]>
Commit | Line | Data |
---|---|---|
78d5658d | 1 | diff -Nurp iptables-1.3.5.orig/extensions/libip6t_owner.c iptables-1.3.5.owner-xid/extensions/libip6t_owner.c |
2 | --- iptables-1.3.5.orig/extensions/libip6t_owner.c 2005-06-29 18:39:54.000000000 +0200 | |
3 | +++ iptables-1.3.5.owner-xid/extensions/libip6t_owner.c 2006-09-05 20:00:31.000000000 +0200 | |
4 | @@ -22,6 +22,8 @@ help(void) | |
5 | "[!] --pid-owner processid Match local pid\n" | |
6 | "[!] --sid-owner sessionid Match local sid\n" | |
7 | "[!] --cmd-owner name Match local command name\n" | |
8 | +"[!] --nid-owner nid Match local nid\n" | |
9 | +"[!] --xid-owner xid Match local xid\n" | |
10 | "\n", | |
11 | IPTABLES_VERSION); | |
12 | #else | |
13 | @@ -31,6 +33,8 @@ IPTABLES_VERSION); | |
14 | "[!] --gid-owner groupid Match local gid\n" | |
15 | "[!] --pid-owner processid Match local pid\n" | |
16 | "[!] --sid-owner sessionid Match local sid\n" | |
17 | +"[!] --nid-owner nid Match local nid\n" | |
18 | +"[!] --xid-owner xid Match local xid\n" | |
19 | "\n", | |
20 | IPTABLES_VERSION); | |
21 | #endif /* IP6T_OWNER_COMM */ | |
22 | @@ -44,6 +48,8 @@ static struct option opts[] = { | |
23 | #ifdef IP6T_OWNER_COMM | |
22e747c8 | 24 | { "cmd-owner", 1, NULL, '5' }, |
78d5658d | 25 | #endif |
22e747c8 AM |
26 | + { "nid-owner", 1, NULL, '6' }, |
27 | + { "xid-owner", 1, NULL, '7' }, | |
28 | { } | |
78d5658d | 29 | }; |
30 | ||
31 | @@ -129,6 +135,28 @@ parse(int c, char **argv, int invert, un | |
32 | *flags = 1; | |
33 | break; | |
34 | #endif | |
35 | + | |
36 | + case '6': | |
37 | + check_inverse(optarg, &invert, &optind, 0); | |
38 | + ownerinfo->nid = strtoul(optarg, &end, 0); | |
39 | + if (*end != '\0' || end == optarg) | |
40 | + exit_error(PARAMETER_PROBLEM, "Bad OWNER NID value `%s'", optarg); | |
41 | + if (invert) | |
42 | + ownerinfo->invert |= IP6T_OWNER_NID; | |
43 | + ownerinfo->match |= IP6T_OWNER_NID; | |
44 | + *flags = 1; | |
45 | + break; | |
46 | + | |
47 | + case '7': | |
48 | + check_inverse(optarg, &invert, &optind, 0); | |
49 | + ownerinfo->xid = strtoul(optarg, &end, 0); | |
50 | + if (*end != '\0' || end == optarg) | |
51 | + exit_error(PARAMETER_PROBLEM, "Bad OWNER XID value `%s'", optarg); | |
52 | + if (invert) | |
53 | + ownerinfo->invert |= IP6T_OWNER_XID; | |
54 | + ownerinfo->match |= IP6T_OWNER_XID; | |
55 | + *flags = 1; | |
56 | + break; | |
57 | ||
58 | default: | |
59 | return 0; | |
60 | @@ -182,6 +210,12 @@ print_item(struct ip6t_owner_info *info, | |
61 | printf("%.*s ", (int)sizeof(info->comm), info->comm); | |
62 | break; | |
63 | #endif | |
64 | + case IP6T_OWNER_NID: | |
65 | + printf("%u ", info->nid); | |
66 | + break; | |
67 | + case IP6T_OWNER_XID: | |
68 | + printf("%u ", info->xid); | |
69 | + break; | |
70 | default: | |
71 | break; | |
72 | } | |
73 | @@ -212,6 +246,8 @@ print(const struct ip6t_ip6 *ip, | |
74 | #ifdef IP6T_OWNER_COMM | |
75 | print_item(info, IP6T_OWNER_COMM, numeric, "OWNER CMD match "); | |
76 | #endif | |
77 | + print_item(info, IP6T_OWNER_NID, numeric, "OWNER NID match "); | |
78 | + print_item(info, IP6T_OWNER_XID, numeric, "OWNER XID match "); | |
79 | } | |
80 | ||
81 | /* Saves the union ip6t_matchinfo in parsable form to stdout. */ | |
82 | @@ -227,6 +263,8 @@ save(const struct ip6t_ip6 *ip, const st | |
83 | #ifdef IP6T_OWNER_COMM | |
84 | print_item(info, IP6T_OWNER_COMM, 0, "--cmd-owner "); | |
