有没有人熟悉libiptc库的。我在使用这个库的时候一再不成功。

onlyflyer

关于这个库的资料真是少阿，自己再编写一个添加规则的程序的时候总是出错。提示段错误。使用gdb看一下core dump
然后bt一下看堆栈调用的情况，看到如下信息（是在iptcc_find_label里崩溃的）：
#0 0x08048bf8 in iptcc_find_label ()
(gdb) bt
#0 0x08048bf8 in iptcc_find_label ()
#1 0x0804a004 in iptc_append_entry ()
#2 0x0804892a in iptc_entry_add (handle=0x804d008, chain=0x804d318 "INPUT",
target=0x804af84 "ACCEPT", src_ip=16885952, src_msk=24, dst_ip=33663168,
dst_msk=24) at test1.c:66
#3 0x08048a6e in main () at test1.c:116

下面是一个demo程序的源代码
#include <getopt.h>
#include <sys/errno.h>
#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <dlfcn.h>
#include <time.h>
#include <libiptc/libiptc.h>
#include <iptables.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

int iptc_entry_add (iptc_handle_t *handle, const char *chain, const char *target,
uint32_t src_ip, uint32_t src_msk,uint32_t dst_ip, uint32_t dst_msk)
{
struct ipt_entry_target *t = NULL;
struct ipt_entry *entry = NULL;
ipt_chainlabel chain_label;
int ret = 0;
int err = 0;
char *c_sip = NULL;
char *c_dip = NULL;

/* Allocate structure. */
entry = malloc (sizeof (struct ipt_entry)
+ sizeof (struct ipt_entry_target)
+ IPT_ALIGN (sizeof (int)));

t = (struct ipt_entry_target *) (((char *) entry)
+ sizeof (struct ipt_entry));
memset ((void *) entry, 0,
sizeof (struct ipt_entry_target)
+ sizeof (struct ipt_entry)
+ IPT_ALIGN (sizeof (int)));

/* Fill entry. */
entry->target_offset = sizeof (struct ipt_entry);
entry->next_offset = sizeof (struct ipt_entry_target)
+ sizeof (struct ipt_entry)
+ IPT_ALIGN (sizeof (int));
/*初始化entry的源地址，目的地址和掩码*/
entry->ip.src.s_addr = src_ip;
entry->ip.dst.s_addr = dst_ip;

entry->ip.smsk.s_addr = htonl (0xFFFFFFFF << (32 - src_msk));
entry->ip.dmsk.s_addr = htonl (0xFFFFFFFF << (32 - dst_msk));

/* Fill target. */
t->u.target_size = sizeof (struct ipt_entry_target) + IPT_ALIGN (sizeof (int));
strncpy (t->u.user.name, target, sizeof (t->u.user.name) - 1);


/* 在规则链中插入一项 */
strncpy (chain_label, chain, sizeof (ipt_chainlabel) - 1);

ret = iptc_append_entry (chain_label, entry, handle);

if ( ! ret )
{
printf("error when iptc_append_entry\n");
err = -1;
}

if ( entry )
free (entry);

return err;
}

int main()
{
iptc_handle_t h;


const char *chain = NULL;
const char *tablename = "filter";
const char *c_src_ip = "192.168.1.1";
const char *c_dst_ip = "192.168.1.2";

struct in_addr in_addr_src_addr;
struct in_addr in_addr_dst_addr;

uint32_t src_ip;
uint32_t dst_ip;
uint32_t src_mask = 24;
uint32_t dst_mask = 24;

h = iptc_init(tablename);

inet_aton(c_src_ip, &in_addr_src_addr);
inet_aton(c_dst_ip, &in_addr_dst_addr);

src_ip = in_addr_src_addr.s_addr;
dst_ip = in_addr_dst_addr.s_addr;

if ( !h )
{
printf("Error initializing: %s\n", iptc_strerror(errno));
exit(errno);
}
chain = iptc_first_chain(&h);
/*取得第一个规则链的名称然后作为参数传进iptc_entry_add*/
printf("The first chain is:%s\n", chain);

iptc_entry_add(h, chain, "ACCEPT", src_ip, src_mask, dst_ip, dst_mask);

if ( !h )
{
printf("Error initializing: %s\n", iptc_strerror(errno));
exit(errno);
}

iptc_commit(h);

exit(0);
}

谢谢！！！！

zsr_cn

-iptc_entry_add(h, chain, "ACCEPT", src_ip, src_mask, dst_ip, dst_mask);
+iptc_entry_add(&h, chain, "ACCEPT", src_ip, src_mask, dst_ip, dst_mask);

-iptc_commit(h);
+iptc_commit(&h);

电子学习员

请问楼主，libiptc库需要提前安装吗？该如何使用呢。。。