bugzilla-daemon at bugzilla.netfilter.org
2012-Mar-08 13:40 UTC
[Bug 775] New: -m owner ! --uid-owner False positive logging
http://bugzilla.netfilter.org/show_bug.cgi?id=775
Summary: -m owner ! --uid-owner False positive logging
Product: netfilter/iptables
Version: unspecified
Platform: i386
OS/Version: other
Status: NEW
Severity: minor
Priority: P5
Component: ip_tables (kernel)
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: kc-netfilterbugs at chadwicks.me.uk
Estimated Hours: 0.0
On more than one machine using a grsecurity kernel 3.2.9 and iptables v1.4.12.2
though not yet verified on other kernels with the rule.
/usr/sbin/iptables -A OUTPUT -m owner ! --uid-owner bob -m limit --limit 5/sec
--limit-burst 8 -j LOG --log-uid --log-prefix "Not user bob? "
False positive logs similar to:
kernel: Not user bob? IN= OUT=eth0 SRC=192.168.5.2 DST=213.95.27.114 LEN=52
TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=59934 DPT=80 WINDOW=16404
RES=0x00 ACK URGP=0
These packets are from the bob user and yet they are logged whilst the other
parts of the connection are not correctly.
All Log output states ID=0 ACK URGP and without the UID logged.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Mar-08 13:43 UTC
[Bug 775] -m owner ! --uid-owner False positive logging
http://bugzilla.netfilter.org/show_bug.cgi?id=775
Kevin Chadwick <kc-netfilterbugs at chadwicks.me.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kc-netfilterbugs at chadwicks.
| |me.uk
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.