- 论坛徽章:
- 0
|
关于这个库的资料真是少阿,自己再编写一个添加规则的程序的时候总是出错。提示段错误。使用gdb看一下core dump
然后bt一下看堆栈调用的情况,看到如下信息(是在iptcc_find_label里崩溃的):
#0 0x08048bf8 in iptcc_find_label ()
(gdb) bt
#0 0x08048bf8 in iptcc_find_label ()
#1 0x0804a004 in iptc_append_entry ()
#2 0x0804892a in iptc_entry_add (handle=0x804d008, chain=0x804d318 "INPUT",
target=0x804af84 "ACCEPT", src_ip=16885952, src_msk=24, dst_ip=33663168,
dst_msk=24) at test1.c:66
#3 0x08048a6e in main () at test1.c:116
下面是一个demo程序的源代码
#include <getopt.h>
#include <sys/errno.h>
#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <dlfcn.h>
#include <time.h>
#include <libiptc/libiptc.h>
#include <iptables.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int iptc_entry_add (iptc_handle_t *handle, const char *chain, const char *target,
uint32_t src_ip, uint32_t src_msk,uint32_t dst_ip, uint32_t dst_msk)
{
struct ipt_entry_target *t = NULL;
struct ipt_entry *entry = NULL;
ipt_chainlabel chain_label;
int ret = 0;
int err = 0;
char *c_sip = NULL;
char *c_dip = NULL;
/* Allocate structure. */
entry = malloc (sizeof (struct ipt_entry)
+ sizeof (struct ipt_entry_target)
+ IPT_ALIGN (sizeof (int)));
t = (struct ipt_entry_target *) (((char *) entry)
+ sizeof (struct ipt_entry));
memset ((void *) entry, 0,
sizeof (struct ipt_entry_target)
+ sizeof (struct ipt_entry)
+ IPT_ALIGN (sizeof (int)));
/* Fill entry. */
entry->target_offset = sizeof (struct ipt_entry);
entry->next_offset = sizeof (struct ipt_entry_target)
+ sizeof (struct ipt_entry)
+ IPT_ALIGN (sizeof (int));
/*初始化entry的源地址,目的地址和掩码*/
entry->ip.src.s_addr = src_ip;
entry->ip.dst.s_addr = dst_ip;
entry->ip.smsk.s_addr = htonl (0xFFFFFFFF << (32 - src_msk));
entry->ip.dmsk.s_addr = htonl (0xFFFFFFFF << (32 - dst_msk));
/* Fill target. */
t->u.target_size = sizeof (struct ipt_entry_target) + IPT_ALIGN (sizeof (int));
strncpy (t->u.user.name, target, sizeof (t->u.user.name) - 1);
/* 在规则链中插入一项 */
strncpy (chain_label, chain, sizeof (ipt_chainlabel) - 1);
ret = iptc_append_entry (chain_label, entry, handle);
if ( ! ret )
{
printf("error when iptc_append_entry\n");
err = -1;
}
if ( entry )
free (entry);
return err;
}
int main()
{
iptc_handle_t h;
const char *chain = NULL;
const char *tablename = "filter";
const char *c_src_ip = "192.168.1.1";
const char *c_dst_ip = "192.168.1.2";
struct in_addr in_addr_src_addr;
struct in_addr in_addr_dst_addr;
uint32_t src_ip;
uint32_t dst_ip;
uint32_t src_mask = 24;
uint32_t dst_mask = 24;
h = iptc_init(tablename);
inet_aton(c_src_ip, &in_addr_src_addr);
inet_aton(c_dst_ip, &in_addr_dst_addr);
src_ip = in_addr_src_addr.s_addr;
dst_ip = in_addr_dst_addr.s_addr;
if ( !h )
{
printf("Error initializing: %s\n", iptc_strerror(errno));
exit(errno);
}
chain = iptc_first_chain(&h);
/*取得第一个规则链的名称然后作为参数传进iptc_entry_add*/
printf("The first chain is:%s\n", chain);
iptc_entry_add(h, chain, "ACCEPT", src_ip, src_mask, dst_ip, dst_mask);
if ( !h )
{
printf("Error initializing: %s\n", iptc_strerror(errno));
exit(errno);
}
iptc_commit(h);
exit(0);
}
谢谢!!!! |
|