* [PATCH] note owner match brokenness
@ 2004-10-01 20:44 Phil Oester
2004-10-01 21:09 ` Patrick McHardy
0 siblings, 1 reply; 6+ messages in thread
From: Phil Oester @ 2004-10-01 20:44 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 248 bytes --]
Someone recently complained in bugzilla that the note about owner
match being broken on SMP took hours to find because it was in
syslog instead of userspace. Hopefully the below patch will
save others some time.
This closes bugzilla #244
Phil
[-- Attachment #2: patch-owner --]
[-- Type: text/plain, Size: 759 bytes --]
diff -ru ipt-orig/extensions/libipt_owner.c ipt-new/extensions/libipt_owner.c
--- ipt-orig/extensions/libipt_owner.c 2004-06-14 15:02:17.000000000 -0700
+++ ipt-new/extensions/libipt_owner.c 2004-10-01 13:36:50.779263920 -0700
@@ -22,6 +22,7 @@
"[!] --pid-owner processid Match local pid\n"
"[!] --sid-owner sessionid Match local sid\n"
"[!] --cmd-owner name Match local command name\n"
+"NOTE: pid, sid and command matching are broken on SMP\n"
"\n",
IPTABLES_VERSION);
#else
@@ -31,6 +32,7 @@
"[!] --gid-owner groupid Match local gid\n"
"[!] --pid-owner processid Match local pid\n"
"[!] --sid-owner sessionid Match local sid\n"
+"NOTE: pid and sid matching are broken on SMP\n"
"\n",
IPTABLES_VERSION);
#endif /* IPT_OWNER_COMM */
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] note owner match brokenness
2004-10-01 20:44 [PATCH] note owner match brokenness Phil Oester
@ 2004-10-01 21:09 ` Patrick McHardy
2004-10-01 21:12 ` Phil Oester
0 siblings, 1 reply; 6+ messages in thread
From: Patrick McHardy @ 2004-10-01 21:09 UTC (permalink / raw)
To: Phil Oester; +Cc: netfilter-devel
Phil Oester wrote:
>Someone recently complained in bugzilla that the note about owner
>match being broken on SMP took hours to find because it was in
>syslog instead of userspace. Hopefully the below patch will
>save others some time.
>
>This closes bugzilla #244
>
If we warn in userspace, we should warn when then options are used
instead of in the helptext.
Regards
Patrick
>Phil
>
>
>
>
>------------------------------------------------------------------------
>
>diff -ru ipt-orig/extensions/libipt_owner.c ipt-new/extensions/libipt_owner.c
>--- ipt-orig/extensions/libipt_owner.c 2004-06-14 15:02:17.000000000 -0700
>+++ ipt-new/extensions/libipt_owner.c 2004-10-01 13:36:50.779263920 -0700
>@@ -22,6 +22,7 @@
> "[!] --pid-owner processid Match local pid\n"
> "[!] --sid-owner sessionid Match local sid\n"
> "[!] --cmd-owner name Match local command name\n"
>+"NOTE: pid, sid and command matching are broken on SMP\n"
> "\n",
> IPTABLES_VERSION);
> #else
>@@ -31,6 +32,7 @@
> "[!] --gid-owner groupid Match local gid\n"
> "[!] --pid-owner processid Match local pid\n"
> "[!] --sid-owner sessionid Match local sid\n"
>+"NOTE: pid and sid matching are broken on SMP\n"
> "\n",
> IPTABLES_VERSION);
> #endif /* IPT_OWNER_COMM */
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] note owner match brokenness
2004-10-01 21:09 ` Patrick McHardy
@ 2004-10-01 21:12 ` Phil Oester
2004-10-01 21:30 ` Patrick McHardy
0 siblings, 1 reply; 6+ messages in thread
From: Phil Oester @ 2004-10-01 21:12 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
On Fri, Oct 01, 2004 at 11:09:37PM +0200, Patrick McHardy wrote:
> Phil Oester wrote:
>
> >Someone recently complained in bugzilla that the note about owner
> >match being broken on SMP took hours to find because it was in
> >syslog instead of userspace. Hopefully the below patch will
> >save others some time.
> >
> >This closes bugzilla #244
> >
> If we warn in userspace, we should warn when then options are used
> instead of in the helptext.
Agreed, but do we want to:
1) warn on every single use of owner match?
2) have iptables determine if we are running on an SMP box, and
only warn in that case?
