صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
weimzh
/
amlogic-aml8726-mx-kernel
دنبال کردن 1
ستاره دار 0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: 16855b5ec0
شاخه‌ها تگ‌ها
amlogic-aml8...
/
net
/
netfilter
/
xt_owner.c

xt_owner.c 2.2 KB
تاريخچه خام

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. /*
    2. 

  2.  * Kernel module to match various things tied to sockets associated with
    3. 

  3.  * locally generated outgoing packets.
    4. 

  4.  *
    5. 

  5.  * (C) 2000 Marc Boucher <marc@mbsi.ca>
    6. 

  6.  *
    7. 

  7.  * Copyright © CC Computer Consultants GmbH, 2007 - 2008
    8. 

  8.  *
    9. 

  9.  * This program is free software; you can redistribute it and/or modify
    10. 

  10.  * it under the terms of the GNU General Public License version 2 as
    11. 

  11.  * published by the Free Software Foundation.
    12. 

  12.  */
    13. 

  13. #include <linux/module.h>
    14. 

  14. #include <linux/skbuff.h>
    15. 

  15. #include <linux/file.h>
    16. 

  16. #include <net/sock.h>
    17. 

  17. #include <linux/netfilter/x_tables.h>
    18. 

  18. #include <linux/netfilter/xt_owner.h>
    19. 

  19. 

  20. static bool
    21. 

  21. owner_mt(const struct sk_buff *skb, struct xt_action_param *par)
    22. 

  22. {
    23. 

  23. 	const struct xt_owner_match_info *info = par->matchinfo;
    24. 

  24. 	const struct file *filp;
    25. 

  25. 

  26. 	if (skb->sk == NULL || skb->sk->sk_socket == NULL)
    27. 

  27. 		return (info->match ^ info->invert) == 0;
    28. 

  28. 	else if (info->match & info->invert & XT_OWNER_SOCKET)
    29. 

  29. 		/*
    30. 

  30. 		 * Socket exists but user wanted ! --socket-exists.
    31. 

  31. 		 * (Single ampersands intended.)
    32. 

  32. 		 */
    33. 

  33. 		return false;
    34. 

  34. 

  35. 	filp = skb->sk->sk_socket->file;
    36. 

  36. 	if (filp == NULL)
    37. 

  37. 		return ((info->match ^ info->invert) &
    38. 

  38. 		       (XT_OWNER_UID | XT_OWNER_GID)) == 0;
    39. 

  39. 

  40. 	if (info->match & XT_OWNER_UID)
    41. 

  41. 		if ((filp->f_cred->fsuid >= info->uid_min &&
    42. 

  42. 		    filp->f_cred->fsuid <= info->uid_max) ^
    43. 

  43. 		    !(info->invert & XT_OWNER_UID))
    44. 

  44. 			return false;
    45. 

  45. 

  46. 	if (info->match & XT_OWNER_GID)
    47. 

  47. 		if ((filp->f_cred->fsgid >= info->gid_min &&
    48. 

  48. 		    filp->f_cred->fsgid <= info->gid_max) ^
    49. 

  49. 		    !(info->invert & XT_OWNER_GID))
    50. 

  50. 			return false;
    51. 

  51. 

  52. 	return true;
    53. 

  53. }
    54. 

  54. 

  55. static struct xt_match owner_mt_reg __read_mostly = {
    56. 

  56. 	.name       = "owner",
    57. 

  57. 	.revision   = 1,
    58. 

  58. 	.family     = NFPROTO_UNSPEC,
    59. 

  59. 	.match      = owner_mt,
    60. 

  60. 	.matchsize  = sizeof(struct xt_owner_match_info),
    61. 

  61. 	.hooks      = (1 << NF_INET_LOCAL_OUT) |
    62. 

  62. 	              (1 << NF_INET_POST_ROUTING),
    63. 

  63. 	.me         = THIS_MODULE,
    64. 

  64. };
    65. 

  65. 

  66. static int __init owner_mt_init(void)
    67. 

  67. {
    68. 

  68. 	return xt_register_match(&owner_mt_reg);
    69. 

  69. }
    70. 

  70. 

  71. static void __exit owner_mt_exit(void)
    72. 

  72. {
    73. 

  73. 	xt_unregister_match(&owner_mt_reg);
    74. 

  74. }
    75. 

  75. 

  76. module_init(owner_mt_init);
    77. 

  77. module_exit(owner_mt_exit);
    78. 

  78. MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
    79. 

  79. MODULE_DESCRIPTION("Xtables: socket owner matching");
    80. 

  80. MODULE_LICENSE("GPL");
    81. 

  81. MODULE_ALIAS("ipt_owner");
    82. 

  82. MODULE_ALIAS("ip6t_owner");
    83. 

  83.