Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
xt_string.c
Go to the documentation of this file.
1 /* String matching match for iptables
2  *
3  * (C) 2005 Pablo Neira Ayuso <[email protected]>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  */
9 
10 #include <linux/gfp.h>
11 #include <linux/init.h>
12 #include <linux/module.h>
13 #include <linux/kernel.h>
14 #include <linux/skbuff.h>
15 #include <linux/netfilter/x_tables.h>
16 #include <linux/netfilter/xt_string.h>
17 #include <linux/textsearch.h>
18 
19 MODULE_AUTHOR("Pablo Neira Ayuso <[email protected]>");
20 MODULE_DESCRIPTION("Xtables: string-based matching");
21 MODULE_LICENSE("GPL");
22 MODULE_ALIAS("ipt_string");
23 MODULE_ALIAS("ip6t_string");
24 
25 static bool
26 string_mt(const struct sk_buff *skb, struct xt_action_param *par)
27 {
28  const struct xt_string_info *conf = par->matchinfo;
29  struct ts_state state;
30  bool invert;
31 
32  memset(&state, 0, sizeof(struct ts_state));
33  invert = conf->u.v1.flags & XT_STRING_FLAG_INVERT;
34 
35  return (skb_find_text((struct sk_buff *)skb, conf->from_offset,
36  conf->to_offset, conf->config, &state)
37  != UINT_MAX) ^ invert;
38 }
39 
40 #define STRING_TEXT_PRIV(m) ((struct xt_string_info *)(m))
41 
42 static int string_mt_check(const struct xt_mtchk_param *par)
43 {
44  struct xt_string_info *conf = par->matchinfo;
45  struct ts_config *ts_conf;
46  int flags = TS_AUTOLOAD;
47 
48  /* Damn, can't handle this case properly with iptables... */
49  if (conf->from_offset > conf->to_offset)
50  return -EINVAL;
51  if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0')
52  return -EINVAL;
53  if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
54  return -EINVAL;
55  if (conf->u.v1.flags &
56  ~(XT_STRING_FLAG_IGNORECASE | XT_STRING_FLAG_INVERT))
57  return -EINVAL;
58  if (conf->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
59  flags |= TS_IGNORECASE;
60  ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
61  GFP_KERNEL, flags);
62  if (IS_ERR(ts_conf))
63  return PTR_ERR(ts_conf);
64 
65  conf->config = ts_conf;
66  return 0;
67 }
68 
69 static void string_mt_destroy(const struct xt_mtdtor_param *par)
70 {
71  textsearch_destroy(STRING_TEXT_PRIV(par->matchinfo)->config);
72 }
73 
74 static struct xt_match xt_string_mt_reg __read_mostly = {
75  .name = "string",
76  .revision = 1,
77  .family = NFPROTO_UNSPEC,
78  .checkentry = string_mt_check,
79  .match = string_mt,
80  .destroy = string_mt_destroy,
81  .matchsize = sizeof(struct xt_string_info),
82  .me = THIS_MODULE,
83 };
84 
85 static int __init string_mt_init(void)
86 {
87  return xt_register_match(&xt_string_mt_reg);
88 }
89 
90 static void __exit string_mt_exit(void)
91 {
92  xt_unregister_match(&xt_string_mt_reg);
93 }
94 
95 module_init(string_mt_init);
96 module_exit(string_mt_exit);
Generated on Thu Jan 10 2013 15:01:00 for Linux Kernel by   doxygen 1.8.2