[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: creating rules regarding to a command name

Pascal Hambourg <pascal.mail@plouf.fr.eu.org> writes:
> LeVA a écrit :
>> And I have these line my kernel log:
>> ipt_owner: pid, sid and command matching not supported anymore
>> $ uname -r
>> 2.6.15-ck4
>
> Found in Linux 2.6.8 changelog :
> "[NETFILTER]: complain about brokeness on SMP for pid, sid and command
> matching in ipt_owner"
>
> Not sure about what it means exactly though.

That means that the code in ipt_owner is broken -- written in a way that
*will not work* -- on SMP systems.  If you have more than one processor,
or even hyperthreading, you can expect that to eventually crash your
kernel.

It also strongly suggests that the code is not really up to scratch in
terms of kernel code, and may well cause similar problems even without
multiple processors to make life more difficult.


IIRC, the Linux NetFilter and networking developers also consider it to
be a losing proposition to match on this sort of information, so you can
probably expect it to eventually go away. :/

         Daniel
Reply to: