From: Vitek <zaklik@gmail.com>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: ways to modify iptables inside C/C++ aplication
Date: Tue, 02 Jan 2007 17:17:01 +0100 [thread overview]
Message-ID: <459A857D.3020703@gmail.com> (raw)
Hi,
============================================
Short version:
Is there any way to include iptables sources to c++ aplication and just
call do_command() ?
If I'll use libiptc library:
Is it possible to use libiptc in C++?
How can I access layer7 match?
============================================
Long version:
I have a project for analyzing network flow of services on server
providing Internet connection for small LAN. I created a perl script for
setting iptables firewall (from text filelist of users) and reading
counters calling system("iptables -L vxn") and spliting data in perl
script. This is too slow for real time statistic, so I decide to create
C/C++ aplication for this purpose.
I have few requirements on this application:
- I need to use Layer7 extension for iptables - for recognizing some
services (p2p for example)
- Clint/Server based model ( I would like to modify/read iptables
structure using webbase client - php )
- If it's possible - have access to database server (I'm not sure if
this is possible in C)
I already create piece of C code using libiptc to access iptables
counters and create new chains, but I couldn't find any learn examples
how to insert rules using libiptc etc..
I think that it will be quicker and better to use iptables sources and
just call do_command(), but...
The questions:
Is there any way to include iptables sources to c++ aplication and just
call do_command() ?
If I will use libiptc
Is it possible to use it in C++?
How can I access layer7 match?
I see 3 solutions:
1)
Create C++ aplication and just call system( .. ) everywhere when i need
to modify/read firewall - but I'm sure that it will be still too slow.
2)
Use Libiptc just for reading counters and all other do by calling
system() - not very nice solution and I'm not sure if this is possible
in C++
3)
Use pure C using iptables source codes - but how? I was testing just by
modifing iptables-standalone.c - it works fine.
It seems that it will be little bit challange for me (I'm not
experienced C/C++ programmer ;)
Thank you very much for answers!
Cheers,
Vitek
reply other threads:[~2007-01-02 16:17 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=459A857D.3020703@gmail.com \
--to=zaklik@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.