Re: [PATCH v2 1/3] net: Allow to and from offsets to be equal in skb_find_text

On Fri, Mar 30, 2018 at 11:50:33AM +0200, Pablo Neira Ayuso wrote: > > On Wed, Mar 21, 2018 at 03:42:14PM +1300, Bernie Harris wrote: > > The xt_string module uses skb_find_text to match a pattern > > against packet data. The current behaviour is that the offsets > &g

[PATCH v2 3/3] ebtables: Add string filter

This patch is part of a proposal to add a string filter to ebtables, which would be similar to the string filter in iptables. Like iptables, the ebtables filter uses the xt_string module. Signed-off-by: Bernie Harris <bernie.har...@alliedtelesis.co.nz> --- net/netfilter/xt_string.c | 1 +

[ebtables PATCH v2] Add string filter to ebtables

correctly. Signed-off-by: Bernie Harris <bernie.har...@alliedtelesis.co.nz> --- ebtables.8 | 20 +++ extensions/Makefile | 2 +- extensions/ebt_string.c | 319 include/ebtables.h | 16 ++- include/ebtables_u.h

[PATCH v2 2/3] ebtables: Add support for specifying match revision

, which is then able to find the match module correctly. To main binary backwards compatibility, the size of the ebt_entry structures is not changed, only the size of the name field is decreased by 1 byte to make room for the revision field. Signed-off-by: Bernie Harris <bernie.

[PATCH v2 1/3] net: Allow to and from offsets to be equal in skb_find_text

callers of skb_find_text since the maximum number of bytes read does not change. This makes it possible for the xt_string module to do an exact match for a string at a specific offset. Signed-off-by: Bernie Harris <bernie.har...@alliedtelesis.co.nz> --- net/core/skbuff.c | 3 ++- 1 file chan

Re: [PATCH 2/2] ebtables: Add string filter

Hi Pablo, thanks for the reply. Just wanted to clarify your first comment below: On Mon, Mar 12, 2018 at 09:41:00AM +0100, Pablo Neira Ayuso wrote: > To: Bernie Harris > Cc: netfilter-devel@vger.kernel.org; kad...@blackhole.kfki.hu; > f...@strlen.de; da...@davemloft.net > Subject: Re

[PATCH 1/2] net: Allow to and from offsets to be equal in skb_find_text

callers of skb_find_text since the maximum number of bytes read does not change. This makes it possible for the xt_string module to do an exact match for a string at a specific offset. Signed-off-by: Bernie Harris <bernie.har...@alliedtelesis.co.nz> --- net/core/skbuff.c | 3 ++- 1 file chan

[PATCH 2/2] ebtables: Add string filter

correctly. Signed-off-by: Bernie Harris <bernie.har...@alliedtelesis.co.nz> --- include/uapi/linux/netfilter_bridge/ebtables.h | 5 - net/bridge/netfilter/ebtables.c| 12 net/netfilter/xt_string.c | 1 + 3 files changed, 13 insertions

[ebtables PATCH] Add string filter to ebtables

correctly. Signed-off-by: Bernie Harris <bernie.har...@alliedtelesis.co.nz> --- ebtables.8 | 20 +++ extensions/Makefile | 2 +- extensions/ebt_string.c | 319 include/ebtables.h | 5 +- include/ebtables_u.h| 1 + lib

[ebtables PATCH] Add filter for matching on a string

The offset is relative to the start of the network layer packet. A corresponding kernel patch will also be proposed. Signed-off-by: Bernie Harris <bernie.har...@alliedtelesis.co.nz> --- extensions/Makefile | 2 +- extensions/ebt_string.c

[PATCH] ebtables: Add filter for matching on a string

This patch is part of a proposal to add a new filter type to ebtables that matches on an arbitrary string within the encapsulated network-layer packet. The match starts from the beginning of the network-layer packet. Signed-off-by: Bernie Harris <bernie.har...@alliedtelesis.co.nz> --- i