Linux/net/netfilter/xt

Version: ~ [ linux-6.6-rc1 ] ~ [ linux-6.5.2 ] ~ [ linux-6.4.15 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.52 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.131 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.194 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.256 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.294 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.325 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 // SPDX-License-Identifier: GPL-2.0-only 2 /* String matching match for iptables 3 * 4 * (C) 2005 Pablo Neira Ayuso <pablo@eurodev.net> 5 */ 6 7 #include <linux/gfp.h> 8 #include <linux/init.h> 9 #include <linux/module.h> 10 #include <linux/kernel.h> 11 #include <linux/skbuff.h> 12 #include <linux/netfilter/x_tables.h> 13 #include <linux/netfilter/xt_string.h> 14 #include <linux/textsearch.h> 15 16 MODULE_AUTHOR("Pablo Neira Ayuso <pablo@eurodev.net>"); 17 MODULE_DESCRIPTION("Xtables: string-based matching"); 18 MODULE_LICENSE("GPL"); 19 MODULE_ALIAS("ipt_string"); 20 MODULE_ALIAS("ip6t_string"); 21 MODULE_ALIAS("ebt_string"); 22 23 static bool 24 string_mt(const struct sk_buff *skb, struct xt_action_param *par) 25 { 26 const struct xt_string_info *conf = par->matchinfo; 27 bool invert; 28 29 invert = conf->u.v1.flags & XT_STRING_FLAG_INVERT; 30 31 return (skb_find_text((struct sk_buff *)skb, conf->from_offset, 32 conf->to_offset, conf->config) 33 != UINT_MAX) ^ invert; 34 } 35 36 #define STRING_TEXT_PRIV(m) ((struct xt_string_info *)(m)) 37 38 static int string_mt_check(const struct xt_mtchk_param *par) 39 { 40 struct xt_string_info *conf = par->matchinfo; 41 struct ts_config *ts_conf; 42 int flags = TS_AUTOLOAD; 43 44 /* Damn, can't handle this case properly with iptables... */ 45 if (conf->from_offset > conf->to_offset) 46 return -EINVAL; 47 if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0') 48 return -EINVAL; 49 if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE) 50 return -EINVAL; 51 if (conf->u.v1.flags & 52 ~(XT_STRING_FLAG_IGNORECASE | XT_STRING_FLAG_INVERT)) 53 return -EINVAL; 54 if (conf->u.v1.flags & XT_STRING_FLAG_IGNORECASE) 55 flags |= TS_IGNORECASE; 56 ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen, 57 GFP_KERNEL, flags); 58 if (IS_ERR(ts_conf)) 59 return PTR_ERR(ts_conf); 60 61 conf->config = ts_conf; 62 return 0; 63 } 64 65 static void string_mt_destroy(const struct xt_mtdtor_param *par) 66 { 67 textsearch_destroy(STRING_TEXT_PRIV(par->matchinfo)->config); 68 } 69 70 static struct xt_match xt_string_mt_reg __read_mostly = { 71 .name = "string", 72 .revision = 1, 73 .family = NFPROTO_UNSPEC, 74 .checkentry = string_mt_check, 75 .match = string_mt, 76 .destroy = string_mt_destroy, 77 .matchsize = sizeof(struct xt_string_info), 78 .usersize = offsetof(struct xt_string_info, config), 79 .me = THIS_MODULE, 80 }; 81 82 static int __init string_mt_init(void) 83 { 84 return xt_register_match(&xt_string_mt_reg); 85 } 86 87 static void __exit string_mt_exit(void) 88 { 89 xt_unregister_match(&xt_string_mt_reg); 90 } 91 92 module_init(string_mt_init); 93 module_exit(string_mt_exit); 94

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/net/netfilter/xt_string.c

TOMOYO Linux Cross Reference
Linux/net/netfilter/xt_string.c