|
|
@@ -0,0 +1,112 @@
|
|
|
+--- a/include/linux/netfilter/xt_string.h
|
|
|
++++ b/include/linux/netfilter/xt_string.h
|
|
|
+@@ -4,11 +4,6 @@
|
|
|
+ #define XT_STRING_MAX_PATTERN_SIZE 128
|
|
|
+ #define XT_STRING_MAX_ALGO_NAME_SIZE 16
|
|
|
+
|
|
|
+-enum {
|
|
|
+- XT_STRING_FLAG_INVERT = 0x01,
|
|
|
+- XT_STRING_FLAG_IGNORECASE = 0x02
|
|
|
+-};
|
|
|
+-
|
|
|
+ struct xt_string_info
|
|
|
+ {
|
|
|
+ u_int16_t from_offset;
|
|
|
+@@ -16,15 +11,7 @@
|
|
|
+ char algo[XT_STRING_MAX_ALGO_NAME_SIZE];
|
|
|
+ char pattern[XT_STRING_MAX_PATTERN_SIZE];
|
|
|
+ u_int8_t patlen;
|
|
|
+- union {
|
|
|
+- struct {
|
|
|
+- u_int8_t invert;
|
|
|
+- } v0;
|
|
|
+-
|
|
|
+- struct {
|
|
|
+- u_int8_t flags;
|
|
|
+- } v1;
|
|
|
+- } u;
|
|
|
++ u_int8_t invert;
|
|
|
+
|
|
|
+ /* Used internally by the kernel */
|
|
|
+ struct ts_config __attribute__((aligned(8))) *config;
|
|
|
+--- a/net/netfilter/xt_string.c
|
|
|
++++ b/net/netfilter/xt_string.c
|
|
|
+@@ -29,16 +29,12 @@
|
|
|
+ {
|
|
|
+ const struct xt_string_info *conf = matchinfo;
|
|
|
+ struct ts_state state;
|
|
|
+- int invert;
|
|
|
+
|
|
|
+ memset(&state, 0, sizeof(struct ts_state));
|
|
|
+
|
|
|
+- invert = (match->revision == 0 ? conf->u.v0.invert :
|
|
|
+- conf->u.v1.flags & XT_STRING_FLAG_INVERT);
|
|
|
+-
|
|
|
+ return (skb_find_text((struct sk_buff *)skb, conf->from_offset,
|
|
|
+ conf->to_offset, conf->config, &state)
|
|
|
+- != UINT_MAX) ^ invert;
|
|
|
++ != UINT_MAX) ^ conf->invert;
|
|
|
+ }
|
|
|
+
|
|
|
+ #define STRING_TEXT_PRIV(m) ((struct xt_string_info *)(m))
|
|
|
+@@ -50,7 +46,6 @@
|
|
|
+ {
|
|
|
+ struct xt_string_info *conf = matchinfo;
|
|
|
+ struct ts_config *ts_conf;
|
|
|
+- int flags = TS_AUTOLOAD;
|
|
|
+
|
|
|
+ /* Damn, can't handle this case properly with iptables... */
|
|
|
+ if (conf->from_offset > conf->to_offset)
|
|
|
+@@ -59,15 +54,8 @@
|
|
|
+ return false;
|
|
|
+ if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
|
|
|
+ return false;
|
|
|
+- if (match->revision == 1) {
|
|
|
+- if (conf->u.v1.flags &
|
|
|
+- ~(XT_STRING_FLAG_IGNORECASE | XT_STRING_FLAG_INVERT))
|
|
|
+- return false;
|
|
|
+- if (conf->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
|
|
|
+- flags |= TS_IGNORECASE;
|
|
|
+- }
|
|
|
+ ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
|
|
|
+- GFP_KERNEL, flags);
|
|
|
++ GFP_KERNEL, TS_AUTOLOAD);
|
|
|
+ if (IS_ERR(ts_conf))
|
|
|
+ return false;
|
|
|
+
|
|
|
+@@ -84,17 +72,6 @@
|
|
|
+ static struct xt_match string_mt_reg[] __read_mostly = {
|
|
|
+ {
|
|
|
+ .name = "string",
|
|
|
+- .revision = 0,
|
|
|
+- .family = AF_INET,
|
|
|
+- .checkentry = string_mt_check,
|
|
|
+- .match = string_mt,
|
|
|
+- .destroy = string_mt_destroy,
|
|
|
+- .matchsize = sizeof(struct xt_string_info),
|
|
|
+- .me = THIS_MODULE
|
|
|
+- },
|
|
|
+- {
|
|
|
+- .name = "string",
|
|
|
+- .revision = 1,
|
|
|
+ .family = AF_INET,
|
|
|
+ .checkentry = string_mt_check,
|
|
|
+ .match = string_mt,
|
|
|
+@@ -104,17 +81,6 @@
|
|
|
+ },
|
|
|
+ {
|
|
|
+ .name = "string",
|
|
|
+- .revision = 0,
|
|
|
+- .family = AF_INET6,
|
|
|
+- .checkentry = string_mt_check,
|
|
|
+- .match = string_mt,
|
|
|
+- .destroy = string_mt_destroy,
|
|
|
+- .matchsize = sizeof(struct xt_string_info),
|
|
|
+- .me = THIS_MODULE
|
|
|
+- },
|
|
|
+- {
|
|
|
+- .name = "string",
|
|
|
+- .revision = 1,
|
|
|
+ .family = AF_INET6,
|
|
|
+ .checkentry = string_mt_check,
|
|
|
+ .match = string_mt,
|
Gabor Juhos