libxt_SECMARK.c revision b4af04be14560b3fcc6cf23200148d408014a2f5
1/* 2 * Shared library add-on to iptables to add SECMARK target support. 3 * 4 * Based on the MARK target. 5 * 6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 */ 8#include <stdbool.h> 9#include <stdio.h> 10#include <string.h> 11#include <stdlib.h> 12#include <getopt.h> 13#include <xtables.h> 14#include <linux/netfilter/xt_SECMARK.h> 15 16#define PFX "SECMARK target: " 17 18static void SECMARK_help(void) 19{ 20 printf( 21"SECMARK target options:\n" 22" --selctx value Set the SELinux security context\n"); 23} 24 25static const struct option SECMARK_opts[] = { 26 {.name = "selctx", .has_arg = true, .val = '1'}, 27 XT_GETOPT_TABLEEND, 28}; 29 30static int SECMARK_parse(int c, char **argv, int invert, unsigned int *flags, 31 const void *entry, struct xt_entry_target **target) 32{ 33 struct xt_secmark_target_info *info = 34 (struct xt_secmark_target_info*)(*target)->data; 35 36 switch (c) { 37 case '1': 38 if (*flags & SECMARK_MODE_SEL) 39 xtables_error(PARAMETER_PROBLEM, PFX 40 "Can't specify --selctx twice"); 41 info->mode = SECMARK_MODE_SEL; 42 43 if (strlen(optarg) > SECMARK_SECCTX_MAX-1) 44 xtables_error(PARAMETER_PROBLEM, PFX 45 "Maximum length %u exceeded by --selctx" 46 " parameter (%zu)", 47 SECMARK_SECCTX_MAX-1, strlen(optarg)); 48 49 strcpy(info->secctx, optarg); 50 *flags |= SECMARK_MODE_SEL; 51 break; 52 default: 53 return 0; 54 } 55 56 return 1; 57} 58 59static void SECMARK_check(unsigned int flags) 60{ 61 if (!flags) 62 xtables_error(PARAMETER_PROBLEM, PFX "parameter required"); 63} 64 65static void print_secmark(const struct xt_secmark_target_info *info) 66{ 67 switch (info->mode) { 68 case SECMARK_MODE_SEL: 69 printf("selctx %s ", info->secctx); 70 break; 71 72 default: 73 xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode); 74 } 75} 76 77static void SECMARK_print(const void *ip, const struct xt_entry_target *target, 78 int numeric) 79{ 80 const struct xt_secmark_target_info *info = 81 (struct xt_secmark_target_info*)(target)->data; 82 83 printf("SECMARK "); 84 print_secmark(info); 85} 86 87static void SECMARK_save(const void *ip, const struct xt_entry_target *target) 88{ 89 const struct xt_secmark_target_info *info = 90 (struct xt_secmark_target_info*)target->data; 91 92 printf("--"); 93 print_secmark(info); 94} 95 96static struct xtables_target secmark_target = { 97 .family = NFPROTO_UNSPEC, 98 .name = "SECMARK", 99 .version = XTABLES_VERSION, 100 .revision = 0, 101 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 102 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 103 .help = SECMARK_help, 104 .parse = SECMARK_parse, 105 .final_check = SECMARK_check, 106 .print = SECMARK_print, 107 .save = SECMARK_save, 108 .extra_opts = SECMARK_opts, 109}; 110 111void _init(void) 112{ 113 xtables_register_target(&secmark_target); 114} 115