Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / iptables / 213e185afbb298e6708881e4c2adffdc47a8b6da / . / extensions / libxt_owner.c
blob: 4cd173e316f2f9931b41d6a62f3dcbe3ecc53e57 [file] [log] [blame]
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]1/*
2 * libxt_owner - iptables addon for xt_owner
3 *
4 * Copyright © CC Computer Consultants GmbH, 2007 - 2008
5 * Jan Engelhardt <jengelh@computergmbh.de>
6 */
7#include <getopt.h>
8#include <grp.h>
9#include <netdb.h>
10#include <pwd.h>
11#include <stdbool.h>
12#include <stdio.h>
13#include <stdlib.h>
14#include <string.h>
Phil Oester9a90f902008-09-01 15:07:26 +0200[diff] [blame]15#include <limits.h>
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]16
17#include <xtables.h>
18#include <linux/netfilter/xt_owner.h>
19#include <linux/netfilter_ipv4/ipt_owner.h>
20#include <linux/netfilter_ipv6/ip6t_owner.h>
21
22enum {
23 FLAG_UID_OWNER = 1 << 0,
24 FLAG_GID_OWNER = 1 << 1,
25 FLAG_SOCKET_EXISTS = 1 << 2,
26 FLAG_PID_OWNER = 1 << 3,
27 FLAG_SID_OWNER = 1 << 4,
28 FLAG_COMM = 1 << 5,
29};
30
31static void owner_mt_help_v0(void)
32{
33#ifdef IPT_OWNER_COMM
34 printf(
35"owner match options:\n"
36"[!] --uid-owner userid Match local UID\n"
37"[!] --gid-owner groupid Match local GID\n"
38"[!] --pid-owner processid Match local PID\n"
39"[!] --sid-owner sessionid Match local SID\n"
40"[!] --cmd-owner name Match local command name\n"
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]41"NOTE: PID, SID and command matching are broken on SMP\n");
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]42#else
43 printf(
44"owner match options:\n"
45"[!] --uid-owner userid Match local UID\n"
46"[!] --gid-owner groupid Match local GID\n"
47"[!] --pid-owner processid Match local PID\n"
48"[!] --sid-owner sessionid Match local SID\n"
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]49"NOTE: PID and SID matching are broken on SMP\n");
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]50#endif /* IPT_OWNER_COMM */
51}
52
53static void owner_mt6_help_v0(void)
54{
55 printf(
56"owner match options:\n"
57"[!] --uid-owner userid Match local UID\n"
58"[!] --gid-owner groupid Match local GID\n"
59"[!] --pid-owner processid Match local PID\n"
60"[!] --sid-owner sessionid Match local SID\n"
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]61"NOTE: PID and SID matching are broken on SMP\n");
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]62}
63
64static void owner_mt_help(void)
65{
66 printf(
67"owner match options:\n"
Jan Engelhardtca1da702008-01-29 13:38:05 +0000[diff] [blame]68"[!] --uid-owner userid[-userid] Match local UID\n"
69"[!] --gid-owner groupid[-groupid] Match local GID\n"
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]70"[!] --socket-exists Match if socket exists\n");
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]71}
72
73static const struct option owner_mt_opts_v0[] = {
74 {.name = "uid-owner", .has_arg = true, .val = 'u'},
75 {.name = "gid-owner", .has_arg = true, .val = 'g'},
76 {.name = "pid-owner", .has_arg = true, .val = 'p'},
77 {.name = "sid-owner", .has_arg = true, .val = 's'},
78#ifdef IPT_OWNER_COMM
79 {.name = "cmd-owner", .has_arg = true, .val = 'c'},
80#endif
Max Kellermann9ee386a2008-01-29 13:48:05 +0000[diff] [blame]81 { .name = NULL }
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]82};
83
84static const struct option owner_mt6_opts_v0[] = {
85 {.name = "uid-owner", .has_arg = true, .val = 'u'},
86 {.name = "gid-owner", .has_arg = true, .val = 'g'},
87 {.name = "pid-owner", .has_arg = true, .val = 'p'},
88 {.name = "sid-owner", .has_arg = true, .val = 's'},
Max Kellermann9ee386a2008-01-29 13:48:05 +0000[diff] [blame]89 { .name = NULL }
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]90};
91
92static const struct option owner_mt_opts[] = {
93 {.name = "uid-owner", .has_arg = true, .val = 'u'},
94 {.name = "gid-owner", .has_arg = true, .val = 'g'},
95 {.name = "socket-exists", .has_arg = false, .val = 'k'},
Max Kellermann9ee386a2008-01-29 13:48:05 +0000[diff] [blame]96 { .name = NULL }
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]97};
98
99static int
100owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
101 const void *entry, struct xt_entry_match **match)
102{
103 struct ipt_owner_info *info = (void *)(*match)->data;
104 struct passwd *pwd;
105 struct group *grp;
106 unsigned int id;
107
108 switch (c) {
109 case 'u':
110 param_act(P_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER);
111 if ((pwd = getpwnam(optarg)) != NULL)
112 id = pwd->pw_uid;
113 else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0))
114 param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg);
115 if (invert)
116 info->invert |= IPT_OWNER_UID;
117 info->match |= IPT_OWNER_UID;
118 info->uid = id;
119 *flags |= FLAG_UID_OWNER;
120 return true;
121
122 case 'g':
123 param_act(P_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER);
124 if ((grp = getgrnam(optarg)) != NULL)
125 id = grp->gr_gid;
126 else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0))
127 param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg);
128 if (invert)
129 info->invert |= IPT_OWNER_GID;
130 info->match |= IPT_OWNER_GID;
131 info->gid = id;
132 *flags |= FLAG_GID_OWNER;
133 return true;
134
135 case 'p':
136 param_act(P_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER);
137 if (!strtonum(optarg, NULL, &id, 0, INT_MAX))
138 param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg);
139 if (invert)
140 info->invert |= IPT_OWNER_PID;
141 info->match |= IPT_OWNER_PID;
142 info->pid = id;
143 *flags |= FLAG_PID_OWNER;
144 return true;
145
146 case 's':
147 param_act(P_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER);
148 if (!strtonum(optarg, NULL, &id, 0, INT_MAX))
149 param_act(P_BAD_VALUE, "owner", "--sid-value", optarg);
150 if (invert)
151 info->invert |= IPT_OWNER_SID;
152 info->match |= IPT_OWNER_SID;
153 info->sid = id;
154 *flags |= FLAG_SID_OWNER;
155 return true;
156
157#ifdef IPT_OWNER_COMM
158 case 'c':
159 param_act(P_ONLY_ONCE, "owner", "--cmd-owner", *flags & FLAG_COMM);
160 if (strlen(optarg) > sizeof(info->comm))
161 exit_error(PARAMETER_PROBLEM, "owner match: command "
162 "\"%s\" too long, max. %zu characters",
163 optarg, sizeof(info->comm));
164
165 info->comm[sizeof(info->comm)-1] = '\0';
166 strncpy(info->comm, optarg, sizeof(info->comm));
167
168 if (invert)
169 info->invert |= IPT_OWNER_COMM;
170 info->match |= IPT_OWNER_COMM;
171 *flags |= FLAG_COMM;
172 return true;
173#endif
174 }
175 return false;
176}
177
178static int
179owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags,
180 const void *entry, struct xt_entry_match **match)
181{
182 struct ip6t_owner_info *info = (void *)(*match)->data;
183 struct passwd *pwd;
184 struct group *grp;
185 unsigned int id;
186
187 switch (c) {
188 case 'u':
189 param_act(P_ONLY_ONCE, "owner", "--uid-owner",
190 *flags & FLAG_UID_OWNER);
191 if ((pwd = getpwnam(optarg)) != NULL)
192 id = pwd->pw_uid;
193 else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0))
194 param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg);
195 if (invert)
196 info->invert |= IP6T_OWNER_UID;
197 info->match |= IP6T_OWNER_UID;
198 info->uid = id;
199 *flags |= FLAG_UID_OWNER;
200 return true;
201
202 case 'g':
203 param_act(P_ONLY_ONCE, "owner", "--gid-owner",
204 *flags & FLAG_GID_OWNER);
205 if ((grp = getgrnam(optarg)) != NULL)
206 id = grp->gr_gid;
207 else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0))
208 param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg);
209 if (invert)
210 info->invert |= IP6T_OWNER_GID;
211 info->match |= IP6T_OWNER_GID;
212 info->gid = id;
213 *flags |= FLAG_GID_OWNER;
214 return true;
215
216 case 'p':
217 param_act(P_ONLY_ONCE, "owner", "--pid-owner",
218 *flags & FLAG_PID_OWNER);
219 if (!strtonum(optarg, NULL, &id, 0, INT_MAX))
220 param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg);
221 if (invert)
222 info->invert |= IP6T_OWNER_PID;
223 info->match |= IP6T_OWNER_PID;
224 info->pid = id;
225 *flags |= FLAG_PID_OWNER;
226 return true;
227
228 case 's':
229 param_act(P_ONLY_ONCE, "owner", "--sid-owner",
230 *flags & FLAG_SID_OWNER);
231 if (!strtonum(optarg, NULL, &id, 0, INT_MAX))
232 param_act(P_BAD_VALUE, "owner", "--sid-owner", optarg);
233 if (invert)
234 info->invert |= IP6T_OWNER_SID;
235 info->match |= IP6T_OWNER_SID;
236 info->sid = id;
237 *flags |= FLAG_SID_OWNER;
238 return true;
239 }
240 return false;
241}
242
Jan Engelhardtca1da702008-01-29 13:38:05 +0000[diff] [blame]243static void owner_parse_range(const char *s, unsigned int *from,
244 unsigned int *to, const char *opt)
245{
246 char *end;
247
248 /* 4294967295 is reserved, so subtract one from ~0 */
249 if (!strtonum(s, &end, from, 0, (~(uid_t)0) - 1))
250 param_act(P_BAD_VALUE, "owner", opt, s);
251 *to = *from;
252 if (*end == '-' || *end == ':')
253 if (!strtonum(end + 1, &end, to, 0, (~(uid_t)0) - 1))
254 param_act(P_BAD_VALUE, "owner", opt, s);
255 if (*end != '\0')
256 param_act(P_BAD_VALUE, "owner", opt, s);
257}
258
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]259static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags,
260 const void *entry, struct xt_entry_match **match)
261{
262 struct xt_owner_match_info *info = (void *)(*match)->data;
263 struct passwd *pwd;
264 struct group *grp;
Jan Engelhardtca1da702008-01-29 13:38:05 +0000[diff] [blame]265 unsigned int from, to;
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]266
267 switch (c) {
268 case 'u':
269 param_act(P_ONLY_ONCE, "owner", "--uid-owner",
270 *flags & FLAG_UID_OWNER);
271 if ((pwd = getpwnam(optarg)) != NULL)
Jan Engelhardtca1da702008-01-29 13:38:05 +0000[diff] [blame]272 from = to = pwd->pw_uid;
273 else
274 owner_parse_range(optarg, &from, &to, "--uid-owner");
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]275 if (invert)
276 info->invert |= XT_OWNER_UID;
Jan Engelhardtca1da702008-01-29 13:38:05 +0000[diff] [blame]277 info->match |= XT_OWNER_UID;
278 info->uid_min = from;
279 info->uid_max = to;
280 *flags |= FLAG_UID_OWNER;
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]281 return true;
282
283 case 'g':
284 param_act(P_ONLY_ONCE, "owner", "--gid-owner",
285 *flags & FLAG_GID_OWNER);
286 if ((grp = getgrnam(optarg)) != NULL)
Jan Engelhardtca1da702008-01-29 13:38:05 +0000[diff] [blame]287 from = to = grp->gr_gid;
288 else
289 owner_parse_range(optarg, &from, &to, "--gid-owner");
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]290 if (invert)
291 info->invert |= XT_OWNER_GID;
Jan Engelhardtca1da702008-01-29 13:38:05 +0000[diff] [blame]292 info->match |= XT_OWNER_GID;
293 info->gid_min = from;
294 info->gid_max = to;
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]295 *flags |= FLAG_GID_OWNER;
296 return true;
297
298 case 'k':
299 param_act(P_ONLY_ONCE, "owner", "--socket-exists",
300 *flags & FLAG_SOCKET_EXISTS);
301 if (invert)
302 info->invert |= XT_OWNER_SOCKET;
303 info->match |= XT_OWNER_SOCKET;
304 *flags |= FLAG_SOCKET_EXISTS;
