libxt_string.c revision f2a77520693f0a6dd1df1f87be4b81913961c1f5 
1/* Shared library add-on to iptables to add string matching support.
2 *
3 * Copyright (C) 2000 Emmanuel Roger  <winfield@freegates.be>
4 *
5 * 2005-08-05 Pablo Neira Ayuso <pablo@eurodev.net>
6 * 	- reimplemented to use new string matching iptables match
7 * 	- add functionality to match packets by using window offsets
8 * 	- add functionality to select the string matching algorithm
9 *
10 * ChangeLog
11 *     29.12.2003: Michael Rash <mbr@cipherdyne.org>
12 *             Fixed iptables save/restore for ascii strings
13 *             that contain space chars, and hex strings that
14 *             contain embedded NULL chars.  Updated to print
15 *             strings in hex mode if any non-printable char
16 *             is contained within the string.
17 *
18 *     27.01.2001: Gianni Tedesco <gianni@ecsc.co.uk>
19 *             Changed --tos to --string in save(). Also
20 *             updated to work with slightly modified
21 *             ipt_string_info.
22 */
23#define _GNU_SOURCE 1
24#include <stdio.h>
25#include <netdb.h>
26#include <string.h>
27#include <stdlib.h>
28#include <getopt.h>
29#include <ctype.h>
30#include <xtables.h>
31#include <stddef.h>
32#include <linux/netfilter/xt_string.h>
33
34static void string_help(void)
35{
36	printf(
37"string match options:\n"
38"--from                       Offset to start searching from\n"
39"--to                         Offset to stop searching\n"
40"--algo                       Algorithm\n"
41"--icase                      Ignore case (default: 0)\n"
42"[!] --string string          Match a string in a packet\n"
43"[!] --hex-string string      Match a hex string in a packet\n");
44}
45
46static const struct option string_opts[] = {
47	{ "from", 1, NULL, '1' },
48	{ "to", 1, NULL, '2' },
49	{ "algo", 1, NULL, '3' },
50	{ "string", 1, NULL, '4' },
51	{ "hex-string", 1, NULL, '5' },
52	{ "icase", 0, NULL, '6' },
53	{ .name = NULL }
54};
55
56static void string_init(struct xt_entry_match *m)
57{
58	struct xt_string_info *i = (struct xt_string_info *) m->data;
59
60	if (i->to_offset == 0)
61		i->to_offset = UINT16_MAX;
62}
63
64static void
65parse_string(const char *s, struct xt_string_info *info)
66{
67	/* xt_string does not need \0 at the end of the pattern */
68	if (strlen(s) <= XT_STRING_MAX_PATTERN_SIZE) {
69		strncpy(info->pattern, s, XT_STRING_MAX_PATTERN_SIZE);
70		info->patlen = strnlen(s, XT_STRING_MAX_PATTERN_SIZE);
71		return;
72	}
73	xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
74}
75
76static void
77parse_algo(const char *s, struct xt_string_info *info)
78{
79	/* xt_string needs \0 for algo name */
80	if (strlen(s) < XT_STRING_MAX_ALGO_NAME_SIZE) {
81		strncpy(info->algo, s, XT_STRING_MAX_ALGO_NAME_SIZE);
82		return;
83	}
84	xtables_error(PARAMETER_PROBLEM, "ALGO too long \"%s\"", s);
85}
86
87static void
88parse_hex_string(const char *s, struct xt_string_info *info)
89{
90	int i=0, slen, sindex=0, schar;
91	short hex_f = 0, literal_f = 0;
92	char hextmp[3];
93
94	slen = strlen(s);
95
96	if (slen == 0) {
97		xtables_error(PARAMETER_PROBLEM,
98			"STRING must contain at least one char");
99	}
100
101	while (i < slen) {
102		if (s[i] == '\\' && !hex_f) {
103			literal_f = 1;
104		} else if (s[i] == '\\') {
105			xtables_error(PARAMETER_PROBLEM,
106				"Cannot include literals in hex data");
107		} else if (s[i] == '|') {
108			if (hex_f)
109				hex_f = 0;
110			else {
111				hex_f = 1;
112				/* get past any initial whitespace just after the '|' */
113				while (s[i+1] == ' ')
114					i++;
115			}
116			if (i+1 >= slen)
117				break;
118			else
119				i++;  /* advance to the next character */
120		}
121
122		if (literal_f) {
123			if (i+1 >= slen) {
124				xtables_error(PARAMETER_PROBLEM,
125					"Bad literal placement at end of string");
126			}
127			info->pattern[sindex] = s[i+1];
128			i += 2;  /* skip over literal char */
129			literal_f = 0;
130		} else if (hex_f) {
131			if (i+1 >= slen) {
