On Tue, Apr 29, 2014 at 4:01 AM, Lorenzo Colitti [off-list ref] wrote:

Basically, what this patch calls "UID" is what the xt_owner module and
xt_LOG iptables modules consider to be the "owner" of a socket, what
nfqueue presents as the user ID, what shows up in
/proc/net/{udp,tcp,raw} in the "uid" column, etc. In most cases this
is the effective UID that made the call to socket() or accept().

This patch allows using that concept in routing. This can be done
today with "iptables -m owner --uid-owner 12345 -j MARK --set-mark
0xbeef; ip rule from fwmark 0xbeef lookup 100", but that has the
limitations I set out in my original message (e.g., incorrect source
address).

David,

did that help clarify what I'm proposing here? Does this patch still
seem misguided to you even though its semantics match existing
functionality?

Lorenzo