Using netlink to add/update iptables?

Question

am trying to write a program which does the adds/updates the routes in the linux routing tables. For that I am using struct rtmsg to update the data & send it to fd opened as NETLINK_ROUTE.

179    struct {
180 struct nlmsghdr     n;
181 struct rtmsg        r;
182 char                buf[RTA_BUF_SIZE];
183    } req;
184    int  v4_addr;
185    int  if_idx;
186
187    memset(&req, 0, sizeof(req));
188
189    req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
190    req.n.nlmsg_flags = NLM_F_REQUEST | flags;
191    req.n.nlmsg_type = cmd;
192    req.r.rtm_family = AF_INET;
193    req.r.rtm_table = RT_TABLE_MAIN;
194    req.r.rtm_protocol = RTPROT_BOOT;
195    req.r.rtm_scope = RT_SCOPE_LINK;
196    req.r.rtm_type = RTN_UNICAST;
...

fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);

In addition to that I was looking to extend the program to manipulate the iptables as well. Seems like socket with protocol NETLINK_NFLOG should solve my problem, but how do I send the data across ?

   fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_NFLOG);

e.x. I need to add a SNAT rule in the nat table, how can I do that using netlink ? How do I pass the data in NF case ?

score 1 · Answer 1 · answered Dec 03 '15 at 09:42

1

There is no way to manage iptables rules via netlink protocol. The netlink protocol can be used to manage QUEUE or NFLOG handlers and like that.

To manage iptables rules one should use guess what — setsockopt(). See iptables sources for details.

answered Dec 03 '15 at 09:42

svinota

779
8
10

Using netlink to add/update iptables?

1 Answers1