85 | #endif | |
86 | + print_item(info, IP6T_OWNER_NID, 0, "--nid-owner "); | |
87 | + print_item(info, IP6T_OWNER_XID, 0, "--xid-owner "); | |
88 | } | |
89 | ||
90 | static struct ip6tables_match owner = { | |
91 | diff -Nurp iptables-1.3.5.orig/extensions/libip6t_owner.man iptables-1.3.5.owner-xid/extensions/libip6t_owner.man | |
92 | --- iptables-1.3.5.orig/extensions/libip6t_owner.man 2006-01-30 09:41:00.000000000 +0100 | |
93 | +++ iptables-1.3.5.owner-xid/extensions/libip6t_owner.man 2006-09-05 19:54:47.000000000 +0200 | |
94 | @@ -20,4 +20,12 @@ process id. | |
95 | Matches if the packet was created by a process in the given session | |
96 | group. | |
97 | .TP | |
98 | +.BI "--nid-owner " "network context id" | |
99 | +Matches if the packet was created by a process with the given | |
100 | +network context id. | |
101 | +.TP | |
102 | +.BI "--xid-owner " "context id" | |
103 | +Matches if the packet was created by a process with the given | |
104 | +context id. | |
105 | +.TP | |
106 | .B NOTE: pid, sid and command matching are broken on SMP | |
107 | diff -Nurp iptables-1.3.5.orig/extensions/libipt_owner.c iptables-1.3.5.owner-xid/extensions/libipt_owner.c | |
108 | --- iptables-1.3.5.orig/extensions/libipt_owner.c 2006-01-30 09:43:10.000000000 +0100 | |
109 | +++ iptables-1.3.5.owner-xid/extensions/libipt_owner.c 2006-09-05 20:02:30.000000000 +0200 | |
110 | @@ -22,6 +22,8 @@ help(void) | |
111 | "[!] --pid-owner processid Match local pid\n" | |
112 | "[!] --sid-owner sessionid Match local sid\n" | |
113 | "[!] --cmd-owner name Match local command name\n" | |
114 | +"[!] --nid-owner nid Match local nid\n" | |
115 | +"[!] --xid-owner xid Match local xid\n" | |
116 | "NOTE: pid, sid and command matching are broken on SMP\n" | |
117 | "\n", | |
118 | IPTABLES_VERSION); | |
119 | @@ -32,6 +34,8 @@ IPTABLES_VERSION); | |
120 | "[!] --gid-owner groupid Match local gid\n" | |
121 | "[!] --pid-owner processid Match local pid\n" | |
122 | "[!] --sid-owner sessionid Match local sid\n" | |
123 | +"[!] --nid-owner nid Match local nid\n" | |
124 | +"[!] --xid-owner xid Match local xid\n" | |
125 | "NOTE: pid and sid matching are broken on SMP\n" | |
126 | "\n", | |
127 | IPTABLES_VERSION); | |
128 | @@ -46,6 +50,8 @@ static struct option opts[] = { | |
129 | #ifdef IPT_OWNER_COMM | |
22e747c8 | 130 | { "cmd-owner", 1, NULL, '5' }, |
78d5658d | 131 | #endif |
22e747c8 AM |
132 | + { "nid-owner", 1, NULL, '6' }, |
133 | + { "xid-owner", 1, NULL, '7' }, | |
134 | { } | |
78d5658d | 135 | }; |
136 | ||
137 | @@ -131,6 +137,28 @@ parse(int c, char **argv, int invert, un | |
138 | break; | |
139 | #endif | |
140 | ||
141 | + case '6': | |
142 | + check_inverse(optarg, &invert, &optind, 0); | |
143 | + ownerinfo->nid = strtoul(optarg, &end, 0); | |
144 | + if (*end != '\0' || end == optarg) | |
145 | + exit_error(PARAMETER_PROBLEM, "Bad OWNER NID value `%s'", optarg); | |
146 | + if (invert) | |
147 | + ownerinfo->invert |= IPT_OWNER_NID; | |
148 | + ownerinfo->match |= IPT_OWNER_NID; | |
149 | + *flags = 1; | |
150 | + break; | |
151 | + | |
152 | + case '7': | |
153 | + check_inverse(optarg, &invert, &optind, 0); | |
154 | + ownerinfo->xid = strtoul(optarg, &end, 0); | |
155 | + if (*end != '\0' || end == optarg) | |
156 | + exit_error(PARAMETER_PROBLEM, "Bad OWNER XID value `%s'", optarg); | |
157 | + if (invert) | |
158 | + ownerinfo->invert |= IPT_OWNER_XID; | |
