inner structure of iptables

inner structure of iptables

[Ozgur AKAN]

[-- Attachment #1: Type: text/plain, Size: 1088 bytes --]

I included some simple code to express myself clearly.

I have a problem with the 4th line. When we execute the code for the 
first time these happen (I wrote down)

In the 1st line we create the pointer to the structure of the table
In the 2nd and 3rd line we get the adress of first chain and print its 
name to screen.
In the 4th line "e = iptc_first_rule(chain, &h)" we get the adress of 
the first  rule of the first chain and by the loop it goes to next rule 
until there is no next rule. How does it know that it is the last rule 
of this chain? Why doesn`t it continue to read the first rule of next 
chain? (Because there is no chain information here -> e = 
iptc_next_rule(e, &h))

 1    h = iptc_init(tablename);
 2    for ( chain = iptc_first_chain(&h); chain; chain = 
iptc_next_chain(&h)) {
 3        printf("%s\n", chain);
 4        for ( e = iptc_first_rule(chain, &h); e; e = iptc_next_rule(e, 
&h)) {
 5            printf("n. -%u- i. -%u-\n", e->ip.invflags, e->ip.invflags 
& IPT_INV_SRCIP);
 6        }
 7    }

I hope my question is clear enough.

thanks,
Ozgur AKAN

[-- Attachment #2: Type: text/html, Size: 1678 bytes --]

Re: inner structure of iptables

[Henrik Nordstrom]

On Tue, 16 Mar 2004, Ozgur AKAN wrote:

> In the 4th line "e = iptc_first_rule(chain, &h)" we get the adress of
> the first rule of the first chain and by the loop it goes to next rule
> until there is no next rule. How does it know that it is the last rule
> of this chain? Why doesn`t it continue to read the first rule of next
> chain? (Because there is no chain information here -> e =
> iptc_next_rule(e, &h))

Because iptc_first_rule remembered where the end of this chain is in the
handle.

See TC_FIRST_RULE/TC_NEXT_RULE in libiptc/libiptc.c

Regards
Henrik