* Developing with libiptc ... little problem with matches
@ 2005-07-07 16:43 Francesco Ciocchetti
0 siblings, 0 replies; only message in thread
From: Francesco Ciocchetti @ 2005-07-07 16:43 UTC (permalink / raw)
To: netfilter
Hi all ML.
I'm coding a little apps , just for fun , that uses libiptc API to
interact with Netfilter.
I'm writing now my functions to insert new rules in netfilter tables but
i'm experiencing a problem i've not been able to solve by myself yet.
i've got a structure that represents my firewall rule , it is a very
simple structure derived from libdnet:
struct fw_rule {
char fw_device[INTF_NAME_LEN]; /* interface name
NOTE device=chain!!!!!*/
uint8_t fw_op; /* operation
ALLOW/BLOCK*/
uint8_t fw_dir; /* direction
USELESS REMOVED!!!!!!*/
uint8_t fw_proto; /* IP protocol */
struct addr fw_src; /* src address /
net */
struct addr fw_dst; /* dst address /
net */
uint16_t fw_sport[2]; /* range / ICMP
type */
uint16_t fw_dport[2]; /* range / ICMP
code */
};
i'm in a big trouble while tryng to convert my rule to an ipt_entry
struct when i arrive to create the 'match structure'.
here is a part of my code:
/*tcp udp Match*/
pr=getprotobynumber(fr->fw_proto);
if ((pr->p_proto==IP_PROTO_TCP)||(pr->p_proto==IP_PROTO_UDP))
{
size_t size;
char * port_string;
m=find_match(pr->p_name,TRY_LOAD,&matches);
if (m)
printf("%i",m->size);
else
printf("CAZZO");
size = IPT_ALIGN(sizeof(struct ipt_entry_match))+m->size;
if ((m->m = calloc(1, size))==NULL)
{
fprintf(stderr,"iptables:calloc failed");
exit(1);
}
m->m->u.match_size = size;
strcpy(m->m->u.user.name, m->name);
m->init(m->m,&e->nfcache);
/*sport (1)*/
if (fr->fw_sport[0]==fr->fw_sport[1])
strcpy(port_string,(char *)&fr->fw_sport[0]);
else
{
strcat(port_string,(char *)&fr->fw_sport[0]);
strcat(port_string,":");
strcat(port_string,(char *)&fr->fw_sport[1]);
}
for (matchp=matches;matchp;matchp=matchp->next)
{
if(matchp->match->parse(1,&port_string,(int)NULL,&matchp->match->mflags,e,&e->nfcache,&matchp->match->m))
break;
}
m = matchp ? matchp->match : NULL;
/*dport (2)*/
if (fr->fw_dport[0]==fr->fw_dport[1])
strcpy(port_string,(char *)&fr->fw_dport[0]);
else
{
strcat(port_string,(char *)&fr->fw_dport[0]);
strcat(port_string,":");
strcat(port_string,(char *)&fr->fw_dport[1]);
}
for (matchp=matches;matchp;matchp=matchp->next)
{
if(matchp->match->parse(2,&port_string,(int)NULL,&matchp->match->mflags,e,&e->nfcache,&matchp->match->m))
break;
}
m = matchp ? matchp->match : NULL;
for (matchp=matches;matchp;matchp=matchp->next)
matchp->match->final_check(matchp->match->mflags);
}
my problem resides here: m=find_match(pr->p_name,TRY_LOAD,&matches);
when the program reach this instruction i get a not so nice Segmentation
Fault. So i started to try to understand what was happening, i copied
"find_match" function from itpables.c to my program and what i
discovered is that
for (ptr = iptables_matches; ptr; ptr = ptr->next) {
if (strcmp(name, ptr->name) == 0)
break;
}
i get no "ptr" ... i think i should register or init the "iptables
extensions" at start of my program to populate the linked list referred
by iptables_matches , but i really don't know how to do it.
Then i think that even passing the TRY_LOAD arg the extensions are maybe
not loaded ... how should i do such a thing?
I hope i've been clear and gave enough infos.
Any help will be REALLY REALLY appreciated :)
Bye
Francesco
I'm sorry for both my english and my code ... none of them are my
'Natural Language' ;)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-07-07 16:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-07 16:43 Developing with libiptc ... little problem with matches Francesco Ciocchetti
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox