You're here: Snippet Directory » C/C++ (495)
Language:

libiptc samples: interfacing with netfilter

Language: English
Programming Language: C
Published by: mmanchip [not registered]
Last Update: 5/15/2006
Views: 153


Description

This code was written to give netfilter libiptc users a fast idea on how to start interfacing with libiptc. Libiptc provides a userspace API to using iptables under linux 2.4The code lists rules in the FORWARD chain of the filter tableCompile using:gcc -o listchain listchain.c -liptcMail me and let me know if this was useful!The code time was sponsored by:http://www.s3group.com

Code

1 // sample code listing the rules in the FORWARD chain of the filter table 2 3 #include <libiptc/libiptc.h> 4 #include <errno.h> 5 #include <stdio.h> 6 #include <stdlib.h> 7 8 9 struct iptables_match *iptables_matches = NULL; 10 11 12 13 int main (long argno, char argv[]) 14 { 15 long result=0,rule_no = 0; 16 iptc_handle_t handle; 17 18 struct ipt_entry *chain_entry; 19 ipt_chainlabel labelit; 20 21 /* struct iptables_target *ptr; */ 22 23 /* struct ipt_entry_target target; */ 24 25 long size=0; 26 27 handle = iptc_init("filter"); /* check if table is loaded */ 28 if (handle == NULL) 29 { 30 printf("error: table not loaded!\n"); 31 exit(0); 32 } 33 else 34 { 35 printf("table exists\n"); 36 } 37 result = iptc_is_chain("FORWARD", handle); 38 if(result) 39 { 40 printf("chain exists\n"); 41 } 42 else 43 { 44 printf("error: chain does not exist!\n"); 45 exit(0); 46 } 47 48 printf("about to go thru list of existing rules on given chain\n"); 49 chain_entry = NULL; 50 chain_entry = iptc_first_rule("FORWARD", &handle); 51 52 printf("target: %s\n", iptc_get_target(chain_entry, &handle)); 53 printf("src address: %s\n", inet_ntoa(chain_entry->ip.src.s_addr)); 54 printf("dst address: %s\n", inet_ntoa(chain_entry->ip.dst.s_addr)); 55 printf("protocol: %d\n", chain_entry->ip.proto); 56 printf("next chain target offset: %d\n", chain_entry->target_offset); 57 printf("next chain entry offset: %d\n", chain_entry->next_offset); 58 printf("therefore target size = %d bytes\n", chain_entry->next_offset - chain_entry->target_offset); 59 60 printf("target: %s\n", iptc_get_target(chain_entry, &handle)); 61 while ((chain_entry=iptc_next_rule(chain_entry, &handle)) != NULL) 62 { 63 printf("\nrule no: %d\n", ++rule_no); 64 printf("target: %s\n", iptc_get_target(chain_entry, &handle)); 65 printf("src address: %s\n", inet_ntoa(chain_entry->ip.src.s_addr)); 66 printf("dst address: %s\n", inet_ntoa(chain_entry->ip.dst.s_addr)); 67 printf("protocol: %d\n", chain_entry->ip.proto); 68 printf("next chain target offset: %d\n", chain_entry->target_offset); 69 printf("next chain entry offset: %d\n", chain_entry->next_offset); 70 printf("therefore target size = %d bytes\n", chain_entry->next_offset - chain_entry->target_offset); 71 72 } 73 74 75 return 0; 76 77 78 79 } 80 81 82 83 84

No comments avaiable

Add a comment

Name *  

Email (won't be displayed) *    

Website  

Comment *  

Sicherheitscode Security Code *    

RSS