Untitled

#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/file.h>
#include <linux/pid.h>
#include <net/sock.h>
#include <linux/netfilter/x_tables.h>
#include "xt_stupidpid.h"

static bool
stupidpid_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
    const struct xt_stupidpid_match_info *info = par->matchinfo;
    const struct file *filp;

    if (skb->sk == NULL || skb->sk->sk_socket == NULL)
        return (info->match ^ info->invert) == 0;

    filp = skb->sk->sk_socket->file;
    if (filp == NULL)
        return ((info->match ^ info->invert) &
               (XT_STUPIDPID_PID)) == 0;

    if (info->match & XT_STUPIDPID_PID)
        if ((pid_nr(filp->f_owner.pid) == (pid_t) info->pid )^
            !(info->invert & XT_STUPIDPID_PID)
            )
            return false;

    return true;
}

static struct xt_match stupidpid_mt_reg __read_mostly = {
    .name       = "stupidpid",
    .revision   = 1,
    .family     = NFPROTO_UNSPEC,
    .match      = stupidpid_mt,
    .matchsize  = sizeof(struct xt_stupidpid_match_info),
    .hooks      = (1 << NF_INET_LOCAL_OUT) |
                  (1 << NF_INET_POST_ROUTING),
    .me         = THIS_MODULE,
};

static int __init stupidpid_mt_init(void)
{
    return xt_register_match(&stupidpid_mt_reg);
}

static void __exit stupidpid_mt_exit(void)
{
    xt_unregister_match(&stupidpid_mt_reg);
}

module_init(stupidpid_mt_init);
module_exit(stupidpid_mt_exit);
MODULE_AUTHOR("Daniele Iamartino <danieleiamartino@gmail.com>");
MODULE_DESCRIPTION("Xtables: pid owner matching");
MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_owner");
MODULE_ALIAS("ip6t_owner");