libxt_SECMARK.c revision 73866357e4a7a0fdc1b293bf8863fee2bd56da9e
1/* 2 * Shared library add-on to iptables to add SECMARK target support. 3 * 4 * Based on the MARK target. 5 * 6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 */ 8#include <stdbool.h> 9#include <stdio.h> 10#include <string.h> 11#include <stdlib.h> 12#include <getopt.h> 13#include <xtables.h> 14#include <linux/netfilter/xt_SECMARK.h> 15 16#define PFX "SECMARK target: " 17 18static void SECMARK_help(void) 19{ 20 printf( 21"SECMARK target options:\n" 22" --selctx value Set the SELinux security context\n"); 23} 24 25static const struct option SECMARK_opts[] = { 26 {.name = "selctx", .has_arg = true, .val = '1'}, 27 XT_GETOPT_TABLEEND, 28}; 29 30static int SECMARK_parse(int c, char **argv, int invert, unsigned int *flags, 31 const void *entry, struct xt_entry_target **target) 32{ 33 struct xt_secmark_target_info *info = 34 (struct xt_secmark_target_info*)(*target)->data; 35 36 switch (c) { 37 case '1': 38 if (*flags & SECMARK_MODE_SEL) 39 xtables_error(PARAMETER_PROBLEM, PFX 40 "Can't specify --selctx twice"); 41 info->mode = SECMARK_MODE_SEL; 42 43 if (strlen(optarg) > SECMARK_SECCTX_MAX-1) 44 xtables_error(PARAMETER_PROBLEM, PFX 45 "Maximum length %u exceeded by --selctx" 46 " parameter (%zu)", 47 SECMARK_SECCTX_MAX-1, strlen(optarg)); 48 49 strcpy(info->secctx, optarg); 50 *flags |= SECMARK_MODE_SEL; 51 break; 52 } 53 54 return 1; 55} 56 57static void SECMARK_check(unsigned int flags) 58{ 59 if (!flags) 60 xtables_error(PARAMETER_PROBLEM, PFX "parameter required"); 61} 62 63static void print_secmark(const struct xt_secmark_target_info *info) 64{ 65 switch (info->mode) { 66 case SECMARK_MODE_SEL: 67 printf("selctx %s", info->secctx); 68 break; 69 70 default: 71 xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode); 72 } 73} 74 75static void SECMARK_print(const void *ip, const struct xt_entry_target *target, 76 int numeric) 77{ 78 const struct xt_secmark_target_info *info = 79 (struct xt_secmark_target_info*)(target)->data; 80 81 printf(" SECMARK "); 82 print_secmark(info); 83} 84 85static void SECMARK_save(const void *ip, const struct xt_entry_target *target) 86{ 87 const struct xt_secmark_target_info *info = 88 (struct xt_secmark_target_info*)target->data; 89 90 printf(" --"); 91 print_secmark(info); 92} 93 94static struct xtables_target secmark_target = { 95 .family = NFPROTO_UNSPEC, 96 .name = "SECMARK", 97 .version = XTABLES_VERSION, 98 .revision = 0, 99 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 100 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 101 .help = SECMARK_help, 102 .parse = SECMARK_parse, 103 .final_check = SECMARK_check, 104 .print = SECMARK_print, 105 .save = SECMARK_save, 106 .extra_opts = SECMARK_opts, 107}; 108 109void _init(void) 110{ 111 xtables_register_target(&secmark_target); 112} 113