static void ofp_http_match_test(void** state) { CHECK_ZERO_MEMORY_ALLOCATED; ofp_http_request_description_t desc; inplace_string_set(&desc.method, "GET"); inplace_string_set(&desc.host, "example.com"); inplace_string_set(&desc.uri, "/index.html"); ofp_uri_list_t* uris = ofp_uri_list_new(); ofp_uri_list_entry_t* matchEntry = NULL; int result = http_match(&desc, "example.com", uris, &matchEntry); assert_null(matchEntry); assert_int_equal(HttpMatchUrlNotInList, result); ofp_uri_list_entry_add_uri(uris, strdup("/index.html")); result = http_match(&desc, "example.com", uris, &matchEntry); assert_non_null(matchEntry); assert_non_null(matchEntry->uri); assert_int_equal(HttpMatchStartWith, result); #if REGEX inplace_string_set(&desc.uri, "/phish/index.html"); ofp_uri_list_entry_add_regex(uris, ovh_regex_new("/plop.*\\.html")); result = http_match(&desc, "example.com", uris, &matchEntry); assert_null(matchEntry); assert_int_equal(HttpMatchUrlNotInList, result); ofp_uri_list_entry_add_regex(uris, ovh_regex_new("/phish.*\\.html")); result = http_match(&desc, "example.com", uris, &matchEntry); assert_non_null(matchEntry); assert_non_null(matchEntry->regex); assert_string_equal("/phish.*\\.html", matchEntry->regex->pattern); assert_int_equal(HttpMatchRegex, result); #endif ofp_uri_list_free_elements(uris); ofp_uri_list_free(uris); CHECK_ZERO_MEMORY_ALLOCATED; }
static bool match(const struct sk_buff *skb, struct xt_action_param *par) { const struct ipt_weburl_info *info = (const struct ipt_weburl_info*)(par->matchinfo); int test = 0; struct iphdr* iph; /* linearize skb if necessary */ struct sk_buff *linear_skb; int skb_copied; if(skb_is_nonlinear(skb)) { linear_skb = skb_copy(skb, GFP_ATOMIC); skb_copied = 1; } else { linear_skb = (struct sk_buff*)skb; skb_copied = 0; } /* ignore packets that are not TCP */ iph = (struct iphdr*)(skb_network_header(skb)); if(iph->protocol == IPPROTO_TCP) { /* get payload */ struct tcphdr* tcp_hdr = (struct tcphdr*)( ((unsigned char*)iph) + (iph->ihl*4) ); unsigned short payload_offset = (tcp_hdr->doff*4) + (iph->ihl*4); unsigned char* payload = ((unsigned char*)iph) + payload_offset; unsigned short payload_length = ntohs(iph->tot_len) - payload_offset; /* if payload length <= 10 bytes don't bother doing a check, otherwise check for match */ if(payload_length > 10) { if(strnicmp((char*)payload, "GET ", 4) == 0 || strnicmp( (char*)payload, "POST ", 5) == 0 || strnicmp((char*)payload, "HEAD ", 5) == 0) { test = http_match(info, payload, payload_length); } else if ((unsigned short)ntohs(tcp_hdr->dest) == 443) { test = https_match(info, payload, payload_length); } } } /* free skb if we made a copy to linearize it */ if(skb_copied == 1) { kfree_skb(linear_skb); } /* printk("returning %d from weburl\n\n\n", test); */ return test; }