1/* 2 * Shared library add-on to iptables to add CONNSECMARK target support. 3 * 4 * Based on the MARK and CONNMARK targets. 5 * 6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 */ 8#include <stdio.h> 9#include <xtables.h> 10#include <linux/netfilter/xt_CONNSECMARK.h> 11 12#define PFX "CONNSECMARK target: " 13 14enum { 15 O_SAVE = 0, 16 O_RESTORE, 17 F_SAVE = 1 << O_SAVE, 18 F_RESTORE = 1 << O_RESTORE, 19}; 20 21static void CONNSECMARK_help(void) 22{ 23 printf( 24"CONNSECMARK target options:\n" 25" --save Copy security mark from packet to conntrack\n" 26" --restore Copy security mark from connection to packet\n"); 27} 28 29static const struct xt_option_entry CONNSECMARK_opts[] = { 30 {.name = "save", .id = O_SAVE, .excl = F_RESTORE, .type = XTTYPE_NONE}, 31 {.name = "restore", .id = O_RESTORE, .excl = F_SAVE, 32 .type = XTTYPE_NONE}, 33 XTOPT_TABLEEND, 34}; 35 36static void CONNSECMARK_parse(struct xt_option_call *cb) 37{ 38 struct xt_connsecmark_target_info *info = cb->data; 39 40 xtables_option_parse(cb); 41 switch (cb->entry->id) { 42 case O_SAVE: 43 info->mode = CONNSECMARK_SAVE; 44 break; 45 case O_RESTORE: 46 info->mode = CONNSECMARK_RESTORE; 47 break; 48 } 49} 50 51static void CONNSECMARK_check(struct xt_fcheck_call *cb) 52{ 53 if (cb->xflags == 0) 54 xtables_error(PARAMETER_PROBLEM, PFX "parameter required"); 55} 56 57static void print_connsecmark(const struct xt_connsecmark_target_info *info) 58{ 59 switch (info->mode) { 60 case CONNSECMARK_SAVE: 61 printf("save"); 62 break; 63 64 case CONNSECMARK_RESTORE: 65 printf("restore"); 66 break; 67 68 default: 69 xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode); 70 } 71} 72 73static void 74CONNSECMARK_print(const void *ip, const struct xt_entry_target *target, 75 int numeric) 76{ 77 const struct xt_connsecmark_target_info *info = 78 (struct xt_connsecmark_target_info*)(target)->data; 79 80 printf(" CONNSECMARK "); 81 print_connsecmark(info); 82} 83 84static void 85CONNSECMARK_save(const void *ip, const struct xt_entry_target *target) 86{ 87 const struct xt_connsecmark_target_info *info = 88 (struct xt_connsecmark_target_info*)target->data; 89 90 printf(" --"); 91 print_connsecmark(info); 92} 93 94static struct xtables_target connsecmark_target = { 95 .family = NFPROTO_UNSPEC, 96 .name = "CONNSECMARK", 97 .version = XTABLES_VERSION, 98 .revision = 0, 99 .size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)), 100 .userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)), 101 .help = CONNSECMARK_help, 102 .print = CONNSECMARK_print, 103 .save = CONNSECMARK_save, 104 .x6_parse = CONNSECMARK_parse, 105 .x6_fcheck = CONNSECMARK_check, 106 .x6_options = CONNSECMARK_opts, 107}; 108 109void _init(void) 110{ 111 xtables_register_target(&connsecmark_target); 112} 113