From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vlad Subject: pid-owner matcher Date: Tue, 06 Oct 2009 16:17:44 -0400 Message-ID: <1254860264.15147.4.camel@temp> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii" To: netfilter@vger.kernel.org Looking that the Packet Filtering HOWTO it describes an owner extension that should allow you to match based on uid, gid, pid, and sid. However, when i try to use the pid matching i get the following error: bash$ sudo iptables -A OUTPUT -p TCP -m owner --pid-owner 1001 -j MARK --set-mark 91 >> iptables v1.4.1.1: Unknown arg `--pid-owner' it appears that pid-owner is no longer a supported option: bash$ sudo iptables -m owner --help >>.... >> owner match options: [!] --uid-owner userid[-userid] Match local UID [!] --gid-owner groupid[-groupid] Match local GID [!] --socket-exists Match if socket exists Is there any way to get a pid matcher anymore? What I'm trying to do is to force all traffic generated by a particular process to use a virtual interface eht0:1. My current approach is to first --set-mark all such packets with iptables and then route them using ip rule.