2 * Shared library add-on to iptables to add SECMARK target support.
4 * Based on the MARK target.
6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
10 #include <linux/netfilter/xt_SECMARK.h>
12 #define PFX "SECMARK target: "
18 static void SECMARK_help(void)
21 "SECMARK target options:\n"
22 " --selctx value Set the SELinux security context\n");
25 static const struct xt_option_entry SECMARK_opts[] = {
26 {.name = "selctx", .id = O_SELCTX, .type = XTTYPE_STRING,
27 .flags = XTOPT_MAND | XTOPT_PUT,
28 XTOPT_POINTER(struct xt_secmark_target_info, secctx)},
32 static void SECMARK_parse(struct xt_option_call *cb)
34 struct xt_secmark_target_info *info = cb->data;
36 xtables_option_parse(cb);
37 info->mode = SECMARK_MODE_SEL;
40 static void print_secmark(const struct xt_secmark_target_info *info)
43 case SECMARK_MODE_SEL:
44 printf("selctx %s", info->secctx);
48 xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
52 static void SECMARK_print(const void *ip, const struct xt_entry_target *target,
55 const struct xt_secmark_target_info *info =
56 (struct xt_secmark_target_info*)(target)->data;
62 static void SECMARK_save(const void *ip, const struct xt_entry_target *target)
64 const struct xt_secmark_target_info *info =
65 (struct xt_secmark_target_info*)target->data;
71 static struct xtables_target secmark_target = {
72 .family = NFPROTO_UNSPEC,
74 .version = XTABLES_VERSION,
76 .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
77 .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)),
79 .print = SECMARK_print,
81 .x6_parse = SECMARK_parse,
82 .x6_options = SECMARK_opts,
87 xtables_register_target(&secmark_target);