2007/6/21, Jan Kogut <jkogut@xxxxxxxxxxxxx>:
Hi, > > look for "string" in the manpage to iptables. > > iptables ... -m string --string "GOOGLE" --algo bm ... > > should be the right pointer for you. > I am wondering about the usability of the Knuth-Pratt-Morris algorithm (--algo kmp). here http://www-igm.univ-mlv.fr/~lecroq/string/node14.html#SECTION00140 vs http://www-igm.univ-mlv.fr/~lecroq/string/node8.html#SECTION0080 we can see that Boyer-Moore gives definitely better performance than Knuth-Pratt-Morris. That is why I am curious about when kmp is better than bm ? Cheers, JK -- Regards, Jan Kogut Computer Systems Administrator Laboratory of Bioinformatics and Protein Engineering International Institute of Molecular and Cell Biology ul. Ks. Trojdena 4 02-109 Warsaw, Poland http://genesilico.pl :.
if you use a string match and match for a specific string inside the packet, lets say get /index.html. Will that work? Normally, yes. However, if the packet size is very small, it will not. The reason is that iptables is built to work on a per packet basis, which means that if the string is split into several separate packets, iptables will not see that whole string. For this reason, you are much, much better off using a proxy of some sort for filtering in the application layer. Use Squid.
