使用 libiptc 将自定义链添加到 OUTPUT

Adding a custom chain to OUTPUT using libiptc

我正在尝试使用 libiptc 实现以下 iptable 命令,但找不到有关如何执行此操作的任何示例。

iptables -A OUTPUT -j my_outbound_rules

我试过使用以下代码:

int addChainToBuiltin(const char *_pChain, const char *_pTarget)
{
    /*iptables -A OUTPUT  -j <chain>*/
    const char *pTable    = "filter";

    struct xtc_handle      *pHandle;
    struct ipt_entry       *pEntry;
    struct xt_entry_target *pTarget;

    size_t entrySize  = XT_ALIGN(sizeof(struct ipt_entry));
    size_t targetSize = XT_ALIGN(sizeof(struct xt_entry_target));

    pHandle = iptc_init(pTable);
    if (! pHandle)
        return errno;

    pEntry  = calloc(1, entrySize + targetSize);
    pTarget = (struct xt_entry_target *)((char*)pEntry + entrySize);

    strncpy(pTarget->u.user.name, _pTarget, sizeof(pTarget->u.user.name));
    pTarget->u.target_size      = targetSize;
    pTarget->u.user.target_size = targetSize;
    pTarget->u.user.revision    = 1;

    pEntry->target_offset = entrySize;
    pEntry->next_offset   = entrySize + targetSize;

    pEntry->ip.src.s_addr  = INADDR_ANY;
    pEntry->ip.smsk.s_addr = 0;
    pEntry->ip.dst.s_addr  = INADDR_ANY;
    pEntry->ip.dmsk.s_addr = 0;

    pEntry->ip.proto    = 0; // any
    pEntry->ip.flags    = 0;
    pEntry->ip.invflags = 0;
    pEntry->nfcache     = NFC_UNKNOWN;

    int res = applyRule(Append, _pChain, pEntry, pHandle);
    if (res == 0)
        res = commitAndFree(pHandle);

    printf("Result: %d %s\n", res, iptc_strerror(res));

    free(pEntry);

    return res;
}

但我从 iptc_strerror 收到错误 'Invalid Argument',但看不到哪个参数无效。

非常感谢

通过以下代码解决:

int addChainToBuiltin(const char *_pChain, const char *_pTarget)
{
    /*iptables -A OUTPUT  -j <chain>*/
    const char *pTable    = "filter";

    struct xtc_handle         *pHandle;
    struct ipt_entry          *pEntry;
    struct xt_standard_target *pTarget;

    size_t entrySize  = XT_ALIGN(sizeof(struct ipt_entry));
    size_t targetSize = XT_ALIGN(sizeof(struct xt_standard_target));

    pHandle = iptc_init(pTable);
    if (! pHandle)
        return errno;

    pEntry  = calloc(1, entrySize + targetSize);
    pTarget = (struct xt_entry_target *)((char*)pEntry + entrySize);

    strncpy(pTarget->target.u.user.name, _pTarget, sizeof(pTarget->target.u.user.name));
    pTarget->target.u.target_size      = targetSize;
    pTarget->target.u.user.target_size = targetSize;
    pTarget->target.u.user.revision = 0;

    pEntry->target_offset = entrySize;
    pEntry->next_offset   = entrySize + targetSize;

    pEntry->ip.src.s_addr  = INADDR_ANY;
    pEntry->ip.smsk.s_addr = 0;
    pEntry->ip.dst.s_addr  = INADDR_ANY;
    pEntry->ip.dmsk.s_addr = 0;

    pEntry->ip.proto    = 0; // any
    pEntry->ip.flags    = 0;
    pEntry->ip.invflags = 0;
    pEntry->nfcache     = NFC_UNKNOWN;

    printf("Adding: %s to %s\n", pTarget->target.u.user.name, _pChain);

    int res = applyRule(Append, _pChain, pEntry, pHandle);
    if (res == 0)
        res = commitAndFree(pHandle);

    free(pEntry);

    return res;
}