305 return true;
306
307 }
308 return false;
309}
310
311static void owner_mt_check(unsigned int flags)
312{
313 if (flags == 0)
314 exit_error(PARAMETER_PROBLEM, "owner: At least one of "
315 "--uid-owner, --gid-owner or --socket-exists "
316 "is required");
317}
318
319static void
320owner_mt_print_item_v0(const struct ipt_owner_info *info, const char *label,
321 u_int8_t flag, bool numeric)
322{
323 if (!(info->match & flag))
324 return;
325 if (info->invert & flag)
326 printf("! ");
Daniel Drakecfb9cf02009-01-19 15:36:41 +0100[diff] [blame]327 printf("%s ", label);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]328
329 switch (info->match & flag) {
330 case IPT_OWNER_UID:
331 if (!numeric) {
332 struct passwd *pwd = getpwuid(info->uid);
333
334 if (pwd != NULL && pwd->pw_name != NULL) {
335 printf("%s ", pwd->pw_name);
336 break;
337 }
338 }
339 printf("%u ", (unsigned int)info->uid);
340 break;
341
342 case IPT_OWNER_GID:
343 if (!numeric) {
344 struct group *grp = getgrgid(info->gid);
345
346 if (grp != NULL && grp->gr_name != NULL) {
347 printf("%s ", grp->gr_name);
348 break;
349 }
350 }
351 printf("%u ", (unsigned int)info->gid);
352 break;
353
354 case IPT_OWNER_PID:
355 printf("%u ", (unsigned int)info->pid);
356 break;
357
358 case IPT_OWNER_SID:
359 printf("%u ", (unsigned int)info->sid);
360 break;
361
362#ifdef IPT_OWNER_COMM
363 case IPT_OWNER_COMM:
364 printf("%.*s ", (int)sizeof(info->comm), info->comm);
365 break;
366#endif
367 }
368}
369
370static void
371owner_mt6_print_item_v0(const struct ip6t_owner_info *info, const char *label,
372 u_int8_t flag, bool numeric)
373{
374 if (!(info->match & flag))
375 return;
376 if (info->invert & flag)
377 printf("! ");
Daniel Drakecfb9cf02009-01-19 15:36:41 +0100[diff] [blame]378 printf("%s ", label);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]379
380 switch (info->match & flag) {
381 case IP6T_OWNER_UID:
382 if (!numeric) {
383 struct passwd *pwd = getpwuid(info->uid);
384
385 if (pwd != NULL && pwd->pw_name != NULL) {
386 printf("%s ", pwd->pw_name);
387 break;
388 }
389 }
390 printf("%u ", (unsigned int)info->uid);
391 break;
392
393 case IP6T_OWNER_GID:
394 if (!numeric) {
395 struct group *grp = getgrgid(info->gid);
396
397 if (grp != NULL && grp->gr_name != NULL) {
398 printf("%s ", grp->gr_name);
399 break;
400 }
401 }
402 printf("%u ", (unsigned int)info->gid);
403 break;
404
405 case IP6T_OWNER_PID:
406 printf("%u ", (unsigned int)info->pid);
407 break;
408
409 case IP6T_OWNER_SID:
410 printf("%u ", (unsigned int)info->sid);
411 break;
412 }
413}
414
415static void
416owner_mt_print_item(const struct xt_owner_match_info *info, const char *label,
417 u_int8_t flag, bool numeric)
418{
419 if (!(info->match & flag))
420 return;
421 if (info->invert & flag)
422 printf("! ");
Jan Engelhardtbb9284d2008-06-06 14:20:05 +0200[diff] [blame]423 printf("%s ", label);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]424
425 switch (info->match & flag) {
426 case XT_OWNER_UID:
Jan Engelhardtca1da702008-01-29 13:38:05 +0000[diff] [blame]427 if (info->uid_min != info->uid_max) {
428 printf("%u-%u ", (unsigned int)info->uid_min,
429 (unsigned int)info->uid_max);
430 break;
431 } else if (!numeric) {
432 const struct passwd *pwd = getpwuid(info->uid_min);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]433
434 if (pwd != NULL && pwd->pw_name != NULL) {
435 printf("%s ", pwd->pw_name);
436 break;
437 }
438 }
Jan Engelhardtca1da702008-01-29 13:38:05 +0000[diff] [blame]439 printf("%u ", (unsigned int)info->uid_min);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]440 break;
441
442 case XT_OWNER_GID:
