Re: [PATCH] ebtables: Add filter for matching on a string

Thu, 21 Dec 2017 00:18:23 -0800 

On Thu, Dec 21, 2017 at 09:17:27AM +0100, Pablo Neira Ayuso wrote:
> Hi again,
> 
> On Thu, Dec 21, 2017 at 01:08:52AM +0100, Pablo Neira Ayuso wrote:
> > > diff --git a/net/bridge/netfilter/ebt_string.c 
> > > b/net/bridge/netfilter/ebt_string.c
> > > new file mode 100644
> > > index 000000000000..66770506d3a3
> > > --- /dev/null
> > > +++ b/net/bridge/netfilter/ebt_string.c
> > > @@ -0,0 +1,65 @@
> > > +/*
> > > + * string
> > > + *
> > > + * Author:
> > > + * Bernie Harris [email protected]
> > > + *
> > > + * October 2017
> > > + *
> > > + */
> > > +#include <linux/module.h>
> > > +#include <linux/netfilter/x_tables.h>
> > > +#include <linux/netfilter_bridge/ebtables.h>
> > > +#include <linux/netfilter_bridge/ebt_string.h>
> > > +
> > > +static bool
> > > +ebt_string_mt(const struct sk_buff *skb, struct xt_action_param *par)
> > > +{
> > > + const struct ebt_string_info *info = par->matchinfo;
> > > + unsigned char buf[MAX_STRING_OCTETS + 1];
> > > + unsigned char *match_start;
> > > + int i;
> > > + int offset = skb_network_offset(skb) + info->offset;
> > > +
> > > + if (offset + info->length >= skb->len)
> > > +         return false;
> > > +
> > > + match_start = skb_header_pointer(skb, offset, info->length, buf);
> > > +
> > > + for (i = 0; i < info->length; i++) {
> > > +         if (*(match_start + i) != info->string[i])
> > > +                 return false;
> > > + }
> > 
> > I would prefer something that converges with net/netfilter/xt_string.c
> 
> This oneliner that I'm attaching plus code in ebtables userspace (see
> iptables/extensions/libxt_string.c for rerefence) to add support for
> the string match in ebtables should suffice.

Forgot attachment, here it comes.

diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c
index 423293ee57c2..be1feddadcf0 100644
--- a/net/netfilter/xt_string.c
+++ b/net/netfilter/xt_string.c
@@ -21,6 +21,7 @@ MODULE_DESCRIPTION("Xtables: string-based matching");
 MODULE_LICENSE("GPL");
 MODULE_ALIAS("ipt_string");
 MODULE_ALIAS("ip6t_string");
+MODULE_ALIAS("ebt_string");
 
 static bool
 string_mt(const struct sk_buff *skb, struct xt_action_param *par)

Reply via email to