159 | + ownerinfo->match |= IPT_OWNER_XID; | |
160 | + *flags = 1; | |
161 | + break; | |
162 | + | |
163 | default: | |
164 | return 0; | |
165 | } | |
166 | @@ -183,6 +211,12 @@ print_item(struct ipt_owner_info *info, | |
167 | printf("%.*s ", (int)sizeof(info->comm), info->comm); | |
168 | break; | |
169 | #endif | |
170 | + case IPT_OWNER_NID: | |
171 | + printf("%u ", info->nid); | |
172 | + break; | |
173 | + case IPT_OWNER_XID: | |
174 | + printf("%u ", info->xid); | |
175 | + break; | |
176 | default: | |
177 | break; | |
178 | } | |
179 | @@ -213,6 +247,8 @@ print(const struct ipt_ip *ip, | |
180 | #ifdef IPT_OWNER_COMM | |
181 | print_item(info, IPT_OWNER_COMM, numeric, "OWNER CMD match "); | |
182 | #endif | |
183 | + print_item(info, IPT_OWNER_NID, numeric, "OWNER NID match "); | |
184 | + print_item(info, IPT_OWNER_XID, numeric, "OWNER XID match "); | |
185 | } | |
186 | ||
187 | /* Saves the union ipt_matchinfo in parsable form to stdout. */ | |
188 | @@ -228,6 +264,8 @@ save(const struct ipt_ip *ip, const stru | |
189 | #ifdef IPT_OWNER_COMM | |
190 | print_item(info, IPT_OWNER_COMM, 0, "--cmd-owner "); | |
191 | #endif | |
192 | + print_item(info, IPT_OWNER_NID, 0, "--nid-owner "); | |
193 | + print_item(info, IPT_OWNER_XID, 0, "--xid-owner "); | |
194 | } | |
195 | ||
196 | static struct iptables_match owner = { | |
197 | diff -Nurp iptables-1.3.5.orig/extensions/libipt_owner.man iptables-1.3.5.owner-xid/extensions/libipt_owner.man | |
198 | --- iptables-1.3.5.orig/extensions/libipt_owner.man 2004-10-10 11:56:26.000000000 +0200 | |
199 | +++ iptables-1.3.5.owner-xid/extensions/libipt_owner.man 2006-09-05 19:54:53.000000000 +0200 | |
200 | @@ -25,4 +25,12 @@ Matches if the packet was created by a p | |
201 | (this option is present only if iptables was compiled under a kernel | |
202 | supporting this feature) | |
203 | .TP | |
204 | +.BI "--nid-owner " "network context id" | |
205 | +Matches if the packet was created by a process with the given | |
206 | +network context id. | |
207 | +.TP | |
208 | +.BI "--xid-owner " "context id" | |
209 | +Matches if the packet was created by a process with the given | |
210 | +context id. | |
211 | +.TP | |
212 | .B NOTE: pid, sid and command matching are broken on SMP | |
213 | diff -Nurp iptables-1.3.5.orig/include/linux/netfilter_ipv6/ip6t_owner.h iptables-1.3.5.owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h | |
214 | --- iptables-1.3.5.orig/include/linux/netfilter_ipv6/ip6t_owner.h 2004-10-10 11:56:23.000000000 +0200 | |
215 | +++ iptables-1.3.5.owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h 2006-09-05 19:52:12.000000000 +0200 | |
216 | @@ -1,11 +1,15 @@ | |
217 | #ifndef _IP6T_OWNER_H | |
218 | #define _IP6T_OWNER_H | |
219 | ||
220 | +#include <linux/types.h> | |
221 | + | |
222 | /* match and invert flags */ | |
223 | #define IP6T_OWNER_UID 0x01 | |
224 | #define IP6T_OWNER_GID 0x02 | |
225 | #define IP6T_OWNER_PID 0x04 | |
226 | #define IP6T_OWNER_SID 0x08 | |
227 | +#define IP6T_OWNER_NID 0x20 | |
228 | +#define IP6T_OWNER_XID 0x40 | |
229 | ||
230 | struct ip6t_owner_info { | |
231 | uid_t uid; | |
232 | @@ -13,6 +17,8 @@ struct ip6t_owner_info { | |
233 | pid_t pid; | |
234 | pid_t sid; | |
235 | u_int8_t match, invert; /* flags */ | |
236 | + u_int32_t nid; | |
237 | + u_int32_t xid; | |
238 | }; | |
239 | ||
240 | #endif /*_IPT_OWNER_H*/ |