2.6.27: revert case insensitive match support in xt_string while we are using iptable...
authorGabor Juhos <juhosg@openwrt.org>
Sun, 5 Oct 2008 09:21:12 +0000 (09:21 +0000)
committerGabor Juhos <juhosg@openwrt.org>
Sun, 5 Oct 2008 09:21:12 +0000 (09:21 +0000)
SVN-Revision: 12862

target/linux/generic-2.6/patches-2.6.27/952-revert_xt_string_case_insensitive_match.patch [new file with mode: 0644]

diff --git a/target/linux/generic-2.6/patches-2.6.27/952-revert_xt_string_case_insensitive_match.patch b/target/linux/generic-2.6/patches-2.6.27/952-revert_xt_string_case_insensitive_match.patch
new file mode 100644 (file)
index 0000000..4902db1
--- /dev/null
@@ -0,0 +1,112 @@
+--- a/include/linux/netfilter/xt_string.h
++++ b/include/linux/netfilter/xt_string.h
+@@ -4,11 +4,6 @@
+ #define XT_STRING_MAX_PATTERN_SIZE 128
+ #define XT_STRING_MAX_ALGO_NAME_SIZE 16
+-enum {
+-      XT_STRING_FLAG_INVERT           = 0x01,
+-      XT_STRING_FLAG_IGNORECASE       = 0x02
+-};
+-
+ struct xt_string_info
+ {
+       u_int16_t from_offset;
+@@ -16,15 +11,7 @@
+       char      algo[XT_STRING_MAX_ALGO_NAME_SIZE];
+       char      pattern[XT_STRING_MAX_PATTERN_SIZE];
+       u_int8_t  patlen;
+-      union {
+-              struct {
+-                      u_int8_t  invert;
+-              } v0;
+-
+-              struct {
+-                      u_int8_t  flags;
+-              } v1;
+-      } u;
++      u_int8_t  invert;
+       /* Used internally by the kernel */
+       struct ts_config __attribute__((aligned(8))) *config;
+--- a/net/netfilter/xt_string.c
++++ b/net/netfilter/xt_string.c
+@@ -29,16 +29,12 @@
+ {
+       const struct xt_string_info *conf = matchinfo;
+       struct ts_state state;
+-      int invert;
+       memset(&state, 0, sizeof(struct ts_state));
+-      invert = (match->revision == 0 ? conf->u.v0.invert :
+-                                  conf->u.v1.flags & XT_STRING_FLAG_INVERT);
+-
+       return (skb_find_text((struct sk_buff *)skb, conf->from_offset,
+                            conf->to_offset, conf->config, &state)
+-                           != UINT_MAX) ^ invert;
++                           != UINT_MAX) ^ conf->invert;
+ }
+ #define STRING_TEXT_PRIV(m) ((struct xt_string_info *)(m))
+@@ -50,7 +46,6 @@
+ {
+       struct xt_string_info *conf = matchinfo;
+       struct ts_config *ts_conf;
+-      int flags = TS_AUTOLOAD;
+       /* Damn, can't handle this case properly with iptables... */
+       if (conf->from_offset > conf->to_offset)
+@@ -59,15 +54,8 @@
+               return false;
+       if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
+               return false;
+-      if (match->revision == 1) {
+-              if (conf->u.v1.flags &
+-                  ~(XT_STRING_FLAG_IGNORECASE | XT_STRING_FLAG_INVERT))
+-                      return false;
+-              if (conf->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
+-                      flags |= TS_IGNORECASE;
+-      }
+       ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
+-                                   GFP_KERNEL, flags);
++                                   GFP_KERNEL, TS_AUTOLOAD);
+       if (IS_ERR(ts_conf))
+               return false;
+@@ -84,17 +72,6 @@
+ static struct xt_match string_mt_reg[] __read_mostly = {
+       {
+               .name           = "string",
+-              .revision       = 0,
+-              .family         = AF_INET,
+-              .checkentry     = string_mt_check,
+-              .match          = string_mt,
+-              .destroy        = string_mt_destroy,
+-              .matchsize      = sizeof(struct xt_string_info),
+-              .me             = THIS_MODULE
+-      },
+-      {
+-              .name           = "string",
+-              .revision       = 1,
+               .family         = AF_INET,
+               .checkentry     = string_mt_check,
+               .match          = string_mt,
+@@ -104,17 +81,6 @@
+       },
+       {
+               .name           = "string",
+-              .revision       = 0,
+-              .family         = AF_INET6,
+-              .checkentry     = string_mt_check,
+-              .match          = string_mt,
+-              .destroy        = string_mt_destroy,
+-              .matchsize      = sizeof(struct xt_string_info),
+-              .me             = THIS_MODULE
+-      },
+-      {
+-              .name           = "string",
+-              .revision       = 1,
+               .family         = AF_INET6,
+               .checkentry     = string_mt_check,
+               .match          = string_mt,