iptables 源码分析
2007-03-07 12:42:27 来源:WEB开发网核心提示: 然后就进入核心处理模块:do_command(argc, argv, &table, &handle);do_command 函数是整个系统的核心,负责处理整个用户的输入命令,iptables 源码分析(2),函数首先对一些结构、变量进行初始化,初始化完毕后,设置相关的标志变量,然后根据相
然后就进入核心处理模块:
do_command(argc, argv, &table, &handle);
do_command 函数是整个系统的核心,负责处理整个用户的输入命令。函数首先对一些结构、变量进行初始化,初始化完毕后,进入while循环,分析用户输入的命令,设置相关的标志变量,然后根据相应标志,调用对应的处理函数。
struct ipt_entry fw, *e = NULL;
int invert = 0;
unsigned int nsaddrs = 0, ndaddrs = 0;
struct in_addr *saddrs = NULL, *daddrs = NULL;
int c, verbose = 0;
const char *chain = NULL;
const char *shostnetworkmask = NULL, *dhostnetworkmask = NULL;
const char *policy = NULL, *newname = NULL;
unsigned int rulenum = 0, options = 0, command = 0;
const char *pcnt = NULL, *bcnt = NULL;
int ret = 1;
struct iptables_match *m;
struct iptables_target *target = NULL;
struct iptables_target *t;
const char *jumpto = "";
char *protocol = NULL;
const char *modprobe = NULL;
/*初始化变量*/
memset(&fw, 0, sizeof(fw));
opts = original_opts;
global_option_offset = 0;
/* re-set optind to 0 in case do_command gets called
* a second time */
optind = 0;
/*初始化两个全局变量*/
/* clear mflags in case do_command gets called a second time
* (we clear the global list of all matches for security)*/
for (m = iptables_matches; m; m = m->next) {
m->mflags = 0;
m->used = 0;
}
for (t = iptables_targets; t; t = t->next) {
t->tflags = 0;
t->used = 0;
}
更多精彩
赞助商链接