Blame view
net/netfilter/xt_string.c
2.59 KB
7567662ba [NETFILTER]: Add ... |
1 |
/* String matching match for iptables |
601e68e10 [NETFILTER]: Fix ... |
2 |
* |
7567662ba [NETFILTER]: Add ... |
3 4 5 6 7 8 |
* (C) 2005 Pablo Neira Ayuso <pablo@eurodev.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ |
5a0e3ad6a include cleanup: ... |
9 |
#include <linux/gfp.h> |
7567662ba [NETFILTER]: Add ... |
10 11 12 13 |
#include <linux/init.h> #include <linux/module.h> #include <linux/kernel.h> #include <linux/skbuff.h> |
2e4e6a17a [NETFILTER] x_tab... |
14 15 |
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_string.h> |
7567662ba [NETFILTER]: Add ... |
16 17 18 |
#include <linux/textsearch.h> MODULE_AUTHOR("Pablo Neira Ayuso <pablo@eurodev.net>"); |
2ae15b64e [NETFILTER]: Upda... |
19 |
MODULE_DESCRIPTION("Xtables: string-based matching"); |
7567662ba [NETFILTER]: Add ... |
20 |
MODULE_LICENSE("GPL"); |
2e4e6a17a [NETFILTER] x_tab... |
21 22 |
MODULE_ALIAS("ipt_string"); MODULE_ALIAS("ip6t_string"); |
7567662ba [NETFILTER]: Add ... |
23 |
|
d3c5ee6d5 [NETFILTER]: x_ta... |
24 |
static bool |
62fc80510 netfilter: xtable... |
25 |
string_mt(const struct sk_buff *skb, struct xt_action_param *par) |
7567662ba [NETFILTER]: Add ... |
26 |
{ |
f7108a20d netfilter: xtable... |
27 |
const struct xt_string_info *conf = par->matchinfo; |
7567662ba [NETFILTER]: Add ... |
28 |
struct ts_state state; |
d879e19e1 netfilter: xtable... |
29 |
bool invert; |
7567662ba [NETFILTER]: Add ... |
30 31 |
memset(&state, 0, sizeof(struct ts_state)); |
d879e19e1 netfilter: xtable... |
32 |
invert = conf->u.v1.flags & XT_STRING_FLAG_INVERT; |
4ad3f2616 netfilter: fix st... |
33 |
|
601e68e10 [NETFILTER]: Fix ... |
34 35 |
return (skb_find_text((struct sk_buff *)skb, conf->from_offset, conf->to_offset, conf->config, &state) |
4ad3f2616 netfilter: fix st... |
36 |
!= UINT_MAX) ^ invert; |
7567662ba [NETFILTER]: Add ... |
37 |
} |
e79ec50b9 [NETFILTER]: Pare... |
38 |
#define STRING_TEXT_PRIV(m) ((struct xt_string_info *)(m)) |
7567662ba [NETFILTER]: Add ... |
39 |
|
b0f38452f netfilter: xtable... |
40 |
static int string_mt_check(const struct xt_mtchk_param *par) |
7567662ba [NETFILTER]: Add ... |
41 |
{ |
9b4fce7a3 netfilter: xtable... |
42 |
struct xt_string_info *conf = par->matchinfo; |
7567662ba [NETFILTER]: Add ... |
43 |
struct ts_config *ts_conf; |
4ad3f2616 netfilter: fix st... |
44 |
int flags = TS_AUTOLOAD; |
7567662ba [NETFILTER]: Add ... |
45 |
|
7567662ba [NETFILTER]: Add ... |
46 47 |
/* Damn, can't handle this case properly with iptables... */ if (conf->from_offset > conf->to_offset) |
bd414ee60 netfilter: xtable... |
48 |
return -EINVAL; |
3ab720881 [NETFILTER]: xt_h... |
49 |
if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0') |
bd414ee60 netfilter: xtable... |
50 |
return -EINVAL; |
3ab720881 [NETFILTER]: xt_h... |
51 |
if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE) |
bd414ee60 netfilter: xtable... |
52 |
return -EINVAL; |
d879e19e1 netfilter: xtable... |
53 54 55 56 57 |
if (conf->u.v1.flags & ~(XT_STRING_FLAG_IGNORECASE | XT_STRING_FLAG_INVERT)) return -EINVAL; if (conf->u.v1.flags & XT_STRING_FLAG_IGNORECASE) flags |= TS_IGNORECASE; |
7567662ba [NETFILTER]: Add ... |
58 |
ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen, |
4ad3f2616 netfilter: fix st... |
59 |
GFP_KERNEL, flags); |
7567662ba [NETFILTER]: Add ... |
60 |
if (IS_ERR(ts_conf)) |
4a5a5c73b netfilter: xtable... |
61 |
return PTR_ERR(ts_conf); |
7567662ba [NETFILTER]: Add ... |
62 63 |
conf->config = ts_conf; |
bd414ee60 netfilter: xtable... |
64 |
return 0; |
7567662ba [NETFILTER]: Add ... |
65 |
} |
6be3d8598 netfilter: xtable... |
66 |
static void string_mt_destroy(const struct xt_mtdtor_param *par) |
7567662ba [NETFILTER]: Add ... |
67 |
{ |
6be3d8598 netfilter: xtable... |
68 |
textsearch_destroy(STRING_TEXT_PRIV(par->matchinfo)->config); |
7567662ba [NETFILTER]: Add ... |
69 |
} |
d879e19e1 netfilter: xtable... |
70 71 72 73 74 75 76 77 78 |
static struct xt_match xt_string_mt_reg __read_mostly = { .name = "string", .revision = 1, .family = NFPROTO_UNSPEC, .checkentry = string_mt_check, .match = string_mt, .destroy = string_mt_destroy, .matchsize = sizeof(struct xt_string_info), .me = THIS_MODULE, |
7567662ba [NETFILTER]: Add ... |
79 |
}; |
d3c5ee6d5 [NETFILTER]: x_ta... |
80 |
static int __init string_mt_init(void) |
7567662ba [NETFILTER]: Add ... |
81 |
{ |
d879e19e1 netfilter: xtable... |
82 |
return xt_register_match(&xt_string_mt_reg); |
7567662ba [NETFILTER]: Add ... |
83 |
} |
d3c5ee6d5 [NETFILTER]: x_ta... |
84 |
static void __exit string_mt_exit(void) |
7567662ba [NETFILTER]: Add ... |
85 |
{ |
d879e19e1 netfilter: xtable... |
86 |
xt_unregister_match(&xt_string_mt_reg); |
7567662ba [NETFILTER]: Add ... |
87 |
} |
d3c5ee6d5 [NETFILTER]: x_ta... |
88 89 |
module_init(string_mt_init); module_exit(string_mt_exit); |