修复iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, srcIp, 0, NULL, NULL, "DROP", NULL, 1); 参数src和dest写反的问题

修复int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4);函数entry->ip.src写错
2022-09-29 17:18:25 +08:00 · 2022-09-29 17:18:25 +08:00 · 969927106e
commit 969927106e
parent 78ffb8d017
2 changed files with 30 additions and 7 deletions
--- a/libiptc.c
+++ b/libiptc.c
@ -10,9 +10,9 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4)
        const char *t = iptc_get_target(entry, handle);
        entry_match = (struct ipt_entry_match *)entry->elems;
        //printf("u.user.name: %s\n", entry_match->u.user.name);
-        char addr[33];
-        memset(addr, 0, 33);
-        inet_ntop(AF_INET, &(entry->ip.dst), addr, sizeof(addr));
+        char addr[64];
+        memset(addr, 0, 64);
+        inet_ntop(AF_INET, &(entry->ip.src), addr, sizeof(addr));
        //printf("%s\n", addr);
        //printf("%s\n", t);
        if (0 == strcmp(ipv4, addr) && 0 == strcmp(t, "DROP") && 0 == strcmp(entry_match->u.user.name, "tcp")) {
@ -68,6 +68,7 @@ static void parse_ports(const char *portstring, u_int16_t * ports)
        ports[0] = buffer[0] ? parse_port(buffer) : 0;
        ports[1] = cp[0] ? parse_port(cp) : 0xFFFF;
    }
+    
    free(buffer);
 }

--- a/rhost.c
+++ b/rhost.c
@ -307,9 +307,9 @@ int rule(conf * conf)
             */

            // libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP
-            unsigned int destIp;
-            inet_pton(AF_INET, buffer, &destIp);
-            iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, 0, destIp, NULL, NULL, "DROP", NULL, 1);
+            unsigned int srcIp;
+            inet_pton(AF_INET, buffer, &srcIp);
+            iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, srcIp, 0, NULL, NULL, "DROP", NULL, 1);

        }

@ -334,10 +334,32 @@ static void sig_child(int signo)
    return;
 }

+static int get_executable_path(char *processdir, char *processname, int len)
+{
+    char *filename;
+    if (readlink("/proc/self/exe", processdir, len) <= 0)
+        return -1;
+    filename = strrchr(processdir, '/');
+    if (filename == NULL)
+        return -1;
+    ++filename;
+    strcpy(processname, filename);
+    *filename = '\0';
+    return (int)(filename - processdir);
+}
+
 int main(int argc, char *argv[], char **env)
 {
+    char path[BUFFER] = { 0 };
+    char executable_filename[BUFFER] = { 0 };
+    (void)get_executable_path(path, executable_filename, sizeof(path));
+    
+    strcat(executable_filename, ".conf");
+    strcat(path, executable_filename);
+
+    
    conf *conf = (struct CONF *)malloc(sizeof(struct CONF));
-    read_conf("rhost.conf", conf);
+    read_conf(path, conf);
    //ptintf_conf(conf);

    // 新版本获取公网IP