iptables-dev Source Example

iptables-dev Source Example

[Katia Sarsempagieva]

Hello everyone!

I'm totally new to the iptables development sphere, so I would like to 
kindly request for a favor...

I have installed the iptables-dev package on my Debian Linux machine.
What I want to do is to write my very own program using the iptables 
library to query the interface information
of various machines (queues, lost packets, total packets etc).

But no matter how much I've tried to find a single tutorial or a source 
code sample (with the compiler command, of cource)
I failed.
So, can any of you please help me out? Maybe give me a tip on where to 
search or pass me a link to a tutorial page
or anything that could contain a program sample and compilation 
instructions..?

Thank you very much, in advance

Re: iptables-dev Source Example

[Pablo Neira Ayuso]

On Mon, Oct 08, 2012 at 04:36:56PM +0300, Katia Sarsempagieva wrote:
> Hello everyone!
> 
> I'm totally new to the iptables development sphere, so I would like
> to kindly request for a favor...
> 
> I have installed the iptables-dev package on my Debian Linux machine.
> What I want to do is to write my very own program using the iptables
> library to query the interface information
> of various machines (queues, lost packets, total packets etc).
> 
> But no matter how much I've tried to find a single tutorial or a
> source code sample (with the compiler command, of cource)
> I failed.
> So, can any of you please help me out? Maybe give me a tip on where
> to search or pass me a link to a tutorial page
> or anything that could contain a program sample and compilation
> instructions..?

I don't think you'll find much information. The library that iptables
provides is mostly internal. We know of people that has been tinkering
with it in their projects, but the API has not been stable along years
and it is not documented. I expect to solve this situation soon.

I'm afraid that the only reference you have is the source code by now.
Good luck.

Re: iptables-dev Source Example

[Maciej Żenczykowski]

>> What I want to do is to write my very own program using the iptables
>> library to query the interface information
>> of various machines (queues, lost packets, total packets etc).

I'm also not sure why you're even thinking about the 'iptables'
library - it has to do with firewall management.
Sounds like what you're wanting to query is basic interface statistics.
I would suggest looking at programs like ip (iproute / iproute2)
and/or netlink libraries (or worst case the obsolete ifconfig).

- Maciej

Re: iptables-dev Source Example

[Giuseppe Longo]

2012/10/8 Pablo Neira Ayuso <pablo@netfilter.org>:
> On Mon, Oct 08, 2012 at 04:36:56PM +0300, Katia Sarsempagieva wrote:
>> Hello everyone!
>>
>> I'm totally new to the iptables development sphere, so I would like
>> to kindly request for a favor...
>>
>> I have installed the iptables-dev package on my Debian Linux machine.
>> What I want to do is to write my very own program using the iptables
>> library to query the interface information
>> of various machines (queues, lost packets, total packets etc).
>>
>> But no matter how much I've tried to find a single tutorial or a
>> source code sample (with the compiler command, of cource)
>> I failed.
>> So, can any of you please help me out? Maybe give me a tip on where
>> to search or pass me a link to a tutorial page
>> or anything that could contain a program sample and compilation
>> instructions..?
>
> I don't think you'll find much information. The library that iptables
> provides is mostly internal. We know of people that has been tinkering
> with it in their projects, but the API has not been stable along years
> and it is not documented. I expect to solve this situation soon.
>
> I'm afraid that the only reference you have is the source code by now.
> Good luck.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Can be documented these API?

Re: iptables-dev Source Example

[Katia S.]

Well, I have been running "tc" commands like "tc qdisc" or "tc class" to
get some information I need on various devices and interfaces.

Right now I need to implement the exact same feature in a program of mine,
but I don't want to just externally call the "tc" command and read its
output... So I was searching for an API to use it in my source code. My
search led me to the iptc-dev and iptables-dev libraries, but those have
no tutorial or how-tos so I'm kinda lost...

So, that's my story and that's why I posted the initial question in this
mailing list.

I guess I'm gonna have to read the "tc" source codes and find a way on my
own.. Sounds like fun...not :p



>>> What I want to do is to write my very own program using the iptables
>>> library to query the interface information
>>> of various machines (queues, lost packets, total packets etc).
>
> I'm also not sure why you're even thinking about the 'iptables'
> library - it has to do with firewall management.
> Sounds like what you're wanting to query is basic interface statistics.
> I would suggest looking at programs like ip (iproute / iproute2)
> and/or netlink libraries (or worst case the obsolete ifconfig).
>
> - Maciej
>


-- 
Katia Sarsempagieva
-----
Research Associate
Media Networks Laboratory
Institute of Networks and Telecommunications
NCSR Demokritos

Re: iptables-dev Source Example

[Jan Engelhardt]

On Tuesday 2012-10-09 17:33, Katia S. wrote:

>Well, I have been running "tc" commands like "tc qdisc" or "tc class" to
>get some information I need on various devices and interfaces.
>
>Right now I need to implement the exact same feature in a program of mine,
>but I don't want to just externally call the "tc" command and read its
>output... So I was searching for an API to use it in my source code. My
>search led me to the iptc-dev and iptables-dev libraries, but those have
>no tutorial or how-tos so I'm kinda lost...

tc is not part of iptables, so it is very unlikely (I say impossible) 
that iptables-dev will get you anything tc-related.

