pid-owner matcher

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Looking that the Packet Filtering HOWTO it describes an owner extension
that should allow you to match based on uid, gid, pid, and sid. However,
when i try to use the pid matching i get the following error:

bash$ sudo iptables -A OUTPUT -p TCP -m owner --pid-owner 1001 -j MARK
--set-mark 91
>> iptables v1.4.1.1: Unknown arg `--pid-owner'

it appears that pid-owner is no longer a supported option:
bash$ sudo iptables -m owner --help
>>....
>> owner match options:
[!] --uid-owner userid[-userid]      Match local UID
[!] --gid-owner groupid[-groupid]    Match local GID
[!] --socket-exists                  Match if socket exists

Is there any way to get a pid matcher anymore? What I'm trying to do is
to force all traffic generated by a particular process to use a virtual
interface eht0:1. My current approach is to first  --set-mark all such
packets with iptables and then route them using ip rule.

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux