| View previous topic :: View next topic |
| Author |
Message |
Oxidative
n00b
Joined: 25 Jun 2003
Posts: 33
|
 Posted: Fri Nov 25, 2005 6:40 pm Post subject: ipt_owner crippled |
 |
|
After upgrading my 2.6.12 kernel to 2.6.14 my iptables script stopped working. Kernel is shouting
| Quote: | | ipt_owner: pid, sid and command matching not supported anymore |
I was using the ipt_owner command filter to limit network traffic for specific applications. Looks like the kernel devs decided to strip this very useful functionality because it didn't work with SMP. How am I supposed to use filters on a per-application base without "command" support in ipt_owner? I've looked around but no one seems to miss this except me 
_________________
wormux ebuild: https://bugs.gentoo.org/show_bug.cgi?id=52679 |
|
| Back to top |
|
 |
kos
n00b
Joined: 28 May 2003
Posts: 71
Location: Mountain View, CA
|
| Posted: Sat Nov 26, 2005 1:09 pm Post subject: |
|
|
I'm also interested in any solution..
_________________
/KoS |
|
| Back to top |
|
|
Oxidative
n00b
Joined: 25 Jun 2003
Posts: 33
|
|
| Back to top |
|
|
alligator421
Apprentice
Joined: 30 Jul 2003
Posts: 191
|
| Posted: Mon Dec 05, 2005 3:48 am Post subject: |
|
|
I also found it quite odd so few complaints about that kernel move.
It took me some time to figure out why iptables exploded at me with such an obscure error like bad argument (to iptables) after kernel upgrade to 2.6.14
I quickly dowgraded to 2.6.12
2.6.14 no go  |
|
| Back to top |
|
|
alligator421
Apprentice
Joined: 30 Jul 2003
Posts: 191
|
| Posted: Fri Dec 09, 2005 5:46 am Post subject: |
|
|
| bump |
|
| Back to top |
|
|
alligator421
Apprentice
Joined: 30 Jul 2003
Posts: 191
|
| Posted: Fri Feb 10, 2006 5:16 pm Post subject: |
|
|
| Any news about that or a workaround ? |
|
| Back to top |
|
|
assaf
Apprentice
Joined: 14 Feb 2005
Posts: 152
Location: http://localhost
|
| Posted: Fri Feb 10, 2006 6:26 pm Post subject: |
|
|
I'm using this feature too (it gives me personal firewall capabilities). It didn't explode anything though (i'm using iptables through shorewall), I suppose it simply stopped filtering.
Anyway, how do you know that the feature was dropped due to problems with SMP? If this is the case, someone might be working on fixing it for a future kernel release. |
|
| Back to top |
|
|
Oxidative
n00b
Joined: 25 Jun 2003
Posts: 33
|
| Posted: Sat Feb 11, 2006 12:41 pm Post subject: |
|
|
Just take a look at the changes:
| Code: | - printk("ipt_owner: pid, sid and command matching is broken "
- "on SMP.\n");
+ printk("ipt_owner: pid, sid and command matching "
+ "not supported anymore\n"); |
Since this has been bemoved on 2.6.13 and we're at 2.6.16 already without seeing anything in that direction I doubt that someone is working on this problem.
_________________
wormux ebuild: https://bugs.gentoo.org/show_bug.cgi?id=52679 |
|
| Back to top |
|
|
alligator421
Apprentice
Joined: 30 Jul 2003
Posts: 191
|
| Posted: Tue Apr 24, 2007 2:33 pm Post subject: |
|
|
Any news about that stuff lately ?
I'm getting tired of messing/backporting kernel code on every stable gentoo-sources releases. |
|
| Back to top |
|
|
|
Kernel & Hardware
