2 * Shared library add-on to iptables to add SECMARK target support.
4 * Based on the MARK target.
6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
13 #include <linux/netfilter/xt_SECMARK.h>
15 #define PFX "SECMARK target: "
17 static void SECMARK_help(void)
20 "SECMARK target options:\n"
21 " --selctx value Set the SELinux security context\n");
24 static const struct option SECMARK_opts[] = {
25 { "selctx", 1, NULL, '1' },
29 static int SECMARK_parse(int c, char **argv, int invert, unsigned int *flags,
30 const void *entry, struct xt_entry_target **target)
32 struct xt_secmark_target_info *info =
33 (struct xt_secmark_target_info*)(*target)->data;
37 if (*flags & SECMARK_MODE_SEL)
38 xtables_error(PARAMETER_PROBLEM, PFX
39 "Can't specify --selctx twice");
40 info->mode = SECMARK_MODE_SEL;
42 if (strlen(optarg) > SECMARK_SELCTX_MAX-1)
43 xtables_error(PARAMETER_PROBLEM, PFX
44 "Maximum length %u exceeded by --selctx"
46 SECMARK_SELCTX_MAX-1, strlen(optarg));
48 strcpy(info->u.sel.selctx, optarg);
49 *flags |= SECMARK_MODE_SEL;
58 static void SECMARK_check(unsigned int flags)
61 xtables_error(PARAMETER_PROBLEM, PFX "parameter required");
64 static void print_secmark(const struct xt_secmark_target_info *info)
67 case SECMARK_MODE_SEL:
68 printf("selctx %s ", info->u.sel.selctx);\
72 xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
76 static void SECMARK_print(const void *ip, const struct xt_entry_target *target,
79 const struct xt_secmark_target_info *info =
80 (struct xt_secmark_target_info*)(target)->data;
86 static void SECMARK_save(const void *ip, const struct xt_entry_target *target)
88 const struct xt_secmark_target_info *info =
89 (struct xt_secmark_target_info*)target->data;
95 static struct xtables_target secmark_target = {
96 .family = NFPROTO_UNSPEC,
98 .version = XTABLES_VERSION,
100 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
101 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
102 .help = SECMARK_help,
103 .parse = SECMARK_parse,
104 .final_check = SECMARK_check,
105 .print = SECMARK_print,
106 .save = SECMARK_save,
107 .extra_opts = SECMARK_opts,
112 xtables_register_target(&secmark_target);