diff -urNp -x '*.orig' linux-4.9/include/uapi/linux/netfilter/xt_owner.h linux-4.9/include/uapi/linux/netfilter/xt_owner.h
--- linux-4.9/include/uapi/linux/netfilter/xt_owner.h	2016-12-11 20:17:54.000000000 +0100
+++ linux-4.9/include/uapi/linux/netfilter/xt_owner.h	2021-02-24 15:31:31.354043397 +0100
@@ -7,12 +7,16 @@ enum {
 	XT_OWNER_UID    = 1 << 0,
 	XT_OWNER_GID    = 1 << 1,
 	XT_OWNER_SOCKET = 1 << 2,
+	XT_OWNER_XID    = 1 << 3,
+	XT_OWNER_NID    = 1 << 4,
 };
 
 struct xt_owner_match_info {
 	__u32 uid_min, uid_max;
 	__u32 gid_min, gid_max;
 	__u8 match, invert;
+	__u32 nid;
+	__u32 xid;
 };
 
 #endif /* _XT_OWNER_MATCH_H */
diff -urNp -x '*.orig' linux-4.9/net/netfilter/xt_owner.c linux-4.9/net/netfilter/xt_owner.c
--- linux-4.9/net/netfilter/xt_owner.c	2016-12-11 20:17:54.000000000 +0100
+++ linux-4.9/net/netfilter/xt_owner.c	2021-02-24 15:31:31.354043397 +0100
@@ -97,6 +97,16 @@ owner_mt(const struct sk_buff *skb, stru
 			return false;
 	}
 
+	if (info->match & XT_OWNER_NID)
+		if ((skb->sk->sk_nid != info->nid) ^
+		    !!(info->invert & XT_OWNER_NID))
+			return 0;
+
+	if (info->match & XT_OWNER_XID)
+		if ((skb->sk->sk_xid != info->xid) ^
+		    !!(info->invert & XT_OWNER_XID))
+			return 0;
+
 	return true;
 }