The xt_string module uses skb_find_text to match a pattern against packet data. The current behaviour is that the offsets are used as the range in which a match can start, with the 'to' offset being included in that range. This means that to do an exact match for a string at a specific offset, the 'to' and 'from' offsets need to be equal. However, skb_seq_read does not allow any data to be read if the offsets are equal. This patch fixes this behaviour by adding the pattern length to the 'to' offset when calling skb_prepare_seq_read. This should not change the behaviour of any existing callers of skb_find_text since the maximum number of bytes read does not change. This makes it possible for the xt_string module to do an exact match for a string at a specific offset. Signed-off-by: Bernie Harris <bernie.harris@xxxxxxxxxxxxxxxxxxx> --- net/core/skbuff.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 0bb0d8877954..3026158a9993 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -3353,7 +3353,8 @@ unsigned int skb_find_text(struct sk_buff *skb, unsigned int from, config->get_next_block = skb_ts_get_next_block; config->finish = skb_ts_finish; - skb_prepare_seq_read(skb, from, to, TS_SKB_CB(&state)); + skb_prepare_seq_read(skb, from, to + textsearch_get_pattern_len(config), + TS_SKB_CB(&state)); ret = textsearch_find(config, &state); return (ret <= to - from ? ret : UINT_MAX); -- 2.16.2 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
