libxt_SECMARK.c revision 69f564e3890976461de0016cd81171ff8bfa8353
1/* 2 * Shared library add-on to iptables to add SECMARK target support. 3 * 4 * Based on the MARK target. 5 * 6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 */ 8#include <stdio.h> 9#include <string.h> 10#include <stdlib.h> 11#include <getopt.h> 12#include <xtables.h> 13#include <linux/netfilter/xt_SECMARK.h> 14 15#define PFX "SECMARK target: " 16 17static void SECMARK_help(void) 18{ 19 printf( 20"SECMARK target options:\n" 21" --selctx value Set the SELinux security context\n"); 22} 23 24static const struct option SECMARK_opts[] = { 25 { "selctx", 1, NULL, '1' }, 26 { .name = NULL } 27}; 28 29static int SECMARK_parse(int c, char **argv, int invert, unsigned int *flags, 30 const void *entry, struct xt_entry_target **target) 31{ 32 struct xt_secmark_target_info *info = 33 (struct xt_secmark_target_info*)(*target)->data; 34 35 switch (c) { 36 case '1': 37 if (*flags & SECMARK_MODE_SEL) 38 xtables_error(PARAMETER_PROBLEM, PFX 39 "Can't specify --selctx twice"); 40 info->mode = SECMARK_MODE_SEL; 41 42 if (strlen(optarg) > SECMARK_SELCTX_MAX-1) 43 xtables_error(PARAMETER_PROBLEM, PFX 44 "Maximum length %u exceeded by --selctx" 45 " parameter (%zu)", 46 SECMARK_SELCTX_MAX-1, strlen(optarg)); 47 48 strcpy(info->u.sel.selctx, optarg); 49 *flags |= SECMARK_MODE_SEL; 50 break; 51 default: 52 return 0; 53 } 54 55 return 1; 56} 57 58static void SECMARK_check(unsigned int flags) 59{ 60 if (!flags) 61 xtables_error(PARAMETER_PROBLEM, PFX "parameter required"); 62} 63 64static void print_secmark(const struct xt_secmark_target_info *info) 65{ 66 switch (info->mode) { 67 case SECMARK_MODE_SEL: 68 printf("selctx %s ", info->u.sel.selctx);\ 69 break; 70 71 default: 72 xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode); 73 } 74} 75 76static void SECMARK_print(const void *ip, const struct xt_entry_target *target, 77 int numeric) 78{ 79 const struct xt_secmark_target_info *info = 80 (struct xt_secmark_target_info*)(target)->data; 81 82 printf("SECMARK "); 83 print_secmark(info); 84} 85 86static void SECMARK_save(const void *ip, const struct xt_entry_target *target) 87{ 88 const struct xt_secmark_target_info *info = 89 (struct xt_secmark_target_info*)target->data; 90 91 printf("--"); 92 print_secmark(info); 93} 94 95static struct xtables_target secmark_target = { 96 .family = AF_UNSPEC, 97 .name = "SECMARK", 98 .version = XTABLES_VERSION, 99 .revision = 0, 100 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 101 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 102 .help = SECMARK_help, 103 .parse = SECMARK_parse, 104 .final_check = SECMARK_check, 105 .print = SECMARK_print, 106 .save = SECMARK_save, 107 .extra_opts = SECMARK_opts, 108}; 109 110void _init(void) 111{ 112 xtables_register_target(&secmark_target); 113} 114