libxt_SECMARK.c revision 932e648f38ac16b1ea14c1f66f23951388448c5a
1/* 2 * Shared library add-on to iptables to add SECMARK target support. 3 * 4 * Based on the MARK target. 5 * 6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 */ 8#include <stdio.h> 9#include <string.h> 10#include <stdlib.h> 11#include <getopt.h> 12#include <xtables.h> 13#include <linux/netfilter/xt_SECMARK.h> 14 15#define PFX "SECMARK target: " 16 17static void SECMARK_help(void) 18{ 19 printf( 20"SECMARK target v%s options:\n" 21" --selctx value Set the SELinux security context\n" 22"\n", 23IPTABLES_VERSION); 24} 25 26static const struct option SECMARK_opts[] = { 27 { "selctx", 1, 0, '1' }, 28 { 0 } 29}; 30 31/* 32 * Function which parses command options; returns true if it 33 * ate an option. 34 */ 35static int SECMARK_parse(int c, char **argv, int invert, unsigned int *flags, 36 const void *entry, struct xt_entry_target **target) 37{ 38 struct xt_secmark_target_info *info = 39 (struct xt_secmark_target_info*)(*target)->data; 40 41 switch (c) { 42 case '1': 43 if (*flags & SECMARK_MODE_SEL) 44 exit_error(PARAMETER_PROBLEM, PFX 45 "Can't specify --selctx twice"); 46 info->mode = SECMARK_MODE_SEL; 47 48 if (strlen(optarg) > SECMARK_SELCTX_MAX-1) 49 exit_error(PARAMETER_PROBLEM, PFX 50 "Maximum length %u exceeded by --selctx" 51 " parameter (%zu)", 52 SECMARK_SELCTX_MAX-1, strlen(optarg)); 53 54 strcpy(info->u.sel.selctx, optarg); 55 *flags |= SECMARK_MODE_SEL; 56 break; 57 default: 58 return 0; 59 } 60 61 return 1; 62} 63 64static void SECMARK_check(unsigned int flags) 65{ 66 if (!flags) 67 exit_error(PARAMETER_PROBLEM, PFX "parameter required"); 68} 69 70static void print_secmark(struct xt_secmark_target_info *info) 71{ 72 switch (info->mode) { 73 case SECMARK_MODE_SEL: 74 printf("selctx %s ", info->u.sel.selctx);\ 75 break; 76 77 default: 78 exit_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode); 79 } 80} 81 82static void SECMARK_print(const void *ip, const struct xt_entry_target *target, 83 int numeric) 84{ 85 struct xt_secmark_target_info *info = 86 (struct xt_secmark_target_info*)(target)->data; 87 88 printf("SECMARK "); 89 print_secmark(info); 90} 91 92/* Saves the target info in parsable form to stdout. */ 93static void SECMARK_save(const void *ip, const struct xt_entry_target *target) 94{ 95 struct xt_secmark_target_info *info = 96 (struct xt_secmark_target_info*)target->data; 97 98 printf("--"); 99 print_secmark(info); 100} 101 102static struct xtables_target secmark_target = { 103 .family = AF_INET, 104 .name = "SECMARK", 105 .version = IPTABLES_VERSION, 106 .revision = 0, 107 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 108 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 109 .help = SECMARK_help, 110 .parse = SECMARK_parse, 111 .final_check = SECMARK_check, 112 .print = SECMARK_print, 113 .save = SECMARK_save, 114 .extra_opts = SECMARK_opts, 115}; 116 117static struct xtables_target secmark_target6 = { 118 .family = AF_INET6, 119 .name = "SECMARK", 120 .version = IPTABLES_VERSION, 121 .revision = 0, 122 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 123 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)), 124 .help = SECMARK_help, 125 .parse = SECMARK_parse, 126 .final_check = SECMARK_check, 127 .print = SECMARK_print, 128 .save = SECMARK_save, 129 .extra_opts = SECMARK_opts, 130}; 131 132void _init(void) 133{ 134 xtables_register_target(&secmark_target); 135 xtables_register_target(&secmark_target6); 136} 137