|
Packit |
7b22a4 |
/*
|
|
Packit |
7b22a4 |
* Shared library add-on to iptables to add CONNSECMARK target support.
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* Based on the MARK and CONNMARK targets.
|
|
Packit |
7b22a4 |
*
|
|
Packit |
7b22a4 |
* Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
|
|
Packit |
7b22a4 |
*/
|
|
Packit |
7b22a4 |
#include <stdio.h>
|
|
Packit |
7b22a4 |
#include <xtables.h>
|
|
Packit |
7b22a4 |
#include <linux/netfilter/xt_CONNSECMARK.h>
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
#define PFX "CONNSECMARK target: "
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
enum {
|
|
Packit |
7b22a4 |
O_SAVE = 0,
|
|
Packit |
7b22a4 |
O_RESTORE,
|
|
Packit |
7b22a4 |
F_SAVE = 1 << O_SAVE,
|
|
Packit |
7b22a4 |
F_RESTORE = 1 << O_RESTORE,
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void CONNSECMARK_help(void)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
printf(
|
|
Packit |
7b22a4 |
"CONNSECMARK target options:\n"
|
|
Packit |
7b22a4 |
" --save Copy security mark from packet to conntrack\n"
|
|
Packit |
7b22a4 |
" --restore Copy security mark from connection to packet\n");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static const struct xt_option_entry CONNSECMARK_opts[] = {
|
|
Packit |
7b22a4 |
{.name = "save", .id = O_SAVE, .excl = F_RESTORE, .type = XTTYPE_NONE},
|
|
Packit |
7b22a4 |
{.name = "restore", .id = O_RESTORE, .excl = F_SAVE,
|
|
Packit |
7b22a4 |
.type = XTTYPE_NONE},
|
|
Packit |
7b22a4 |
XTOPT_TABLEEND,
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void CONNSECMARK_parse(struct xt_option_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
struct xt_connsecmark_target_info *info = cb->data;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
xtables_option_parse(cb);
|
|
Packit |
7b22a4 |
switch (cb->entry->id) {
|
|
Packit |
7b22a4 |
case O_SAVE:
|
|
Packit |
7b22a4 |
info->mode = CONNSECMARK_SAVE;
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
case O_RESTORE:
|
|
Packit |
7b22a4 |
info->mode = CONNSECMARK_RESTORE;
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void CONNSECMARK_check(struct xt_fcheck_call *cb)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
if (cb->xflags == 0)
|
|
Packit |
7b22a4 |
xtables_error(PARAMETER_PROBLEM, PFX "parameter required");
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void print_connsecmark(const struct xt_connsecmark_target_info *info)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
switch (info->mode) {
|
|
Packit |
7b22a4 |
case CONNSECMARK_SAVE:
|
|
Packit |
7b22a4 |
printf("save");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
case CONNSECMARK_RESTORE:
|
|
Packit |
7b22a4 |
printf("restore");
|
|
Packit |
7b22a4 |
break;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
default:
|
|
Packit |
7b22a4 |
xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void
|
|
Packit |
7b22a4 |
CONNSECMARK_print(const void *ip, const struct xt_entry_target *target,
|
|
Packit |
7b22a4 |
int numeric)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_connsecmark_target_info *info =
|
|
Packit |
7b22a4 |
(struct xt_connsecmark_target_info*)(target)->data;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
printf(" CONNSECMARK ");
|
|
Packit |
7b22a4 |
print_connsecmark(info);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static void
|
|
Packit |
7b22a4 |
CONNSECMARK_save(const void *ip, const struct xt_entry_target *target)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
const struct xt_connsecmark_target_info *info =
|
|
Packit |
7b22a4 |
(struct xt_connsecmark_target_info*)target->data;
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
printf(" --");
|
|
Packit |
7b22a4 |
print_connsecmark(info);
|
|
Packit |
7b22a4 |
}
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
static struct xtables_target connsecmark_target = {
|
|
Packit |
7b22a4 |
.family = NFPROTO_UNSPEC,
|
|
Packit |
7b22a4 |
.name = "CONNSECMARK",
|
|
Packit |
7b22a4 |
.version = XTABLES_VERSION,
|
|
Packit |
7b22a4 |
.revision = 0,
|
|
Packit |
7b22a4 |
.size = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
|
|
Packit |
7b22a4 |
.userspacesize = XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
|
|
Packit |
7b22a4 |
.help = CONNSECMARK_help,
|
|
Packit |
7b22a4 |
.print = CONNSECMARK_print,
|
|
Packit |
7b22a4 |
.save = CONNSECMARK_save,
|
|
Packit |
7b22a4 |
.x6_parse = CONNSECMARK_parse,
|
|
Packit |
7b22a4 |
.x6_fcheck = CONNSECMARK_check,
|
|
Packit |
7b22a4 |
.x6_options = CONNSECMARK_opts,
|
|
Packit |
7b22a4 |
};
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
void _init(void)
|
|
Packit |
7b22a4 |
{
|
|
Packit |
7b22a4 |
xtables_register_target(&connsecmark_target);
|
|
Packit |
7b22a4 |
}
|