I didn't think either of these were terribly appealing.
Phil
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] note owner match brokenness
2004-10-01 21:12 ` Phil Oester
@ 2004-10-01 21:30 ` Patrick McHardy
2004-10-03 19:43 ` Herve Eychenne
0 siblings, 1 reply; 6+ messages in thread
From: Patrick McHardy @ 2004-10-01 21:30 UTC (permalink / raw)
To: Phil Oester; +Cc: netfilter-devel
Phil Oester wrote:
>On Fri, Oct 01, 2004 at 11:09:37PM +0200, Patrick McHardy wrote:
>
>
>>If we warn in userspace, we should warn when then options are used
>>instead of in the helptext.
>>
>>
>
>Agreed, but do we want to:
>
> 1) warn on every single use of owner match?
> 2) have iptables determine if we are running on an SMP box, and
> only warn in that case?
>
>I didn't think either of these were terribly appealing.
>
>
Agreed, I'm going to apply your patch. Thanks.
Regards
Patrick
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] note owner match brokenness
2004-10-01 21:30 ` Patrick McHardy
@ 2004-10-03 19:43 ` Herve Eychenne
2004-10-03 20:36 ` Patrick McHardy
0 siblings, 1 reply; 6+ messages in thread
From: Herve Eychenne @ 2004-10-03 19:43 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
On Fri, Oct 01, 2004 at 11:30:06PM +0200, Patrick McHardy wrote:
> Phil Oester wrote:
> >On Fri, Oct 01, 2004 at 11:09:37PM +0200, Patrick McHardy wrote:
> >
> >
> >>If we warn in userspace, we should warn when then options are used
> >>instead of in the helptext.
> >>
> >>
> >
> >Agreed, but do we want to:
> >
> > 1) warn on every single use of owner match?
> > 2) have iptables determine if we are running on an SMP box, and
> > only warn in that case?
> >
> >I didn't think either of these were terribly appealing.
> >
> >
> Agreed, I'm going to apply your patch. Thanks.
Please apply the same to the manpage!
Herve
--
_
(°= Hervé Eychenne
//)
v_/_ WallFire project: http://www.wallfire.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] note owner match brokenness
2004-10-03 19:43 ` Herve Eychenne
@ 2004-10-03 20:36 ` Patrick McHardy
0 siblings, 0 replies; 6+ messages in thread
From: Patrick McHardy @ 2004-10-03 20:36 UTC (permalink / raw)
To: Herve Eychenne; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 261 bytes --]
Herve Eychenne wrote:
>On Fri, Oct 01, 2004 at 11:30:06PM +0200, Patrick McHardy wrote:
>
>
>>Agreed, I'm going to apply your patch. Thanks.
>>
>>
>
>Please apply the same to the manpage!
>
>
I've applied this patch to the manpages.
Regards
Patrick
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1123 bytes --]
Index: extensions/libip6t_owner.man
===================================================================
RCS file: /cvsroot/iptables/extensions/libip6t_owner.man,v
retrieving revision 1.1
diff -u -r1.1 libip6t_owner.man
--- extensions/libip6t_owner.man 22 Jan 2004 15:04:24 -0000 1.1
+++ extensions/libip6t_owner.man 3 Oct 2004 20:35:38 -0000
@@ -19,3 +19,5 @@
.BI "--sid-owner " "sessionid"
Matches if the packet was created by a process in the given session
group.
+.TP
+.B NOTE: pid, sid and command matching are broken on SMP
Index: extensions/libipt_owner.man
===================================================================
RCS file: /cvsroot/iptables/extensions/libipt_owner.man,v
retrieving revision 1.1
diff -u -r1.1 libipt_owner.man
--- extensions/libipt_owner.man 22 Jan 2004 15:04:25 -0000 1.1
+++ extensions/libipt_owner.man 3 Oct 2004 20:35:38 -0000
@@ -24,3 +24,5 @@
Matches if the packet was created by a process with the given command name.
(this option is present only if iptables was compiled under a kernel
supporting this feature)
+.TP
+.B NOTE: pid, sid and command matching are broken on SMP
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2004-10-03 20:36 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-01 20:44 [PATCH] note owner match brokenness Phil Oester
2004-10-01 21:09 ` Patrick McHardy
2004-10-01 21:12 ` Phil Oester
2004-10-01 21:30 ` Patrick McHardy
2004-10-03 19:43 ` Herve Eychenne
2004-10-03 20:36 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.