netfilter: xtables: remove xt_owner v0

Superseded by xt_owner v1 (v2.6.24-2388-g0265ab4). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2009-06-12 13:46:26 -0400
committer: Jan Engelhardt <jengelh@medozas.de> 2009-08-10 07:32:30 -0400
commit: 6461caed83412ae3e9a16785ffa64396fb66c6a6 (patch)
tree: 534e030c101b9264090d3e49196931ab1974fe69 /net
parent: 4725c7287ef2c4340cb433f59e40d143c1f43c22 (diff)
1 files changed, 12 insertions, 118 deletions
diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c
index 22b2a5e881ea..d24c76dffee2 100644
--- a/net/netfilter/xt_owner.c
+++ b/net/netfilter/xt_owner.c
@@ -5,7 +5,6 @@
 * (C) 2000 Marc Boucher <marc@mbsi.ca>
 *
 * Copyright © CC Computer Consultants GmbH, 2007 - 2008
- * <jengelh@computergmbh.de>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
@@ -17,60 +16,6 @@
 #include <net/sock.h>
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_owner.h>
-#include <linux/netfilter_ipv4/ipt_owner.h>
-#include <linux/netfilter_ipv6/ip6t_owner.h>
-static bool
-owner_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
-{
-        const struct ipt_owner_info *info = par->matchinfo;
-        const struct file *filp;
-        if (skb->sk == NULL || skb->sk->sk_socket == NULL)
-                return false;
-        filp = skb->sk->sk_socket->file;
-        if (filp == NULL)
-                return false;
-        if (info->match & IPT_OWNER_UID)
-                if ((filp->f_cred->fsuid != info->uid) ^
-                    !!(info->invert & IPT_OWNER_UID))
-                        return false;
-        if (info->match & IPT_OWNER_GID)
-                if ((filp->f_cred->fsgid != info->gid) ^
-                    !!(info->invert & IPT_OWNER_GID))
-                        return false;
-        return true;
-}
-static bool
-owner_mt6_v0(const struct sk_buff *skb, const struct xt_match_param *par)
-{
-        const struct ip6t_owner_info *info = par->matchinfo;
-        const struct file *filp;
-        if (skb->sk == NULL || skb->sk->sk_socket == NULL)
-                return false;
-        filp = skb->sk->sk_socket->file;
-        if (filp == NULL)
-                return false;
-        if (info->match & IP6T_OWNER_UID)
-                if ((filp->f_cred->fsuid != info->uid) ^
-                    !!(info->invert & IP6T_OWNER_UID))
-                        return false;
-        if (info->match & IP6T_OWNER_GID)
-                if ((filp->f_cred->fsgid != info->gid) ^
-                    !!(info->invert & IP6T_OWNER_GID))
-                        return false;
-        return true;
-}
 static bool
 owner_mt(const struct sk_buff *skb, const struct xt_match_param *par)
@@ -107,81 +52,30 @@ owner_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        return true;
 }
-static bool owner_mt_check_v0(const struct xt_mtchk_param *par)
+static struct xt_match owner_mt_reg __read_mostly = {
-{
+        .name       = "owner",
-        const struct ipt_owner_info *info = par->matchinfo;
+        .revision   = 1,
+        .family     = NFPROTO_UNSPEC,
-        if (info->match & (IPT_OWNER_PID | IPT_OWNER_SID | IPT_OWNER_COMM)) {
+        .match      = owner_mt,
-                printk(KERN_WARNING KBUILD_MODNAME
+        .matchsize  = sizeof(struct xt_owner_match_info),
-                       ": PID, SID and command matching is not "
+        .hooks      = (1 << NF_INET_LOCAL_OUT) |
-                       "supported anymore\n");
+                      (1 << NF_INET_POST_ROUTING),
-                return false;
+        .me         = THIS_MODULE,
-        }
-        return true;
-}
-static bool owner_mt6_check_v0(const struct xt_mtchk_param *par)
-{
-        const struct ip6t_owner_info *info = par->matchinfo;
-        if (info->match & (IP6T_OWNER_PID | IP6T_OWNER_SID)) {
-                printk(KERN_WARNING KBUILD_MODNAME
-                       ": PID and SID matching is not supported anymore\n");
-                return false;
-        }
-        return true;
-}
-static struct xt_match owner_mt_reg[] __read_mostly = {
-        {
-                .name       = "owner",
-                .revision   = 0,
-                .family     = NFPROTO_IPV4,
-                .match      = owner_mt_v0,
-                .matchsize  = sizeof(struct ipt_owner_info),
-                .checkentry = owner_mt_check_v0,
-                .hooks      = (1 << NF_INET_LOCAL_OUT) |
-                              (1 << NF_INET_POST_ROUTING),
-                .me         = THIS_MODULE,
-        },
-        {
-                .name       = "owner",
-                .revision   = 0,
-                .family     = NFPROTO_IPV6,
-                .match      = owner_mt6_v0,
-                .matchsize  = sizeof(struct ip6t_owner_info),
-                .checkentry = owner_mt6_check_v0,
-                .hooks      = (1 << NF_INET_LOCAL_OUT) |
-                              (1 << NF_INET_POST_ROUTING),
-                .me         = THIS_MODULE,
-        },
-        {
-                .name       = "owner",
-                .revision   = 1,
-                .family     = NFPROTO_UNSPEC,
-                .match      = owner_mt,
-                .matchsize  = sizeof(struct xt_owner_match_info),
-                .hooks      = (1 << NF_INET_LOCAL_OUT) |
-                              (1 << NF_INET_POST_ROUTING),
-                .me         = THIS_MODULE,
-        },
 };
 static int __init owner_mt_init(void)
 {
-        return xt_register_matches(owner_mt_reg, ARRAY_SIZE(owner_mt_reg));
+        return xt_register_match(&owner_mt_reg);
 }
 static void __exit owner_mt_exit(void)
 {
-        xt_unregister_matches(owner_mt_reg, ARRAY_SIZE(owner_mt_reg));
+        xt_unregister_match(&owner_mt_reg);
 }
 module_init(owner_mt_init);
 module_exit(owner_mt_exit);
-MODULE_AUTHOR("Jan Engelhardt <jengelh@computergmbh.de>");
+MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
 MODULE_DESCRIPTION("Xtables: socket owner matching");
 MODULE_LICENSE("GPL");
 MODULE_ALIAS("ipt_owner");
author	Jan Engelhardt <jengelh@medozas.de>	2009-06-12 13:46:26 -0400
committer	Jan Engelhardt <jengelh@medozas.de>	2009-08-10 07:32:30 -0400
commit	6461caed83412ae3e9a16785ffa64396fb66c6a6 (patch)
tree	534e030c101b9264090d3e49196931ab1974fe69 /net
parent	4725c7287ef2c4340cb433f59e40d143c1f43c22 (diff)

diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c index 22b2a5e881ea..d24c76dffee2 100644 --- a/net/netfilter/xt_owner.c +++ b/net/netfilter/xt_owner.c
@@ -5,7 +5,6 @@
5	* (C) 2000 Marc Boucher <marc@mbsi.ca>	5	* (C) 2000 Marc Boucher <marc@mbsi.ca>
6	*	6	*
7	* Copyright © CC Computer Consultants GmbH, 2007 - 2008	7	* Copyright © CC Computer Consultants GmbH, 2007 - 2008
8	* <jengelh@computergmbh.de>
9	*	8	*
10	* This program is free software; you can redistribute it and/or modify	9	* This program is free software; you can redistribute it and/or modify
11	* it under the terms of the GNU General Public License version 2 as	10	* it under the terms of the GNU General Public License version 2 as
@@ -17,60 +16,6 @@
17	#include <net/sock.h>	16	#include <net/sock.h>
18	#include <linux/netfilter/x_tables.h>	17	#include <linux/netfilter/x_tables.h>
19	#include <linux/netfilter/xt_owner.h>	18	#include <linux/netfilter/xt_owner.h>
20	#include <linux/netfilter_ipv4/ipt_owner.h>
21	#include <linux/netfilter_ipv6/ip6t_owner.h>
22
23	static bool
24	owner_mt_v0(const struct sk_buff skb, const struct xt_match_param par)
25	{
26	const struct ipt_owner_info *info = par->matchinfo;
27	const struct file *filp;
28
29	if (skb->sk == NULL \|\| skb->sk->sk_socket == NULL)
30	return false;
31
32	filp = skb->sk->sk_socket->file;
33	if (filp == NULL)
34	return false;
35
36	if (info->match & IPT_OWNER_UID)
37	if ((filp->f_cred->fsuid != info->uid) ^
38	!!(info->invert & IPT_OWNER_UID))
39	return false;
40
41	if (info->match & IPT_OWNER_GID)
