1 /*
2 * Shared library add-on to iptables to add SECMARK target support.
3 *
4 * Based on the MARK target.
5 *
6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
7 */
8 #include <stdio.h>
9 #include <xtables.h>
10 #include <linux/netfilter/xt_SECMARK.h>
11
12 #define PFX "SECMARK target: "
13
14 enum {
15 O_SELCTX = 0,
16 };
17
SECMARK_help(void)18 static void SECMARK_help(void)
19 {
20 printf(
21 "SECMARK target options:\n"
22 " --selctx value Set the SELinux security context\n");
23 }
24
25 static const struct xt_option_entry SECMARK_opts[] = {
26 {.name = "selctx", .id = O_SELCTX, .type = XTTYPE_STRING,
27 .flags = XTOPT_MAND | XTOPT_PUT,
28 XTOPT_POINTER(struct xt_secmark_target_info, secctx)},
29 XTOPT_TABLEEND,
30 };
31
SECMARK_parse(struct xt_option_call * cb)32 static void SECMARK_parse(struct xt_option_call *cb)
33 {
34 struct xt_secmark_target_info *info = cb->data;
35
36 xtables_option_parse(cb);
37 info->mode = SECMARK_MODE_SEL;
38 }
39
print_secmark(const struct xt_secmark_target_info * info)40 static void print_secmark(const struct xt_secmark_target_info *info)
41 {
42 switch (info->mode) {
43 case SECMARK_MODE_SEL:
44 printf("selctx %s", info->secctx);
45 break;
46
47 default:
48 xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
49 }
50 }
51
SECMARK_print(const void * ip,const struct xt_entry_target * target,int numeric)52 static void SECMARK_print(const void *ip, const struct xt_entry_target *target,
53 int numeric)
54 {
55 const struct xt_secmark_target_info *info =
56 (struct xt_secmark_target_info*)(target)->data;
57
58 printf(" SECMARK ");
59 print_secmark(info);
60 }
61
SECMARK_save(const void * ip,const struct xt_entry_target * target)62 static void SECMARK_save(const void *ip, const struct xt_entry_target *target)
63 {
64 const struct xt_secmark_target_info *info =
65 (struct xt_secmark_target_info*)target->data;
66
67 printf(" --");
68 print_secmark(info);
69 }
70
71 static struct xtables_target secmark_target = {
72 .family = NFPROTO_UNSPEC,
73 .name = "SECMARK",
74 .version = XTABLES_VERSION,
75 .revision = 0,
76 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
77 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
78 .help = SECMARK_help,
79 .print = SECMARK_print,
80 .save = SECMARK_save,
81 .x6_parse = SECMARK_parse,
82 .x6_options = SECMARK_opts,
83 };
84
_init(void)85 void _init(void)
86 {
87 xtables_register_target(&secmark_target);
88 }
89