patch-2.4.20 linux-2.4.20/net/ipv4/netfilter/ipt_owner.c
Next file: linux-2.4.20/net/ipv4/netfilter/ipt_pkttype.c
Previous file: linux-2.4.20/net/ipv4/netfilter/ipt_helper.c
Back to the patch index
Back to the overall index
- Lines: 52
- Date:
Thu Nov 28 15:53:15 2002
- Orig file:
linux-2.4.19/net/ipv4/netfilter/ipt_owner.c
- Orig date:
Sun Sep 30 12:26:08 2001
diff -urN linux-2.4.19/net/ipv4/netfilter/ipt_owner.c linux-2.4.20/net/ipv4/netfilter/ipt_owner.c
@@ -12,6 +12,38 @@
#include <linux/netfilter_ipv4/ip_tables.h>
static int
+match_comm(const struct sk_buff *skb, const char *comm)
+{
+ struct task_struct *p;
+ struct files_struct *files;
+ int i;
+
+ read_lock(&tasklist_lock);
+ for_each_task(p) {
+ if(strncmp(p->comm, comm, sizeof(p->comm)))
+ continue;
+
+ task_lock(p);
+ files = p->files;
+ if(files) {
+ read_lock(&files->file_lock);
+ for (i=0; i < files->max_fds; i++) {
+ if (fcheck_files(files, i) == skb->sk->socket->file) {
+ read_unlock(&files->file_lock);
+ task_unlock(p);
+ read_unlock(&tasklist_lock);
+ return 1;
+ }
+ }
+ read_unlock(&files->file_lock);
+ }
+ task_unlock(p);
+ }
+ read_unlock(&tasklist_lock);
+ return 0;
+}
+
+static int
match_pid(const struct sk_buff *skb, pid_t pid)
{
struct task_struct *p;
@@ -115,6 +147,12 @@
return 0;
}
+ if(info->match & IPT_OWNER_COMM) {
+ if (!match_comm(skb, info->comm) ^
+ !!(info->invert & IPT_OWNER_COMM))
+ return 0;
+ }
+
return 1;
}
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)