Quarantining an account from the Internet, or from all networking?
Benjamin Scott
dragonhawk at gmail.com
Mon Aug 16 19:22:21 EDT 2010
On Mon, Aug 16, 2010 at 7:01 PM, Thomas Charron <twaffle at gmail.com> wrote:
> Internally, packets do have owners. Specifically, the application.
Well, as MOD points out, packets being *received* don't have obvious
owners. Or applications. They couldn't, until fairly late in the
network decision flow chart -- after the kernel router has determined
the packet is locally destined, and has picked a socket to deliver the
packet to.
For sending, sure, the kernel could keep track of the
pid/uid/whatever that generated a packet. In the general case, I
can't think of anything that would mean it has to. I wonder if this
NetFilter module is just looking at something that's already there, or
does it cause the kernel to start tracking stuff it wasn't tracking
before?
(And, of course, if forwarding is enabled, packets being forwarded
won't have applications or sockets, but presumably that's okay since
they're by definition not associated with any local user.)
-- Ben
More information about the gnhlug-discuss
mailing list