Message ID | oirqus$3p1$1@blaine.gmane.org |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
On Mon, Jun 26, 2017 at 10:31:30PM +0200, Piotr Sawicki wrote: > From: Piotr Radoslaw Sawicki <piotr.sawicki@gmail.com> > > Add information about retrieving UID/GID/SECCTX fields Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c index 1702158..4002687 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -698,6 +698,13 @@ EXPORT_SYMBOL(nfq_set_mode); flags &= ~NFQA_CFG_F_FAIL_OPEN; err = nfq_set_queue_flags(qh, mask, flags); \endverbatim + * - NFQA_CFG_F_SECCTX: the kernel will dump security context of the socket to + * which each packet belongs. + * + * \warning + * When fragmentation occurs and NFQA_CFG_F_GSO is NOT set then the kernel + * dumps UID/GID and security context fields only for one fragment. To deal with + * this limitation always set NFQA_CFG_F_GSO. *