Jan Engelhardtca1da702008-01-29 13:38:05 +0000[diff] [blame]443 if (info->gid_min != info->gid_max) {
444 printf("%u-%u ", (unsigned int)info->gid_min,
445 (unsigned int)info->gid_max);
446 break;
447 } else if (!numeric) {
448 const struct group *grp = getgrgid(info->gid_min);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]449
450 if (grp != NULL && grp->gr_name != NULL) {
451 printf("%s ", grp->gr_name);
452 break;
453 }
454 }
Jan Engelhardtca1da702008-01-29 13:38:05 +0000[diff] [blame]455 printf("%u ", (unsigned int)info->gid_min);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]456 break;
457 }
458}
459
460static void
461owner_mt_print_v0(const void *ip, const struct xt_entry_match *match,
462 int numeric)
463{
464 const struct ipt_owner_info *info = (void *)match->data;
465
Jan Engelhardtbb9284d2008-06-06 14:20:05 +0200[diff] [blame]466 owner_mt_print_item_v0(info, "owner UID match", IPT_OWNER_UID, numeric);
467 owner_mt_print_item_v0(info, "owner GID match", IPT_OWNER_GID, numeric);
468 owner_mt_print_item_v0(info, "owner PID match", IPT_OWNER_PID, numeric);
469 owner_mt_print_item_v0(info, "owner SID match", IPT_OWNER_SID, numeric);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]470#ifdef IPT_OWNER_COMM
Jan Engelhardtbb9284d2008-06-06 14:20:05 +0200[diff] [blame]471 owner_mt_print_item_v0(info, "owner CMD match", IPT_OWNER_COMM, numeric);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]472#endif
473}
474
475static void
476owner_mt6_print_v0(const void *ip, const struct xt_entry_match *match,
477 int numeric)
478{
479 const struct ip6t_owner_info *info = (void *)match->data;
480
Jan Engelhardtbb9284d2008-06-06 14:20:05 +0200[diff] [blame]481 owner_mt6_print_item_v0(info, "owner UID match", IPT_OWNER_UID, numeric);
482 owner_mt6_print_item_v0(info, "owner GID match", IPT_OWNER_GID, numeric);
483 owner_mt6_print_item_v0(info, "owner PID match", IPT_OWNER_PID, numeric);
484 owner_mt6_print_item_v0(info, "owner SID match", IPT_OWNER_SID, numeric);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]485}
486
487static void owner_mt_print(const void *ip, const struct xt_entry_match *match,
488 int numeric)
489{
490 const struct xt_owner_match_info *info = (void *)match->data;
491
Jan Engelhardtbb9284d2008-06-06 14:20:05 +0200[diff] [blame]492 owner_mt_print_item(info, "owner socket exists", XT_OWNER_SOCKET, numeric);
493 owner_mt_print_item(info, "owner UID match", XT_OWNER_UID, numeric);
494 owner_mt_print_item(info, "owner GID match", XT_OWNER_GID, numeric);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]495}
496
497static void
498owner_mt_save_v0(const void *ip, const struct xt_entry_match *match)
499{
500 const struct ipt_owner_info *info = (void *)match->data;
501
Jan Engelhardtbb9284d2008-06-06 14:20:05 +0200[diff] [blame]502 owner_mt_print_item_v0(info, "--uid-owner", IPT_OWNER_UID, true);
503 owner_mt_print_item_v0(info, "--gid-owner", IPT_OWNER_GID, true);
504 owner_mt_print_item_v0(info, "--pid-owner", IPT_OWNER_PID, true);
505 owner_mt_print_item_v0(info, "--sid-owner", IPT_OWNER_SID, true);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]506#ifdef IPT_OWNER_COMM
Jan Engelhardtbb9284d2008-06-06 14:20:05 +0200[diff] [blame]507 owner_mt_print_item_v0(info, "--cmd-owner", IPT_OWNER_COMM, true);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]508#endif
509}
510
511static void
512owner_mt6_save_v0(const void *ip, const struct xt_entry_match *match)
513{
514 const struct ip6t_owner_info *info = (void *)match->data;
515
Jan Engelhardtbb9284d2008-06-06 14:20:05 +0200[diff] [blame]516 owner_mt6_print_item_v0(info, "--uid-owner", IPT_OWNER_UID, true);
517 owner_mt6_print_item_v0(info, "--gid-owner", IPT_OWNER_GID, true);
