xref: /linux-6.15/net/netfilter/xt_string.c (revision eb2bce7f) 
1 /* String matching match for iptables
2  *
3  * (C) 2005 Pablo Neira Ayuso <[email protected]>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  */
9 
10 #include <linux/init.h>
11 #include <linux/module.h>
12 #include <linux/kernel.h>
13 #include <linux/skbuff.h>
14 #include <linux/netfilter/x_tables.h>
15 #include <linux/netfilter/xt_string.h>
16 #include <linux/textsearch.h>
17 
18 MODULE_AUTHOR("Pablo Neira Ayuso <[email protected]>");
19 MODULE_DESCRIPTION("IP tables string match module");
20 MODULE_LICENSE("GPL");
21 MODULE_ALIAS("ipt_string");
22 MODULE_ALIAS("ip6t_string");
23 
24 static int match(const struct sk_buff *skb,
25 		 const struct net_device *in,
26 		 const struct net_device *out,
27 		 const struct xt_match *match,
28 		 const void *matchinfo,
29 		 int offset,
30 		 unsigned int protoff,
31 		 int *hotdrop)
32 {
33 	const struct xt_string_info *conf = matchinfo;
34 	struct ts_state state;
35 
36 	memset(&state, 0, sizeof(struct ts_state));
37 
38 	return (skb_find_text((struct sk_buff *)skb, conf->from_offset,
39 			     conf->to_offset, conf->config, &state)
40 			     != UINT_MAX) ^ conf->invert;
41 }
42 
43 #define STRING_TEXT_PRIV(m) ((struct xt_string_info *) m)
44 
45 static int checkentry(const char *tablename,
46 		      const void *ip,
47 		      const struct xt_match *match,
48 		      void *matchinfo,
49 		      unsigned int hook_mask)
50 {
51 	struct xt_string_info *conf = matchinfo;
52 	struct ts_config *ts_conf;
53 
54 	/* Damn, can't handle this case properly with iptables... */
55 	if (conf->from_offset > conf->to_offset)
56 		return 0;
57 	if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0')
58 		return 0;
59 	if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
60 		return 0;
61 	ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
62 				     GFP_KERNEL, TS_AUTOLOAD);
63 	if (IS_ERR(ts_conf))
64 		return 0;
65 
66 	conf->config = ts_conf;
67 
68 	return 1;
69 }
70 
71 static void destroy(const struct xt_match *match, void *matchinfo)
72 {
73 	textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config);
74 }
75 
76 static struct xt_match xt_string_match[] = {
77 	{
78 		.name 		= "string",
79 		.family		= AF_INET,
80 		.checkentry	= checkentry,
81 		.match 		= match,
82 		.destroy 	= destroy,
83 		.matchsize	= sizeof(struct xt_string_info),
84 		.me 		= THIS_MODULE
85 	},
86 	{
87 		.name 		= "string",
88 		.family		= AF_INET6,
89 		.checkentry	= checkentry,
90 		.match 		= match,
91 		.destroy 	= destroy,
92 		.matchsize	= sizeof(struct xt_string_info),
93 		.me 		= THIS_MODULE
94 	},
95 };
96 
97 static int __init xt_string_init(void)
98 {
99 	return xt_register_matches(xt_string_match, ARRAY_SIZE(xt_string_match));
100 }
101 
102 static void __exit xt_string_fini(void)
103 {
104 	xt_unregister_matches(xt_string_match, ARRAY_SIZE(xt_string_match));
105 }
106 
107 module_init(xt_string_init);
108 module_exit(xt_string_fini);
109