Hi,
I am trying to play around with Iptable extensions and I have run into a little trouble. I hope somebody can point me in the right direction, or tell me what I am doing wrong.
I was attempting to compile sample code from this tutorial:
http://www.netfilter.org/documentati...000/tut-6.html
to get a feel for how it all works and comes together. However I had trouble compiling the shared library portion of this code. I've tried to use the same compiler flags as I had seen in the iptable makefile for the included extensions. These are the compiler flags I used, and the errors I recieved.
# cc -O2 -Wall -Wunused -I/usr/src/linux/include -I/home/shannon.field/src/iptables-1.2.9/include/ -I/ -DIPTABLES_VERSION=\"1.2.9\" -I/ -DNETFILTER_VERSION=\"1.2.9\" -fPIC -o libipt_length.o -c libipt_length.c
libipt_length.c: In function `parse':
libipt_length.c:48: too few arguments to function `string_to_number'
libipt_length.c:51: `s' undeclared (first use in this function)
libipt_length.c:51: (Each undeclared identifier is reported only once
libipt_length.c:51: for each function it appears in.)
libipt_length.c:39: warning: unused variable `info'
libipt_length.c: In function `print_length':
libipt_length.c:74: structure has no member named `length'
I pasted the code below:
/* Shared library add-on to iptables to add packet length matching support. */
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <getopt.h>
#include <iptables.h>
#include <linux/netfilter_ipv4/ipt_length.h>
/* Function which prints out usage message. */
static void
help(void)
{
printf("length v%s options:\n"
"--length length Match this packet length\n",
NETFILTER_VERSION);
}
static struct option opts[] = {
{ "length", 1, 0, '1' },
{0}
};
/* Initialize the match. */
static void
init(struct ipt_entry_match *m, unsigned int *nfcache)
{
*nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
unsigned int *nfcache,
struct ipt_entry_match **match)
{
struct ipt_length_info *info = (struct ipt_length_info *)(*match)->data;
int len;
switch (c) {
case '1':
if (*flags)
exit_error(PARAMETER_PROBLEM,
"length: `--length' may only be "
"specified once");
len = string_to_number(argv[optind-1], 0, 0xFFFF);
if (len == -1)
exit_error(PARAMETER_PROBLEM,
"length invalid: `%s'\n", s);
*flags = 1;
break;
default:
return 0;
}
return 1;
}
/* Final check; must have specified --length. */
static void
final_check(unsigned int flags)
{
if (!flags)
exit_error(PARAMETER_PROBLEM,
"length: You must specify `--length'");
}
/* Common match printing code. */
static void
print_length(struct ipt_length_info *info)
{
printf("%u ", info->length);
}
/* Prints out the matchinfo. */
static void
print(const struct ipt_ip *ip,
const struct ipt_entry_match *match,
int numeric)
{
printf("length ");
print_length((struct ipt_length_info *)match->data);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
{
printf("--length ");
print_length((struct ipt_length_info *)match->data);
}
struct iptables_match length
= { NULL,
"length",
NETFILTER_VERSION,
sizeof(struct ipt_length_info),
sizeof(struct ipt_length_info),
&help,
&init,
&parse,
&final_check,
&print,
&save,
opts
};
void _init(void)
{
register_match(&length);
}
--Thanks in advance for any help
