Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / d7282413763b0ba85d512c1cd49174b762ff449c / . / extensions / libxt_CONNSECMARK.c
blob: df2e6b825262e674c6ca477d5a3d1a37d5c536d6 [file] [log] [blame]
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]1/*
2 * Shared library add-on to iptables to add CONNSECMARK target support.
3 *
4 * Based on the MARK and CONNMARK targets.
5 *
6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
7 */
8#include <stdio.h>
Yasuyuki KOZAKAI56799582007-08-04 08:05:46 +0000[diff] [blame]9#include <xtables.h>
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]10#include <linux/netfilter/xt_CONNSECMARK.h>
11
12#define PFX "CONNSECMARK target: "
13
Jan Engelhardt97265fb2011-02-27 16:50:22 +0100[diff] [blame]14enum {
15 O_SAVE = 0,
16 O_RESTORE,
17 F_SAVE = 1 << O_SAVE,
18 F_RESTORE = 1 << O_RESTORE,
19};
20
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]21static void CONNSECMARK_help(void)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]22{
23 printf(
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]24"CONNSECMARK target options:\n"
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]25" --save Copy security mark from packet to conntrack\n"
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]26" --restore Copy security mark from connection to packet\n");
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]27}
28
Jan Engelhardt97265fb2011-02-27 16:50:22 +0100[diff] [blame]29static const struct xt_option_entry CONNSECMARK_opts[] = {
30 {.name = "save", .id = O_SAVE, .excl = F_RESTORE, .type = XTTYPE_NONE},
31 {.name = "restore", .id = O_RESTORE, .excl = F_SAVE,
32 .type = XTTYPE_NONE},
33 XTOPT_TABLEEND,
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]34};
35
Jan Engelhardt97265fb2011-02-27 16:50:22 +0100[diff] [blame]36static void CONNSECMARK_parse(struct xt_option_call *cb)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]37{
Jan Engelhardt97265fb2011-02-27 16:50:22 +0100[diff] [blame]38 struct xt_connsecmark_target_info *info = cb->data;
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]39
Jan Engelhardt97265fb2011-02-27 16:50:22 +0100[diff] [blame]40 xtables_option_parse(cb);
41 switch (cb->entry->id) {
42 case O_SAVE:
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]43 info->mode = CONNSECMARK_SAVE;
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]44 break;
Jan Engelhardt97265fb2011-02-27 16:50:22 +0100[diff] [blame]45 case O_RESTORE:
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]46 info->mode = CONNSECMARK_RESTORE;
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]47 break;
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]48 }
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]49}
50
Jan Engelhardt97265fb2011-02-27 16:50:22 +0100[diff] [blame]51static void CONNSECMARK_check(struct xt_fcheck_call *cb)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]52{
Jan Engelhardt97265fb2011-02-27 16:50:22 +0100[diff] [blame]53 if (cb->xflags == 0)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]54 xtables_error(PARAMETER_PROBLEM, PFX "parameter required");
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]55}
56
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]57static void print_connsecmark(const struct xt_connsecmark_target_info *info)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]58{
59 switch (info->mode) {
60 case CONNSECMARK_SAVE:
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]61 printf("save");
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]62 break;
63
64 case CONNSECMARK_RESTORE:
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]65 printf("restore");
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]66 break;
67
68 default:
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]69 xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]70 }
71}
72
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]73static void
74CONNSECMARK_print(const void *ip, const struct xt_entry_target *target,
75 int numeric)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]76{
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]77 const struct xt_connsecmark_target_info *info =
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]78 (struct xt_connsecmark_target_info*)(target)->data;
79
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]80 printf(" CONNSECMARK ");
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]81 print_connsecmark(info);
82}
83
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]84static void
85CONNSECMARK_save(const void *ip, const struct xt_entry_target *target)
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]86{
Jan Engelhardt69f564e2009-05-26 13:14:06 +0200[diff] [blame]87 const struct xt_connsecmark_target_info *info =
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]88 (struct xt_connsecmark_target_info*)target->data;
89
90 printf("--");
91 print_connsecmark(info);
92}
93
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]94static struct xtables_target connsecmark_target = {
Jan Engelhardtc5e85732009-06-12 20:55:44 +0200[diff] [blame]95 .family = NFPROTO_UNSPEC,
Yasuyuki KOZAKAI56799582007-08-04 08:05:46 +0000[diff] [blame]96 .name = "CONNSECMARK",
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]97 .version = XTABLES_VERSION,
Yasuyuki KOZAKAI56799582007-08-04 08:05:46 +0000[diff] [blame]98 .revision = 0,
99 .size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
100 .userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]101 .help = CONNSECMARK_help,
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]102 .print = CONNSECMARK_print,
103 .save = CONNSECMARK_save,
Jan Engelhardt97265fb2011-02-27 16:50:22 +0100[diff] [blame]104 .x6_parse = CONNSECMARK_parse,
105 .x6_fcheck = CONNSECMARK_check,
106 .x6_options = CONNSECMARK_opts,
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]107};
108
109void _init(void)
110{
Jan Engelhardt932e6482007-10-04 16:27:30 +0000[diff] [blame]111 xtables_register_target(&connsecmark_target);
Patrick McHardyff968302006-05-24 16:15:03 +0000[diff] [blame]112}