release/src/router/iptables/extensions/libipt_webstr.c

   1 /* Shared library add-on to iptables to add string matching support.
   2 *
   3 * Copyright (C) 2000 Emmanuel Roger  <winfield@freegates.be>
   4 *
   5 * ChangeLog
   6 *     27.01.2001: Gianni Tedesco <gianni@ecsc.co.uk>
   7 *             Changed --tos to --string in save(). Also
   8 *             updated to work with slightly modified
   9 *             ipt_string_info.
  10 */
  11
  12 /* Shared library add-on to iptables to add webstr matching support.
  13 *
  14 * Copyright (C) 2003, CyberTAN Corporation
  15 * All Rights Reserved.
  16 *
  17 * Description:
  18 *   This is shared library, added to iptables, for web content inspection.
  19 *   It was derived from 'string' matching support, declared as above.
  20 *
  21 */
  22
  23 #include <stdio.h>
  24 #include <netdb.h>
  25 #include <string.h>
  26 #include <stdlib.h>
  27 #include <getopt.h>
  28
  29 #include <iptables.h>
  30 #include <linux/netfilter_ipv4/ipt_webstr.h>
  31
  32 /* Function which prints out usage message. */
  33 static void help(void)
  34 {
  35         printf(
  36                 "WEBSTR match v%s options:\n"
  37                 "[!] --host 'host<host'   Match one of the hostname in a URL.\n"
  38                 "[!] --url 'key<key'      Match one of the keyword in a URL.\n"
  39                 "[!] --content ##         Match Java, ActiveX, proxy. See code for details.\n\n",
  40                 IPTABLES_VERSION);
  41 }
  42
  43 static struct option opts[] = {
  44         { "host", 1, 0, '1' },
  45         { "url", 1, 0, '2' },
  46         { "content", 1, 0, '3' },
  47         {0}
  48 };
  49
  50 /* Initialize the match. */
  51 static void init(struct ipt_entry_match *m, unsigned int *nfcache)
  52 {
  53         *nfcache |= NFC_UNKNOWN;
  54 }
  55
  56 static void parse_string(const unsigned char *s, struct ipt_webstr_info *info)
  57 {
  58         if (strlen(s) < MAX_WEBSTR_STRING) strcpy(info->string, s);
  59                 else exit_error(PARAMETER_PROBLEM, "WEBSTR too long `%s'", s);
  60 }
  61
  62 /* Function which parses command options; returns true if it ate an option */
  63 static int parse(
  64         int c, char **argv, int invert, unsigned int *flags,
  65         const struct ipt_entry *entry,
  66         unsigned int *nfcache,
  67         struct ipt_entry_match **match)
  68 {
  69         struct ipt_webstr_info *stringinfo = (struct ipt_webstr_info *)(*match)->data;
  70
  71         switch (c) {
  72         case '1':
  73                 stringinfo->type = IPT_WEBSTR_HOST;
  74                 break;
  75         case '2':
  76                 stringinfo->type = IPT_WEBSTR_URL;
  77                 break;
  78         case '3':
  79                 stringinfo->type = IPT_WEBSTR_CONTENT;
  80                 break;
  81         default:
  82                 return 0;
  83         }
  84
  85         check_inverse(optarg, &invert, &optind, 0);
  86         parse_string(argv[optind - 1], stringinfo);
  87         if (invert) stringinfo->invert = 1;
  88         stringinfo->len = strlen((char *)&stringinfo->string);
  89
  90         *flags = 1;
  91         return 1;
  92 }
  93
  94 static void print_string(char string[], int invert, int numeric)
  95 {
  96         if (invert) fputc('!', stdout);
  97         printf("%s ", string);
  98 }
  99
 100 /* Final check; must have specified --string. */
 101 static void final_check(unsigned int flags)
 102 {
 103         if (!flags) exit_error(PARAMETER_PROBLEM, "WEBSTR match: You must specify `--webstr'");
 104 }
 105
 106 /* Prints out the matchinfo. */
 107 static void print(const struct ipt_ip *ip, const struct ipt_entry_match *match, int numeric)
 108 {
 109         struct ipt_webstr_info *stringinfo = (struct ipt_webstr_info *)match->data;
 110
 111         printf("WEBSTR match ");
 112
 113
 114         switch (stringinfo->type) {
 115         case IPT_WEBSTR_HOST:
 116                 printf("host ");
 117                 break;
 118
 119         case IPT_WEBSTR_URL:
 120                 printf("url ");
 121                 break;
 122
 123         case IPT_WEBSTR_CONTENT:
 124                 printf("content ");
 125                 break;
 126
 127         default:
 128                 printf("ERROR ");
 129                 break;
 130         }
 131
 132         print_string(((struct ipt_webstr_info *)match->data)->string,
 133                 ((struct ipt_webstr_info *)match->data)->invert, numeric);
 134 }
 135
 136 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 137 static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
 138 {
 139         printf("--webstr ");
 140         print_string(((struct ipt_webstr_info *)match->data)->string,
 141                 ((struct ipt_webstr_info *)match->data)->invert, 0);
 142 }
 143
 144 static struct iptables_match webstr
 145         = { NULL,
 146                 "webstr",
 147                 IPTABLES_VERSION,
 148                 IPT_ALIGN(sizeof(struct ipt_webstr_info)),
 149                 IPT_ALIGN(sizeof(struct ipt_webstr_info)),
 150                 &help,
 151                 &init,
 152                 &parse,
 153                 &final_check,
 154                 &print,
 155                 &save,
 156                 opts
 157         };
 158
 159 void _init(void)
 160 {
 161         register_match(&webstr);
 162 }