518 owner_mt6_print_item_v0(info, "--pid-owner", IPT_OWNER_PID, true);
519 owner_mt6_print_item_v0(info, "--sid-owner", IPT_OWNER_SID, true);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]520}
521
522static void owner_mt_save(const void *ip, const struct xt_entry_match *match)
523{
524 const struct xt_owner_match_info *info = (void *)match->data;
525
Jan Engelhardtbb9284d2008-06-06 14:20:05 +0200[diff] [blame]526 owner_mt_print_item(info, "--socket-exists", XT_OWNER_SOCKET, false);
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]527 owner_mt_print_item(info, "--uid-owner", XT_OWNER_UID, false);
528 owner_mt_print_item(info, "--gid-owner", XT_OWNER_GID, false);
529}
530
531static struct xtables_match owner_mt_reg_v0 = {
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]532 .version = XTABLES_VERSION,
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]533 .name = "owner",
534 .revision = 0,
Jan Engelhardt03d99482008-11-18 12:27:54 +0100[diff] [blame]535 .family = NFPROTO_IPV4,
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]536 .size = XT_ALIGN(sizeof(struct ipt_owner_info)),
537 .userspacesize = XT_ALIGN(sizeof(struct ipt_owner_info)),
538 .help = owner_mt_help_v0,
539 .parse = owner_mt_parse_v0,
540 .final_check = owner_mt_check,
541 .print = owner_mt_print_v0,
542 .save = owner_mt_save_v0,
543 .extra_opts = owner_mt_opts_v0,
544};
545
546static struct xtables_match owner_mt6_reg_v0 = {
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]547 .version = XTABLES_VERSION,
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]548 .name = "owner",
549 .revision = 0,
Jan Engelhardt03d99482008-11-18 12:27:54 +0100[diff] [blame]550 .family = NFPROTO_IPV6,
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]551 .size = XT_ALIGN(sizeof(struct ip6t_owner_info)),
552 .userspacesize = XT_ALIGN(sizeof(struct ip6t_owner_info)),
553 .help = owner_mt6_help_v0,
554 .parse = owner_mt6_parse_v0,
555 .final_check = owner_mt_check,
556 .print = owner_mt6_print_v0,
557 .save = owner_mt6_save_v0,
558 .extra_opts = owner_mt6_opts_v0,
559};
560
561static struct xtables_match owner_mt_reg = {
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]562 .version = XTABLES_VERSION,
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]563 .name = "owner",
564 .revision = 1,
Jan Engelhardt03d99482008-11-18 12:27:54 +0100[diff] [blame]565 .family = NFPROTO_IPV4,
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]566 .size = XT_ALIGN(sizeof(struct xt_owner_match_info)),
567 .userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)),
568 .help = owner_mt_help,
569 .parse = owner_mt_parse,
570 .final_check = owner_mt_check,
571 .print = owner_mt_print,
572 .save = owner_mt_save,
573 .extra_opts = owner_mt_opts,
574};
575
576static struct xtables_match owner_mt6_reg = {
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]577 .version = XTABLES_VERSION,
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]578 .name = "owner",
579 .revision = 1,
Jan Engelhardt03d99482008-11-18 12:27:54 +0100[diff] [blame]580 .family = NFPROTO_IPV6,
Jan Engelhardt5c5cd882008-01-20 13:21:38 +0000[diff] [blame]581 .size = XT_ALIGN(sizeof(struct xt_owner_match_info)),
582 .userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)),
583 .help = owner_mt_help,
584 .parse = owner_mt_parse,
585 .final_check = owner_mt_check,
586 .print = owner_mt_print,
587 .save = owner_mt_save,
588 .extra_opts = owner_mt_opts,
589};
590
591void _init(void)
592{
593 xtables_register_match(&owner_mt_reg_v0);
594 xtables_register_match(&owner_mt6_reg_v0);
595 xtables_register_match(&owner_mt_reg);
596 xtables_register_match(&owner_mt6_reg);
597}