2 * Shared library add-on to iptables to add SECMARK target support.
4 * Based on the MARK target.
6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
13 #include <linux/netfilter/xt_SECMARK.h>
15 #define PFX "SECMARK target: "
17 static void help(void)
20 "SECMARK target v%s options:\n"
21 " --selctx value Set the SELinux security context\n"
26 static struct option opts
[] = {
27 { "selctx", 1, 0, '1' },
31 /* Initialize the target. */
32 static void init(struct ipt_entry_target
*t
, unsigned int *nfcache
)
36 * Function which parses command options; returns true if it
39 static int parse(int c
, char **argv
, int invert
, unsigned int *flags
,
40 const struct ipt_entry
*entry
, struct ipt_entry_target
**target
)
42 struct xt_secmark_target_info
*info
=
43 (struct xt_secmark_target_info
*)(*target
)->data
;
47 if (*flags
& SECMARK_MODE_SEL
)
48 exit_error(PARAMETER_PROBLEM
, PFX
49 "Can't specify --selctx twice");
50 info
->mode
= SECMARK_MODE_SEL
;
52 if (strlen(optarg
) > SECMARK_SELCTX_MAX
-1)
53 exit_error(PARAMETER_PROBLEM
, PFX
54 "Maximum length %u exceeded by --selctx"
56 SECMARK_SELCTX_MAX
-1, strlen(optarg
));
58 strcpy(info
->u
.sel
.selctx
, optarg
);
59 *flags
|= SECMARK_MODE_SEL
;
68 static void final_check(unsigned int flags
)
71 exit_error(PARAMETER_PROBLEM
, PFX
"parameter required");
74 static void print_secmark(struct xt_secmark_target_info
*info
)
77 case SECMARK_MODE_SEL
:
78 printf("selctx %s ", info
->u
.sel
.selctx
);\
82 exit_error(OTHER_PROBLEM
, PFX
"invalid mode %hhu\n", info
->mode
);
86 static void print(const struct ipt_ip
*ip
,
87 const struct ipt_entry_target
*target
, int numeric
)
89 struct xt_secmark_target_info
*info
=
90 (struct xt_secmark_target_info
*)(target
)->data
;
96 /* Saves the target info in parsable form to stdout. */
97 static void save(const struct ipt_ip
*ip
, const struct ipt_entry_target
*target
)
99 struct xt_secmark_target_info
*info
=
100 (struct xt_secmark_target_info
*)target
->data
;
106 static struct iptables_target secmark
= {
109 .version
= IPTABLES_VERSION
,
111 .size
= IPT_ALIGN(sizeof(struct xt_secmark_target_info
)),
112 .userspacesize
= IPT_ALIGN(sizeof(struct xt_secmark_target_info
)),
116 .final_check
= &final_check
,
124 register_target(&secmark
);