132				xtables_error(PARAMETER_PROBLEM,
133					"Odd number of hex digits");
134			}
135			if (i+2 >= slen) {
136				/* must end with a "|" */
137				xtables_error(PARAMETER_PROBLEM, "Invalid hex block");
138			}
139			if (! isxdigit(s[i])) /* check for valid hex char */
140				xtables_error(PARAMETER_PROBLEM, "Invalid hex char '%c'", s[i]);
141			if (! isxdigit(s[i+1])) /* check for valid hex char */
142				xtables_error(PARAMETER_PROBLEM, "Invalid hex char '%c'", s[i+1]);
143			hextmp[0] = s[i];
144			hextmp[1] = s[i+1];
145			hextmp[2] = '\0';
146			if (! sscanf(hextmp, "%x", &schar))
147				xtables_error(PARAMETER_PROBLEM,
148					"Invalid hex char `%c'", s[i]);
149			info->pattern[sindex] = (char) schar;
150			if (s[i+2] == ' ')
151				i += 3;  /* spaces included in the hex block */
152			else
153				i += 2;
154		} else {  /* the char is not part of hex data, so just copy */
155			info->pattern[sindex] = s[i];
156			i++;
157		}
158		if (sindex > XT_STRING_MAX_PATTERN_SIZE)
159			xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
160		sindex++;
161	}
162	info->patlen = sindex;
163}
164
165#define STRING 0x1
166#define ALGO   0x2
167#define FROM   0x4
168#define TO     0x8
169#define ICASE  0x10
170
171static int
172string_parse(int c, char **argv, int invert, unsigned int *flags,
173             const void *entry, struct xt_entry_match **match)
174{
175	struct xt_string_info *stringinfo =
176	    (struct xt_string_info *)(*match)->data;
177	const int revision = (*match)->u.user.revision;
178
179	switch (c) {
180	case '1':
181		if (*flags & FROM)
182			xtables_error(PARAMETER_PROBLEM,
183				   "Can't specify multiple --from");
184		stringinfo->from_offset = atoi(optarg);
185		*flags |= FROM;
186		break;
187	case '2':
188		if (*flags & TO)
189			xtables_error(PARAMETER_PROBLEM,
190				   "Can't specify multiple --to");
191		stringinfo->to_offset = atoi(optarg);
192		*flags |= TO;
193		break;
194	case '3':
195		if (*flags & ALGO)
196			xtables_error(PARAMETER_PROBLEM,
197				   "Can't specify multiple --algo");
198		parse_algo(optarg, stringinfo);
199		*flags |= ALGO;
200		break;
201	case '4':
202		if (*flags & STRING)
203			xtables_error(PARAMETER_PROBLEM,
204				   "Can't specify multiple --string");
205		xtables_check_inverse(optarg, &invert, &optind, 0);
206		parse_string(argv[optind-1], stringinfo);
207		if (invert) {
208			if (revision == 0)
209				stringinfo->u.v0.invert = 1;
210			else
211				stringinfo->u.v1.flags |= XT_STRING_FLAG_INVERT;
212		}
213		*flags |= STRING;
214		break;
215
216	case '5':
217		if (*flags & STRING)
218			xtables_error(PARAMETER_PROBLEM,
219				   "Can't specify multiple --hex-string");
220
221		xtables_check_inverse(optarg, &invert, &optind, 0);
222		parse_hex_string(argv[optind-1], stringinfo);  /* sets length */
223		if (invert) {
224			if (revision == 0)
225				stringinfo->u.v0.invert = 1;
226			else
227				stringinfo->u.v1.flags |= XT_STRING_FLAG_INVERT;
228		}
229		*flags |= STRING;
230		break;
231
232	case '6':
233		if (revision == 0)
234			xtables_error(VERSION_PROBLEM,
235				   "Kernel doesn't support --icase");
236
237		stringinfo->u.v1.flags |= XT_STRING_FLAG_IGNORECASE;
238		*flags |= ICASE;
239		break;
240
241	default:
242		return 0;
243	}
244	return 1;
245}
246
247static void string_check(unsigned int flags)
248{
249	if (!(flags & STRING))
250		xtables_error(PARAMETER_PROBLEM,
251			   "STRING match: You must specify `--string' or "
252			   "`--hex-string'");
253	if (!(flags & ALGO))
254		xtables_error(PARAMETER_PROBLEM,
255			   "STRING match: You must specify `--algo'");
256}
257
258/* Test to see if the string contains non-printable chars or quotes */
259static unsigned short int
260is_hex_string(const char *str, const unsigned short int len)
261{
262	unsigned int i;
263	for (i=0; i < len; i++)
264		if (! isprint(str[i]))
265			return 1;  /* string contains at least one non-printable char */
266	/* use hex output if the last char is a "\" */
