Commit 29f66aa1 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen
Browse files

string match

parent adc33e79
......@@ -349,6 +349,25 @@ attributes:
order specified by <strong>args</strong>
String or object containing at least an attribute named
<strong>match</strong> and optionally one or more of the
following: <strong>algo</strong>, <strong>from</strong>, and
Packet contains the given plain string or the one defined by
the <strong>match</strong> attribute. Attributes
<strong>from</strong> and <strong>to</strong> can be used to
constrain the search to the specific byte range of the
packet. The used algorithm may be selected using the
<strong>algo</strong> attribute. The allowed values are
<strong>bm</strong> for Boyer&ndash;Moore (default) and
<strong>kmp</strong> for Knuth&ndash;Pratt&ndash;Morris.
......@@ -536,6 +536,25 @@ function M.Rule:trules()
ofrags = combinations(ofrags, ipsetofrags)
if self.string then
if type(self.string) == 'string' then
self.string = {match=self.string}
if not self.string.match then self:error('String match not defined') end
setdefault(self.string, 'algo', 'bm')
local opts = '-m string --string "'..
self.string.match:gsub('(["\\])', '\\%1')..'"'
for _, attr in ipairs{'algo', 'from', 'to'} do
if self.string[attr] then
opts = opts..' --'..attr..' '..self.string[attr]
ofrags = combinations(ofrags, {{match=opts}})
if self.match then ofrags = combinations(ofrags, {{match=self.match}}) end
ofrags = combinations(ofrags, self:servoptfrags())
......@@ -643,7 +662,7 @@ function M.Rule:extrarules(label, cls, options)
for _, attr in ipairs(
{'in', 'out', 'src', 'dest', 'ipset', 'match', 'service'},
{'in', 'out', 'src', 'dest', 'ipset', 'string', 'match', 'service'},
) do
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment