kernel-owner-xid.patch

   1 diff -upr linux-2.6.25/include/uapi/linux/netfilter/xt_owner.h linux-2.6.25-owner-xid/include/uapi/linux/netfilter/xt_owner.h
   2 --- linux-2.6.25/include/uapi/linux/netfilter/xt_owner.h        2008-04-17 02:49:44.000000000 +0000
   3 +++ linux-2.6.25-owner-xid/include/uapi/linux/netfilter/xt_owner.h      2008-05-20 18:36:38.074950561 +0000
   4 @@ -5,12 +5,16 @@ enum {
   5         XT_OWNER_UID    = 1 << 0,
   6         XT_OWNER_GID    = 1 << 1,
   7         XT_OWNER_SOCKET = 1 << 2,
   8 +       XT_OWNER_XID    = 1 << 3,
   9 +       XT_OWNER_NID    = 1 << 4,
  10  };
  11
  12  struct xt_owner_match_info {
  13         __u32 uid_min, uid_max;
  14         __u32 gid_min, gid_max;
  15         __u8 match, invert;
  16 +       __u32 nid;
  17 +       __u32 xid;
  18  };
  19
  20  #endif /* _XT_OWNER_MATCH_H */
  21 diff -upr linux-2.6.25/net/netfilter/xt_owner.c linux-2.6.25-owner-xid/net/netfilter/xt_owner.c
  22 --- linux-2.6.25/net/netfilter/xt_owner.c       2008-05-20 17:15:02.411418369 +0000
  23 +++ linux-2.6.25-owner-xid/net/netfilter/xt_owner.c     2008-05-20 17:48:15.774419069 +0000
  24 @@ -113,6 +133,16 @@ owner_mt(const struct sk_buff *skb, cons
  25                     !(info->invert & XT_OWNER_GID))
  26                         return false;
  27
  28 +       if (info->match & XT_OWNER_NID)
  29 +               if ((skb->sk->sk_nid != info->nid) ^
  30 +                   !!(info->invert & XT_OWNER_NID))
  31 +                       return 0;
  32 +
  33 +       if (info->match & XT_OWNER_XID)
  34 +               if ((skb->sk->sk_xid != info->xid) ^
  35 +                   !!(info->invert & XT_OWNER_XID))
  36 +                       return 0;
  37 +
  38         return true;
  39  }
  40