On Wed, Mar 21, 2018 at 03:42:14PM +1300, Bernie Harris wrote: > The xt_string module uses skb_find_text to match a pattern > against packet data. The current behaviour is that the offsets > are used as the range in which a match can start, with the 'to' > offset being included in that range. This means that to do an > exact match for a string at a specific offset, the 'to' and > 'from' offsets need to be equal. However, skb_seq_read does not > allow any data to be read if the offsets are equal. > > This patch fixes this behaviour by adding the pattern length to > the 'to' offset when calling skb_prepare_seq_read. This should > not change the behaviour of any existing callers of skb_find_text > since the maximum number of bytes read does not change. This > makes it possible for the xt_string module to do an exact match > for a string at a specific offset. > > Signed-off-by: Bernie Harris <bernie.harris@xxxxxxxxxxxxxxxxxxx> > --- > net/core/skbuff.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/core/skbuff.c b/net/core/skbuff.c > index 0bb0d8877954..3026158a9993 100644 > --- a/net/core/skbuff.c > +++ b/net/core/skbuff.c > @@ -3353,7 +3353,8 @@ unsigned int skb_find_text(struct sk_buff *skb, unsigned int from, > config->get_next_block = skb_ts_get_next_block; > config->finish = skb_ts_finish; > > - skb_prepare_seq_read(skb, from, to, TS_SKB_CB(&state)); > + skb_prepare_seq_read(skb, from, to + textsearch_get_pattern_len(config), > + TS_SKB_CB(&state)); I think this may change semantics a bit. I mean, if you specify [ from , to ] range where from != to, then this is now going to do [ from, to + pattern] which may be a large range. I may be overlooking anything, but shouldn't we fix this from xt_string? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
