diff -upr linux-2.6.25/include/linux/netfilter/xt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h --- linux-2.6.25/include/linux/netfilter/xt_owner.h 2008-04-17 02:49:44.000000000 +0000 +++ linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h 2008-05-20 18:36:38.074950561 +0000 @@ -5,12 +5,16 @@ enum { XT_OWNER_UID = 1 << 0, XT_OWNER_GID = 1 << 1, XT_OWNER_SOCKET = 1 << 2, + XT_OWNER_XID = 1 << 3, + XT_OWNER_NID = 1 << 4, }; struct xt_owner_match_info { u_int32_t uid_min, uid_max; u_int32_t gid_min, gid_max; u_int8_t match, invert; + u_int32_t nid; + u_int32_t xid; }; #endif /* _XT_OWNER_MATCH_H */ Only in linux-2.6.25-owner-xid/include/linux/netfilter: xt_owner.h~ diff -upr linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h --- linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h 2008-05-20 17:15:02.411418369 +0000 +++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h 2008-05-20 17:16:22.905886167 +0000 @@ -1,12 +1,16 @@ #ifndef _IPT_OWNER_H #define _IPT_OWNER_H +#include + /* match and invert flags */ #define IPT_OWNER_UID 0x01 #define IPT_OWNER_GID 0x02 #define IPT_OWNER_PID 0x04 #define IPT_OWNER_SID 0x08 #define IPT_OWNER_COMM 0x10 +#define IPT_OWNER_NID 0x20 +#define IPT_OWNER_XID 0x40 struct ipt_owner_info { uid_t uid; @@ -15,6 +19,8 @@ struct ipt_owner_info { pid_t sid; char comm[16]; u_int8_t match, invert; /* flags */ + u_int32_t nid; + u_int32_t xid; }; #endif /*_IPT_OWNER_H*/ diff -upr linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h --- linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h 2008-05-20 17:15:02.411418369 +0000 +++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h 2008-05-20 17:16:22.905886167 +0000 @@ -1,11 +1,15 @@ #ifndef _IP6T_OWNER_H #define _IP6T_OWNER_H +#include + /* match and invert flags */ #define IP6T_OWNER_UID 0x01 #define IP6T_OWNER_GID 0x02 #define IP6T_OWNER_PID 0x04 #define IP6T_OWNER_SID 0x08 +#define IP6T_OWNER_NID 0x20 +#define IP6T_OWNER_XID 0x40 struct ip6t_owner_info { uid_t uid; @@ -13,6 +17,8 @@ struct ip6t_owner_info { pid_t pid; pid_t sid; u_int8_t match, invert; /* flags */ + u_int32_t nid; + u_int32_t xid; }; #endif /*_IPT_OWNER_H*/ diff -upr linux-2.6.25/net/netfilter/xt_owner.c linux-2.6.25-owner-xid/net/netfilter/xt_owner.c --- linux-2.6.25/net/netfilter/xt_owner.c 2008-05-20 17:15:02.411418369 +0000 +++ linux-2.6.25-owner-xid/net/netfilter/xt_owner.c 2008-05-20 17:48:15.774419069 +0000 @@ -46,6 +46,16 @@ owner_mt_v0(const struct sk_buff *skb, c !!(info->invert & IPT_OWNER_GID)) return false; + if (info->match & IPT_OWNER_NID) + if ((skb->sk->sk_nid != info->nid) ^ + !!(info->invert & IPT_OWNER_NID)) + return 0; + + if (info->match & IPT_OWNER_XID) + if ((skb->sk->sk_xid != info->xid) ^ + !!(info->invert & IPT_OWNER_XID)) + return 0; + return true; } @@ -75,6 +85,16 @@ owner_mt6_v0(const struct sk_buff *skb, !!(info->invert & IP6T_OWNER_GID)) return false; + if (info->match & IP6T_OWNER_NID) + if ((skb->sk->sk_nid != info->nid) ^ + !!(info->invert & IP6T_OWNER_NID)) + return 0; + + if (info->match & IP6T_OWNER_XID) + if ((skb->sk->sk_xid != info->xid) ^ + !!(info->invert & IP6T_OWNER_XID)) + return 0; + return true; } @@ -113,6 +133,16 @@ owner_mt(const struct sk_buff *skb, cons !(info->invert & XT_OWNER_GID)) return false; + if (info->match & XT_OWNER_NID) + if ((skb->sk->sk_nid != info->nid) ^ + !!(info->invert & XT_OWNER_NID)) + return 0; + + if (info->match & XT_OWNER_XID) + if ((skb->sk->sk_xid != info->xid) ^ + !!(info->invert & XT_OWNER_XID)) + return 0; + return true; } Only in linux-2.6.25-owner-xid/net/netfilter: xt_owner.c~