Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > comp.os.linux.development.system > #569
| Newsgroups | comp.os.linux.development.system |
|---|---|
| Date | 2013-10-25 11:04 -0700 |
| References | (1 earlier) <87y55iflok.fsf@araminta.anjou.terraraq.org.uk> <79a8f6ad-b098-4dba-a14b-32abfe513a1a@googlegroups.com> <87zjpyfj04.fsf@sable.mobileactivedefense.com> <bac4c842-3020-4f96-826f-78fc8c9d8a50@googlegroups.com> <87hac5za8k.fsf@sable.mobileactivedefense.com> |
| Message-ID | <aa283e46-c54d-4b5c-8095-8a66b5b09d57@googlegroups.com> (permalink) |
| Subject | Re: Question using libiptc |
| From | Jeremy Brown <bjeremy32@gmail.com> |
> iptables.c, the do_command routine and what is called from that (when
>
> processing -j).
Yes.., I've been looking at the iptables code. I can see that we need to add the tee_tg_info struct to the xt_standard_target->data.. But apparently the parser does not like something. I can add the command manually, so I know its something in the code, either the size or offset is wrong or I'm not setting some...
Anyway, I attached the simple test code that I'm using in case anyone can spot the error.
-------------------------------------
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <libiptc/libiptc.h>
#include <arpa/inet.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_TEE.h>
static int
insert_rule (const char *table,
const char *chain,
unsigned int src,
unsigned int smask,
unsigned short sport,
int inverted_src,
unsigned int dest,
unsigned int dmask,
unsigned short dport,
int inverted_dst,
unsigned short proto,
const char *target)
{
printf ("insert_rule entry\n");
struct ipt_entry* entry;
struct ipt_entry_target* ipt_entry_target;
struct xt_tee_tginfo* tee_info;
unsigned int size_ipt_entry, size_target, total_length, size_tee_tg_info;
struct iptc_handle *h;
int ret = 1;
size_ipt_entry = XT_ALIGN(sizeof (struct ipt_entry));
size_target = XT_ALIGN(sizeof (struct xt_standard_target));
size_tee_tg_info = XT_ALIGN(sizeof(struct xt_tee_tginfo));
total_length = size_ipt_entry + size_target + size_tee_tg_info;
entry = (struct ipt_entry*)calloc(1, total_length);
if (entry == NULL)
{
printf("malloc failed!\n");
exit(1);
}
entry->target_offset = size_ipt_entry;
entry->next_offset = total_length;
/* target */
ipt_entry_target = (struct ipt_entry_target* ) (entry->elems);
ipt_entry_target->u.user.target_size = size_target + size_tee_tg_info;
ipt_entry_target->u.user.revision=1;
strncpy (ipt_entry_target->u.user.name, target, sizeof (ipt_entry_target->u.user.name));
tee_info = (struct xt_tee_tginfo*) (ipt_entry_target->data);
tee_info->gw.in.s_addr=0x0a0a0b0c;
if (src)
{
entry->ip.src.s_addr = src;
entry->ip.smsk.s_addr = smask;
if (inverted_src)
entry->ip.invflags |= IPT_INV_SRCIP;
}
if (dest)
{
entry->ip.dst.s_addr = dest;
entry->ip.dmsk.s_addr = dmask;
if (inverted_dst)
entry->ip.invflags |= IPT_INV_DSTIP;
}
if (proto)
{
entry->ip.proto = proto;
}
h = iptc_init (table);
if (!h)
{
printf ("Could not init IPTC library: %s\n", iptc_strerror (errno));
goto out;
}
if (!iptc_append_entry (chain, (struct ipt_entry *) entry, h))
{
printf ("Could not insert a rule in iptables (table %s): %s\n", table, iptc_strerror (errno));
goto out;
}
if (!iptc_commit (h))
{
printf ("Could not commit changes in iptables (table %s): %s\n", table, iptc_strerror (errno));
goto out;
}
ret = 0;
out:
if (h)
iptc_free (h);
return ret;
}
int main (int argc, char **argv)
{
unsigned int a, b;
printf ("main entry\n");
inet_pton (AF_INET, "1.2.3.4", &a);
inet_pton (AF_INET, "1.2.3.5", &b);
insert_rule("filter",
"INPUT",
a,
htonl(0xffffff00),
8888,
0,
b,
htonl(0xffffff00),
7777,
0,
0,
"TEE");
return 0;
}
Back to comp.os.linux.development.system | Previous | Next — Previous in thread | Next in thread | Find similar
Question using libiptc Jeremy Brown <bjeremy32@gmail.com> - 2013-10-24 13:32 -0700
Re: Question using libiptc Richard Kettlewell <rjk@greenend.org.uk> - 2013-10-24 21:39 +0100
Re: Question using libiptc Jeremy Brown <bjeremy32@gmail.com> - 2013-10-24 13:56 -0700
Re: Question using libiptc Rainer Weikusat <rweikusat@mobileactivedefense.com> - 2013-10-24 22:37 +0100
Re: Question using libiptc Jeremy Brown <bjeremy32@gmail.com> - 2013-10-24 15:19 -0700
Re: Question using libiptc Jeremy Brown <bjeremy32@gmail.com> - 2013-10-24 15:25 -0700
Re: Question using libiptc Rainer Weikusat <rweikusat@mobileactivedefense.com> - 2013-10-25 15:38 +0100
Re: Question using libiptc Jeremy Brown <bjeremy32@gmail.com> - 2013-10-25 11:04 -0700
Re: Question using libiptc Jeremy Brown <bjeremy32@gmail.com> - 2013-10-25 12:04 -0700
Re: Question using libiptc Jorgen Grahn <grahn+nntp@snipabacken.se> - 2013-10-25 13:34 +0000
Re: Question using libiptc Jeremy Brown <bjeremy32@gmail.com> - 2013-10-25 07:26 -0700
Re: Question using libiptc Rainer Weikusat <rweikusat@mobileactivedefense.com> - 2013-10-25 21:20 +0100
Re: Question using libiptc Jeremy Brown <bjeremy32@gmail.com> - 2013-10-25 14:23 -0700
Re: Question using libiptc Richard Kettlewell <rjk@greenend.org.uk> - 2013-10-25 22:27 +0100
Re: Question using libiptc Richard Kettlewell <rjk@greenend.org.uk> - 2013-10-25 22:29 +0100
Re: Question using libiptc Rainer Weikusat <rweikusat@mobileactivedefense.com> - 2013-10-25 22:43 +0100
csiph-web