diff -upr linux-2.6.25/include/uapi/linux/netfilter/xt_owner.h linux-2.6.25-owner-xid/include/uapi/linux/netfilter/xt_owner.h
--- linux-2.6.25/include/uapi/linux/netfilter/xt_owner.h	2008-04-17 02:49:44.000000000 +0000
+++ linux-2.6.25-owner-xid/include/uapi/linux/netfilter/xt_owner.h	2008-05-20 18:36:38.074950561 +0000
@@ -5,12 +5,16 @@ enum {
 	XT_OWNER_UID    = 1 << 0,
 	XT_OWNER_GID    = 1 << 1,
 	XT_OWNER_SOCKET = 1 << 2,
+	XT_OWNER_XID    = 1 << 3,
+	XT_OWNER_NID    = 1 << 4,
 };
 
 struct xt_owner_match_info {
 	__u32 uid_min, uid_max;
 	__u32 gid_min, gid_max;
 	__u8 match, invert;
+	__u32 nid;
+	__u32 xid;
 };
 
 #endif /* _XT_OWNER_MATCH_H */
diff -upr linux-2.6.25/net/netfilter/xt_owner.c linux-2.6.25-owner-xid/net/netfilter/xt_owner.c
--- linux-2.6.25/net/netfilter/xt_owner.c	2008-05-20 17:15:02.411418369 +0000
+++ linux-2.6.25-owner-xid/net/netfilter/xt_owner.c	2008-05-20 17:48:15.774419069 +0000
@@ -113,6 +133,16 @@ owner_mt(const struct sk_buff *skb, cons
 		    !(info->invert & XT_OWNER_GID))
 			return false;
 
+	if (info->match & XT_OWNER_NID)
+		if ((skb->sk->sk_nid != info->nid) ^
+		    !!(info->invert & XT_OWNER_NID))
+			return 0;
+
+	if (info->match & XT_OWNER_XID)
+		if ((skb->sk->sk_xid != info->xid) ^
+		    !!(info->invert & XT_OWNER_XID))
+			return 0;
+
 	return true;
 }