Hi there,
i’m trying to emulate :: iptables -A INPUT -t filter -p tcp -j NFQUEUE
–queue-num $queueNum
where $queueNum is any int
so far I have
static int createFilters(int baseNumber) {
/*
* input filter looks like this
* iptables -A INPUT -t filter -p tcp -j NFQUEUE –queue-num 5
* sudo iptables -L INPUT
* Chain INPUT (policy ACCEPT)
* target prot opt source destination
* NFQUEUE tcp — anywhere anywhere NFQUEUE num 5
*/
const char *table = “filter”;
const char *chain = “INPUT”;
const char *target = “QUEUE”;
struct
{
struct ipt_entry entry;
struct xt_NFQ_info {
u_int16_t queueNum;
} target;
} entry;
struct xtc_handle *h;
int ret = 1;
h = iptc_init (table);
if (!h) {
fprintf (stderr, “Could not init IPTC library: %s\n”, iptc_strerror (errno));
goto out;
}
memset (&entry, 0, sizeof (entry));
/* target */
entry.target.queueNum = XT_ALIGN (baseNumber);
entry.entry.target_offset = sizeof (struct ipt_entry);
entry.entry.next_offset = entry.entry.target_offset + sizeof(entry.target);
if (!iptc_append_entry (chain, (struct ipt_entry *) &entry, h)) {
fprintf (stderr, “Could not insert a rule in iptables (table %s):
%s\n”, table, iptc_strerror (errno));
goto out;
}
if (!iptc_commit (h)) {
fprintf (stderr, “Could not commit changes in iptables (table %s):
%s\n”, table, iptc_strerror (errno));
goto out;
}
ret = 0;
out:
if (h)
iptc_free (h);
return ret;
}
but it won’t commit. Any thoughts?
Thanks for any help,
Mat
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