Re: iptables-dev Source Example

[Katia S.]

Yeah, that's why I installed the development packages of both iptables and
iptc. I'm gussing the API I need is in the iptc lib.. But still, no luck
finding a tutorial there either.

And I guess the Title of this mail is kinda wrong and slighty irrelevant :p
Sorry 'bout that..

Do you have any suggestions regarding the iptc API and maybe any source
code samples (aside the ones that are already installed inside the core,
of course :p ) ?


> On Tuesday 2012-10-09 17:33, Katia S. wrote:
>
>>Well, I have been running "tc" commands like "tc qdisc" or "tc class" to
>>get some information I need on various devices and interfaces.
>>
>>Right now I need to implement the exact same feature in a program of
>> mine,
>>but I don't want to just externally call the "tc" command and read its
>>output... So I was searching for an API to use it in my source code. My
>>search led me to the iptc-dev and iptables-dev libraries, but those have
>>no tutorial or how-tos so I'm kinda lost...
>
> tc is not part of iptables, so it is very unlikely (I say impossible)
> that iptables-dev will get you anything tc-related.
>


-- 
Katia Sarsempagieva
-----
Research Associate
Media Networks Laboratory
Institute of Networks and Telecommunications
NCSR Demokritos

Re: iptables-dev Source Example

[Jan Engelhardt]

On Tuesday 2012-10-09 19:23, Katia S. wrote:

>Yeah, that's why I installed the development packages of both iptables and
>iptc. I'm gussing the API I need is in the iptc lib.. But still, no luck
>finding a tutorial there either.

As I said, iptables/iptc does not have anything to do with tc.


>>>Well, I have been running "tc" commands like "tc qdisc" or "tc class" to
>>>get some information I need on various devices and interfaces.
>>>
>>>Right now I need to implement the exact same feature in a program of
>>>mine, [...]

Re: iptables-dev Source Example

[Katia S.]

Hello Lesha! :p

Thank you very much!
I actually found the TC sources (not lib nor api, but sources) in the
iproute package (tc.c, tc_qdisc.c, tc_class.c etc) and they seem to be
somewhat straight forward.

But I'll check the lgl lib as well! Maybe it's easier than the tc sources..

Thanks again :)


> Hello Katia!
>
> There is a library lql ( http://www.coverfire.com/lql/) for working with
> linux QoS It's GPL.
> I don't know the state of this library.
>
> TC doesnt' use it, the TC's approach is directly communicate with kernel
> via netlink.
>
> On 10/09/2012 09:23 PM, Katia S. wrote:
>> Yeah, that's why I installed the development packages of both iptables
>> and
>> iptc. I'm gussing the API I need is in the iptc lib.. But still, no luck
>> finding a tutorial there either.
>>
>> And I guess the Title of this mail is kinda wrong and slighty irrelevant
>> :p
>> Sorry 'bout that..
>>
>> Do you have any suggestions regarding the iptc API and maybe any source
>> code samples (aside the ones that are already installed inside the core,
>> of course :p ) ?
>>
>>
>>> On Tuesday 2012-10-09 17:33, Katia S. wrote:
>>>
>>>> Well, I have been running "tc" commands like "tc qdisc" or "tc class"
>>>> to
>>>> get some information I need on various devices and interfaces.
>>>>
>>>> Right now I need to implement the exact same feature in a program of
>>>> mine,
>>>> but I don't want to just externally call the "tc" command and read its
>>>> output... So I was searching for an API to use it in my source code.
>>>> My
>>>> search led me to the iptc-dev and iptables-dev libraries, but those
>>>> have
>>>> no tutorial or how-tos so I'm kinda lost...
>>> tc is not part of iptables, so it is very unlikely (I say impossible)
>>> that iptables-dev will get you anything tc-related.
>>>
>>
>
>
> --
> Best regards,
> Alexey Perevalov,
>


-- 
Katia Sarsempagieva

Research Associate
Media Networks Laboratory
Institute of Networks and Telecommunications
NCSR "Demokritos"