On Fri, 7 Oct 2005, Benjamin Schieder wrote:
I'm currently writing an application that makes heavy use of the ipt_owner module and the owner-socketlookup patch from patch-o-matic. Now I'm at a point where using --pid-owner becomes necessary. My machine is a dual P3 800 SMP machine, which results in: ipt_owner: pid, sid and command matching is broken on SMP.
Yes. The owner match need to violate too many layers of the Linux networking, making assumptions which is not true in an SMP system.
Is there any way to fix this so I can use this feature or do I have to work around this brokenness somehow with ipt_comment?
No good approach on how to even attempt to fix the owner match for SMP is known at this date. The networking stack is simply not designed with this in mind.
Regards Henrik
