使用 libiptc 将自定义链添加到 OUTPUT
Adding a custom chain to OUTPUT using libiptc
我正在尝试使用 libiptc 实现以下 iptable 命令,但找不到有关如何执行此操作的任何示例。
iptables -A OUTPUT -j my_outbound_rules
我试过使用以下代码:
int addChainToBuiltin(const char *_pChain, const char *_pTarget)
{
/*iptables -A OUTPUT -j <chain>*/
const char *pTable = "filter";
struct xtc_handle *pHandle;
struct ipt_entry *pEntry;
struct xt_entry_target *pTarget;
size_t entrySize = XT_ALIGN(sizeof(struct ipt_entry));
size_t targetSize = XT_ALIGN(sizeof(struct xt_entry_target));
pHandle = iptc_init(pTable);
if (! pHandle)
return errno;
pEntry = calloc(1, entrySize + targetSize);
pTarget = (struct xt_entry_target *)((char*)pEntry + entrySize);
strncpy(pTarget->u.user.name, _pTarget, sizeof(pTarget->u.user.name));
pTarget->u.target_size = targetSize;
pTarget->u.user.target_size = targetSize;
pTarget->u.user.revision = 1;
pEntry->target_offset = entrySize;
pEntry->next_offset = entrySize + targetSize;
pEntry->ip.src.s_addr = INADDR_ANY;
pEntry->ip.smsk.s_addr = 0;
pEntry->ip.dst.s_addr = INADDR_ANY;
pEntry->ip.dmsk.s_addr = 0;
pEntry->ip.proto = 0; // any
pEntry->ip.flags = 0;
pEntry->ip.invflags = 0;
pEntry->nfcache = NFC_UNKNOWN;
int res = applyRule(Append, _pChain, pEntry, pHandle);
if (res == 0)
res = commitAndFree(pHandle);
printf("Result: %d %s\n", res, iptc_strerror(res));
free(pEntry);
return res;
}
但我从 iptc_strerror
收到错误 'Invalid Argument',但看不到哪个参数无效。
非常感谢
通过以下代码解决:
int addChainToBuiltin(const char *_pChain, const char *_pTarget)
{
/*iptables -A OUTPUT -j <chain>*/
const char *pTable = "filter";
struct xtc_handle *pHandle;
struct ipt_entry *pEntry;
struct xt_standard_target *pTarget;
size_t entrySize = XT_ALIGN(sizeof(struct ipt_entry));
size_t targetSize = XT_ALIGN(sizeof(struct xt_standard_target));
pHandle = iptc_init(pTable);
if (! pHandle)
return errno;
pEntry = calloc(1, entrySize + targetSize);
pTarget = (struct xt_entry_target *)((char*)pEntry + entrySize);
strncpy(pTarget->target.u.user.name, _pTarget, sizeof(pTarget->target.u.user.name));
pTarget->target.u.target_size = targetSize;
pTarget->target.u.user.target_size = targetSize;
pTarget->target.u.user.revision = 0;
pEntry->target_offset = entrySize;
pEntry->next_offset = entrySize + targetSize;
pEntry->ip.src.s_addr = INADDR_ANY;
pEntry->ip.smsk.s_addr = 0;
pEntry->ip.dst.s_addr = INADDR_ANY;
pEntry->ip.dmsk.s_addr = 0;
pEntry->ip.proto = 0; // any
pEntry->ip.flags = 0;
pEntry->ip.invflags = 0;
pEntry->nfcache = NFC_UNKNOWN;
printf("Adding: %s to %s\n", pTarget->target.u.user.name, _pChain);
int res = applyRule(Append, _pChain, pEntry, pHandle);
if (res == 0)
res = commitAndFree(pHandle);
free(pEntry);
return res;
}
我正在尝试使用 libiptc 实现以下 iptable 命令,但找不到有关如何执行此操作的任何示例。
iptables -A OUTPUT -j my_outbound_rules
我试过使用以下代码:
int addChainToBuiltin(const char *_pChain, const char *_pTarget)
{
/*iptables -A OUTPUT -j <chain>*/
const char *pTable = "filter";
struct xtc_handle *pHandle;
struct ipt_entry *pEntry;
struct xt_entry_target *pTarget;
size_t entrySize = XT_ALIGN(sizeof(struct ipt_entry));
size_t targetSize = XT_ALIGN(sizeof(struct xt_entry_target));
pHandle = iptc_init(pTable);
if (! pHandle)
return errno;
pEntry = calloc(1, entrySize + targetSize);
pTarget = (struct xt_entry_target *)((char*)pEntry + entrySize);
strncpy(pTarget->u.user.name, _pTarget, sizeof(pTarget->u.user.name));
pTarget->u.target_size = targetSize;
pTarget->u.user.target_size = targetSize;
pTarget->u.user.revision = 1;
pEntry->target_offset = entrySize;
pEntry->next_offset = entrySize + targetSize;
pEntry->ip.src.s_addr = INADDR_ANY;
pEntry->ip.smsk.s_addr = 0;
pEntry->ip.dst.s_addr = INADDR_ANY;
pEntry->ip.dmsk.s_addr = 0;
pEntry->ip.proto = 0; // any
pEntry->ip.flags = 0;
pEntry->ip.invflags = 0;
pEntry->nfcache = NFC_UNKNOWN;
int res = applyRule(Append, _pChain, pEntry, pHandle);
if (res == 0)
res = commitAndFree(pHandle);
printf("Result: %d %s\n", res, iptc_strerror(res));
free(pEntry);
return res;
}
但我从 iptc_strerror
收到错误 'Invalid Argument',但看不到哪个参数无效。
非常感谢
通过以下代码解决:
int addChainToBuiltin(const char *_pChain, const char *_pTarget)
{
/*iptables -A OUTPUT -j <chain>*/
const char *pTable = "filter";
struct xtc_handle *pHandle;
struct ipt_entry *pEntry;
struct xt_standard_target *pTarget;
size_t entrySize = XT_ALIGN(sizeof(struct ipt_entry));
size_t targetSize = XT_ALIGN(sizeof(struct xt_standard_target));
pHandle = iptc_init(pTable);
if (! pHandle)
return errno;
pEntry = calloc(1, entrySize + targetSize);
pTarget = (struct xt_entry_target *)((char*)pEntry + entrySize);
strncpy(pTarget->target.u.user.name, _pTarget, sizeof(pTarget->target.u.user.name));
pTarget->target.u.target_size = targetSize;
pTarget->target.u.user.target_size = targetSize;
pTarget->target.u.user.revision = 0;
pEntry->target_offset = entrySize;
pEntry->next_offset = entrySize + targetSize;
pEntry->ip.src.s_addr = INADDR_ANY;
pEntry->ip.smsk.s_addr = 0;
pEntry->ip.dst.s_addr = INADDR_ANY;
pEntry->ip.dmsk.s_addr = 0;
pEntry->ip.proto = 0; // any
pEntry->ip.flags = 0;
pEntry->ip.invflags = 0;
pEntry->nfcache = NFC_UNKNOWN;
printf("Adding: %s to %s\n", pTarget->target.u.user.name, _pChain);
int res = applyRule(Append, _pChain, pEntry, pHandle);
if (res == 0)
res = commitAndFree(pHandle);
free(pEntry);
return res;
}