[packages/kernel.git] / kernel-owner-xid.patch

diff -Nurp linux-2.6.17.11-vs2.1.1-rc31/include/linux/netfilter_ipv4/ipt_owner.h linux-2.6.17.11-vs2.1.1-rc31.owner-xid/include/linux/netfilter_ipv4/ipt_owner.h
--- linux-2.6.17.11-vs2.1.1-rc31/include/linux/netfilter_ipv4/ipt_owner.h	2006-03-20 06:53:29.000000000 +0100
+++ linux-2.6.17.11-vs2.1.1-rc31.owner-xid/include/linux/netfilter_ipv4/ipt_owner.h	2006-09-05 19:43:48.000000000 +0200
@@ -1,12 +1,16 @@
 #ifndef _IPT_OWNER_H
 #define _IPT_OWNER_H
 
+#include <linux/types.h>
+
 /* match and invert flags */
 #define IPT_OWNER_UID	0x01
 #define IPT_OWNER_GID	0x02
 #define IPT_OWNER_PID	0x04
 #define IPT_OWNER_SID	0x08
 #define IPT_OWNER_COMM	0x10
+#define IPT_OWNER_NID	0x20
+#define IPT_OWNER_XID	0x40
 
 struct ipt_owner_info {
     uid_t uid;
@@ -15,6 +19,8 @@ struct ipt_owner_info {
     pid_t sid;
     char comm[16];
     u_int8_t match, invert;	/* flags */
+    u_int32_t nid;
+    u_int32_t xid;
 };
 
 #endif /*_IPT_OWNER_H*/
diff -Nurp linux-2.6.17.11-vs2.1.1-rc31/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.6.17.11-vs2.1.1-rc31.owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h
--- linux-2.6.17.11-vs2.1.1-rc31/include/linux/netfilter_ipv6/ip6t_owner.h	2006-03-20 06:53:29.000000000 +0100
+++ linux-2.6.17.11-vs2.1.1-rc31.owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h	2006-09-05 19:45:51.000000000 +0200
@@ -1,11 +1,15 @@
 #ifndef _IP6T_OWNER_H
 #define _IP6T_OWNER_H
 
+#include <linux/types.h>
+
 /* match and invert flags */
 #define IP6T_OWNER_UID	0x01
 #define IP6T_OWNER_GID	0x02
 #define IP6T_OWNER_PID	0x04
 #define IP6T_OWNER_SID	0x08
+#define IP6T_OWNER_NID	0x20
+#define IP6T_OWNER_XID	0x40
 
 struct ip6t_owner_info {
     uid_t uid;
@@ -13,6 +17,8 @@ struct ip6t_owner_info {
     pid_t pid;
     pid_t sid;
     u_int8_t match, invert;	/* flags */
+    u_int32_t nid;
+    u_int32_t xid;
 };
 
 #endif /*_IPT_OWNER_H*/
diff -Nurp linux-2.6.17.11-vs2.1.1-rc31/net/ipv4/netfilter/ipt_owner.c linux-2.6.17.11-vs2.1.1-rc31.owner-xid/net/ipv4/netfilter/ipt_owner.c
--- linux-2.6.17.11-vs2.1.1-rc31/net/ipv4/netfilter/ipt_owner.c	2006-06-18 15:25:05.000000000 +0200
+++ linux-2.6.17.11-vs2.1.1-rc31.owner-xid/net/ipv4/netfilter/ipt_owner.c	2006-09-05 19:44:43.000000000 +0200
@@ -48,6 +48,18 @@ match(const struct sk_buff *skb,
 			return 0;
 	}
 
+	if(info->match & IPT_OWNER_NID) {
+		if ((skb->sk->sk_nid != info->nid) ^
+		    !!(info->invert & IPT_OWNER_NID))
+			return 0;
+	}
+
+	if(info->match & IPT_OWNER_XID) {
+		if ((skb->sk->sk_xid != info->xid) ^
+		    !!(info->invert & IPT_OWNER_XID))
+			return 0;
+	}
+
 	return 1;
 }
 
diff -Nurp linux-2.6.17.11-vs2.1.1-rc31/net/ipv6/netfilter/ip6t_owner.c linux-2.6.17.11-vs2.1.1-rc31.owner-xid/net/ipv6/netfilter/ip6t_owner.c
--- linux-2.6.17.11-vs2.1.1-rc31/net/ipv6/netfilter/ip6t_owner.c	2006-06-18 15:25:05.000000000 +0200
+++ linux-2.6.17.11-vs2.1.1-rc31.owner-xid/net/ipv6/netfilter/ip6t_owner.c	2006-09-05 19:46:57.000000000 +0200
@@ -49,6 +49,18 @@ match(const struct sk_buff *skb,
 			return 0;
 	}
 
