Re: Разделение трафика

To: debian-russian@lists.debian.org
Subject: Re: Разделение трафика
From: "Timur S. Sattarov" <tumyp@uzsci.net>
Date: Mon, 12 Nov 2007 17:49:27 +0500
Message-id: <[🔎] 47384BD7.2030504@uzsci.net>
In-reply-to: <[🔎] 1194859774.2671.3.camel@localhost.localdomain>
References: <[🔎] 473561FA.6080506@fromru.com> <[🔎] 200711111054.41462.bart@solarnet.ru> <[🔎] 1194859774.2671.3.camel@localhost.localdomain>

Покотиленко Костик wrote:
> В Вск, 11/11/2007 в 10:54 +0300, Mikhail A Antonov пишет:
>   
> # man iptables
> ...
>    owner
>        This  module  attempts  to  match  various characteristics of the
> packet creator, for locally-generated
>        packets.  It is only valid in the OUTPUT  chain,  and  even  this
> some  packets  (such  as  ICMP  ping
>        responses) may have no owner, and hence never match.
>
>        --uid-owner userid
>               Matches if the packet was created by a process with the
> given effective user id.
>
>        --gid-owner groupid
>               Matches if the packet was created by a process with the
> given effective group id.
>
>        --pid-owner processid
>               Matches if the packet was created by a process with the
> given process id.
>
>               (Please  note: This option requires kernel support that
> might not be available in official Linux
>               kernel sources or Debian's packaged Linux kernel sources.
> And if support  for  this  option  is
>               available for the specific Linux kernel source version,
> that support might not be enabled in the
>               current Linux kernel binary.)
>
>        --sid-owner sessionid
>               Matches if the packet was created by a process in the
> given session group.
>
>               (Please note: This option requires kernel support that
> might not be available in official  Linux
>               kernel  sources  or  Debian's  packaged Linux kernel
> sources.  And if support for this option is
>               available for the specific Linux kernel source version,
> that support might not be enabled in the
>               current Linux kernel binary.)
>
>        --cmd-owner name
>               Matches if the packet was created by a process with the
> given command name.
>
>               (Please  note: This option requires kernel support that
> might not be available in official Linux
>               kernel sources or Debian's packaged Linux kernel sources.
> And if support  for  this  option  is
>               available for the specific Linux kernel source version,
> that support might not be enabled in the
>               current Linux kernel binary.)
>
>        NOTE: pid, sid and command matching are broken on SMP
> ..
# iptables -t nat -A OUTPUT -m owner --pid-owner 4699
iptables: Invalid argument

dmesg | tail -1
ipt_owner: pid, sid and command matching not supported anymore


ядро 2.6.22

сам недавно копал
может где в неофициальных патчах ?
или Дебьяновское ядро не поддерживает ...

Reply to:

Follow-Ups:
- Re: Разделение трафика
  - From: Покотиленко Костик <casper@meteor.dp.ua>

References:
- Разделение трафика
  - From: Tiurin Alexandr <arcam@fromru.com>
- Re: Разделение трафика
  - From: Mikhail A Antonov <bart@solarnet.ru>
- Re: Разделение трафика
  - From: Покотиленко Костик <casper@meteor.dp.ua>

Prev by Date: Re: dash: поведение shift в зависимости от set [-+]e
Next by Date: Re: AVI с отключаемыми субтитрами?
Previous by thread: Re: Разделение трафика
Next by thread: Re: Разделение трафика
Index(es):
- Date
- Thread