Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / 9ee386a1b6d7704b259460152c959ab0e79e02aa / . / extensions / libxt_CONNSECMARK.c
blob: e8d0a5eaa4eda2cdef52551359ad8647f27c86a8 [file] [log] [blame]
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]1/*
2 * Shared library add-on to iptables to add CONNSECMARK target support.
3 *
4 * Based on the MARK and CONNMARK targets.
5 *
6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
7 */
8#include <stdio.h>
9#include <string.h>
10#include <stdlib.h>
11#include <getopt.h>
Yasuyuki KOZAKAI56799582007-08-04 08:05:46 +0000[diff] [blame]12#include <xtables.h>
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]13#include <linux/netfilter/xt_CONNSECMARK.h>
14
15#define PFX "CONNSECMARK target: "
16
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]17static void CONNSECMARK_help(void)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]18{
19 printf(
20"CONNSECMARK target v%s options:\n"
21" --save Copy security mark from packet to conntrack\n"
22" --restore Copy security mark from connection to packet\n"
23"\n",
24IPTABLES_VERSION);
25}
26
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]27static const struct option CONNSECMARK_opts[] = {
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]28 { "save", 0, 0, '1' },
29 { "restore", 0, 0, '2' },
Max Kellermann9ee386a2008-01-29 13:48:05 +0000[diff] [blame^]30 { .name = NULL }
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]31};
32
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]33static int
34CONNSECMARK_parse(int c, char **argv, int invert, unsigned int *flags,
35 const void *entry, struct xt_entry_target **target)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]36{
37 struct xt_connsecmark_target_info *info =
38 (struct xt_connsecmark_target_info*)(*target)->data;
39
40 switch (c) {
41 case '1':
42 if (*flags & CONNSECMARK_SAVE)
43 exit_error(PARAMETER_PROBLEM, PFX
44 "Can't specify --save twice");
45 info->mode = CONNSECMARK_SAVE;
46 *flags |= CONNSECMARK_SAVE;
47 break;
48
49 case '2':
50 if (*flags & CONNSECMARK_RESTORE)
51 exit_error(PARAMETER_PROBLEM, PFX
52 "Can't specify --restore twice");
53 info->mode = CONNSECMARK_RESTORE;
54 *flags |= CONNSECMARK_RESTORE;
55 break;
56
57 default:
58 return 0;
59 }
60
61 return 1;
62}
63
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]64static void CONNSECMARK_check(unsigned int flags)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]65{
66 if (!flags)
67 exit_error(PARAMETER_PROBLEM, PFX "parameter required");
68
69 if (flags == (CONNSECMARK_SAVE|CONNSECMARK_RESTORE))
70 exit_error(PARAMETER_PROBLEM, PFX "only one flag of --save "
71 "or --restore is allowed");
72}
73
74static void print_connsecmark(struct xt_connsecmark_target_info *info)
75{
76 switch (info->mode) {
77 case CONNSECMARK_SAVE:
78 printf("save ");
79 break;
80
81 case CONNSECMARK_RESTORE:
82 printf("restore ");
83 break;
84
85 default:
86 exit_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
87 }
88}
89
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]90static void
91CONNSECMARK_print(const void *ip, const struct xt_entry_target *target,
92 int numeric)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]93{
94 struct xt_connsecmark_target_info *info =
95 (struct xt_connsecmark_target_info*)(target)->data;
96
97 printf("CONNSECMARK ");
98 print_connsecmark(info);
99}
100
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]101static void
102CONNSECMARK_save(const void *ip, const struct xt_entry_target *target)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]103{
104 struct xt_connsecmark_target_info *info =
105 (struct xt_connsecmark_target_info*)target->data;
106
107 printf("--");
108 print_connsecmark(info);
109}
110
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]111static struct xtables_target connsecmark_target = {
Yasuyuki KOZAKAI56799582007-08-04 08:05:46 +0000[diff] [blame]112 .family = AF_INET,
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]113 .name = "CONNSECMARK",
114 .version = IPTABLES_VERSION,
115 .revision = 0,
Yasuyuki KOZAKAI56799582007-08-04 08:05:46 +0000[diff] [blame]116 .size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
117 .userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]118 .parse = CONNSECMARK_parse,
119 .help = CONNSECMARK_help,
120 .final_check = CONNSECMARK_check,
121 .print = CONNSECMARK_print,
122 .save = CONNSECMARK_save,
123 .extra_opts = CONNSECMARK_opts,
Yasuyuki KOZAKAI56799582007-08-04 08:05:46 +0000[diff] [blame]124};
125
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]126static struct xtables_target connsecmark_target6 = {
Yasuyuki KOZAKAI56799582007-08-04 08:05:46 +0000[diff] [blame]127 .family = AF_INET6,
128 .name = "CONNSECMARK",
129 .version = IPTABLES_VERSION,
130 .revision = 0,
131 .size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
132 .userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]133 .parse = CONNSECMARK_parse,
134 .help = CONNSECMARK_help,
135 .final_check = CONNSECMARK_check,
136 .print = CONNSECMARK_print,
137 .save = CONNSECMARK_save,
138 .extra_opts = CONNSECMARK_opts,
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]139};
140
141void _init(void)
142{
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]143 xtables_register_target(&connsecmark_target);
144 xtables_register_target(&connsecmark_target6);
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]145}