1/* 2 * Shared library add-on to iptables to add SECMARK target support. 3 * 4 * Based on the MARK target. 5 * 6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 */ 8#include <stdio.h> 9#include <xtables.h> 10#include <linux/netfilter/xt_SECMARK.h> 11 12#define PFX "SECMARK target: " 13 14enum { 15 O_SELCTX = 0, 16}; 17 18static void SECMARK_help(void) 19{ 20 printf( 21"SECMARK target options:\n" 22" --selctx value Set the SELinux security context\n"); 23} 24 25static const struct xt_option_entry SECMARK_opts[] = { 26 {.name = "selctx", .id = O_SELCTX, .type = XTTYPE_STRING, 27 .flags = XTOPT_MAND | XTOPT_PUT, 28 XTOPT_POINTER(struct xt_secmark_target_info, secctx)}, 29 XTOPT_TABLEEND, 30}; 31 32static void SECMARK_parse(struct xt_option_call *cb) 33{ 34 struct xt_secmark_target_info *info = cb->data; 35 36 xtables_option_parse(cb); 37 info->mode = SECMARK_MODE_SEL; 38} 39 40static void print_secmark(const struct xt_secmark_target_info *info) 41{ 42 switch (info->mode) { 43 case SECMARK_MODE_SEL: 44 printf("selctx %s", info->secctx); 45 break; 46 47 default: 48 xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode); 49 } 50} 51 52static void SECMARK_print(const void *ip, const struct xt_entry_target *target, 53 int numeric) 54{ 55 const struct xt_secmark_target_info *info = 56 (struct xt_secmark_target_info*)(target)->data; 57 58 printf(" SECMARK "); 59 print_secmark(info); 60} 61 62static void SECMARK_save(const void *ip, const struct xt_entry_target *target) 63{ 64 const struct xt_secmark_target_info *info = 65 (struct xt_secmark_target_info*)target->data; 66 67 printf(" --"); 68 print_secmark(info); 69} 70 71static struct xtables_target secmark_target = { 72 .family = NFPROTO_UNSPEC, 73 .name = "SECMARK", 74 .version = XTABLES_VERSION, 75 .revision = 0, 76 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 77 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 78 .help = SECMARK_help, 79 .print = SECMARK_print, 80 .save = SECMARK_save, 81 .x6_parse = SECMARK_parse, 82 .x6_options = SECMARK_opts, 83}; 84 85void _init(void) 86{ 87 xtables_register_target(&secmark_target); 88} 89