]>
Commit | Line | Data |
---|---|---|
2380c486 JR |
1 | diff -upr linux-2.6.25/include/linux/netfilter/xt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h |
2 | --- linux-2.6.25/include/linux/netfilter/xt_owner.h 2008-04-17 02:49:44.000000000 +0000 | |
3 | +++ linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h 2008-05-20 18:36:38.074950561 +0000 | |
4 | @@ -5,12 +5,16 @@ enum { | |
5 | XT_OWNER_UID = 1 << 0, | |
6 | XT_OWNER_GID = 1 << 1, | |
7 | XT_OWNER_SOCKET = 1 << 2, | |
8 | + XT_OWNER_XID = 1 << 3, | |
9 | + XT_OWNER_NID = 1 << 4, | |
10 | }; | |
11 | ||
12 | struct xt_owner_match_info { | |
13 | u_int32_t uid_min, uid_max; | |
14 | u_int32_t gid_min, gid_max; | |
15 | u_int8_t match, invert; | |
16 | + u_int32_t nid; | |
17 | + u_int32_t xid; | |
18 | }; | |
19 | ||
20 | #endif /* _XT_OWNER_MATCH_H */ | |
21 | Only in linux-2.6.25-owner-xid/include/linux/netfilter: xt_owner.h~ | |
22 | diff -upr linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h | |
23 | --- linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h 2008-05-20 17:15:02.411418369 +0000 | |
24 | +++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h 2008-05-20 17:16:22.905886167 +0000 | |
25 | @@ -1,12 +1,16 @@ | |
26 | #ifndef _IPT_OWNER_H | |
27 | #define _IPT_OWNER_H | |
28 | ||
29 | +#include <linux/types.h> | |
30 | + | |
31 | /* match and invert flags */ | |
32 | #define IPT_OWNER_UID 0x01 | |
33 | #define IPT_OWNER_GID 0x02 | |
34 | #define IPT_OWNER_PID 0x04 | |
35 | #define IPT_OWNER_SID 0x08 | |
36 | #define IPT_OWNER_COMM 0x10 | |
37 | +#define IPT_OWNER_NID 0x20 | |
38 | +#define IPT_OWNER_XID 0x40 | |
39 | ||
40 | struct ipt_owner_info { | |
41 | uid_t uid; | |
42 | @@ -15,6 +19,8 @@ struct ipt_owner_info { | |
43 | pid_t sid; | |
44 | char comm[16]; | |
45 | u_int8_t match, invert; /* flags */ | |
46 | + u_int32_t nid; | |
47 | + u_int32_t xid; | |
48 | }; | |
49 | ||
50 | #endif /*_IPT_OWNER_H*/ | |
51 | diff -upr linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h | |
52 | --- linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h 2008-05-20 17:15:02.411418369 +0000 | |
53 | +++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h 2008-05-20 17:16:22.905886167 +0000 | |
54 | @@ -1,11 +1,15 @@ | |
55 | #ifndef _IP6T_OWNER_H | |
56 | #define _IP6T_OWNER_H | |
57 | ||
58 | +#include <linux/types.h> | |
59 | + | |
60 | /* match and invert flags */ | |
61 | #define IP6T_OWNER_UID 0x01 | |
62 | #define IP6T_OWNER_GID 0x02 | |
63 | #define IP6T_OWNER_PID 0x04 | |
64 | #define IP6T_OWNER_SID 0x08 | |
65 | +#define IP6T_OWNER_NID 0x20 | |
66 | +#define IP6T_OWNER_XID 0x40 | |
67 | ||
68 | struct ip6t_owner_info { | |
69 | uid_t uid; | |
70 | @@ -13,6 +17,8 @@ struct ip6t_owner_info { | |
71 | pid_t pid; | |
72 | pid_t sid; | |
73 | u_int8_t match, invert; /* flags */ | |
74 | + u_int32_t nid; | |
75 | + u_int32_t xid; | |
76 | }; | |
77 | ||
78 | #endif /*_IPT_OWNER_H*/ | |
79 | diff -upr linux-2.6.25/net/netfilter/xt_owner.c linux-2.6.25-owner-xid/net/netfilter/xt_owner.c | |
80 | --- linux-2.6.25/net/netfilter/xt_owner.c 2008-05-20 17:15:02.411418369 +0000 | |
81 | +++ linux-2.6.25-owner-xid/net/netfilter/xt_owner.c 2008-05-20 17:48:15.774419069 +0000 | |
82 | @@ -46,6 +46,16 @@ owner_mt_v0(const struct sk_buff *skb, c | |
83 | !!(info->invert & IPT_OWNER_GID)) | |
84 | return false; | |
85 | ||
86 | + if (info->match & IPT_OWNER_NID) | |
87 | + if ((skb->sk->sk_nid != info->nid) ^ | |
88 | + !!(info->invert & IPT_OWNER_NID)) | |
89 | + return 0; | |
90 | + | |
91 | + if (info->match & IPT_OWNER_XID) | |
92 | + if ((skb->sk->sk_xid != info->xid) ^ | |
93 | + !!(info->invert & IPT_OWNER_XID)) | |
94 | + return 0; | |
95 | + | |
96 | return true; | |
97 | } | |
98 | ||
99 | @@ -75,6 +85,16 @@ owner_mt6_v0(const struct sk_buff *skb, | |
100 | !!(info->invert & IP6T_OWNER_GID)) | |
101 | return false; | |
102 | ||
103 | + if (info->match & IP6T_OWNER_NID) | |
104 | + if ((skb->sk->sk_nid != info->nid) ^ | |
105 | + !!(info->invert & IP6T_OWNER_NID)) | |
106 | + return 0; | |
107 | + | |
108 | + if (info->match & IP6T_OWNER_XID) | |
109 | + if ((skb->sk->sk_xid != info->xid) ^ | |
110 | + !!(info->invert & IP6T_OWNER_XID)) | |
111 | + return 0; | |
112 | + | |
113 | return true; | |
114 | } | |
115 | ||
116 | @@ -113,6 +133,16 @@ owner_mt(const struct sk_buff *skb, cons | |
117 | !(info->invert & XT_OWNER_GID)) | |
118 | return false; | |
119 | ||
120 | + if (info->match & XT_OWNER_NID) | |
121 | + if ((skb->sk->sk_nid != info->nid) ^ | |
122 | + !!(info->invert & XT_OWNER_NID)) | |
123 | + return 0; | |
124 | + | |
125 | + if (info->match & XT_OWNER_XID) | |
126 | + if ((skb->sk->sk_xid != info->xid) ^ | |
127 | + !!(info->invert & XT_OWNER_XID)) | |
128 | + return 0; | |
129 | + | |
130 | return true; | |
131 | } | |
132 | ||
133 | Only in linux-2.6.25-owner-xid/net/netfilter: xt_owner.c~ |