Re: owner-Match in 2.6.20-rc5

To:	netfilter@lists.netfilter.org
Subject:	Re: owner-Match in 2.6.20-rc5
From:	Sebastian <netfilter@basti79.de>
Date:	Thu, 25 Jan 2007 20:16:17 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<1169717001.9575.7.camel@basti79.freenet-ag.de>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References:	<1169717001.9575.7.camel@basti79.freenet-ag.de>
Sender:	netfilter-bounces@lists.netfilter.org

To:

netfilter@lists.netfilter.org

Subject:

Re: owner-Match in 2.6.20-rc5

From:

Sebastian <netfilter@basti79.de>

Date:

Thu, 25 Jan 2007 20:16:17 +0100

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

netfilter-list1@securepoint.com

In-reply-to:

<1169717001.9575.7.camel@basti79.freenet-ag.de>

List-archive:

</pipermail/netfilter>

List-help:

<mailto:netfilter-request@lists.netfilter.org?subject=help>

List-id:

General discussion and user questions <netfilter.lists.netfilter.org>

List-post:

<mailto:netfilter@lists.netfilter.org>

List-subscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>

List-unsubscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>

References:

<1169717001.9575.7.camel@basti79.freenet-ag.de>

Sender:

netfilter-bounces@lists.netfilter.org

Am Donnerstag, den 25.01.2007, 10:23 +0100 schrieb Sebastian Claßen:
> Hi...
> 
> Kernel:   2.6.20-rc5
> Iptables: v1.3.7-20070118
> 
> The owner-Match seems not to match TCP-Packets any more. Can be tested
> by inserting the rule:
> iptables -I OUTPUT -m owner --uid-owner test-user -j LOG
> 
> Simply su to the specified user and using netcat (nc) to send UDP and
> TCP packets shows only log entried with PROTO=UDP but none with TCP.
> 
> Anyone can reproduce this and pearhaps got a solution??
> 
> Greets
>   Sebastian.
> 

Hi again...

I've just found out where the problem is. In 2.6.20-rc1 changelog the
following thing was modified:
[TCP]: Don't set SKB owner in tcp_transmit_skb().

That seems to break the owner-match for TCP packets. I was able to undo
the change with the attached one-line patch which fixed the problem for
me.

Greets
  Sebastian.

owner-fix.diff
Description: Text Data

<Prev in Thread]	Current Thread	[Next in Thread>
owner-Match in 2.6.20-rc5, Sebastian Claßen Re: owner-Match in 2.6.20-rc5, Sebastian <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	owner-Match in 2.6.20-rc5, Sebastian Claßen
Next by Date:	Re: Dropped fin acks (iptables + lvs), Patrik Karén
Previous by Thread:	owner-Match in 2.6.20-rc5, Sebastian Claßen
Next by Thread:	Iptables problem, Saurabh Mehrotra
Indexes:	[Date] [Thread] [Top] [All Lists]