search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
K2.6 patches and update.
[tomato.git] / release / src / router / iptables / extensions / libipt_SECMARK.c
blob89a2b2addfcecff8649bfa74766e927683792231
1 /*
2 * Shared library add-on to iptables to add SECMARK target support.
3 *
4 * Based on the MARK target.
5 *
6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
7 */
8 #include <stdio.h>
9 #include <string.h>
10 #include <stdlib.h>
11 #include <getopt.h>
12 #include <iptables.h>
13 #include <linux/netfilter/xt_SECMARK.h>
14
15 #define PFX "SECMARK target: "
16
17 static void help(void)
18 {
19 printf(
20 "SECMARK target v%s options:\n"
21 " --selctx value Set the SELinux security context\n"
22 "\n",
23 IPTABLES_VERSION);
24 }
25
26 static struct option opts[] = {
27 { "selctx", 1, 0, '1' },
28 { 0 }
29 };
30
31 /* Initialize the target. */
32 static void init(struct ipt_entry_target *t, unsigned int *nfcache)
33 { }
34
35 /*
36 * Function which parses command options; returns true if it
37 * ate an option.
38 */
39 static int parse(int c, char **argv, int invert, unsigned int *flags,
40 const struct ipt_entry *entry, struct ipt_entry_target **target)
41 {
42 struct xt_secmark_target_info *info =
43 (struct xt_secmark_target_info*)(*target)->data;
44
45 switch (c) {
46 case '1':
47 if (*flags & SECMARK_MODE_SEL)
48 exit_error(PARAMETER_PROBLEM, PFX
49 "Can't specify --selctx twice");
50 info->mode = SECMARK_MODE_SEL;
51
52 if (strlen(optarg) > SECMARK_SELCTX_MAX-1)
53 exit_error(PARAMETER_PROBLEM, PFX
54 "Maximum length %u exceeded by --selctx"
55 " parameter (%zu)",
56 SECMARK_SELCTX_MAX-1, strlen(optarg));
57
58 strcpy(info->u.sel.selctx, optarg);
59 *flags |= SECMARK_MODE_SEL;
60 break;
61 default:
62 return 0;
63 }
64
65 return 1;
66 }
67
68 static void final_check(unsigned int flags)
69 {
70 if (!flags)
71 exit_error(PARAMETER_PROBLEM, PFX "parameter required");
72 }
73
74 static void print_secmark(struct xt_secmark_target_info *info)
75 {
76 switch (info->mode) {
77 case SECMARK_MODE_SEL:
78 printf("selctx %s ", info->u.sel.selctx);\
79 break;
80
81 default:
82 exit_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
83 }
84 }
85
86 static void print(const struct ipt_ip *ip,
87 const struct ipt_entry_target *target, int numeric)
88 {
89 struct xt_secmark_target_info *info =
90 (struct xt_secmark_target_info*)(target)->data;
91
92 printf("SECMARK ");
93 print_secmark(info);
94 }
95
96 /* Saves the target info in parsable form to stdout. */
97 static void save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
98 {
99 struct xt_secmark_target_info *info =
100 (struct xt_secmark_target_info*)target->data;
101
102 printf("--");
103 print_secmark(info);
104 }
105
106 static struct iptables_target secmark = {
107 .next = NULL,
108 .name = "SECMARK",
109 .version = IPTABLES_VERSION,
110 .revision = 0,
111 .size = IPT_ALIGN(sizeof(struct xt_secmark_target_info)),
112 .userspacesize = IPT_ALIGN(sizeof(struct xt_secmark_target_info)),
113 .help = &help,
114 .init = &init,
115 .parse = &parse,
116 .final_check = &final_check,
117 .print = &print,
118 .save = &save,
119 .extra_opts = opts
120 };
121
122 void _init(void)
123 {
124 register_target(&secmark);
125 }
Tomato firmware and modifications.