how to parse options?

how to parse options?

[nicho]

hi:
     #iptables -t nat -A POSTROUTING -o eth1 -s xxxxx/24 -j SNAT
--to-source yyyyy
    As we know, in kernel there is a structure called multi_range. When
we do nat, we choose a proper IP from the multi_range, and a proper port
if necessory. My question is, how multi_range is set into kernel, and
how option '--to-source' is parsed?
    By the way, I'm confused at getsockopt(... SO_GET_ENTRY...) . As the
name implies, we want to get entry info from kernel, but why it dose
copy data from user level to kernel level indeed. What does it do at all?

Re: how to parse options?

[Henrik Nordstrom]

On Fri, 21 Nov 2003, nicho wrote:

> As we know, in kernel there is a structure called multi_range. When we
> do nat, we choose a proper IP from the multi_range, and a proper port if
> necessory. My question is, how multi_range is set into kernel, and how
> option '--to-source' is parsed?

userspace/extensions/libipt_SNAT.c parses the option.

The multi_range is sent as part of the target data when the table ruleset
is installed in the kernel.

>     By the way, I'm confused at getsockopt(... SO_GET_ENTRY...) . As the
> name implies, we want to get entry info from kernel, but why it dose
> copy data from user level to kernel level indeed. What does it do at all?

I don't have a SO_GET_ENTRY in the sources I have... what kernel are you 
using?

Note: The iptables kernel interface are subject to change and should not
be relied upon.  It is better if you call the iptables or
iptables-save/restore commands which is a well defined interface and also 
has the correct infrastructure for building iptables to be installed into 
the kernel.

Regards
Henrik