xref: /aosp_15_r20/external/iptables/extensions/libxt_SECMARK.c (revision a71a954618bbadd4a345637e5edcf36eec826889) 
1*a71a9546SAutomerger Merge Worker /*
2*a71a9546SAutomerger Merge Worker  * Shared library add-on to iptables to add SECMARK target support.
3*a71a9546SAutomerger Merge Worker  *
4*a71a9546SAutomerger Merge Worker  * Based on the MARK target.
5*a71a9546SAutomerger Merge Worker  *
6*a71a9546SAutomerger Merge Worker  * Copyright (C) 2006 Red Hat, Inc., James Morris <[email protected]>
7*a71a9546SAutomerger Merge Worker  */
8*a71a9546SAutomerger Merge Worker #include <stdio.h>
9*a71a9546SAutomerger Merge Worker #include <xtables.h>
10*a71a9546SAutomerger Merge Worker #include <linux/netfilter/xt_SECMARK.h>
11*a71a9546SAutomerger Merge Worker 
12*a71a9546SAutomerger Merge Worker #define PFX "SECMARK target: "
13*a71a9546SAutomerger Merge Worker 
14*a71a9546SAutomerger Merge Worker enum {
15*a71a9546SAutomerger Merge Worker 	O_SELCTX = 0,
16*a71a9546SAutomerger Merge Worker };
17*a71a9546SAutomerger Merge Worker 
SECMARK_help(void)18*a71a9546SAutomerger Merge Worker static void SECMARK_help(void)
19*a71a9546SAutomerger Merge Worker {
20*a71a9546SAutomerger Merge Worker 	printf(
21*a71a9546SAutomerger Merge Worker "SECMARK target options:\n"
22*a71a9546SAutomerger Merge Worker "  --selctx value                     Set the SELinux security context\n");
23*a71a9546SAutomerger Merge Worker }
24*a71a9546SAutomerger Merge Worker 
25*a71a9546SAutomerger Merge Worker static const struct xt_option_entry SECMARK_opts[] = {
26*a71a9546SAutomerger Merge Worker 	{.name = "selctx", .id = O_SELCTX, .type = XTTYPE_STRING,
27*a71a9546SAutomerger Merge Worker 	 .flags = XTOPT_MAND | XTOPT_PUT,
28*a71a9546SAutomerger Merge Worker 	 XTOPT_POINTER(struct xt_secmark_target_info, secctx)},
29*a71a9546SAutomerger Merge Worker 	XTOPT_TABLEEND,
30*a71a9546SAutomerger Merge Worker };
31*a71a9546SAutomerger Merge Worker 
32*a71a9546SAutomerger Merge Worker static const struct xt_option_entry SECMARK_opts_v1[] = {
33*a71a9546SAutomerger Merge Worker 	{.name = "selctx", .id = O_SELCTX, .type = XTTYPE_STRING,
34*a71a9546SAutomerger Merge Worker 	 .flags = XTOPT_MAND | XTOPT_PUT,
35*a71a9546SAutomerger Merge Worker 	 XTOPT_POINTER(struct xt_secmark_target_info_v1, secctx)},
36*a71a9546SAutomerger Merge Worker 	XTOPT_TABLEEND,
37*a71a9546SAutomerger Merge Worker };
38*a71a9546SAutomerger Merge Worker 
SECMARK_parse(struct xt_option_call * cb)39*a71a9546SAutomerger Merge Worker static void SECMARK_parse(struct xt_option_call *cb)
40*a71a9546SAutomerger Merge Worker {
41*a71a9546SAutomerger Merge Worker 	struct xt_secmark_target_info *info = cb->data;
42*a71a9546SAutomerger Merge Worker 
43*a71a9546SAutomerger Merge Worker 	xtables_option_parse(cb);
44*a71a9546SAutomerger Merge Worker 	info->mode = SECMARK_MODE_SEL;
45*a71a9546SAutomerger Merge Worker }
46*a71a9546SAutomerger Merge Worker 
SECMARK_parse_v1(struct xt_option_call * cb)47*a71a9546SAutomerger Merge Worker static void SECMARK_parse_v1(struct xt_option_call *cb)
