root/fwsnort/trunk/patches/string_replace_iptables.patch
| Revision 223, 5.6 KB (checked in by mbr, 5 years ago) | |
|---|---|
|
|
-
extensions/libipt_string.c
RCS file: /cvspublic/iptables/extensions/libipt_string.c,v retrieving revision 1.11 diff -u -r1.11 libipt_string.c
32 32 { 33 33 printf( 34 34 "STRING match v%s options:\n" 35 "--string [!] string Match a string in a packet\n" 36 "--hex-string [!] string Match a hex string in a packet\n", 35 "--string [!] string Match a string in a packet.\n" 36 "--hex-string [!] string Match a hex string in a packet.\n" 37 "--replace-string Replace matching string with a new string.\n" 38 "--replace-hex-string Replace matching string with a new hex string.\n", 37 39 IPTABLES_VERSION); 38 40 } 39 41 … … 41 43 static struct option opts[] = { 42 44 { .name = "string", .has_arg = 1, .flag = 0, .val = '1' }, 43 45 { .name = "hex-string", .has_arg = 1, .flag = 0, .val = '2' }, 46 { .name = "replace-string", .has_arg = 1, .flag = 0, .val = '3' }, 47 { .name = "replace-hex-string", .has_arg = 1, .flag = 0, .val = '4' }, 44 48 { .name = 0 } 45 49 }; 46 50 … … 54 58 55 59 56 60 static void 57 parse_string(const unsigned char *s, struct ipt_string_info *info)61 parse_string(const unsigned char *s, char *string) 58 62 { 59 if (strlen(s) <= BM_MAX_NLEN) strcpy( info->string, s);63 if (strlen(s) <= BM_MAX_NLEN) strcpy(string, s); 60 64 else exit_error(PARAMETER_PROBLEM, "STRING too long `%s'", s); 61 65 } 62 66 63 67 64 68 static void 65 parse_hex_string(const unsigned char *s, struct ipt_string_info *info)69 parse_hex_string(const unsigned char *s, char *string, u_int16_t *len) 66 70 { 67 71 int i=0, slen, sindex=0, schar; 68 72 short hex_f = 0, literal_f = 0; … … 101 105 exit_error(PARAMETER_PROBLEM, 102 106 "Bad literal placement at end of string"); 103 107 } 104 info->string[sindex] = s[i+1];108 string[sindex] = s[i+1]; 105 109 i += 2; /* skip over literal char */ 106 110 literal_f = 0; 107 111 } else if (hex_f) { … … 123 127 if (! sscanf(hextmp, "%x", &schar)) 124 128 exit_error(PARAMETER_PROBLEM, 125 129 "Invalid hex char `%c'", s[i]); 126 info->string[sindex] = (char) schar;130 string[sindex] = (char) schar; 127 131 if (s[i+2] == ' ') 128 132 i += 3; /* spaces included in the hex block */ 129 133 else 130 134 i += 2; 131 135 } else { /* the char is not part of hex data, so just copy */ 132 info->string[sindex] = s[i];136 string[sindex] = s[i]; 133 137 i++; 134 138 } 135 139 if (sindex > BM_MAX_NLEN) 136 140 exit_error(PARAMETER_PROBLEM, "STRING too long `%s'", s); 137 141 sindex++; 138 142 } 139 info->len = sindex;143 *len = sindex; 140 144 } 141 145 142 146 … … 157 161 "Can't specify multiple strings"); 158 162 159 163 check_inverse(optarg, &invert, &optind, 0); 160 parse_string(argv[optind-1], stringinfo );164 parse_string(argv[optind-1], stringinfo->string); 161 165 if (invert) 162 166 stringinfo->invert = 1; 163 167 stringinfo->len=strlen((char *)&stringinfo->string); … … 167 171 case '2': 168 172 if (*flags) 169 173 exit_error(PARAMETER_PROBLEM, 170 "Can't specify multiple strings");174 "Can't specify multiple hex strings"); 171 175 172 176 check_inverse(optarg, &invert, &optind, 0); 173 parse_hex_string(argv[optind-1], stringinfo ); /* sets length */177 parse_hex_string(argv[optind-1], stringinfo->string, &stringinfo->len); 174 178 if (invert) 175 179 stringinfo->invert = 1; 176 180 *flags = 1; 177 181 break; 178 182 183 case '3': 184 if (! *flags) 185 exit_error(PARAMETER_PROBLEM, 186 "Must specify a string to replace with --string or --hex-string"); 187 188 check_inverse(optarg, &invert, &optind, 0); 189 if (invert) 190 exit_error(PARAMETER_PROBLEM, 191 "Can't negate --replace-string"); 192 parse_string(argv[optind-1], stringinfo->replace_str); 193 stringinfo->replace_len=strlen((char *)&stringinfo->replace_str); 194 /* make absolutely sure the replace string length is less than 195 * or equal to the length of the string to be replaced */ 196 if (stringinfo->replace_len > stringinfo->len) 197 exit_error(PARAMETER_PROBLEM, 198 "Length of replace string must be <= length of string to be replaced"); 199 break; 200 201 case '4': 202 if (! *flags) 203 exit_error(PARAMETER_PROBLEM, 204 "Must specify a string to replace with --string or --hex-string"); 205 206 check_inverse(optarg, &invert, &optind, 0); 207 if (invert) 208 exit_error(PARAMETER_PROBLEM, 209 "Can't negate --replace-hex-string"); 210 parse_hex_string(argv[optind-1], stringinfo->replace_str, 211 &stringinfo->replace_len); 212 /* make absolutely sure the replace string length is less than 213 * or equal to the length of the string to be replaced */ 214 if (stringinfo->replace_len > stringinfo->len) 215 exit_error(PARAMETER_PROBLEM, 216 "Length of replace string must be <= length of string to be replaced"); 217 break; 218 179 219 default: 180 220 return 0; 181 221 } … … 253 293 printf("STRING match %s", (info->invert) ? "!" : ""); 254 294 print_string(info->string, info->len); 255 295 } 296 /* print replace string (if any) */ 297 if (info->replace_len > 0) { 298 if (is_hex_string(info->replace_str, info->replace_len)) { 299 printf("REPLACE "); 300 print_hex_string(info->replace_str, info->replace_len); 301 } else { 302 printf("REPLACE "); 303 print_string(info->replace_str, info->replace_len); 304 } 305 } 256 306 } 257 307 258 308 … … 269 319 } else { 270 320 printf("--string %s", (info->invert) ? "! ": ""); 271 321 print_string(info->string, info->len); 322 } 323 /* print out --replace-string args (if necessary) */ 324 if (info->replace_len > 0) { 325 if (is_hex_string(info->replace_str, info->replace_len)) { 326 printf("--replace-hex-string "); 327 print_hex_string(info->replace_str, info->replace_len); 328 } else { 329 printf("--replace-string "); 330 print_string(info->replace_str, info->replace_len); 331 } 272 332 } 273 333 } 274 334
Note: See TracBrowser
for help on using the browser.
