[packages/kernel.git] / kernel-owner-xid.patch

diff -upr linux-2.6.25/include/linux/netfilter/xt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h
--- linux-2.6.25/include/linux/netfilter/xt_owner.h	2008-04-17 02:49:44.000000000 +0000
+++ linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h	2008-05-20 18:36:38.074950561 +0000
@@ -5,12 +5,16 @@ enum {
 	XT_OWNER_UID    = 1 << 0,
 	XT_OWNER_GID    = 1 << 1,
 	XT_OWNER_SOCKET = 1 << 2,
+	XT_OWNER_XID    = 1 << 3,
+	XT_OWNER_NID    = 1 << 4,
 };
 
 struct xt_owner_match_info {
 	u_int32_t uid_min, uid_max;
 	u_int32_t gid_min, gid_max;
 	u_int8_t match, invert;
+	u_int32_t nid;
+	u_int32_t xid;
 };
 
 #endif /* _XT_OWNER_MATCH_H */
Only in linux-2.6.25-owner-xid/include/linux/netfilter: xt_owner.h~
diff -upr linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h
--- linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h	2008-05-20 17:15:02.411418369 +0000
+++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h	2008-05-20 17:16:22.905886167 +0000
@@ -1,12 +1,16 @@
 #ifndef _IPT_OWNER_H
 #define _IPT_OWNER_H
 
+#include <linux/types.h>
+
 /* match and invert flags */
 #define IPT_OWNER_UID	0x01
 #define IPT_OWNER_GID	0x02
 #define IPT_OWNER_PID	0x04
 #define IPT_OWNER_SID	0x08
 #define IPT_OWNER_COMM	0x10
+#define IPT_OWNER_NID	0x20
+#define IPT_OWNER_XID	0x40
 
 struct ipt_owner_info {
     uid_t uid;
@@ -15,6 +19,8 @@ struct ipt_owner_info {
     pid_t sid;
     char comm[16];
     u_int8_t match, invert;	/* flags */
+    u_int32_t nid;
+    u_int32_t xid;
 };
 
 #endif /*_IPT_OWNER_H*/
diff -upr linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h
--- linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h	2008-05-20 17:15:02.411418369 +0000
+++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h	2008-05-20 17:16:22.905886167 +0000
@@ -1,11 +1,15 @@
 #ifndef _IP6T_OWNER_H
 #define _IP6T_OWNER_H
 
+#include <linux/types.h>
+
 /* match and invert flags */
 #define IP6T_OWNER_UID	0x01
 #define IP6T_OWNER_GID	0x02
 #define IP6T_OWNER_PID	0x04
 #define IP6T_OWNER_SID	0x08
+#define IP6T_OWNER_NID	0x20
+#define IP6T_OWNER_XID	0x40
 
 struct ip6t_owner_info {
     uid_t uid;
@@ -13,6 +17,8 @@ struct ip6t_owner_info {
     pid_t pid;
     pid_t sid;
     u_int8_t match, invert;	/* flags */
+    u_int32_t nid;
+    u_int32_t xid;
 };
 
 #endif /*_IPT_OWNER_H*/
diff -upr linux-2.6.25/net/netfilter/xt_owner.c linux-2.6.25-owner-xid/net/netfilter/xt_owner.c
--- linux-2.6.25/net/netfilter/xt_owner.c	2008-05-20 17:15:02.411418369 +0000
+++ linux-2.6.25-owner-xid/net/netfilter/xt_owner.c	2008-05-20 17:48:15.774419069 +0000
@@ -46,6 +46,16 @@ owner_mt_v0(const struct sk_buff *skb, c
 		    !!(info->invert & IPT_OWNER_GID))
 			return false;
 
+	if (info->match & IPT_OWNER_NID)
+		if ((skb->sk->sk_nid != info->nid) ^
+		    !!(info->invert & IPT_OWNER_NID))
+			return 0;
+
+	if (info->match & IPT_OWNER_XID)
+		if ((skb->sk->sk_xid != info->xid) ^
+		    !!(info->invert & IPT_OWNER_XID))
+			return 0;
+
 	return true;
 }
 
@@ -75,6 +85,16 @@ owner_mt6_v0(const struct sk_buff *skb, 
 		    !!(info->invert & IP6T_OWNER_GID))
 			return false;
 
+	if (info->match & IP6T_OWNER_NID)
+		if ((skb->sk->sk_nid != info->nid) ^
+		    !!(info->invert & IP6T_OWNER_NID))
+			return 0;
+
+	if (info->match & IP6T_OWNER_XID)
+		if ((skb->sk->sk_xid != info->xid) ^
+		    !!(info->invert & IP6T_OWNER_XID))
+			return 0;
+
 	return true;
 }
 
@@ -113,6 +133,16 @@ owner_mt(const struct sk_buff *skb, cons
 		    !(info->invert & XT_OWNER_GID))
 			return false;
 
+	if (info->match & XT_OWNER_NID)
+		if ((skb->sk->sk_nid != info->nid) ^
+		    !!(info->invert & XT_OWNER_NID))
+			return 0;
+
+	if (info->match & XT_OWNER_XID)
+		if ((skb->sk->sk_xid != info->xid) ^
+		    !!(info->invert & XT_OWNER_XID))
+			return 0;
+
 	return true;
 }
 
