Re: Logging output UIDs.

[Pascal Hambourg <pascal@plouf.fr.eu.org>]

[Reply CC'ed to the list]

Sthu Deus a écrit :
> Good time of the day, Pascal.
> 
> Thank You for Your time and important to me answer.
> You worte:
> 
>> Is the UID missing for all packets or only for this one ?
>> According to a quick test, it seems that the last ACK in a TCP
>> connection does not have a UID (probably because the socket is
>> closed). Packets generated by the kernel itself (TCP RST, ICMP
>> messages...) do no have a UID.
> 
> I have tested and found that it is true - only filtered out packets
> have no UID - others had (when I logged all of them and just the
> filtered out ones).
> 
> Am I correct supposing that those packets having no UIDs are kernel
> generated ones, and only?

I have no certainty, but I suppose so.

>>> Also, may You know the answer to my curiocity, Why I can not locate
>>> '-j LOG' in above iptables rule at the end of the rule? - For
>>> iptables complains about unknown '--log-uid'. - I understand that
>>> something is then missing before the sufix, but from iptables man.
>>> it is not evident to me what.
>> --log-* are options to the LOG target, so iptables does not expect
>> them before.
> 
> Oh, I've got the point - I though LOG target is same as others and
> therefore failed understanding it. Thanks for explanation, again.

The same as what others ?
LOG is handles by iptables just as any other target or match. Its
options must appear after its name.