net/netfilter/xt_string.c at v2.6.16 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / net / netfilter / xt_string.c
at v2.6.16 2.7 kB view raw
  1/* String matching match for iptables
  2 * 
  3 * (C) 2005 Pablo Neira Ayuso <pablo@eurodev.net>
  4 *
  5 * This program is free software; you can redistribute it and/or modify
  6 * it under the terms of the GNU General Public License version 2 as
  7 * published by the Free Software Foundation.
  8 */
  9
 10#include <linux/init.h>
 11#include <linux/module.h>
 12#include <linux/kernel.h>
 13#include <linux/skbuff.h>
 14#include <linux/netfilter/x_tables.h>
 15#include <linux/netfilter/xt_string.h>
 16#include <linux/textsearch.h>
 17
 18MODULE_AUTHOR("Pablo Neira Ayuso <pablo@eurodev.net>");
 19MODULE_DESCRIPTION("IP tables string match module");
 20MODULE_LICENSE("GPL");
 21MODULE_ALIAS("ipt_string");
 22MODULE_ALIAS("ip6t_string");
 23
 24static int match(const struct sk_buff *skb,
 25		 const struct net_device *in,
 26		 const struct net_device *out,
 27		 const void *matchinfo,
 28		 int offset,
 29		 unsigned int protoff,
 30		 int *hotdrop)
 31{
 32	struct ts_state state;
 33	struct xt_string_info *conf = (struct xt_string_info *) matchinfo;
 34
 35	memset(&state, 0, sizeof(struct ts_state));
 36
 37	return (skb_find_text((struct sk_buff *)skb, conf->from_offset, 
 38			     conf->to_offset, conf->config, &state) 
 39			     != UINT_MAX) && !conf->invert;
 40}
 41
 42#define STRING_TEXT_PRIV(m) ((struct xt_string_info *) m)
 43
 44static int checkentry(const char *tablename,
 45		      const void *ip,
 46		      void *matchinfo,
 47		      unsigned int matchsize,
 48		      unsigned int hook_mask)
 49{
 50	struct xt_string_info *conf = matchinfo;
 51	struct ts_config *ts_conf;
 52
 53	if (matchsize != XT_ALIGN(sizeof(struct xt_string_info)))
 54		return 0;
 55
 56	/* Damn, can't handle this case properly with iptables... */
 57	if (conf->from_offset > conf->to_offset)
 58		return 0;
 59
 60	ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
 61				     GFP_KERNEL, TS_AUTOLOAD);
 62	if (IS_ERR(ts_conf))
 63		return 0;
 64
 65	conf->config = ts_conf;
 66
 67	return 1;
 68}
 69
 70static void destroy(void *matchinfo, unsigned int matchsize)
 71{
 72	textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config);
 73}
 74
 75static struct xt_match string_match = {
 76	.name 		= "string",
 77	.match 		= match,
 78	.checkentry	= checkentry,
 79	.destroy 	= destroy,
 80	.me 		= THIS_MODULE
 81};
 82static struct xt_match string6_match = {
 83	.name 		= "string",
 84	.match 		= match,
 85	.checkentry	= checkentry,
 86	.destroy 	= destroy,
 87	.me 		= THIS_MODULE
 88};
 89
 90static int __init init(void)
 91{
 92	int ret;
 93
 94	ret = xt_register_match(AF_INET, &string_match);
 95	if (ret)
 96		return ret;
 97	ret = xt_register_match(AF_INET6, &string6_match);
 98	if (ret)
 99		xt_unregister_match(AF_INET, &string_match);
100
101	return ret;
102}
103
104static void __exit fini(void)
105{
106	xt_unregister_match(AF_INET, &string_match);
107	xt_unregister_match(AF_INET6, &string6_match);
108}
109
110module_init(init);
111module_exit(fini);