Only in linux-2.6.25-owner-xid/net/netfilter: xt_owner.c~
Commit	Line	Data
2380c486 JR	1	diff -upr linux-2.6.25/include/linux/netfilter/xt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h
	2	--- linux-2.6.25/include/linux/netfilter/xt_owner.h 2008-04-17 02:49:44.000000000 +0000
	3	+++ linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h 2008-05-20 18:36:38.074950561 +0000
	4	@@ -5,12 +5,16 @@ enum {
	5	XT_OWNER_UID = 1 << 0,
	6	XT_OWNER_GID = 1 << 1,
	7	XT_OWNER_SOCKET = 1 << 2,
	8	+ XT_OWNER_XID = 1 << 3,
	9	+ XT_OWNER_NID = 1 << 4,
	10	};
	11
	12	struct xt_owner_match_info {
	13	u_int32_t uid_min, uid_max;
	14	u_int32_t gid_min, gid_max;
	15	u_int8_t match, invert;
	16	+ u_int32_t nid;
	17	+ u_int32_t xid;
	18	};
	19
	20	#endif /* _XT_OWNER_MATCH_H */
	21	Only in linux-2.6.25-owner-xid/include/linux/netfilter: xt_owner.h~
	22	diff -upr linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h
	23	--- linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h 2008-05-20 17:15:02.411418369 +0000
	24	+++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h 2008-05-20 17:16:22.905886167 +0000
	25	@@ -1,12 +1,16 @@
	26	#ifndef _IPT_OWNER_H
	27	#define _IPT_OWNER_H
	28
	29	+#include <linux/types.h>
	30	+
	31	/* match and invert flags */
	32	#define IPT_OWNER_UID 0x01
	33	#define IPT_OWNER_GID 0x02
	34	#define IPT_OWNER_PID 0x04
	35	#define IPT_OWNER_SID 0x08
	36	#define IPT_OWNER_COMM 0x10
	37	+#define IPT_OWNER_NID 0x20
	38	+#define IPT_OWNER_XID 0x40
	39
	40	struct ipt_owner_info {
	41	uid_t uid;
	42	@@ -15,6 +19,8 @@ struct ipt_owner_info {
	43	pid_t sid;
	44	char comm[16];
	45	u_int8_t match, invert; /* flags */
	46	+ u_int32_t nid;
	47	+ u_int32_t xid;
	48	};
	49
	50	#endif /_IPT_OWNER_H/
	51	diff -upr linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h
	52	--- linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h 2008-05-20 17:15:02.411418369 +0000
	53	+++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h 2008-05-20 17:16:22.905886167 +0000
	54	@@ -1,11 +1,15 @@
	55	#ifndef _IP6T_OWNER_H
	56	#define _IP6T_OWNER_H
	57
	58	+#include <linux/types.h>
	59	+
	60	/* match and invert flags */
	61	#define IP6T_OWNER_UID 0x01
	62	#define IP6T_OWNER_GID 0x02
	63	#define IP6T_OWNER_PID 0x04
	64	#define IP6T_OWNER_SID 0x08
65	+#define IP6T_OWNER_NID 0x20
66	+#define IP6T_OWNER_XID 0x40
67
68	struct ip6t_owner_info {
69	uid_t uid;
70	@@ -13,6 +17,8 @@ struct ip6t_owner_info {
71	pid_t pid;
72	pid_t sid;
73	u_int8_t match, invert; /* flags */
74	+ u_int32_t nid;
75	+ u_int32_t xid;
76	};
77
78	#endif /_IPT_OWNER_H/
79	diff -upr linux-2.6.25/net/netfilter/xt_owner.c linux-2.6.25-owner-xid/net/netfilter/xt_owner.c
80	--- linux-2.6.25/net/netfilter/xt_owner.c 2008-05-20 17:15:02.411418369 +0000
81	+++ linux-2.6.25-owner-xid/net/netfilter/xt_owner.c 2008-05-20 17:48:15.774419069 +0000
82	@@ -46,6 +46,16 @@ owner_mt_v0(const struct sk_buff *skb, c
83	!!(info->invert & IPT_OWNER_GID))
84	return false;
85
86	+ if (info->match & IPT_OWNER_NID)
87	+ if ((skb->sk->sk_nid != info->nid) ^
88	+ !!(info->invert & IPT_OWNER_NID))
89	+ return 0;
90	+
91	+ if (info->match & IPT_OWNER_XID)
92	+ if ((skb->sk->sk_xid != info->xid) ^
93	+ !!(info->invert & IPT_OWNER_XID))
94	+ return 0;
95	+
96	return true;
97	}
98
99	@@ -75,6 +85,16 @@ owner_mt6_v0(const struct sk_buff *skb,
100	!!(info->invert & IP6T_OWNER_GID))
101	return false;
102
103	+ if (info->match & IP6T_OWNER_NID)
104	+ if ((skb->sk->sk_nid != info->nid) ^
105	+ !!(info->invert & IP6T_OWNER_NID))
106	+ return 0;
107	+
108	+ if (info->match & IP6T_OWNER_XID)
109	+ if ((skb->sk->sk_xid != info->xid) ^
110	+ !!(info->invert & IP6T_OWNER_XID))
111	+ return 0;
112	+
113	return true;
114	}
115
116	@@ -113,6 +133,16 @@ owner_mt(const struct sk_buff *skb, cons
117	!(info->invert & XT_OWNER_GID))
118	return false;
119
120	+ if (info->match & XT_OWNER_NID)
121	+ if ((skb->sk->sk_nid != info->nid) ^
122	+ !!(info->invert & XT_OWNER_NID))
123	+ return 0;
124	+
125	+ if (info->match & XT_OWNER_XID)
126	+ if ((skb->sk->sk_xid != info->xid) ^
127	+ !!(info->invert & XT_OWNER_XID))
128	+ return 0;
129	+
130	return true;
131	}
132
133	Only in linux-2.6.25-owner-xid/net/netfilter: xt_owner.c~