URL https://opencores.org/ocsvn/or1k_soc_on_altera_embedded_dev_kit/or1k_soc_on_altera_embedded_dev_kit/trunk

Subversion Repositories or1k_soc_on_altera_embedded_dev_kit

[/] [or1k_soc_on_altera_embedded_dev_kit/] [trunk/] [linux-2.6/] [linux-2.6.24/] [net/] [ipv6/] [netfilter/] [ip6t_owner.c] - Blame information for rev 17

Go to most recent revision | Details | Compare with Previous | View Log


/* Kernel module to match various things tied to sockets associated with
   locally generated outgoing packets. */
 
/* (C) 2000-2001 Marc Boucher <marc@mbsi.ca>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
 
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/file.h>
#include <linux/rcupdate.h>
#include <net/sock.h>
 
#include <linux/netfilter_ipv6/ip6t_owner.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <linux/netfilter/x_tables.h>
 
MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
MODULE_DESCRIPTION("IP6 tables owner matching module");
MODULE_LICENSE("GPL");
 
 
static bool
match(const struct sk_buff *skb,
      const struct net_device *in,
      const struct net_device *out,
      const struct xt_match *match,
      const void *matchinfo,
      int offset,
      unsigned int protoff,
      bool *hotdrop)
{
        const struct ip6t_owner_info *info = matchinfo;
 
        if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
                return false;
 
        if (info->match & IP6T_OWNER_UID)
                if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
                    !!(info->invert & IP6T_OWNER_UID))
                        return false;
 
        if (info->match & IP6T_OWNER_GID)
                if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
                    !!(info->invert & IP6T_OWNER_GID))
                        return false;
 
        return true;
}
 
static bool
checkentry(const char *tablename,
           const void *ip,
           const struct xt_match *match,
           void *matchinfo,
           unsigned int hook_mask)
{
        const struct ip6t_owner_info *info = matchinfo;
 
        if (info->match & (IP6T_OWNER_PID | IP6T_OWNER_SID)) {
                printk("ipt_owner: pid and sid matching "
                       "not supported anymore\n");
                return false;
        }
        return true;
}
 
static struct xt_match owner_match __read_mostly = {
        .name           = "owner",
        .family         = AF_INET6,
        .match          = match,
        .matchsize      = sizeof(struct ip6t_owner_info),
        .hooks          = (1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING),
        .checkentry     = checkentry,
        .me             = THIS_MODULE,
};
 
static int __init ip6t_owner_init(void)
{
        return xt_register_match(&owner_match);
}
 
static void __exit ip6t_owner_fini(void)
{
        xt_unregister_match(&owner_match);
}
 
module_init(ip6t_owner_init);
module_exit(ip6t_owner_fini);

Line No.	Rev	Author	Line
1	3	xianfeng	`/* Kernel module to match various things tied to sockets associated with`
2			`locally generated outgoing packets. */`
3
4			`/* (C) 2000-2001 Marc Boucher <marc@mbsi.ca>`
5			`*`
6			`* This program is free software; you can redistribute it and/or modify`
7			`* it under the terms of the GNU General Public License version 2 as`
8			`* published by the Free Software Foundation.`
9			`*/`
10
11			`#include <linux/module.h>`
12			`#include <linux/skbuff.h>`
13			`#include <linux/file.h>`
14			`#include <linux/rcupdate.h>`
15			`#include <net/sock.h>`
16
17			`#include <linux/netfilter_ipv6/ip6t_owner.h>`
18			`#include <linux/netfilter_ipv6/ip6_tables.h>`
19			`#include <linux/netfilter/x_tables.h>`
20
21			`MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");`
22			`MODULE_DESCRIPTION("IP6 tables owner matching module");`
23			`MODULE_LICENSE("GPL");`
24
25
26			`static bool`
27			`match(const struct sk_buff *skb,`
28			`const struct net_device *in,`
29			`const struct net_device *out,`
30			`const struct xt_match *match,`
31			`const void *matchinfo,`
32			`int offset,`
33			`unsigned int protoff,`
34			`bool *hotdrop)`
35			`{`
36			`const struct ip6t_owner_info *info = matchinfo;`
37
38			`if (!skb->sk \|\| !skb->sk->sk_socket \|\| !skb->sk->sk_socket->file)`
39			`return false;`
40
41			`if (info->match & IP6T_OWNER_UID)`
42			`if ((skb->sk->sk_socket->file->f_uid != info->uid) ^`
43			`!!(info->invert & IP6T_OWNER_UID))`
44			`return false;`
45
46			`if (info->match & IP6T_OWNER_GID)`
47			`if ((skb->sk->sk_socket->file->f_gid != info->gid) ^`
48			`!!(info->invert & IP6T_OWNER_GID))`
49			`return false;`
50
51			`return true;`
52			`}`
53
54			`static bool`
55			`checkentry(const char *tablename,`
56			`const void *ip,`
57			`const struct xt_match *match,`
58			`void *matchinfo,`
59			`unsigned int hook_mask)`
60			`{`
61			`const struct ip6t_owner_info *info = matchinfo;`
62
63			`if (info->match & (IP6T_OWNER_PID \| IP6T_OWNER_SID)) {`
64			`printk("ipt_owner: pid and sid matching "`
65			`"not supported anymore\n");`
66			`return false;`
67			`}`
68			`return true;`
69			`}`
70
71			`static struct xt_match owner_match __read_mostly = {`
72			`.name = "owner",`
73			`.family = AF_INET6,`
74			`.match = match,`
75			`.matchsize = sizeof(struct ip6t_owner_info),`
76			`.hooks = (1 << NF_IP6_LOCAL_OUT) \| (1 << NF_IP6_POST_ROUTING),`
77			`.checkentry = checkentry,`
78			`.me = THIS_MODULE,`
79			`};`
80
81			`static int __init ip6t_owner_init(void)`
82			`{`
83			`return xt_register_match(&owner_match);`
84			`}`
85
86			`static void __exit ip6t_owner_fini(void)`
87			`{`
88			`xt_unregister_match(&owner_match);`
89			`}`
90
91			`module_init(ip6t_owner_init);`
92			`module_exit(ip6t_owner_fini);`

Browse

Tools

Subversion Repositories or1k_soc_on_altera_embedded_dev_kit

[/] [or1k_soc_on_altera_embedded_dev_kit/] [trunk/] [linux-2.6/] [linux-2.6.24/] [net/] [ipv6/] [netfilter/] [ip6t_owner.c] - Blame information for rev 17