kernel-owner-xid.patch

   1 diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/netfilter/xt_owner.h linux-4.9/include/uapi/linux/netfilter/xt_owner.h
   2 --- linux-4.9/include/uapi/linux/netfilter/xt_owner.h   2016-12-11 20:17:54.000000000 +0100
   3 +++ linux-4.9/include/uapi/linux/netfilter/xt_owner.h   2021-02-24 15:31:31.354043397 +0100
   4 @@ -7,12 +7,16 @@ enum {
   5         XT_OWNER_UID    = 1 << 0,
   6         XT_OWNER_GID    = 1 << 1,
   7         XT_OWNER_SOCKET = 1 << 2,
   8 +       XT_OWNER_XID    = 1 << 3,
   9 +       XT_OWNER_NID    = 1 << 4,
  10  };
  11
  12  struct xt_owner_match_info {
  13         __u32 uid_min, uid_max;
  14         __u32 gid_min, gid_max;
  15         __u8 match, invert;
  16 +       __u32 nid;
  17 +       __u32 xid;
  18  };
  19
  20  #endif /* _XT_OWNER_MATCH_H */
  21 diff -urNp -x '*.orig' linux-4.9/net/netfilter/xt_owner.c linux-4.9/net/netfilter/xt_owner.c
  22 --- linux-4.9/net/netfilter/xt_owner.c  2016-12-11 20:17:54.000000000 +0100
  23 +++ linux-4.9/net/netfilter/xt_owner.c  2021-02-24 15:31:31.354043397 +0100
  24 @@ -97,6 +97,16 @@ owner_mt(const struct sk_buff *skb, stru
  25                         return false;
  26         }
  27
  28 +       if (info->match & XT_OWNER_NID)
  29 +               if ((skb->sk->sk_nid != info->nid) ^
  30 +                   !!(info->invert & XT_OWNER_NID))
  31 +                       return 0;
  32 +
  33 +       if (info->match & XT_OWNER_XID)
  34 +               if ((skb->sk->sk_xid != info->xid) ^
  35 +                   !!(info->invert & XT_OWNER_XID))
  36 +                       return 0;
  37 +
  38         return true;
  39  }
  40