Netfilter string module example usage

Question

Can anybody point me to some examples in using the xt_string module with netfilter or provide a example. What I am trying to do is to write netfilter module that will drop packets that contain a certain string in the skb->data field.

I initially tried simply strnstr(skb->data, "mystring", strlen("mystring")) but this seem to be incorrect approach to this problem (and it does not seem to be working as i dont see any packets being dropped).

Thanks in advance

Answer 1

If you mean using iptables string match in user-space, here is one example:

iptables -I INPUT 1 -p tcp --dport 80 -m string --string "domain.com" --algo kmp -j DROP

Or if you mean in kernel space, you can use textsearch API which provides KMP/BM/FSM algorithms, the following example is from kernel source lib/textsearch.c:

int pos;
struct ts_config *conf;
struct ts_state state;
const char *pattern = "chicken";
const char *example = "We dance the funky chicken";
conf = textsearch_prepare("kmp", pattern, strlen(pattern),
                             GFP_KERNEL, TS_AUTOLOAD);
if (IS_ERR(conf)) {
    err = PTR_ERR(conf);
    goto errout;
}
pos = textsearch_find_continuous(conf, &state, example, strlen(example));
if (pos != UINT_MAX)
    panic("Oh my god, dancing chickens at %d\n", pos);
textsearch_destroy(conf);

Answer 2

what you are looking for may be this one, "skb_find_text". It uses the infra in linux mentioned by @Cong Wang. You can also find some examples in the kernel codes.