Noman Liaquat wrote:
> I have downloaded the version of patch-o-matic-ng
> from netfilter websites and now my patch of string
> controlling is working, below command is the proof of
> that
the string match is available since kernel 2.6.14, so you don't need
pom-ng in any way.
> #iptables -A FORWARD -m string --algo bm --string
> "hello" -j DROP
>
> ok that is fine. is there any way to alter that
> packet. to replace--string
> is there any patch available, if yes so how i can
> implement that patch.
No, this functionality isn't implemented yet: The only sane way to do
this that I see at the moment is implementing a target called `STRING'.
Matches don't allow packet modifications. See the API requirements:
static int match(const struct sk_buff *skb, ...)
^^^
So, such target must implement the same features than the current
`string' match does plus the --replace-string thing.
--
Pablo
