首页 发现 帮助
登录
SoftwareDesign
/
csu3_am335x
8
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
分支: master
分支列表 标签列表
csu3_am335x
/
EVSE
/
GPL
/
iptables-1.4.18
/
extensions
/
libxt_CONNSECMARK.c

libxt_CONNSECMARK.c 2.6 KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112 
  1. /*
    2. 

  2.  * Shared library add-on to iptables to add CONNSECMARK target support.
    3. 

  3.  *
    4. 

  4.  * Based on the MARK and CONNMARK targets.
    5. 

  5.  *
    6. 

  6.  * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
    7. 

  7.  */
    8. 

  8. #include <stdio.h>
    9. 

  9. #include <xtables.h>
    10. 

  10. #include <linux/netfilter/xt_CONNSECMARK.h>
    11. 

  11. 

  12. #define PFX "CONNSECMARK target: "
    13. 

  13. 

  14. enum {
    15. 

  15. 	O_SAVE = 0,
    16. 

  16. 	O_RESTORE,
    17. 

  17. 	F_SAVE    = 1 << O_SAVE,
    18. 

  18. 	F_RESTORE = 1 << O_RESTORE,
    19. 

  19. };
    20. 

  20. 

  21. static void CONNSECMARK_help(void)
    22. 

  22. {
    23. 

  23. 	printf(
    24. 

  24. "CONNSECMARK target options:\n"
    25. 

  25. "  --save                   Copy security mark from packet to conntrack\n"
    26. 

  26. "  --restore                Copy security mark from connection to packet\n");
    27. 

  27. }
    28. 

  28. 

  29. static const struct xt_option_entry CONNSECMARK_opts[] = {
    30. 

  30. 	{.name = "save", .id = O_SAVE, .excl = F_RESTORE, .type = XTTYPE_NONE},
    31. 

  31. 	{.name = "restore", .id = O_RESTORE, .excl = F_SAVE,
    32. 

  32. 	 .type = XTTYPE_NONE},
    33. 

  33. 	XTOPT_TABLEEND,
    34. 

  34. };
    35. 

  35. 

  36. static void CONNSECMARK_parse(struct xt_option_call *cb)
    37. 

  37. {
    38. 

  38. 	struct xt_connsecmark_target_info *info = cb->data;
    39. 

  39. 

  40. 	xtables_option_parse(cb);
    41. 

  41. 	switch (cb->entry->id) {
    42. 

  42. 	case O_SAVE:
    43. 

  43. 		info->mode = CONNSECMARK_SAVE;
    44. 

  44. 		break;
    45. 

  45. 	case O_RESTORE:
    46. 

  46. 		info->mode = CONNSECMARK_RESTORE;
    47. 

  47. 		break;
    48. 

  48. 	}
    49. 

  49. }
    50. 

  50. 

  51. static void CONNSECMARK_check(struct xt_fcheck_call *cb)
    52. 

  52. {
    53. 

  53. 	if (cb->xflags == 0)
    54. 

  54. 		xtables_error(PARAMETER_PROBLEM, PFX "parameter required");
    55. 

  55. }
    56. 

  56. 

  57. static void print_connsecmark(const struct xt_connsecmark_target_info *info)
    58. 

  58. {
    59. 

  59. 	switch (info->mode) {
    60. 

  60. 	case CONNSECMARK_SAVE:
    61. 

  61. 		printf("save");
    62. 

  62. 		break;
    63. 

  63. 		
    64. 

  64. 	case CONNSECMARK_RESTORE:
    65. 

  65. 		printf("restore");
    66. 

  66. 		break;
    67. 

  67. 		
    68. 

  68. 	default:
    69. 

  69. 		xtables_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode);
    70. 

  70. 	}
    71. 

  71. }
    72. 

  72. 

  73. static void
    74. 

  74. CONNSECMARK_print(const void *ip, const struct xt_entry_target *target,
    75. 

  75.                   int numeric)
    76. 

  76. {
    77. 

  77. 	const struct xt_connsecmark_target_info *info =
    78. 

  78. 		(struct xt_connsecmark_target_info*)(target)->data;
    79. 

  79. 

  80. 	printf(" CONNSECMARK ");
    81. 

  81. 	print_connsecmark(info);
    82. 

  82. }
    83. 

  83. 

  84. static void
    85. 

  85. CONNSECMARK_save(const void *ip, const struct xt_entry_target *target)
    86. 

  86. {
    87. 

  87. 	const struct xt_connsecmark_target_info *info =
    88. 

  88. 		(struct xt_connsecmark_target_info*)target->data;
    89. 

  89. 

  90. 	printf(" --");
    91. 

  91. 	print_connsecmark(info);
    92. 

  92. }
    93. 

  93. 

  94. static struct xtables_target connsecmark_target = {
    95. 

  95. 	.family		= NFPROTO_UNSPEC,
    96. 

  96. 	.name		= "CONNSECMARK",
    97. 

  97. 	.version	= XTABLES_VERSION,
    98. 

  98. 	.revision	= 0,
    99. 

  99. 	.size		= XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
    100. 

  100. 	.userspacesize	= XT_ALIGN(sizeof(struct xt_connsecmark_target_info)),
    101. 

  101. 	.help		= CONNSECMARK_help,
    102. 

  102. 	.print		= CONNSECMARK_print,
    103. 

  103. 	.save		= CONNSECMARK_save,
    104. 

  104. 	.x6_parse	= CONNSECMARK_parse,
    105. 

  105. 	.x6_fcheck	= CONNSECMARK_check,
    106. 

  106. 	.x6_options	= CONNSECMARK_opts,
    107. 

  107. };
    108. 

  108. 

  109. void _init(void)
    110. 

  110. {
    111. 

  111. 	xtables_register_target(&connsecmark_target);
    112. 

  112. }
    113.