Hi,
I am trying to write some code to simulate this iptables rule:
iptables -append -t nat -A PREROUTING -s 192.168.3.2 -p udp --dport 80
-j ACCEPT
But I am getting "Invalid Argument" error when running the commit.
Does anyone know what could be wrong with my sample code here?
Any help will be greatly appreciated.
struct ipt_entry *e=NULL;
struct ipt_entry_target *pt;
struct ipt_entry_match *pm;
struct ipt_udp *pudp;
const char *tablename = "nat";
iptc_handle_t h = iptc_init(tablename);
int ret = 0;
size_t target_size, match_size, size;
match_size = sizeof(struct ipt_entry_match) + sizeof(struct ipt_tcp);
target_size = IPT_ALIGN(sizeof(struct ipt_entry_target)) +
IPT_ALIGN(sizeof(int));
size = sizeof(*e) + match_size + target_size;
e = calloc(1, size);
e->ip.src.s_addr = inet_addr("192.168.3.2");
e->ip.smsk.s_addr = -1;
e->ip.proto = IPPROTO_UDP;
e->target_offset = sizeof(*e) + match_size;
e->next_offset = size;
pm = (struct ipt_entry_match *)e->elems;
pm->u.user.match_size = match_size;
strcpy(pm->u.user.name, "udp");
pudp = (struct ipt_udp*)pm->data;
pudp->spts[0] = 0;
pudp->spts[1] = 0;
pudp->dpts[0] = 80;
pudp->dpts[1] = 0xffff;
pt = (struct ipt_entry_target *) (e->elems + match_size);
pt->u.user.target_size = target_size;
strcpy(pt->u.user.name, "ACCEPT");
if ( !h ) { printf("Error initializing:
%s\n", iptc_strerror(errno));
}
ret = iptc_append_entry("PREROUTING", e, h);
printf("append = [%i]\n", ret);
ret = iptc_commit(h);
printf("commit = [%i]\n",ret);
if (!ret) {
printf("false : %s\n", iptc_strerror(errno)); }
Thanks,
P
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
