// SPDX-License-Identifier: GPL-2.0-only /* * Xtables module to match the process control group. * * Might be used to implement individual "per-application" firewall * policies in contrast to global policies based on control groups. * Matching is based upon processes tagged to net_cls' classid marker. * * (C) 2013 Daniel Borkmann <[email protected]> */ #define pr_fmt(fmt) … #include <linux/skbuff.h> #include <linux/module.h> #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_cgroup.h> #include <net/sock.h> MODULE_LICENSE(…) …; MODULE_AUTHOR(…) …; MODULE_DESCRIPTION(…) …; MODULE_ALIAS(…) …; MODULE_ALIAS(…) …; static int cgroup_mt_check_v0(const struct xt_mtchk_param *par) { … } static int cgroup_mt_check_v1(const struct xt_mtchk_param *par) { … } static int cgroup_mt_check_v2(const struct xt_mtchk_param *par) { … } static bool cgroup_mt_v0(const struct sk_buff *skb, struct xt_action_param *par) { … } static bool cgroup_mt_v1(const struct sk_buff *skb, struct xt_action_param *par) { … } static bool cgroup_mt_v2(const struct sk_buff *skb, struct xt_action_param *par) { … } static void cgroup_mt_destroy_v1(const struct xt_mtdtor_param *par) { … } static void cgroup_mt_destroy_v2(const struct xt_mtdtor_param *par) { … } static struct xt_match cgroup_mt_reg[] __read_mostly = …; static int __init cgroup_mt_init(void) { … } static void __exit cgroup_mt_exit(void) { … } module_init(…) …; module_exit(cgroup_mt_exit);
Codebase Browser
linux