42	if ((filp->f_cred->fsgid != info->gid) ^
43	!!(info->invert & IPT_OWNER_GID))
44	return false;
45
46	return true;
47	}
48
49	static bool
50	owner_mt6_v0(const struct sk_buff skb, const struct xt_match_param par)
51	{
52	const struct ip6t_owner_info *info = par->matchinfo;
53	const struct file *filp;
54
55	if (skb->sk == NULL \|\| skb->sk->sk_socket == NULL)
56	return false;
57
58	filp = skb->sk->sk_socket->file;
59	if (filp == NULL)
60	return false;
61
62	if (info->match & IP6T_OWNER_UID)
63	if ((filp->f_cred->fsuid != info->uid) ^
64	!!(info->invert & IP6T_OWNER_UID))
65	return false;
66
67	if (info->match & IP6T_OWNER_GID)
68	if ((filp->f_cred->fsgid != info->gid) ^
69	!!(info->invert & IP6T_OWNER_GID))
70	return false;
71
72	return true;
73	}
74		19
75	static bool	20	static bool
76	owner_mt(const struct sk_buff skb, const struct xt_match_param par)	21	owner_mt(const struct sk_buff skb, const struct xt_match_param par)
@@ -107,81 +52,30 @@ owner_mt(const struct sk_buff skb, const struct xt_match_param par)
107	return true;	52	return true;
108	}	53	}
109		54
110	static bool owner_mt_check_v0(const struct xt_mtchk_param *par)	55	static struct xt_match owner_mt_reg __read_mostly = {
111	{	56	.name = "owner",
112	const struct ipt_owner_info *info = par->matchinfo;	57	.revision = 1,
113		58	.family = NFPROTO_UNSPEC,
114	if (info->match & (IPT_OWNER_PID \| IPT_OWNER_SID \| IPT_OWNER_COMM)) {	59	.match = owner_mt,
115	printk(KERN_WARNING KBUILD_MODNAME	60	.matchsize = sizeof(struct xt_owner_match_info),
116	": PID, SID and command matching is not "	61	.hooks = (1 << NF_INET_LOCAL_OUT) \|
117	"supported anymore\n");	62	(1 << NF_INET_POST_ROUTING),
118	return false;	63	.me = THIS_MODULE,
119	}
120
121	return true;
122	}
123
124	static bool owner_mt6_check_v0(const struct xt_mtchk_param *par)
125	{
126	const struct ip6t_owner_info *info = par->matchinfo;
127
128	if (info->match & (IP6T_OWNER_PID \| IP6T_OWNER_SID)) {
129	printk(KERN_WARNING KBUILD_MODNAME
130	": PID and SID matching is not supported anymore\n");
131	return false;
132	}
133
134	return true;
135	}
136
137	static struct xt_match owner_mt_reg[] __read_mostly = {
138	{
139	.name = "owner",
140	.revision = 0,
141	.family = NFPROTO_IPV4,
142	.match = owner_mt_v0,
143	.matchsize = sizeof(struct ipt_owner_info),
144	.checkentry = owner_mt_check_v0,
145	.hooks = (1 << NF_INET_LOCAL_OUT) \|
146	(1 << NF_INET_POST_ROUTING),
147	.me = THIS_MODULE,
148	},
149	{
150	.name = "owner",
151	.revision = 0,
152	.family = NFPROTO_IPV6,
153	.match = owner_mt6_v0,
154	.matchsize = sizeof(struct ip6t_owner_info),
155	.checkentry = owner_mt6_check_v0,
156	.hooks = (1 << NF_INET_LOCAL_OUT) \|
157	(1 << NF_INET_POST_ROUTING),
158	.me = THIS_MODULE,
159	},
160	{
161	.name = "owner",
162	.revision = 1,
163	.family = NFPROTO_UNSPEC,
164	.match = owner_mt,
165	.matchsize = sizeof(struct xt_owner_match_info),
166	.hooks = (1 << NF_INET_LOCAL_OUT) \|
167	(1 << NF_INET_POST_ROUTING),
168	.me = THIS_MODULE,
169	},
170	};	64	};
171		65
172	static int __init owner_mt_init(void)	66	static int __init owner_mt_init(void)
173	{	67	{
174	return xt_register_matches(owner_mt_reg, ARRAY_SIZE(owner_mt_reg));	68	return xt_register_match(&owner_mt_reg);
175	}	69	}
176		70
177	static void __exit owner_mt_exit(void)	71	static void __exit owner_mt_exit(void)
178	{	72	{
179	xt_unregister_matches(owner_mt_reg, ARRAY_SIZE(owner_mt_reg));	73	xt_unregister_match(&owner_mt_reg);
180	}	74	}
181		75
182	module_init(owner_mt_init);	76	module_init(owner_mt_init);
183	module_exit(owner_mt_exit);	77	module_exit(owner_mt_exit);
184	MODULE_AUTHOR("Jan Engelhardt <jengelh@computergmbh.de>");	78	MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
185	MODULE_DESCRIPTION("Xtables: socket owner matching");	79	MODULE_DESCRIPTION("Xtables: socket owner matching");
186	MODULE_LICENSE("GPL");	80	MODULE_LICENSE("GPL");
187	MODULE_ALIAS("ipt_owner");	81	MODULE_ALIAS("ipt_owner");