48*a71a9546SAutomerger Merge Worker {
49*a71a9546SAutomerger Merge Worker 	struct xt_secmark_target_info_v1 *info = cb->data;
50*a71a9546SAutomerger Merge Worker 
51*a71a9546SAutomerger Merge Worker 	xtables_option_parse(cb);
52*a71a9546SAutomerger Merge Worker 	info->mode = SECMARK_MODE_SEL;
53*a71a9546SAutomerger Merge Worker }
54*a71a9546SAutomerger Merge Worker 
print_secmark(__u8 mode,const char * secctx)55*a71a9546SAutomerger Merge Worker static void print_secmark(__u8 mode, const char *secctx)
56*a71a9546SAutomerger Merge Worker {
57*a71a9546SAutomerger Merge Worker 	switch (mode) {
58*a71a9546SAutomerger Merge Worker 	case SECMARK_MODE_SEL:
59*a71a9546SAutomerger Merge Worker 		printf("selctx %s", secctx);
60*a71a9546SAutomerger Merge Worker 		break;
61*a71a9546SAutomerger Merge Worker 
62*a71a9546SAutomerger Merge Worker 	default:
63*a71a9546SAutomerger Merge Worker 		xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu", mode);
64*a71a9546SAutomerger Merge Worker 	}
65*a71a9546SAutomerger Merge Worker }
66*a71a9546SAutomerger Merge Worker 
SECMARK_print(const void * ip,const struct xt_entry_target * target,int numeric)67*a71a9546SAutomerger Merge Worker static void SECMARK_print(const void *ip, const struct xt_entry_target *target,
68*a71a9546SAutomerger Merge Worker                           int numeric)
69*a71a9546SAutomerger Merge Worker {
70*a71a9546SAutomerger Merge Worker 	const struct xt_secmark_target_info *info =
71*a71a9546SAutomerger Merge Worker 		(struct xt_secmark_target_info*)(target)->data;
72*a71a9546SAutomerger Merge Worker 
73*a71a9546SAutomerger Merge Worker 	printf(" SECMARK ");
74*a71a9546SAutomerger Merge Worker 	print_secmark(info->mode, info->secctx);
75*a71a9546SAutomerger Merge Worker }
76*a71a9546SAutomerger Merge Worker 
SECMARK_print_v1(const void * ip,const struct xt_entry_target * target,int numeric)77*a71a9546SAutomerger Merge Worker static void SECMARK_print_v1(const void *ip,
78*a71a9546SAutomerger Merge Worker 			     const struct xt_entry_target *target, int numeric)
79*a71a9546SAutomerger Merge Worker {
80*a71a9546SAutomerger Merge Worker 	const struct xt_secmark_target_info_v1 *info =
81*a71a9546SAutomerger Merge Worker 		(struct xt_secmark_target_info_v1 *)(target)->data;
82*a71a9546SAutomerger Merge Worker 
83*a71a9546SAutomerger Merge Worker 	printf(" SECMARK ");
84*a71a9546SAutomerger Merge Worker 	print_secmark(info->mode, info->secctx);
85*a71a9546SAutomerger Merge Worker }
86*a71a9546SAutomerger Merge Worker 
SECMARK_save(const void * ip,const struct xt_entry_target * target)87*a71a9546SAutomerger Merge Worker static void SECMARK_save(const void *ip, const struct xt_entry_target *target)
88*a71a9546SAutomerger Merge Worker {
89*a71a9546SAutomerger Merge Worker 	const struct xt_secmark_target_info *info =
90*a71a9546SAutomerger Merge Worker 		(struct xt_secmark_target_info*)target->data;
91*a71a9546SAutomerger Merge Worker 
92*a71a9546SAutomerger Merge Worker 	printf(" --");
93*a71a9546SAutomerger Merge Worker 	print_secmark(info->mode, info->secctx);
94*a71a9546SAutomerger Merge Worker }
95*a71a9546SAutomerger Merge Worker 
SECMARK_save_v1(const void * ip,const struct xt_entry_target * target)96*a71a9546SAutomerger Merge Worker static void SECMARK_save_v1(const void *ip,
97*a71a9546SAutomerger Merge Worker 			    const struct xt_entry_target *target)
98*a71a9546SAutomerger Merge Worker {
99*a71a9546SAutomerger Merge Worker 	const struct xt_secmark_target_info_v1 *info =
100*a71a9546SAutomerger Merge Worker 		(struct xt_secmark_target_info_v1 *)target->data;
101*a71a9546SAutomerger Merge Worker 
102*a71a9546SAutomerger Merge Worker 	printf(" --");
103*a71a9546SAutomerger Merge Worker 	print_secmark(info->mode, info->secctx);
104*a71a9546SAutomerger Merge Worker }
105*a71a9546SAutomerger Merge Worker 
106*a71a9546SAutomerger Merge Worker static struct xtables_target secmark_tg_reg[] = {
107*a71a9546SAutomerger Merge Worker 	{
108*a71a9546SAutomerger Merge Worker 		.family		= NFPROTO_UNSPEC,
109*a71a9546SAutomerger Merge Worker 		.name		= "SECMARK",
110*a71a9546SAutomerger Merge Worker 		.version	= XTABLES_VERSION,
111*a71a9546SAutomerger Merge Worker 		.revision	= 0,
112*a71a9546SAutomerger Merge Worker 		.size		= XT_ALIGN(sizeof(struct xt_secmark_target_info)),
113*a71a9546SAutomerger Merge Worker 		.userspacesize	= XT_ALIGN(sizeof(struct xt_secmark_target_info)),
114*a71a9546SAutomerger Merge Worker 		.help		= SECMARK_help,
115*a71a9546SAutomerger Merge Worker 		.print		= SECMARK_print,
116*a71a9546SAutomerger Merge Worker 		.save		= SECMARK_save,
117*a71a9546SAutomerger Merge Worker 		.x6_parse	= SECMARK_parse,
118*a71a9546SAutomerger Merge Worker 		.x6_options	= SECMARK_opts,
119*a71a9546SAutomerger Merge Worker 	},
120*a71a9546SAutomerger Merge Worker 	{
121*a71a9546SAutomerger Merge Worker 		.family		= NFPROTO_UNSPEC,
122*a71a9546SAutomerger Merge Worker 		.name		= "SECMARK",
123*a71a9546SAutomerger Merge Worker 		.version	= XTABLES_VERSION,
124*a71a9546SAutomerger Merge Worker 		.revision	= 1,
125*a71a9546SAutomerger Merge Worker 		.size		= XT_ALIGN(sizeof(struct xt_secmark_target_info_v1)),
126*a71a9546SAutomerger Merge Worker 		.userspacesize	= XT_ALIGN(offsetof(struct xt_secmark_target_info_v1, secid)),
127*a71a9546SAutomerger Merge Worker 		.help		= SECMARK_help,
128*a71a9546SAutomerger Merge Worker 		.print		= SECMARK_print_v1,
129*a71a9546SAutomerger Merge Worker 		.save		= SECMARK_save_v1,
130*a71a9546SAutomerger Merge Worker 		.x6_parse	= SECMARK_parse_v1,
131*a71a9546SAutomerger Merge Worker 		.x6_options	= SECMARK_opts_v1,
132*a71a9546SAutomerger Merge Worker 	}
133*a71a9546SAutomerger Merge Worker };
134*a71a9546SAutomerger Merge Worker 
_init(void)135*a71a9546SAutomerger Merge Worker void _init(void)
136*a71a9546SAutomerger Merge Worker {
137*a71a9546SAutomerger Merge Worker 	xtables_register_targets(secmark_tg_reg, ARRAY_SIZE(secmark_tg_reg));
138*a71a9546SAutomerger Merge Worker }
139