Support owner matching for iptables.

This feature will match UID and GID of the packet creator, for locally generated packets. This match is only valid in the OUTPUT and POSTROUTING chains. Forwarded packets do not have any socket associated with them. Packets from kernel threads do have a socket, but usually no owner.
author: Nayana Bidari <nybidari@google.com> 2020-03-20 12:00:21 -0700
committer: Nayana Bidari <nybidari@google.com> 2020-03-26 12:21:24 -0700
commit: 92b9069b67b927cef25a1490ebd142ad6d65690d (patch)
tree: 103b457232172e84fc3f2d6ea6b02ee553740f83 /pkg/tcpip/tcpip.go
parent: 01ac53099fedf7dd5da01a50e60f3dfa2eb17892 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/pkg/tcpip/tcpip.go b/pkg/tcpip/tcpip.go
index 3dc5d87d6..2ef3271f1 100644
--- a/pkg/tcpip/tcpip.go
+++ b/pkg/tcpip/tcpip.go
@@ -336,6 +336,15 @@ type ControlMessages struct {
 	PacketInfo IPPacketInfo
 }
 
+// PacketOwner is used to get UID and GID of the packet.
+type PacketOwner interface {
+	// UID returns UID of the packet.
+	UID() uint32
+
+	// GID returns GID of the packet.
+	GID() uint32
+}
+
 // Endpoint is the interface implemented by transport protocols (e.g., tcp, udp)
 // that exposes functionality like read, write, connect, etc. to users of the
 // networking stack.
@@ -470,6 +479,9 @@ type Endpoint interface {
 
 	// Stats returns a reference to the endpoint stats.
 	Stats() EndpointStats
+
+	// SetOwner sets the task owner to the endpoint owner.
+	SetOwner(owner PacketOwner)
 }
 
 // EndpointInfo is the interface implemented by each endpoint info struct.
author	Nayana Bidari <nybidari@google.com>	2020-03-20 12:00:21 -0700
committer	Nayana Bidari <nybidari@google.com>	2020-03-26 12:21:24 -0700
commit	92b9069b67b927cef25a1490ebd142ad6d65690d (patch)
tree	103b457232172e84fc3f2d6ea6b02ee553740f83 /pkg/tcpip/tcpip.go
parent	01ac53099fedf7dd5da01a50e60f3dfa2eb17892 (diff)