修复iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, srcIp, 0, NULL, NULL, "DROP", NULL, 1); 参数src和dest写反的问题

修复int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4);函数entry->ip.src写错
This commit is contained in:
aixiao 2022-09-29 17:18:25 +08:00
parent 78ffb8d017
commit 969927106e
2 changed files with 30 additions and 7 deletions

View File

@ -10,9 +10,9 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4)
const char *t = iptc_get_target(entry, handle); const char *t = iptc_get_target(entry, handle);
entry_match = (struct ipt_entry_match *)entry->elems; entry_match = (struct ipt_entry_match *)entry->elems;
//printf("u.user.name: %s\n", entry_match->u.user.name); //printf("u.user.name: %s\n", entry_match->u.user.name);
char addr[33]; char addr[64];
memset(addr, 0, 33); memset(addr, 0, 64);
inet_ntop(AF_INET, &(entry->ip.dst), addr, sizeof(addr)); inet_ntop(AF_INET, &(entry->ip.src), addr, sizeof(addr));
//printf("%s\n", addr); //printf("%s\n", addr);
//printf("%s\n", t); //printf("%s\n", t);
if (0 == strcmp(ipv4, addr) && 0 == strcmp(t, "DROP") && 0 == strcmp(entry_match->u.user.name, "tcp")) { if (0 == strcmp(ipv4, addr) && 0 == strcmp(t, "DROP") && 0 == strcmp(entry_match->u.user.name, "tcp")) {
@ -68,6 +68,7 @@ static void parse_ports(const char *portstring, u_int16_t * ports)
ports[0] = buffer[0] ? parse_port(buffer) : 0; ports[0] = buffer[0] ? parse_port(buffer) : 0;
ports[1] = cp[0] ? parse_port(cp) : 0xFFFF; ports[1] = cp[0] ? parse_port(cp) : 0xFFFF;
} }
free(buffer); free(buffer);
} }

30
rhost.c
View File

@ -307,9 +307,9 @@ int rule(conf * conf)
*/ */
// libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP // libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP
unsigned int destIp; unsigned int srcIp;
inet_pton(AF_INET, buffer, &destIp); inet_pton(AF_INET, buffer, &srcIp);
iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, 0, destIp, NULL, NULL, "DROP", NULL, 1); iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, srcIp, 0, NULL, NULL, "DROP", NULL, 1);
} }
@ -334,10 +334,32 @@ static void sig_child(int signo)
return; return;
} }
static int get_executable_path(char *processdir, char *processname, int len)
{
char *filename;
if (readlink("/proc/self/exe", processdir, len) <= 0)
return -1;
filename = strrchr(processdir, '/');
if (filename == NULL)
return -1;
++filename;
strcpy(processname, filename);
*filename = '\0';
return (int)(filename - processdir);
}
int main(int argc, char *argv[], char **env) int main(int argc, char *argv[], char **env)
{ {
char path[BUFFER] = { 0 };
char executable_filename[BUFFER] = { 0 };
(void)get_executable_path(path, executable_filename, sizeof(path));
strcat(executable_filename, ".conf");
strcat(path, executable_filename);
conf *conf = (struct CONF *)malloc(sizeof(struct CONF)); conf *conf = (struct CONF *)malloc(sizeof(struct CONF));
read_conf("rhost.conf", conf); read_conf(path, conf);
//ptintf_conf(conf); //ptintf_conf(conf);
// 新版本获取公网IP // 新版本获取公网IP