From 80efcace067529f75c5edfa120509e4c73d1b6fa Mon Sep 17 00:00:00 2001 From: Andreas Schwarz Date: Thu, 11 Aug 2022 17:13:29 +0200 Subject: [PATCH 1/3] add strings module icase option --- NEWS | 1 + doc/ferm.pod | 2 +- src/ferm | 2 +- test/modules/string.ferm | 2 +- test/modules/string.result | 2 +- 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index b88be06..29deab8 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,7 @@ v2.8 - not yet released - updated netfilter modules: * length2 + * string (add icase parameter) v2.7 - 5 May 2022 diff --git a/doc/ferm.pod b/doc/ferm.pod index 06d3dd4..4794053 100644 --- a/doc/ferm.pod +++ b/doc/ferm.pod @@ -1147,7 +1147,7 @@ iptables(8) man page. Matches a string. mod string string "foo bar" ACCEPT; - mod string algo kmp from 64 to 128 hex-string "deadbeef" ACCEPT; + mod string icase algo kmp from 64 to 128 hex-string "deadbeef" ACCEPT; =item B diff --git a/src/ferm b/src/ferm index a979577..4edf65c 100755 --- a/src/ferm +++ b/src/ferm @@ -307,7 +307,7 @@ add_match_def 'set', qw(!match-set=sc set:=match-set return-nomatch*0 !update-co add_match_def 'socket', qw(transparent*0 nowildcard*0 restore-skmark*0); add_match_def 'state', qw(!state=c); add_match_def 'statistic', qw(mode=s probability=s every=s packet=s); -add_match_def 'string', qw(algo=s from=s to=s string hex-string); +add_match_def 'string', qw(algo=s from=s to=s icase string hex-string); add_match_def 'tcpmss', qw(!mss); add_match_def 'time', qw(timestart=s timestop=s days=c datestart=s datestop=s), qw(!monthday=c !weekdays=c kerneltz*0 contiguous*0); diff --git a/test/modules/string.ferm b/test/modules/string.ferm index 73478f3..a42ae16 100644 --- a/test/modules/string.ferm +++ b/test/modules/string.ferm @@ -1,4 +1,4 @@ table filter chain INPUT { mod string string "foo bar" ACCEPT; - mod string algo kmp from 64 to 128 hex-string "deadbeef" ACCEPT; + mod string icase algo kmp from 64 to 128 hex-string "deadbeef" ACCEPT; } diff --git a/test/modules/string.result b/test/modules/string.result index 45a7267..254a1ad 100644 --- a/test/modules/string.result +++ b/test/modules/string.result @@ -1,2 +1,2 @@ iptables -t filter -A INPUT -m string --string 'foo bar' -j ACCEPT -iptables -t filter -A INPUT -m string --algo kmp --from 64 --to 128 --hex-string deadbeef -j ACCEPT +iptables -t filter -A INPUT -m string --icase --algo kmp --from 64 --to 128 --hex-string deadbeef -j ACCEPT From 7dfc2518387aaaf54ce82146152b40c963de9685 Mon Sep 17 00:00:00 2001 From: Andreas Schwarz Date: Thu, 11 Aug 2022 17:17:22 +0200 Subject: [PATCH 2/3] fix option order --- test/modules/string.ferm | 2 +- test/modules/string.result | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/modules/string.ferm b/test/modules/string.ferm index a42ae16..7d7f4b1 100644 --- a/test/modules/string.ferm +++ b/test/modules/string.ferm @@ -1,4 +1,4 @@ table filter chain INPUT { mod string string "foo bar" ACCEPT; - mod string icase algo kmp from 64 to 128 hex-string "deadbeef" ACCEPT; + mod string algo kmp from 64 to 128 icase hex-string "deadbeef" ACCEPT; } diff --git a/test/modules/string.result b/test/modules/string.result index 254a1ad..5d3fcef 100644 --- a/test/modules/string.result +++ b/test/modules/string.result @@ -1,2 +1,2 @@ iptables -t filter -A INPUT -m string --string 'foo bar' -j ACCEPT -iptables -t filter -A INPUT -m string --icase --algo kmp --from 64 --to 128 --hex-string deadbeef -j ACCEPT +iptables -t filter -A INPUT -m string --algo kmp --from 64 --to 128 --icase --hex-string deadbeef -j ACCEPT From 147a23c66ce88f4bf8501e781e1dadef7c075c3b Mon Sep 17 00:00:00 2001 From: Andreas Schwarz Date: Thu, 11 Aug 2022 17:27:22 +0200 Subject: [PATCH 3/3] fix expecting parameters for icase --- src/ferm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ferm b/src/ferm index 4edf65c..5aa9d55 100755 --- a/src/ferm +++ b/src/ferm @@ -307,7 +307,7 @@ add_match_def 'set', qw(!match-set=sc set:=match-set return-nomatch*0 !update-co add_match_def 'socket', qw(transparent*0 nowildcard*0 restore-skmark*0); add_match_def 'state', qw(!state=c); add_match_def 'statistic', qw(mode=s probability=s every=s packet=s); -add_match_def 'string', qw(algo=s from=s to=s icase string hex-string); +add_match_def 'string', qw(algo=s from=s to=s icase*0 string hex-string); add_match_def 'tcpmss', qw(!mss); add_match_def 'time', qw(timestart=s timestop=s days=c datestart=s datestop=s), qw(!monthday=c !weekdays=c kerneltz*0 contiguous*0);