2 * Shared library add-on to iptables to add SECMARK target support.
4 * Based on the MARK target.
6 * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
13 #include <linux/netfilter/xt_SECMARK.h>
15 #define PFX "SECMARK target: "
17 static void help(void)
20 "SECMARK target v%s options:\n"
21 " --selctx value Set the SELinux security context\n"
26 static struct option opts[] = {
27 { "selctx", 1, 0, '1' },
31 /* Initialize the target. */
32 static void init(struct ipt_entry_target *t, unsigned int *nfcache)
36 * Function which parses command options; returns true if it
39 static int parse(int c, char **argv, int invert, unsigned int *flags,
40 const struct ipt_entry *entry, struct ipt_entry_target **target)
42 struct xt_secmark_target_info *info =
43 (struct xt_secmark_target_info*)(*target)->data;
47 if (*flags & SECMARK_MODE_SEL)
48 exit_error(PARAMETER_PROBLEM, PFX
49 "Can't specify --selctx twice");
50 info->mode = SECMARK_MODE_SEL;
52 if (strlen(optarg) > SECMARK_SELCTX_MAX-1)
53 exit_error(PARAMETER_PROBLEM, PFX
54 "Maximum length %u exceeded by --selctx"
56 SECMARK_SELCTX_MAX-1, strlen(optarg));
58 strcpy(info->u.sel.selctx, optarg);
59 *flags |= SECMARK_MODE_SEL;
68 static void final_check(unsigned int flags)
71 exit_error(PARAMETER_PROBLEM, PFX "parameter required");
74 static void print_secmark(struct xt_secmark_target_info *info)
77 case SECMARK_MODE_SEL:
78 printf("selctx %s ", info->u.sel.selctx);\
82 exit_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
86 static void print(const struct ipt_ip *ip,
87 const struct ipt_entry_target *target, int numeric)
89 struct xt_secmark_target_info *info =
90 (struct xt_secmark_target_info*)(target)->data;
96 /* Saves the target info in parsable form to stdout. */
97 static void save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
99 struct xt_secmark_target_info *info =
100 (struct xt_secmark_target_info*)target->data;
106 static struct iptables_target secmark = {
109 .version = IPTABLES_VERSION,
111 .size = IPT_ALIGN(sizeof(struct xt_secmark_target_info)),
112 .userspacesize = IPT_ALIGN(sizeof(struct xt_secmark_target_info)),
116 .final_check = &final_check,
124 register_target(&secmark);