STring Replacement Patch [Quick Response]

STring Replacement Patch [Quick Response]

[Noman Liaquat]

I  have downloaded the version of patch-o-matic-ng
from netfilter websites and now my patch of string
controlling is working, below command is the proof of
that

#iptables -A FORWARD -m string --algo bm --string
"hello" -j DROP

ok that is fine. is there any way to alter that
packet. to replace--string
is there any patch available, if yes so how i can
implement that patch. 
I am using kernel 2.6.14.4 and latest patch-o-matic-ng
from svn repository of netfilter website. i am using
RedHat Enterprise Linux version#4(ES).

this is the websites
 http://www.cipherdyne.org/fwsnort/

here iptables are providing --replace-string it is not
working fine giving errors to me.

I am waiting for quick response.

Regards
noman



	
		
__________________________________ 
Yahoo! for Good - Make a difference this year. 
http://brand.yahoo.com/cybergivingweek2005/

Re: STring Replacement Patch [Quick Response]

[Pablo Neira Ayuso]

Noman Liaquat wrote:
> I  have downloaded the version of patch-o-matic-ng
> from netfilter websites and now my patch of string
> controlling is working, below command is the proof of
> that

the string match is available since kernel 2.6.14, so you don't need
pom-ng in any way.

> #iptables -A FORWARD -m string --algo bm --string
> "hello" -j DROP
> 
> ok that is fine. is there any way to alter that
> packet. to replace--string
> is there any patch available, if yes so how i can
> implement that patch. 

No, this functionality isn't implemented yet: The only sane way to do
this that I see at the moment is implementing a target called `STRING'.
Matches don't allow packet modifications. See the API requirements:

static int match(const struct sk_buff *skb, ...)
                  ^^^

So, such target must implement the same features than the current
`string' match does plus the --replace-string thing.

-- 
Pablo

Problem in patch-o-matic-ng

[Amresh Kumar]

Hello to all,

I  have downloaded the latest version of patch-o-matic-ng. from netfilter 
websites,also svn checkout for update  and now my patch of random and nth 
patch for load balancing , I have applied the following commands
1.   iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW 
-m nth --counter 0 \
--every 4 --packet 0  -j DNAT --to-destination 192.168.0.5:80

2. -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m random 
--average 25  \
-j DNAT --to-destination 192.168.0.5:80

But  i am getting the following error
iptables: No chain/target/match by that name.

My iptable version is   iptables-1.3.4 , Kernel version  linux-2.6.14.4

For this i have first applied random and nth patch rule from patch-o-matic.
after that recompile my kernel with iptables.

plz help me ..

Thanks in advance.

_________________________________________________________________
NRIs, paying for Money Transfers to India? Use Money2India. It’s FREE 
http://creative.mediaturf.net/creatives/msn_product.htm

RE: STring Replacement Patch [Quick Response]

[Richard Pickett]

> this is the websites
>  http://www.cipherdyne.org/fwsnort/
> 
> here iptables are providing --replace-string it is not
> working fine giving errors to me.

Hmmmm. Did you read that site yourself? Did you follow the instructions
on that site for getting --replace-string to work? Or did you just glaze
over that site and come back here and post to us?

> I am waiting for quick response.

You are pushy and impatient.

Re: STring Replacement Patch [Quick Response]

[/dev/rob0]

On Thursday 2005-December-29 10:30, Richard Pickett wrote:
> > I am waiting for quick response.
>
> You are pushy and impatient.

Perhaps, or it could merely be a serious deficiency in understanding 
written English.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

RE: STring Replacement Patch [Quick Response]

[Richard Pickett]

> On Thursday 2005-December-29 10:30, Richard Pickett wrote:
> > > I am waiting for quick response.
> >
> > You are pushy and impatient.
> 
> Perhaps, or it could merely be a serious deficiency in understanding
> written English.

My comment comes from seeing him request over and over for the list to
do this for him and him always being pointed away, not from this one
phrase here.