-
Notifications
You must be signed in to change notification settings - Fork 2
/
libxt_TRIPSO.c
111 lines (94 loc) · 2.66 KB
/
libxt_TRIPSO.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
/*
* xtables helper library for netfilter module which translates between CIPSO
* and GOST R 58256-2018 (RFC 1108 Astra) security labels.
*
* Copyright (C) 2018-2021 [email protected]
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
#include <getopt.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <xtables.h>
#include <netinet/ether.h>
#include "xt_TRIPSO.h"
enum {
O_TRIPSO_CIPSO = 0,
O_TRIPSO_ASTRA,
};
static const struct xt_option_entry tripso_tg_opts[] = {
{.name = "to-cipso", .id = O_TRIPSO_CIPSO, .type = XTTYPE_NONE,
.excl = O_TRIPSO_ASTRA,},
{.name = "to-astra", .id = O_TRIPSO_ASTRA, .type = XTTYPE_NONE,
.excl = O_TRIPSO_CIPSO,},
XTOPT_TABLEEND
};
static void tripso_tg_help(void)
{
printf(
"TRIPSO target options:\n"
" --to-cipso Set TRIPSO translation mode\n"
" --to-astra Set TRIPSO translation mode\n"
);
}
static void tripso_tg_parse(struct xt_option_call *cb)
{
struct tripso_info *info = cb->data;
xtables_option_parse(cb);
switch (cb->entry->id) {
case O_TRIPSO_CIPSO:
info->tr_mode = TRIPSO_CIPSO;
break;
case O_TRIPSO_ASTRA:
info->tr_mode = TRIPSO_ASTRA;
}
}
static void tripso_tg_init(struct xt_entry_target *target)
{
struct tripso_info *info = (void *)target->data;
info->tr_mode = -1; /* should be changed */
}
static void tripso_tg_check(struct xt_fcheck_call *cb)
{
struct tripso_info *info = cb->data;
if (info->tr_mode == -1)
xtables_error(PARAMETER_PROBLEM,
"TRIPSO target: --to-cipso or --to-astra parameter required");
}
static void tripso_tg_save(const void *ip,
const struct xt_entry_target *target)
{
const struct tripso_info *info = (const void *)target->data;
printf(" --to-%s ", info->tr_mode == TRIPSO_CIPSO? "cipso" :
info->tr_mode == TRIPSO_ASTRA? "astra" : "error");
}
static void tripso_tg_print(const void *ip,
const struct xt_entry_target *target, int numeric)
{
printf(" -j TRIPSO");
tripso_tg_save(ip, target);
}
static struct xtables_target tripso_tg_reg = {
.version = XTABLES_VERSION,
.name = "TRIPSO",
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct tripso_info)),
.userspacesize = XT_ALIGN(sizeof(struct tripso_info)),
.help = tripso_tg_help,
.init = tripso_tg_init,
.print = tripso_tg_print,
.save = tripso_tg_save,
.x6_parse = tripso_tg_parse,
.x6_fcheck = tripso_tg_check,
.x6_options = tripso_tg_opts,
};
static __attribute__((constructor)) void tripso_tg_ldr(void)
{
xtables_register_target(&tripso_tg_reg);
}