diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-01-08 21:04:22 +0200 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-01-24 01:52:49 +0200 |
| commit | 29f66aa1ee7c2bf93cc128ecd891ba01c313a310 (patch) | |
| tree | a249de88c131878f3bedc44715ae048af1daf99f | |
| parent | adc33e7957e337b31ed151efc29186ca6d8ec4ac (diff) | |
| download | awall-29f66aa1ee7c2bf93cc128ecd891ba01c313a310.tar.bz2 awall-29f66aa1ee7c2bf93cc128ecd891ba01c313a310.tar.xz | |
string match
| -rw-r--r-- | README.md | 19 | ||||
| -rw-r--r-- | awall/model.lua | 21 |
2 files changed, 39 insertions, 1 deletions
@@ -349,6 +349,25 @@ attributes: order specified by <strong>args</strong> </td> </tr> + <tr> + <td><strong>string</strong></td> + <td> + String or object containing at least an attribute named + <strong>match</strong> and optionally one or more of the + following: <strong>algo</strong>, <strong>from</strong>, and + <strong>to</strong>. + </td> + <td> + Packet contains the given plain string or the one defined by + the <strong>match</strong> attribute. Attributes + <strong>from</strong> and <strong>to</strong> can be used to + constrain the search to the specific byte range of the + packet. The used algorithm may be selected using the + <strong>algo</strong> attribute. The allowed values are + <strong>bm</strong> for Boyer–Moore (default) and + <strong>kmp</strong> for Knuth–Pratt–Morris. + </td> + </tr> </tbody> </table> diff --git a/awall/model.lua b/awall/model.lua index f797cfe..1d649dd 100644 --- a/awall/model.lua +++ b/awall/model.lua @@ -536,6 +536,25 @@ function M.Rule:trules() ofrags = combinations(ofrags, ipsetofrags) end + if self.string then + if type(self.string) == 'string' then + self.string = {match=self.string} + end + if not self.string.match then self:error('String match not defined') end + setdefault(self.string, 'algo', 'bm') + + local opts = '-m string --string "'.. + self.string.match:gsub('(["\\])', '\\%1')..'"' + + for _, attr in ipairs{'algo', 'from', 'to'} do + if self.string[attr] then + opts = opts..' --'..attr..' '..self.string[attr] + end + end + + ofrags = combinations(ofrags, {{match=opts}}) + end + if self.match then ofrags = combinations(ofrags, {{match=self.match}}) end ofrags = combinations(ofrags, self:servoptfrags()) @@ -643,7 +662,7 @@ function M.Rule:extrarules(label, cls, options) for _, attr in ipairs( extend( - {'in', 'out', 'src', 'dest', 'ipset', 'match', 'service'}, + {'in', 'out', 'src', 'dest', 'ipset', 'string', 'match', 'service'}, options.attrs ) ) do |