]> git.pld-linux.org Git - packages/kernel.git/blob - kernel-owner-xid.patch
projects / packages / kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
-started update to 2.6.30; patches apply when using --without grsecurity
[packages/kernel.git] / kernel-owner-xid.patch
1 diff -upr linux-2.6.25/include/linux/netfilter/xt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h
2 --- linux-2.6.25/include/linux/netfilter/xt_owner.h     2008-04-17 02:49:44.000000000 +0000
3 +++ linux-2.6.25-owner-xid/include/linux/netfilter/xt_owner.h   2008-05-20 18:36:38.074950561 +0000
4 @@ -5,12 +5,16 @@ enum {
5         XT_OWNER_UID    = 1 << 0,
6         XT_OWNER_GID    = 1 << 1,
7         XT_OWNER_SOCKET = 1 << 2,
8 +       XT_OWNER_XID    = 1 << 3,
9 +       XT_OWNER_NID    = 1 << 4,
10  };
11  
12  struct xt_owner_match_info {
13         __u32 uid_min, uid_max;
14         __u32 gid_min, gid_max;
15         __u8 match, invert;
16 +       __u32 nid;
17 +       __u32 xid;
18  };
19  
20  #endif /* _XT_OWNER_MATCH_H */
21 Only in linux-2.6.25-owner-xid/include/linux/netfilter: xt_owner.h~
22 diff -upr linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h
23 --- linux-2.6.25/include/linux/netfilter_ipv4/ipt_owner.h       2008-05-20 17:15:02.411418369 +0000
24 +++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv4/ipt_owner.h     2008-05-20 17:16:22.905886167 +0000
25 @@ -1,12 +1,16 @@
26  #ifndef _IPT_OWNER_H
27  #define _IPT_OWNER_H
28  
29 +#include <linux/types.h>
30 +
31  /* match and invert flags */
32  #define IPT_OWNER_UID  0x01
33  #define IPT_OWNER_GID  0x02
34  #define IPT_OWNER_PID  0x04
35  #define IPT_OWNER_SID  0x08
36  #define IPT_OWNER_COMM 0x10
37 +#define IPT_OWNER_NID  0x20
38 +#define IPT_OWNER_XID  0x40
39  
40  struct ipt_owner_info {
41      uid_t uid;
42 @@ -15,6 +19,8 @@ struct ipt_owner_info {
43      pid_t sid;
44      char comm[16];
45      u_int8_t match, invert;    /* flags */
46 +    u_int32_t nid;
47 +    u_int32_t xid;
48  };
49  
50  #endif /*_IPT_OWNER_H*/
51 diff -upr linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h
52 --- linux-2.6.25/include/linux/netfilter_ipv6/ip6t_owner.h      2008-05-20 17:15:02.411418369 +0000
53 +++ linux-2.6.25-owner-xid/include/linux/netfilter_ipv6/ip6t_owner.h    2008-05-20 17:16:22.905886167 +0000
54 @@ -1,11 +1,15 @@
55  #ifndef _IP6T_OWNER_H
56  #define _IP6T_OWNER_H
57  
58 +#include <linux/types.h>
59 +
60  /* match and invert flags */
61  #define IP6T_OWNER_UID 0x01
62  #define IP6T_OWNER_GID 0x02
63  #define IP6T_OWNER_PID 0x04
64  #define IP6T_OWNER_SID 0x08
65 +#define IP6T_OWNER_NID 0x20
66 +#define IP6T_OWNER_XID 0x40
67  
68  struct ip6t_owner_info {
69      uid_t uid;
70 @@ -13,6 +17,8 @@ struct ip6t_owner_info {
71      pid_t pid;
72      pid_t sid;
73      u_int8_t match, invert;    /* flags */
74 +    u_int32_t nid;
75 +    u_int32_t xid;
76  };
77  
78  #endif /*_IPT_OWNER_H*/
79 diff -upr linux-2.6.25/net/netfilter/xt_owner.c linux-2.6.25-owner-xid/net/netfilter/xt_owner.c
80 --- linux-2.6.25/net/netfilter/xt_owner.c       2008-05-20 17:15:02.411418369 +0000
81 +++ linux-2.6.25-owner-xid/net/netfilter/xt_owner.c     2008-05-20 17:48:15.774419069 +0000
82 @@ -46,6 +46,16 @@ owner_mt_v0(const struct sk_buff *skb, c
83                     !!(info->invert & IPT_OWNER_GID))
84                         return false;
85  
86 +       if (info->match & IPT_OWNER_NID)
87 +               if ((skb->sk->sk_nid != info->nid) ^
88 +                   !!(info->invert & IPT_OWNER_NID))
89 +                       return 0;
90 +
91 +       if (info->match & IPT_OWNER_XID)
92 +               if ((skb->sk->sk_xid != info->xid) ^
93 +                   !!(info->invert & IPT_OWNER_XID))
94 +                       return 0;
95 +
96         return true;
97  }
98  
99 @@ -75,6 +85,16 @@ owner_mt6_v0(const struct sk_buff *skb, 
100                     !!(info->invert & IP6T_OWNER_GID))
101                         return false;
102  
103 +       if (info->match & IP6T_OWNER_NID)
104 +               if ((skb->sk->sk_nid != info->nid) ^
105 +                   !!(info->invert & IP6T_OWNER_NID))
106 +                       return 0;
107 +
108 +       if (info->match & IP6T_OWNER_XID)
109 +               if ((skb->sk->sk_xid != info->xid) ^
110 +                   !!(info->invert & IP6T_OWNER_XID))
111 +                       return 0;
112 +
113         return true;
114  }
115  
116 @@ -113,6 +133,16 @@ owner_mt(const struct sk_buff *skb, cons
117                     !(info->invert & XT_OWNER_GID))
118                         return false;
119  
120 +       if (info->match & XT_OWNER_NID)
121 +               if ((skb->sk->sk_nid != info->nid) ^
122 +                   !!(info->invert & XT_OWNER_NID))
123 +                       return 0;
124 +
125 +       if (info->match & XT_OWNER_XID)
126 +               if ((skb->sk->sk_xid != info->xid) ^
127 +                   !!(info->invert & XT_OWNER_XID))
128 +                       return 0;
129 +
130         return true;
131  }
132  
133 Only in linux-2.6.25-owner-xid/net/netfilter: xt_owner.c~
The Linux kernel (the core of the Linux operating system)
This page took 0.039655 seconds and 4 git commands to generate.