1 /* Shared library add-on to iptables to add string matching support.
3 * Copyright (C) 2000 Emmanuel Roger <winfield@freegates.be>
6 * 27.01.2001: Gianni Tedesco <gianni@ecsc.co.uk>
7 * Changed --tos to --string in save(). Also
8 * updated to work with slightly modified
12 /* Shared library add-on to iptables to add webstr matching support.
14 * Copyright (C) 2003, CyberTAN Corporation
15 * All Rights Reserved.
18 * This is shared library, added to iptables, for web content inspection.
19 * It was derived from 'string' matching support, declared as above.
30 #include <linux/netfilter_ipv4/ipt_webstr.h>
32 /* Function which prints out usage message. */
33 static void help(void)
36 "WEBSTR match v%s options:\n"
37 "[!] --host 'host<host' Match one of the hostname in a URL.\n"
38 "[!] --url 'key<key' Match one of the keyword in a URL.\n"
39 "[!] --content ## Match Java, ActiveX, proxy. See code for details.\n\n",
43 static struct option opts
[] = {
44 { "host", 1, 0, '1' },
46 { "content", 1, 0, '3' },
50 /* Initialize the match. */
51 static void init(struct ipt_entry_match
*m
, unsigned int *nfcache
)
53 *nfcache
|= NFC_UNKNOWN
;
56 static void parse_string(const unsigned char *s
, struct ipt_webstr_info
*info
)
58 if (strlen(s
) < MAX_WEBSTR_STRING
) strcpy(info
->string
, s
);
59 else exit_error(PARAMETER_PROBLEM
, "WEBSTR too long `%s'", s
);
62 /* Function which parses command options; returns true if it ate an option */
64 int c
, char **argv
, int invert
, unsigned int *flags
,
65 const struct ipt_entry
*entry
,
66 unsigned int *nfcache
,
67 struct ipt_entry_match
**match
)
69 struct ipt_webstr_info
*stringinfo
= (struct ipt_webstr_info
*)(*match
)->data
;
73 stringinfo
->type
= IPT_WEBSTR_HOST
;
76 stringinfo
->type
= IPT_WEBSTR_URL
;
79 stringinfo
->type
= IPT_WEBSTR_CONTENT
;
85 check_inverse(optarg
, &invert
, &optind
, 0);
86 parse_string(argv
[optind
- 1], stringinfo
);
87 if (invert
) stringinfo
->invert
= 1;
88 stringinfo
->len
= strlen((char *)&stringinfo
->string
);
94 static void print_string(char string
[], int invert
, int numeric
)
96 if (invert
) fputc('!', stdout
);
97 printf("%s ", string
);
100 /* Final check; must have specified --string. */
101 static void final_check(unsigned int flags
)
103 if (!flags
) exit_error(PARAMETER_PROBLEM
, "WEBSTR match: You must specify `--webstr'");
106 /* Prints out the matchinfo. */
107 static void print(const struct ipt_ip
*ip
, const struct ipt_entry_match
*match
, int numeric
)
109 struct ipt_webstr_info
*stringinfo
= (struct ipt_webstr_info
*)match
->data
;
111 printf("WEBSTR match ");
114 switch (stringinfo
->type
) {
115 case IPT_WEBSTR_HOST
:
123 case IPT_WEBSTR_CONTENT
:
132 print_string(((struct ipt_webstr_info
*)match
->data
)->string
,
133 ((struct ipt_webstr_info
*)match
->data
)->invert
, numeric
);
136 /* Saves the union ipt_matchinfo in parsable form to stdout. */
137 static void save(const struct ipt_ip
*ip
, const struct ipt_entry_match
*match
)
140 print_string(((struct ipt_webstr_info
*)match
->data
)->string
,
141 ((struct ipt_webstr_info
*)match
->data
)->invert
, 0);
144 static struct iptables_match webstr
148 IPT_ALIGN(sizeof(struct ipt_webstr_info
)),
149 IPT_ALIGN(sizeof(struct ipt_webstr_info
)),
161 register_match(&webstr
);