267	if ((unsigned char) str[len-1] == 0x5c)
268		return 1;
269	return 0;
270}
271
272/* Print string with "|" chars included as one would pass to --hex-string */
273static void
274print_hex_string(const char *str, const unsigned short int len)
275{
276	unsigned int i;
277	/* start hex block */
278	printf("\"|");
279	for (i=0; i < len; i++) {
280		/* see if we need to prepend a zero */
281		if ((unsigned char) str[i] <= 0x0F)
282			printf("0%x", (unsigned char) str[i]);
283		else
284			printf("%x", (unsigned char) str[i]);
285	}
286	/* close hex block */
287	printf("|\" ");
288}
289
290static void
291print_string(const char *str, const unsigned short int len)
292{
293	unsigned int i;
294	printf("\"");
295	for (i=0; i < len; i++) {
296		if ((unsigned char) str[i] == 0x22)  /* escape any embedded quotes */
297			printf("%c", 0x5c);
298		printf("%c", (unsigned char) str[i]);
299	}
300	printf("\" ");  /* closing space and quote */
301}
302
303static void
304string_print(const void *ip, const struct xt_entry_match *match, int numeric)
305{
306	const struct xt_string_info *info =
307	    (const struct xt_string_info*) match->data;
308	const int revision = match->u.user.revision;
309	int invert = (revision == 0 ? info->u.v0.invert :
310				    info->u.v1.flags & XT_STRING_FLAG_INVERT);
311
312	if (is_hex_string(info->pattern, info->patlen)) {
313		printf("STRING match %s", invert ? "!" : "");
314		print_hex_string(info->pattern, info->patlen);
315	} else {
316		printf("STRING match %s", invert ? "!" : "");
317		print_string(info->pattern, info->patlen);
318	}
319	printf("ALGO name %s ", info->algo);
320	if (info->from_offset != 0)
321		printf("FROM %u ", info->from_offset);
322	if (info->to_offset != 0)
323		printf("TO %u ", info->to_offset);
324	if (revision > 0 && info->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
325		printf("ICASE ");
326}
327
328static void string_save(const void *ip, const struct xt_entry_match *match)
329{
330	const struct xt_string_info *info =
331	    (const struct xt_string_info*) match->data;
332	const int revision = match->u.user.revision;
333	int invert = (revision == 0 ? info->u.v0.invert :
334				    info->u.v1.flags & XT_STRING_FLAG_INVERT);
335
336	if (is_hex_string(info->pattern, info->patlen)) {
337		printf("%s--hex-string ", (invert) ? "! ": "");
338		print_hex_string(info->pattern, info->patlen);
339	} else {
340		printf("%s--string ", (invert) ? "! ": "");
341		print_string(info->pattern, info->patlen);
342	}
343	printf("--algo %s ", info->algo);
344	if (info->from_offset != 0)
345		printf("--from %u ", info->from_offset);
346	if (info->to_offset != 0)
347		printf("--to %u ", info->to_offset);
348	if (revision > 0 && info->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
349		printf("--icase ");
350}
351
352
353static struct xtables_match string_mt_reg[] = {
354	{
355		.name          = "string",
356		.revision      = 0,
357		.family        = NFPROTO_UNSPEC,
358		.version       = XTABLES_VERSION,
359		.size          = XT_ALIGN(sizeof(struct xt_string_info)),
360		.userspacesize = offsetof(struct xt_string_info, config),
361		.help          = string_help,
362		.init          = string_init,
363		.parse         = string_parse,
364		.final_check   = string_check,
365		.print         = string_print,
366		.save          = string_save,
367		.extra_opts    = string_opts,
368	},
369	{
370		.name          = "string",
371		.revision      = 1,
372		.family        = NFPROTO_UNSPEC,
373		.version       = XTABLES_VERSION,
374		.size          = XT_ALIGN(sizeof(struct xt_string_info)),
375		.userspacesize = offsetof(struct xt_string_info, config),
376		.help          = string_help,
377		.init          = string_init,
378		.parse         = string_parse,
379		.final_check   = string_check,
380		.print         = string_print,
381		.save          = string_save,
382		.extra_opts    = string_opts,
383	},
384};
385
386void _init(void)
387{
388	xtables_register_matches(string_mt_reg, ARRAY_SIZE(string_mt_reg));
389}
390