setsockopt IPT_SO_SET_REPLACE flag return error (linux)

Question

I try to use setsockopt with the flag IPT_SO_SET_REPLACE but i keep getting the wired error from errno Protocol not available this is my code:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sched.h>
#include <linux/sched.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <linux/netlink.h>
#include <unistd.h>
#include <sys/ptrace.h>
#include <netinet/in.h>
#include <net/if.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <fcntl.h>

int main(void) {
int sock;
int ret;
void *data;
size_t size;
struct ipt_replace *repl;

sock = socket(PF_INET, SOCK_RAW, IPPROTO_RAW);

if (sock == -1) {
    perror("socket");
    return -1;
}

size = sizeof(struct ipt_replace);

 data = malloc(size); Protocol not available

if (data == NULL) {
    perror("malloc");
return -1;
}

memset(data, 0, size);

repl = (struct ipt_replace *) data;

repl->num_counters = 0x1;
repl->size = 0xffffffff;
repl->valid_hooks = 0x1;
repl->num_entries = 0x1;

ret = setsockopt(sock, SOL_IP, IPT_SO_SET_REPLACE, (void *) data, size);

printf("\ndone %d\n", ret);
perror("error: ");



return 0;
}

this is the output :

sock:3 
data: 
size:92 
done -1
error: : Protocol not available

Answer 1

Looking briefly at the kernel code, this would seem to indicate that the IP tables module isn't available (i.e. the kernel wasn't built with it configured, or it can't be found or loaded).

It appears to me that for a socket of the kind you created, the code flow is:

• enter raw_setsockopt: level != SOL_RAW so...
• call ip_setsockopt: level == SOL_IP but option isn't any of the IP_xxx options so...
• call nf_setsockopt: Search loaded netfilter modules for one that has registered IPT_SO_SET_REPLACE.

I think the last must have failed, so you get ENOPROTOOPT back (== Protocol not available)