libxt_SECMARK.c revision 661f112072bc13a1625c4eb5983695e122ea97da
1/* 2 * Shared library add-on to iptables to add SECMARK target support. 3 * 4 * Based on the MARK target. 5 * 6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 */ 8#include <stdio.h> 9#include <string.h> 10#include <stdlib.h> 11#include <getopt.h> 12#include <xtables.h> 13#include <linux/netfilter/xt_SECMARK.h> 14 15#define PFX "SECMARK target: " 16 17static void help(void) 18{ 19 printf( 20"SECMARK target v%s options:\n" 21" --selctx value Set the SELinux security context\n" 22"\n", 23IPTABLES_VERSION); 24} 25 26static const struct option opts[] = { 27 { "selctx", 1, 0, '1' }, 28 { 0 } 29}; 30 31/* Initialize the target. */ 32static void init(struct xt_entry_target *t, unsigned int *nfcache) 33{ } 34 35/* 36 * Function which parses command options; returns true if it 37 * ate an option. 38 */ 39static int parse(int c, char **argv, int invert, unsigned int *flags, 40 const void *entry, struct xt_entry_target **target) 41{ 42 struct xt_secmark_target_info *info = 43 (struct xt_secmark_target_info*)(*target)->data; 44 45 switch (c) { 46 case '1': 47 if (*flags & SECMARK_MODE_SEL) 48 exit_error(PARAMETER_PROBLEM, PFX 49 "Can't specify --selctx twice"); 50 info->mode = SECMARK_MODE_SEL; 51 52 if (strlen(optarg) > SECMARK_SELCTX_MAX-1) 53 exit_error(PARAMETER_PROBLEM, PFX 54 "Maximum length %u exceeded by --selctx" 55 " parameter (%zu)", 56 SECMARK_SELCTX_MAX-1, strlen(optarg)); 57 58 strcpy(info->u.sel.selctx, optarg); 59 *flags |= SECMARK_MODE_SEL; 60 break; 61 default: 62 return 0; 63 } 64 65 return 1; 66} 67 68static void final_check(unsigned int flags) 69{ 70 if (!flags) 71 exit_error(PARAMETER_PROBLEM, PFX "parameter required"); 72} 73 74static void print_secmark(struct xt_secmark_target_info *info) 75{ 76 switch (info->mode) { 77 case SECMARK_MODE_SEL: 78 printf("selctx %s ", info->u.sel.selctx);\ 79 break; 80 81 default: 82 exit_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode); 83 } 84} 85 86static void print(const void *ip, 87 const struct xt_entry_target *target, int numeric) 88{ 89 struct xt_secmark_target_info *info = 90 (struct xt_secmark_target_info*)(target)->data; 91 92 printf("SECMARK "); 93 print_secmark(info); 94} 95 96/* Saves the target info in parsable form to stdout. */ 97static void save(const void *ip, const struct xt_entry_target *target) 98{ 99 struct xt_secmark_target_info *info = 100 (struct xt_secmark_target_info*)target->data; 101 102 printf("--"); 103 print_secmark(info); 104} 105 106static struct xtables_target secmark = { 107 .family = AF_INET, 108 .name = "SECMARK", 109 .version = IPTABLES_VERSION, 110 .revision = 0, 111 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 112 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 113 .help = &help, 114 .init = &init, 115 .parse = &parse, 116 .final_check = &final_check, 117 .print = &print, 118 .save = &save, 119 .extra_opts = opts 120}; 121 122static struct xtables_target secmark6 = { 123 .family = AF_INET6, 124 .name = "SECMARK", 125 .version = IPTABLES_VERSION, 126 .revision = 0, 127 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 128 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 129 .help = &help, 130 .init = &init, 131 .parse = &parse, 132 .final_check = &final_check, 133 .print = &print, 134 .save = &save, 135 .extra_opts = opts 136}; 137 138void _init(void) 139{ 140 xtables_register_target(&secmark); 141 xtables_register_target(&secmark6); 142} 143