* string help
@ 2005-12-24 7:32 Noman Liaquat
2005-12-24 13:51 ` Rob Sterenborg
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Noman Liaquat @ 2005-12-24 7:32 UTC (permalink / raw)
To: netfilter; +Cc: khankhn1
I want to replace string "hello" with "abcd" how i
could do with iptables mangle, patch-o-matic is
working fine
i am waiting for quick reponse.
regards
noman
__________________________________________
Yahoo! DSL – Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: string help
2005-12-24 7:32 string help Noman Liaquat
@ 2005-12-24 13:51 ` Rob Sterenborg
2005-12-24 18:09 ` /dev/rob0
2005-12-26 13:03 ` Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Rob Sterenborg @ 2005-12-24 13:51 UTC (permalink / raw)
To: netfilter
> I want to replace string "hello" with "abcd" how i
> could do with iptables mangle, patch-o-matic is
> working fine
>
> i am waiting for quick reponse.
Quick...? Have you actually searched the net to make it work ?
From the Netfilter/POM-NG documentation :
============
string - iptables string match
Author: Emmanuel Roger <winfield@freegates.be>
Status: Working, not with kernel 2.4.9
This patch adds CONFIG_IP_NF_MATCH_STRING which allows you to
match a string in a whole packet.
THIS PATCH DOES NOT WORK WITH KERNEL 2.4.9 !!!
============
So, this is a MATCH, not a TARGET or something with which you can alter
packets.
Maybe you should also read this :
http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-
3.html#ss3.18
You might be able to QUEUE it to userspace, do the replacing there and
send it back to netfilter. But I don't know how you would re-inject a
packet or if that can be done. If it can be done, I suppose you'd have
to write a program yourself to do it.
Gr,
Rob
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: string help
2005-12-24 7:32 string help Noman Liaquat
2005-12-24 13:51 ` Rob Sterenborg
@ 2005-12-24 18:09 ` /dev/rob0
2005-12-26 13:03 ` Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: /dev/rob0 @ 2005-12-24 18:09 UTC (permalink / raw)
To: netfilter
On Saturday 2005-December-24 01:32, Noman Liaquat wrote:
> I want to replace string "abcd" with "abcd" how i
> could do with iptables mangle, patch-o-matic is
Abcd, Noman:
I don't understand the question; what is the difference? "abcd" looks
quite like "abcd" to me.
Yes, that's a silly joke. But perhaps it contains a good lesson for
those who might wish to do silly things with strings contained in
network packets. This is not the way packet filtering should work.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: string help
2005-12-24 7:32 string help Noman Liaquat
2005-12-24 13:51 ` Rob Sterenborg
2005-12-24 18:09 ` /dev/rob0
@ 2005-12-26 13:03 ` Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2005-12-26 13:03 UTC (permalink / raw)
To: Noman Liaquat; +Cc: netfilter
Noman Liaquat wrote:
> I want to replace string "hello" with "abcd" how i
> could do with iptables mangle, patch-o-matic is
> working fine
Firstly, since kernel >= 2.6.14 you don't need the string match in
pom-ng anymore.
About your question: such kind of replacement that you want to do is
evil. Think about a TCP connection, if you modify the size of the packet
the sequence number will be corrupted. So, adding support for replacing
a string with another string of the same size would be fine. Whatever
else would be broken.
--
Pablo
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-12-26 13:03 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-12-24 7:32 string help Noman Liaquat
2005-12-24 13:51 ` Rob Sterenborg
2005-12-24 18:09 ` /dev/rob0
2005-12-26 13:03 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox