| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1214389510-21445-1-git-send-email-joonwpark81@gmail.com>
Date: Wed, 25 Jun 2008 03:25:10 -0700
From: Joonwoo Park <joonwpark81@...il.com>
To: Patrick McHardy <kaber@...sh.net>
Cc: netdev <netdev@...r.kernel.org>,
netfilter-devel <netfilter-devel@...r.kernel.org>,
Thomas Graf <tgraf@...g.ch>,
Pablo Neira Ayuso <pablo@...filter.org>,
Joonwoo Park <joonwpark81@...il.com>
Subject: [PATCH 8/8 v2] iptables: string extension case insensitive matching
The string extension can search patterns case insensitively with --icase
option.
Signed-off-by: Joonwoo Park <joonwpark81@...il.com>
---
extensions/libxt_string.c | 14 +++++++++++++-
include/linux/netfilter/xt_string.h | 3 +++
2 files changed, 16 insertions(+), 1 deletions(-)
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index 5eec44b..54f4fda 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -37,7 +37,8 @@ static void string_help(void)
"string match options:\n"
"--from Offset to start searching from\n"
"--to Offset to stop searching\n"
-"--algo Algorithm\n"
+"--algo Algorithm\n"
+"--icase Ignore case\n"
"[!] --string string Match a string in a packet\n"
"[!] --hex-string string Match a hex string in a packet\n");
}
@@ -48,6 +49,7 @@ static const struct option string_opts[] = {
{ "algo", 1, NULL, '3' },
{ "string", 1, NULL, '4' },
{ "hex-string", 1, NULL, '5' },
+ { "icase", 0, NULL, '6' },
{ .name = NULL }
};
@@ -162,6 +164,7 @@ parse_hex_string(const char *s, struct xt_string_info *info)
#define ALGO 0x2
#define FROM 0x4
#define TO 0x8
+#define ICASE 0x10
/* Function which parses command options; returns true if it
ate an option */
@@ -217,6 +220,11 @@ string_parse(int c, char **argv, int invert, unsigned int *flags,
*flags |= STRING;
break;
+ case '6':
+ stringinfo->flags |= XT_STRING_FLAG_IGNORECASE;
+ *flags |= ICASE;
+ break;
+
default:
return 0;
}
@@ -300,6 +308,8 @@ string_print(const void *ip, const struct xt_entry_match *match, int numeric)
printf("FROM %u ", info->from_offset);
if (info->to_offset != 0)
printf("TO %u ", info->to_offset);
+ if (info->flags & XT_STRING_FLAG_IGNORECASE)
+ printf("ICASE ");
}
@@ -321,6 +331,8 @@ static void string_save(const void *ip, const struct xt_entry_match *match)
printf("--from %u ", info->from_offset);
if (info->to_offset != 0)
printf("--to %u ", info->to_offset);
+ if (info->flags & XT_STRING_FLAG_IGNORECASE)
+ printf("--icase ");
}
diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h
index bb21dd1..2de02e9 100644
--- a/include/linux/netfilter/xt_string.h
+++ b/include/linux/netfilter/xt_string.h
@@ -4,6 +4,8 @@
#define XT_STRING_MAX_PATTERN_SIZE 128
#define XT_STRING_MAX_ALGO_NAME_SIZE 16
+#define XT_STRING_FLAG_IGNORECASE 0x01
+
struct xt_string_info
{
u_int16_t from_offset;
@@ -12,6 +14,7 @@ struct xt_string_info
char pattern[XT_STRING_MAX_PATTERN_SIZE];
u_int8_t patlen;
u_int8_t invert;
+ u_int8_t flags;
/* Used internally by the kernel */
struct ts_config __attribute__((aligned(8))) *config;
--
1.5.4.3
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists