'about libiptc problem'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    about libiptc problem
From:       luoqiang <luoqiang () ict ! ac ! cn>
Date:       2002-08-26 6:53:07
[Download RAW message or body]

Hi,all

I have a problem which  had been asked in the list as in 
http://lists.netfilter.org/pipermail/netfilter/2001-February/007472.html
But there is no answsers for the problem.
Anyone who have solved it can tell me the answer?
Thanks!

luoqiang




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
the original mail is as follows:



Hi,

The following code looks like it should add a
simple match to an iptables chain, but the last
call (to iptc_append_entry) fails, with errno
set to EINVAL.

If I uncomment the "e.target_offset = 1", it
claims success, but "iptables -nvL" doesn't find
it.  An amount of stepping through libiptc left
me none the wiser :-(

Am I doing something badly wrong?

(Don't forget to create the chain if trying the
code: "iptables -N ftp-return".)

Matthew.



#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>

#include <arpa/inet.h>

#include <libiptc/libiptc.h>

#define TABLE_NAME      "filter"
#define CHAIN_NAME      "ftp-return"

int main(int c, char **v)
{
        iptc_handle_t h;
        struct ipt_entry e;

        free(malloc(100));

        fprintf(stderr, "initialising libiptc (" TABLE_NAME "): ");
        if(!(h = iptc_init(TABLE_NAME))) {
                fprintf(stderr, "no table " TABLE_NAME ": %s\n",
                                iptc_strerror(errno));
                return 1;
        }
        fprintf(stderr, "done\n");

        fprintf(stderr, "checking for chain " CHAIN_NAME ": ");
        if(!iptc_is_chain(CHAIN_NAME, h)) {
                fprintf(stderr, "no chain " CHAIN_NAME "\n");
                return 1;
        }
        fprintf(stderr, "ok\n");

        fprintf(stderr, "setting up rule:\n");

        fprintf(stderr, " + zeroing: ");
        memset(&e, 0, sizeof(e));
        fprintf(stderr, "done\n");

        fprintf(stderr, " + filling addresses: ");
        e.ip.src.s_addr = e.ip.dst.s_addr = inet_addr("127.0.0.1");
        e.ip.smsk.s_addr = e.ip.dmsk.s_addr = inet_addr("255.255.255.255");
        e.ip.proto = IPPROTO_TCP;
        e.ip.flags = e.ip.invflags = 0;
//      e.target_offset = 1;
        fprintf(stderr, "done\n");

        fprintf(stderr, "appending rule: ");
        errno = 0;
        if(!iptc_append_entry(CHAIN_NAME, &e, &h)) {
                fprintf(stderr, "failed: %s\n", iptc_strerror(errno));
                return 1;
        }
        fprintf(stderr, "done\n");

        return 0;
}


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic