xt_string.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
xt_string.c (2510B)
      1// SPDX-License-Identifier: GPL-2.0-only
      2/* String matching match for iptables
      3 *
      4 * (C) 2005 Pablo Neira Ayuso <pablo@eurodev.net>
      5 */
      6
      7#include <linux/gfp.h>
      8#include <linux/init.h>
      9#include <linux/module.h>
     10#include <linux/kernel.h>
     11#include <linux/skbuff.h>
     12#include <linux/netfilter/x_tables.h>
     13#include <linux/netfilter/xt_string.h>
     14#include <linux/textsearch.h>
     15
     16MODULE_AUTHOR("Pablo Neira Ayuso <pablo@eurodev.net>");
     17MODULE_DESCRIPTION("Xtables: string-based matching");
     18MODULE_LICENSE("GPL");
     19MODULE_ALIAS("ipt_string");
     20MODULE_ALIAS("ip6t_string");
     21MODULE_ALIAS("ebt_string");
     22
     23static bool
     24string_mt(const struct sk_buff *skb, struct xt_action_param *par)
     25{
     26	const struct xt_string_info *conf = par->matchinfo;
     27	bool invert;
     28
     29	invert = conf->u.v1.flags & XT_STRING_FLAG_INVERT;
     30
     31	return (skb_find_text((struct sk_buff *)skb, conf->from_offset,
     32			     conf->to_offset, conf->config)
     33			     != UINT_MAX) ^ invert;
     34}
     35
     36#define STRING_TEXT_PRIV(m) ((struct xt_string_info *)(m))
     37
     38static int string_mt_check(const struct xt_mtchk_param *par)
     39{
     40	struct xt_string_info *conf = par->matchinfo;
     41	struct ts_config *ts_conf;
     42	int flags = TS_AUTOLOAD;
     43
     44	/* Damn, can't handle this case properly with iptables... */
     45	if (conf->from_offset > conf->to_offset)
     46		return -EINVAL;
     47	if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0')
     48		return -EINVAL;
     49	if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
     50		return -EINVAL;
     51	if (conf->u.v1.flags &
     52	    ~(XT_STRING_FLAG_IGNORECASE | XT_STRING_FLAG_INVERT))
     53		return -EINVAL;
     54	if (conf->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
     55		flags |= TS_IGNORECASE;
     56	ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
     57				     GFP_KERNEL, flags);
     58	if (IS_ERR(ts_conf))
     59		return PTR_ERR(ts_conf);
     60
     61	conf->config = ts_conf;
     62	return 0;
     63}
     64
     65static void string_mt_destroy(const struct xt_mtdtor_param *par)
     66{
     67	textsearch_destroy(STRING_TEXT_PRIV(par->matchinfo)->config);
     68}
     69
     70static struct xt_match xt_string_mt_reg __read_mostly = {
     71	.name       = "string",
     72	.revision   = 1,
     73	.family     = NFPROTO_UNSPEC,
     74	.checkentry = string_mt_check,
     75	.match      = string_mt,
     76	.destroy    = string_mt_destroy,
     77	.matchsize  = sizeof(struct xt_string_info),
     78	.usersize   = offsetof(struct xt_string_info, config),
     79	.me         = THIS_MODULE,
     80};
     81
     82static int __init string_mt_init(void)
     83{
     84	return xt_register_match(&xt_string_mt_reg);
     85}
     86
     87static void __exit string_mt_exit(void)
     88{
     89	xt_unregister_match(&xt_string_mt_reg);
     90}
     91
     92module_init(string_mt_init);
     93module_exit(string_mt_exit);