+	if (info->match & IP6T_OWNER_NID) {
+		if ((skb->sk->sk_nid != info->nid) ^
+		    !!(info->invert & IP6T_OWNER_NID))
+			return 0;
+	}
+
+	if (info->match & IP6T_OWNER_XID) {
+		if ((skb->sk->sk_xid != info->xid) ^
+		    !!(info->invert & IP6T_OWNER_XID))
+			return 0;
+	}
+
 	return 1;
 }
Commit	Line	Data
7f651772	1	diff -Nurp linux-2.6.17.11-vs2.1.1-rc31/include/linux/netfilter_ipv4/ipt_owner.h linux-2.6.17.11-vs2.1.1-rc31.owner-xid/include/linux/netfilter_ipv4/ipt_owner.h
	2	--- linux-2.6.17.11-vs2.1.1-rc31/include/linux/netfilter_ipv4/ipt_owner.h 2006-03-20 06:53:29.000000000 +0100
	3	+++ linux-2.6.17.11-vs2.1.1-rc31.owner-xid/include/linux/netfilter_ipv4/ipt_owner.h 2006-09-05 19:43:48.000000000 +0200
	4	@@ -1,12 +1,16 @@
	5	#ifndef _IPT_OWNER_H
	6	#define _IPT_OWNER_H
	7
	8	+#include <linux/types.h>
	9	+
	10	/* match and invert flags */
	11	#define IPT_OWNER_UID 0x01
	12	#define IPT_OWNER_GID 0x02
	13	#define IPT_OWNER_PID 0x04
	14	#define IPT_OWNER_SID 0x08
	15	#define IPT_OWNER_COMM 0x10
	16	+#define IPT_OWNER_NID 0x20
	17	+#define IPT_OWNER_XID 0x40
	18
	19	struct ipt_owner_info {
	20	uid_t uid;
	21	@@ -15,6 +19,8 @@ struct ipt_owner_info {
	22	pid_t sid;
	23	char comm[16];
	24	u_int8_t match, invert; /* flags */
	25	+ u_int32_t nid;
	26	+ u_int32_t xid;
	27	};
	28
	29	#endif /_IPT_OWNER_H/
	30	diff -Nurp linux-2.6.17.11-vs2.1.1-rc31/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.6.17.11-vs2.1.1-rc31.owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h
	31	--- linux-2.6.17.11-vs2.1.1-rc31/include/linux/netfilter_ipv6/ip6t_owner.h 2006-03-20 06:53:29.000000000 +0100
	32	+++ linux-2.6.17.11-vs2.1.1-rc31.owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h 2006-09-05 19:45:51.000000000 +0200
	33	@@ -1,11 +1,15 @@
	34	#ifndef _IP6T_OWNER_H
	35	#define _IP6T_OWNER_H
	36
	37	+#include <linux/types.h>
	38	+
	39	/* match and invert flags */
	40	#define IP6T_OWNER_UID 0x01
	41	#define IP6T_OWNER_GID 0x02
	42	#define IP6T_OWNER_PID 0x04
	43	#define IP6T_OWNER_SID 0x08
	44	+#define IP6T_OWNER_NID 0x20
	45	+#define IP6T_OWNER_XID 0x40
	46
	47	struct ip6t_owner_info {
	48	uid_t uid;
	49	@@ -13,6 +17,8 @@ struct ip6t_owner_info {
	50	pid_t pid;
	51	pid_t sid;
	52	u_int8_t match, invert; /* flags */
	53	+ u_int32_t nid;
	54	+ u_int32_t xid;
	55	};
	56
	57	#endif /_IPT_OWNER_H/
	58	diff -Nurp linux-2.6.17.11-vs2.1.1-rc31/net/ipv4/netfilter/ipt_owner.c linux-2.6.17.11-vs2.1.1-rc31.owner-xid/net/ipv4/netfilter/ipt_owner.c
	59	--- linux-2.6.17.11-vs2.1.1-rc31/net/ipv4/netfilter/ipt_owner.c 2006-06-18 15:25:05.000000000 +0200
	60	+++ linux-2.6.17.11-vs2.1.1-rc31.owner-xid/net/ipv4/netfilter/ipt_owner.c 2006-09-05 19:44:43.000000000 +0200
	61	@@ -48,6 +48,18 @@ match(const struct sk_buff *skb,
	62	return 0;
	63	}
	64
65	+ if(info->match & IPT_OWNER_NID) {
66	+ if ((skb->sk->sk_nid != info->nid) ^
67	+ !!(info->invert & IPT_OWNER_NID))
68	+ return 0;
69	+ }
70	+
71	+ if(info->match & IPT_OWNER_XID) {
72	+ if ((skb->sk->sk_xid != info->xid) ^
73	+ !!(info->invert & IPT_OWNER_XID))
74	+ return 0;
75	+ }
76	+
77	return 1;
78	}
79
80	diff -Nurp linux-2.6.17.11-vs2.1.1-rc31/net/ipv6/netfilter/ip6t_owner.c linux-2.6.17.11-vs2.1.1-rc31.owner-xid/net/ipv6/netfilter/ip6t_owner.c
81	--- linux-2.6.17.11-vs2.1.1-rc31/net/ipv6/netfilter/ip6t_owner.c 2006-06-18 15:25:05.000000000 +0200
82	+++ linux-2.6.17.11-vs2.1.1-rc31.owner-xid/net/ipv6/netfilter/ip6t_owner.c 2006-09-05 19:46:57.000000000 +0200
83	@@ -49,6 +49,18 @@ match(const struct sk_buff *skb,
84	return 0;
85	}
86
87	+ if (info->match & IP6T_OWNER_NID) {
88	+ if ((skb->sk->sk_nid != info->nid) ^
89	+ !!(info->invert & IP6T_OWNER_NID))
90	+ return 0;
91	+ }
92	+
93	+ if (info->match & IP6T_OWNER_XID) {
94	+ if ((skb->sk->sk_xid != info->xid) ^
95	+ !!(info->invert & IP6T_OWNER_XID))
96	+ return 0;
97	+ }
98	+
99	return 1;
100	}
101