执行iptables代码时出错“错误提交:套接字的协议错误类型”

时间:2014-05-22 09:41:57

标签: c linux sockets iptables iptc

下面的C代码等同于以下iptables命令:

ip6tables -A OUTPUT -t mangle -s 2001:db8:222:2::/64 -j MARK --set-mark 20

但是,iptables命令在命令行中工作正常但是当我执行代码时它会给出错误

Error commit: Protocol wrong type for socket

虽然它编译成功。我也尝试过设置DSCP值并且工作正常,所以我猜想MARK模块缺少了什么

Linux内核3.8.2
iptables版本1.4.12(我也试过1.4.21但没有用)

代码

struct ip6tc_handle *h;
const ip6t_chainlabel chain = "OUTPUT";
const char *tablename = "mangle";

struct ip6t_entry * e;
struct ip6t_entry_target * target;
struct xt_mark_tginfo2 *pmark;
unsigned int size_ip6t_entry, size_ip6t_entry_target,  size_pmark, total_length; 

size_ip6t_entry = XT_ALIGN(sizeof(struct ip6t_entry));
size_ip6t_entry_target = XT_ALIGN(sizeof(struct ip6t_entry_target));
size_pmark = XT_ALIGN(sizeof(struct xt_mark_tginfo2));

total_length =  size_ip6t_entry +  size_ip6t_entry_target + size_pmark ;


e = calloc(1, total_length);
if(e == NULL)
{
        printf("malloc failure");
        exit(1);
}

//offsets to the other bits:
//target struct begining
e->target_offset = size_ip6t_entry ;
//next "e" struct, end of the current one
e->next_offset = total_length;


char *temps = malloc(128);
temps = "2001:db8:222:2::";
inet_pton(AF_INET6, temps, &e->ipv6.src);
char *temps2 = malloc(128);
temps2 = "FFFF:FFFF:FFFF:FFFF::";
inet_pton(AF_INET6, temps2, &e->ipv6.smsk);
 //e->ipv6.proto = 58 ;
//strcpy(e->ipv6.iniface, "wlan1");


//target struct
target = (struct ip6t_entry_target *) e->elems; 
target->u.target_size = size_ip6t_entry_target;
strcpy(target->u.user.name, "MARK");

 pmark = (struct xt_mark_tginfo2 *) target->data;
 pmark->mark = 0x14;
 pmark->mask = 0xff;


h = ip6tc_init(tablename);
if ( !h )
{
      printf("Error initializing: %s\n", iptc_strerror(errno));
      exit(errno);
}

 int x = ip6tc_append_entry(chain, e, h);

if (!x)
{
        printf("Error append_entry: %s\n", iptc_strerror(errno));
        exit(errno);
}
printf("%s", target->data);
int y = ip6tc_commit(h);
if (!y)
{
        printf("Error commit: %s\n", iptc_strerror(errno));
        exit(errno);
}

exit(0);

有什么想法吗? 感谢

1 个答案:

答案 0 :(得分:0)

最近的答复,但想给潜在的寻求者一个提示。

某些目标(也有匹配项)需要设置正确的修订版,对于xt_mark_tginfo2,我看到它必须为1或2。

另一件事是条目(ip6t_entry)标志,例如 我一直在努力拒绝目标(ip6t_reject_info),直到后来才发现必须将进入标志设置为IP6T_F_PROTO。

我不确定,但是可能暗示可以从xtables_target结构中查看.family。

iptc图书馆战士好运;)

相关问题
最新问题