--- /dev/null	2004-09-23 01:18:13.000000000 +0200
+++ linux-2.5/net/ipv4/netfilter/ipt_string.c	2005-01-09 14:22:52.000000000 +0100
@@ -0,0 +1,81 @@
+/* Kernel module to match a string into a packet.
+ *
+ * Copyright (C) 2005 Pablo Neira Ayuso  <pablo@eurodev.net>
+ *
+ * This code under GPL version 2.
+ */
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netfilter_ipv4/nf_string_match.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_string.h>
+
+MODULE_LICENSE("GPL");
+
+static int
+match(const struct sk_buff *skb,
+      const struct net_device *in,
+      const struct net_device *out,
+      const void *matchinfo,
+      int offset,
+      int *hotdrop)
+{
+	const struct ipt_string_info *info = matchinfo;
+	unsigned int off = 0;
+	
+	if (nf_string_match_search(skb, info->sm, &off))
+		return (1 - info->invert);
+	
+	return (0 + info->invert);
+}
+
+static int
+checkentry(const char *tablename,
+	   const struct ipt_ip *ip,
+	   void *matchinfo,
+	   unsigned int matchsize,
+	   unsigned int hook_mask)
+{
+	struct ipt_string_info *info = matchinfo;
+
+	if (matchsize != IPT_ALIGN(sizeof(struct ipt_string_info)))
+		return 0;
+
+	/* Initialization */
+	info->sm = (struct nf_string_match *)
+			nf_string_match_create(info->pattern, info->patlen);
+	if (!info->sm)
+		return 0;
+
+	return 1;
+}
+
+static void
+destroy(void *matchinfo, unsigned int matchinfosize)
+{
+	struct ipt_string_info *info = matchinfo;
+
+	nf_string_match_destroy(info->sm);
+}
+
+static struct ipt_match string_match = {
+	.name       	="string",
+	.match      	= match, 
+	.checkentry 	= checkentry,
+	.destroy 	= destroy,
+	.me         	= THIS_MODULE,
+};
+
+static int __init init(void)
+{
+	return ipt_register_match(&string_match);
+}
+
+static void __exit fini(void)
+{
+	ipt_unregister_match(&string_match);
+}
+
+module_init(init);
+module_exit(fini);
--- /dev/null	2004-09-23 01:18:13.000000000 +0200
+++ linux-2.5/include/linux/netfilter_ipv4/ipt_string.h	2005-01-09 14:16:44.000000000 +0100
@@ -0,0 +1,16 @@
+#ifndef _IPT_STRING_H
+#define _IPT_STRING_H
+
+#include <linux/netfilter_ipv4/ipt_string.h>
+
+#define MAX_PATLEN 256
+
+struct ipt_string_info {
+    char 	pattern[MAX_PATLEN];
+    int 	patlen;
+    int 	invert;
+    struct	nf_string_match *sm;
+};
+
+#endif /* _IPT_STRING_H */
+