From 3071913784b69423fd25c3db2344e585872920cc Mon Sep 17 00:00:00 2001 From: Emmanuel Roger Date: Wed, 4 Oct 2000 15:19:31 +0000 Subject: Emmanuel Roger's string matching patch. --- extensions/.string-test | 2 + extensions/libipt_string.c | 127 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+) create mode 100755 extensions/.string-test create mode 100644 extensions/libipt_string.c (limited to 'extensions') diff --git a/extensions/.string-test b/extensions/.string-test new file mode 100755 index 00000000..609f1c2b --- /dev/null +++ b/extensions/.string-test @@ -0,0 +1,2 @@ +#! /bin/sh +[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_string.h ] && echo string diff --git a/extensions/libipt_string.c b/extensions/libipt_string.c new file mode 100644 index 00000000..25dacdc5 --- /dev/null +++ b/extensions/libipt_string.c @@ -0,0 +1,127 @@ +/* Shared library add-on to iptables to add string matching support. + * + * Copyright (C) 2000 Emmanuel Roger + */ +#include +#include +#include +#include +#include + +#include +#include + +/* Function which prints out usage message. */ +static void +help(void) +{ + printf( +"STRING match v%s options:\n" +"--string [!] string Match a string in a packet\n", +NETFILTER_VERSION); + + fputc('\n', stdout); +} + +static struct option opts[] = { + { "string", 1, 0, '1' }, + {0} +}; + +/* Initialize the match. */ +static void +init(struct ipt_entry_match *m, unsigned int *nfcache) +{ + *nfcache |= NFC_UNKNOWN; +} + +static void +parse_string(const unsigned char *s, struct ipt_string_info *info) +{ + if (strlen(s) <= 255) strcpy(info->string, s); + else exit_error(PARAMETER_PROBLEM, "STRING too long `%s'", s); +} + +/* Function which parses command options; returns true if it + ate an option */ +static int +parse(int c, char **argv, int invert, unsigned int *flags, + const struct ipt_entry *entry, + unsigned int *nfcache, + struct ipt_entry_match **match) +{ + struct ipt_string_info *stringinfo = (struct ipt_string_info *)(*match)->data; + + switch (c) { + case '1': + if (check_inverse(optarg, &invert)) + optind++; + parse_string(argv[optind-1], stringinfo); + if (invert) + stringinfo->invert = 1; + *flags = 1; + break; + + default: + return 0; + } + return 1; +} + +static void +print_string(char string[], int invert, int numeric) +{ + + if (invert) + fputc('!', stdout); + printf("%s ",string); +} + +/* Final check; must have specified --string. */ +static void +final_check(unsigned int flags) +{ + if (!flags) + exit_error(PARAMETER_PROBLEM, + "STRING match: You must specify `--string'"); +} + +/* Prints out the matchinfo. */ +static void +print(const struct ipt_ip *ip, + const struct ipt_entry_match *match, + int numeric) +{ + printf("STRING match "); + print_string(((struct ipt_string_info *)match->data)->string, + ((struct ipt_string_info *)match->data)->invert, numeric); +} + +/* Saves the union ipt_matchinfo in parsable form to stdout. */ +static void +save(const struct ipt_ip *ip, const struct ipt_entry_match *match) +{ + printf("--tos "); + print_string(((struct ipt_string_info *)match->data)->string, + ((struct ipt_string_info *)match->data)->invert, 0); +} + +struct iptables_match string += { NULL, + "string", + NETFILTER_VERSION, + IPT_ALIGN(sizeof(struct ipt_string_info)), + IPT_ALIGN(sizeof(struct ipt_string_info)), + &help, + &init, + &parse, + &final_check, + &print, + &save, + opts +}; + +void _init(void) +{ + register_match(&string); +} -- cgit v1.2.3