Home | History | Annotate | Download | only in extensions
      1 /*
      2  * Shared library add-on to iptables to add SECMARK target support.
      3  *
      4  * Based on the MARK target.
      5  *
      6  * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris (at) redhat.com>
      7  */
      8 #include <stdio.h>
      9 #include <xtables.h>
     10 #include <linux/netfilter/xt_SECMARK.h>
     11 
     12 #define PFX "SECMARK target: "
     13 
     14 enum {
     15 	O_SELCTX = 0,
     16 };
     17 
     18 static void SECMARK_help(void)
     19 {
     20 	printf(
     21 "SECMARK target options:\n"
     22 "  --selctx value                     Set the SELinux security context\n");
     23 }
     24 
     25 static const struct xt_option_entry SECMARK_opts[] = {
     26 	{.name = "selctx", .id = O_SELCTX, .type = XTTYPE_STRING,
     27 	 .flags = XTOPT_MAND | XTOPT_PUT,
     28 	 XTOPT_POINTER(struct xt_secmark_target_info, secctx)},
     29 	XTOPT_TABLEEND,
     30 };
     31 
     32 static void SECMARK_parse(struct xt_option_call *cb)
     33 {
     34 	struct xt_secmark_target_info *info = cb->data;
     35 
     36 	xtables_option_parse(cb);
     37 	info->mode = SECMARK_MODE_SEL;
     38 }
     39 
     40 static void print_secmark(const struct xt_secmark_target_info *info)
     41 {
     42 	switch (info->mode) {
     43 	case SECMARK_MODE_SEL:
     44 		printf("selctx %s", info->secctx);
     45 		break;
     46 
     47 	default:
     48 		xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
     49 	}
     50 }
     51 
     52 static void SECMARK_print(const void *ip, const struct xt_entry_target *target,
     53                           int numeric)
     54 {
     55 	const struct xt_secmark_target_info *info =
     56 		(struct xt_secmark_target_info*)(target)->data;
     57 
     58 	printf(" SECMARK ");
     59 	print_secmark(info);
     60 }
     61 
     62 static void SECMARK_save(const void *ip, const struct xt_entry_target *target)
     63 {
     64 	const struct xt_secmark_target_info *info =
     65 		(struct xt_secmark_target_info*)target->data;
     66 
     67 	printf(" --");
     68 	print_secmark(info);
     69 }
     70 
     71 static struct xtables_target secmark_target = {
     72 	.family		= NFPROTO_UNSPEC,
     73 	.name		= "SECMARK",
     74 	.version	= XTABLES_VERSION,
     75 	.revision	= 0,
     76 	.size		= XT_ALIGN(sizeof(struct xt_secmark_target_info)),
     77 	.userspacesize	= XT_ALIGN(sizeof(struct xt_secmark_target_info)),
     78 	.help		= SECMARK_help,
     79 	.print		= SECMARK_print,
     80 	.save		= SECMARK_save,
     81 	.x6_parse	= SECMARK_parse,
     82 	.x6_options	= SECMARK_opts,
     83 };
     84 
     85 void _init(void)
     86 {
     87 	xtables_register_target(&secmark_target);
     88 }
     89