up /proc/net/tcp for the source port, find a correlating inode/socket and then look up which process the socket belongs to by scanning all pids in /proc/*<pid>/fd Is this a known bug? I could come up with minimal code reproducing this if needed. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
