Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / b977deb11adff9b191181bfba2a95c71c8f16a71 / . / extensions / libxt_SECMARK.c
blob: 6ba8606355daa10105b9adcab05fb7e13f6a3425 [file] [log] [blame]
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]1/*
2 * Shared library add-on to iptables to add SECMARK target support.
3 *
4 * Based on the MARK target.
5 *
6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
7 */
8#include <stdio.h>
Yasuyuki KOZAKAIfa00a732007-07-24 07:27:02 +0000[diff] [blame]9#include <xtables.h>
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]10#include <linux/netfilter/xt_SECMARK.h>
11
12#define PFX "SECMARK target: "
13
Jan Engelhardt03fe3d22011-03-02 22:50:13 +0100[diff] [blame]14enum {
15 O_SELCTX = 0,
16};
17
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]18static void SECMARK_help(void)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]19{
20 printf(
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]21"SECMARK target options:\n"
22" --selctx value Set the SELinux security context\n");
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]23}
24
Jan Engelhardt03fe3d22011-03-02 22:50:13 +0100[diff] [blame]25static const struct xt_option_entry SECMARK_opts[] = {
26 {.name = "selctx", .id = O_SELCTX, .type = XTTYPE_STRING,
27 .flags = XTOPT_MAND | XTOPT_PUT,
28 XTOPT_POINTER(struct xt_secmark_target_info, secctx)},
29 XTOPT_TABLEEND,
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]30};
31
Jan Engelhardt03fe3d22011-03-02 22:50:13 +0100[diff] [blame]32static void SECMARK_parse(struct xt_option_call *cb)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]33{
Jan Engelhardt03fe3d22011-03-02 22:50:13 +0100[diff] [blame]34 struct xt_secmark_target_info *info = cb->data;
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]35
Jan Engelhardt03fe3d22011-03-02 22:50:13 +0100[diff] [blame]36 xtables_option_parse(cb);
37 info->mode = SECMARK_MODE_SEL;
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]38}
39
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]40static void print_secmark(const struct xt_secmark_target_info *info)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]41{
42 switch (info->mode) {
43 case SECMARK_MODE_SEL:
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]44 printf("selctx %s", info->secctx);
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]45 break;
46
47 default:
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]48 xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]49 }
50}
51
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]52static void SECMARK_print(const void *ip, const struct xt_entry_target *target,
53 int numeric)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]54{
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]55 const struct xt_secmark_target_info *info =
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]56 (struct xt_secmark_target_info*)(target)->data;
57
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]58 printf(" SECMARK ");
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]59 print_secmark(info);
60}
61
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]62static void SECMARK_save(const void *ip, const struct xt_entry_target *target)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]63{
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]64 const struct xt_secmark_target_info *info =
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]65 (struct xt_secmark_target_info*)target->data;
66
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]67 printf(" --");
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]68 print_secmark(info);
69}
70
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]71static struct xtables_target secmark_target = {
Jan Engelhardt42979362009-06-01 11:56:23 +0200[diff] [blame]72 .family = NFPROTO_UNSPEC,
Yasuyuki KOZAKAIfa00a732007-07-24 07:27:02 +0000[diff] [blame]73 .name = "SECMARK",
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]74 .version = XTABLES_VERSION,
Yasuyuki KOZAKAIfa00a732007-07-24 07:27:02 +0000[diff] [blame]75 .revision = 0,
76 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
77 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]78 .help = SECMARK_help,
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]79 .print = SECMARK_print,
80 .save = SECMARK_save,
Jan Engelhardt03fe3d22011-03-02 22:50:13 +0100[diff] [blame]81 .x6_parse = SECMARK_parse,
82 .x6_options = SECMARK_opts,
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]83};
84
85void _init(void)
86{
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]87 xtables_register_target(&secmark_target);
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]88}