Hi again,
On Thu, Dec 21, 2017 at 01:08:52AM +0100, Pablo Neira Ayuso wrote:
> > diff --git a/net/bridge/netfilter/ebt_string.c b/net/bridge/netfilter/ebt_string.c
> > new file mode 100644
> > index 000000000000..66770506d3a3
> > --- /dev/null
> > +++ b/net/bridge/netfilter/ebt_string.c
> > @@ -0,0 +1,65 @@
> > +/*
> > + * string
> > + *
> > + * Author:
> > + * Bernie Harris bernie.harris@xxxxxxxxxxxxxxxxxxx
> > + *
> > + * October 2017
> > + *
> > + */
> > +#include <linux/module.h>
> > +#include <linux/netfilter/x_tables.h>
> > +#include <linux/netfilter_bridge/ebtables.h>
> > +#include <linux/netfilter_bridge/ebt_string.h>
> > +
> > +static bool
> > +ebt_string_mt(const struct sk_buff *skb, struct xt_action_param *par)
> > +{
> > + const struct ebt_string_info *info = par->matchinfo;
> > + unsigned char buf[MAX_STRING_OCTETS + 1];
> > + unsigned char *match_start;
> > + int i;
> > + int offset = skb_network_offset(skb) + info->offset;
> > +
> > + if (offset + info->length >= skb->len)
> > + return false;
> > +
> > + match_start = skb_header_pointer(skb, offset, info->length, buf);
> > +
> > + for (i = 0; i < info->length; i++) {
> > + if (*(match_start + i) != info->string[i])
> > + return false;
> > + }
>
> I would prefer something that converges with net/netfilter/xt_string.c
This oneliner that I'm attaching plus code in ebtables userspace (see
iptables/extensions/libxt_string.c for rerefence) to add support for
the string match in ebtables should suffice.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
