如何在程序中获得Iptables规则表中每条的数据包计数信息？|Linux系统专区人人网,QQ空间,登陆,renren,注册,校内,刷人气

离线焊线.

初中三年级

发帖: 2048

C币: -604756

威望: 406

贡献值: 4

银元: -1

铜钱: 4678

人人网人气币: 0

只看楼主倒序阅读使用道具楼主发表于: 2009-05-01

不知道iptab.le -L获得规则相关信息存.储在内核空间哪儿？.

我现在想获取到用户空间.，特别是获取每条规则的.过滤数据包信息.

麻烦各位提示一下。

因为我没时间去研究netfilter-iptables.框架机制。.。。健康

评价一下你浏览此帖子的感受

分享到 淘江湖新浪 QQ微博 QQ空间开心人人豆瓣网易微博百度鲜果白社会飞信

离线resoo.

初中三年级

发帖: 2070

C币: -60419

威望: 390

贡献值: 1

银元: 0

铜钱: 4606

人人网人气币: 0

只看该作者沙发发表于: 2010-04-13

iptables -vL (-t xxx)
iptables -vnL (-t xxx)

离线心比雪冷.

初中三年级

发帖: 2168

C币: -60397

威望: 407

贡献值: 1

银元: -1

铜钱: 4944

人人网人气币: 0

只看该作者板凳发表于: 2010-04-13

-t xxx 表示什么意思

我是在要在程序中获得这些信息

iptables -vL 可以获得输出在控制台

难道去分析其输出结果？

离线xdlyly.

初中三年级

发帖: 2058

C币: -139587

威望: 385

贡献值: 1

银元: 0

铜钱: 4510

人人网人气币: 0

只看该作者地板发表于: 2010-04-13

man iptables

QUOTE:       -t, --table table
              This  option  specifies the packet matching table which the com-
              mand should operate on.  If the kernel is configured with  auto-
              matic module loading, an attempt will be made to load the appro-
              priate module for that table if it is not already there.

              The tables are as follows:

              filter:
                  This is the default table (if no -t option is  passed).   It
                  contains  the built-in chains INPUT (for packets coming into
                  the box itself), FORWARD (for packets being  routed  through
                  the box), and OUTPUT (for locally-generated packets).

              nat:
                  This  table  is  consulted  when a packet that creates a new
                  connection is encountered.  It consists of three  built-ins:
                  PREROUTING  (for  altering packets as soon as they come in),
                  OUTPUT (for altering locally-generated packets before  rout-
                  ing),  and  POSTROUTING  (for  altering  packets as they are
                  about to go out).

              mangle:
                  This table is used for specialized packet alteration.  Until
                  kernel  2.4.17  it  had two built-in chains: PREROUTING (for
                  altering incoming packets before routing)  and  OUTPUT  (for
                  altering  locally-generated  packets before routing).  Since
                  kernel 2.4.18, three other built-in  chains  are  also  sup-
                  ported: INPUT (for packets coming into the box itself), FOR-
                  WARD (for altering packets being routed  through  the  box),
                  and  POSTROUTING  (for altering packets as they are about to
                  go out).

如果你要在程序里获得这些信息，就写个程序去获得啊，比如shell什么的