[packages/kernel.git] / 2.6.0-t9-netfilter-p2p.patch

diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/Kconfig linux-2.6.0-test9/net/ipv4/netfilter/Kconfig
--- linux-2.6.0-test9.org/net/ipv4/netfilter/Kconfig	2003-11-04 11:53:04.000000000 +0100
+++ linux-2.6.0-test9/net/ipv4/netfilter/Kconfig	2003-11-04 11:12:46.000000000 +0100
@@ -5,6 +5,11 @@
 menu "IP: Netfilter Configuration"
 	depends on INET && NETFILTER
 
+config IP_NF_P2P
+	tristate "P2P netfilter"
+	help
+	    empty
+
 config IP_NF_CONNTRACK
 	tristate "Connection tracking (required for masq/NAT)"
 	---help---
diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/Makefile linux-2.6.0-test9/net/ipv4/netfilter/p2p/Makefile
--- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/Makefile	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/Makefile	2003-11-04 11:03:39.000000000 +0100
@@ -0,0 +1,4 @@
+ipt_p2p-objs	:= main.o match_http.o match_edonkey.o match_dc.o match_bittorrent.o
+
+obj-$(CONFIG_IP_NF_P2P) := ipt_p2p.o
+
diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/main.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/main.c
--- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/main.c	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/main.c	2003-11-04 11:15:28.000000000 +0100
@@ -0,0 +1,103 @@
+/*
+ * p2p iptables match module
+ * filipe@rnl.ist.utl.pt
+ */
+
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/tcp.h>
+
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/version.h>
+
+
+#define KERNEL_2_6
+
+
+MODULE_AUTHOR("Filipe Almeida <filipe@rnl.ist.utl.pt>");
+MODULE_DESCRIPTION("IP tables p2p match module");
+MODULE_LICENSE("GPL");
+
+int
+match_http( const unsigned char *data,
+             const unsigned char *end);
+int
+match_edonkey( const unsigned char *data,
+             const unsigned char *end);
+int
+match_dc( const unsigned char *data,
+             const unsigned char *end);
+int
+match_bittorrent( const unsigned char *data,
+             const unsigned char *end);
+             
+static int
+match(const struct sk_buff *skb,
+      const struct net_device *in,
+      const struct net_device *out,
+      const void *matchinfo,
+      int offset,
+      int *hotdrop)
+{
+    const struct iphdr *iph = skb->nh.iph;
+    const struct tcphdr *tcph;
+    const unsigned char *data;
+    const unsigned char *end;
+
+    int datalen;
+    datalen = skb->len - (iph->ihl<<2);
+
+    if ( !iph || iph->protocol != IPPROTO_TCP) return 0;
+
+    tcph = (void *)skb->nh.iph + skb->nh.iph->ihl*4;
+    data = (const unsigned char *) tcph + tcph->doff * 4;
+    end = data + datalen - tcph->doff * 4;
+
+    if (match_http(data, end)) return 1;
+    if (match_edonkey(data, end)) return 1;
+    if (match_dc(data, end)) return 1;
+    if (match_bittorrent(data, end)) return 1;
+
+    return 0;
+}
+
+static int
+checkentry(const char *tablename,
+           const struct ipt_ip *ip,
+           void *matchinfo,
+           unsigned int matchsize,
+           unsigned int hook_mask)
+{
+    if (matchsize != IPT_ALIGN(0))
+        return 0;
+
+    return 1;
+}
+
+
+/*
+static struct ipt_match p2p_match
+= { { NULL, NULL }, "p2p", &match, &checkentry, NULL, THIS_MODULE };
+*/
+
+static struct ipt_match p2p_match = {
+    .name        = "p2p",
+    .match       = &match,
+    .checkentry  = &checkentry,
+    .me          = THIS_MODULE,
+};
+
+static int __init init(void)
+{
+    printk(KERN_INFO "Module ipt_p2p loaded.\n");
+	return ipt_register_match(&p2p_match);
+}
+
+static void __exit fini(void)
+{
+	ipt_unregister_match(&p2p_match);
+}
+
+module_init(init);
+module_exit(fini);
diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_bittorrent.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_bittorrent.c
--- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_bittorrent.c	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_bittorrent.c	2003-10-18 00:33:35.000000000 +0200
@@ -0,0 +1,43 @@
+/*
+ * match_bittorrent.c
+ *
+ * filipe@rnl.ist.utl.pt
+ *
+ */
+
+#define __NO_VERSION__
+
+#include <linux/config.h>
+
+/*
+#ifdef CONFIG_MODVERSIONS
+#include <linux/modversions.h>
+#endif
+*/
+
+#include <linux/smp.h>
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/file.h>
+#include <net/sock.h>
+
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+
+#define SIZE_MIN    20
+#define SIZE_MAX    500
+
+const unsigned char bittorrent_string[] = "\x13"
+                            "BitTorrent protocol"
+                            "\x0\x0\x0\x0\x0\x0\x0\x0";
+
+
+int
+match_bittorrent( const unsigned char *data,
+                const unsigned char *end)
+{
+    if (end - data < SIZE_MIN || end - data > SIZE_MAX) return 0; 
+
+    if(memcmp(data, bittorrent_string, sizeof(bittorrent_string) - 1) == 0) return 1;
+    return 0;
+}
diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_dc.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_dc.c
--- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_dc.c	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_dc.c	2003-10-18 20:14:34.000000000 +0200
@@ -0,0 +1,65 @@
+/*
+ * match_dc.c
+ *
+ * filipe@rnl.ist.utl.pt
+ *
+ */
+
+#define __NO_VERSION__
+
+#include <linux/config.h>
+
+/*
+#ifdef CONFIG_MODVERSIONS
+#include <linux/modversions.h>
+#endif
+*/
+
+#include <linux/smp.h>
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/file.h>
+#include <net/sock.h>
+
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+
+#define SIZE_MIN    30
+#define SIZE_MAX    200
+
+static const unsigned char *dc_cmd[] = {
+    "MyNick",
+    "Lock",
+    NULL
+};
+
+static const unsigned char *next_cmd( const unsigned char *data,
+                                const unsigned char *end)
+{
+    while(data <= end)
+        if(*data++ == '|') return data;
+                return NULL;
+}
+
+int
+match_dc( const unsigned char *data,
+                const unsigned char *end)
+{
+    int count=0;
+
+    if (end - data < SIZE_MIN || end - data > SIZE_MAX) return 0; 
+
+    while(dc_cmd[count]) {
+        if(*data != '$') return 0;    /* Quick Exit */
+        if(end - data < strlen(dc_cmd[count])) return 0;
+        if(memcmp(data + 1, dc_cmd[count], strlen(dc_cmd[count]))) return 0;
+
+        data = next_cmd(data, end);        
+        if(!data) return 0;
+
+        count++;
+    }
+
+
+    return 1;
+}
diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_edonkey.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_edonkey.c
--- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_edonkey.c	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_edonkey.c	2003-10-18 20:14:52.000000000 +0200
@@ -0,0 +1,78 @@
+/*
+ * eDonkey iptables match module
+ * filipe@rnl.ist.utl.pt
+ */
+
+#define __NO_VERSION__
+
+#include <linux/config.h>
+#include <linux/module.h>
+
+#define get_u8(X,O) (*(__u8 *)(X + O))
+#define get_u16(X,O)  (*(__u16 *)(X + O))
+#define get_u32(X,O)  (*(__u32 *)(X + O))
+
+#define EDONKEY_PACKET  0xe3
+#define TYPE_HELLO      0x01
+#define TAG_NAME        0x01000102
+#define TAG_VERSION     0x11000103
+#define TAG_PORT        0x0f000103
+
+#define POS_MAGIC       0
+#define POS_LEN         1
+#define POS_TYPE        5
+#define POS_TAGCOUNT    28
+#define POS_FIRSTTAG    32
+
+#define SIZE_MIN    30
Commit	Line	Data
253ea758	1	diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/Kconfig linux-2.6.0-test9/net/ipv4/netfilter/Kconfig
	2	--- linux-2.6.0-test9.org/net/ipv4/netfilter/Kconfig 2003-11-04 11:53:04.000000000 +0100
	3	+++ linux-2.6.0-test9/net/ipv4/netfilter/Kconfig 2003-11-04 11:12:46.000000000 +0100
	4	@@ -5,6 +5,11 @@
	5	menu "IP: Netfilter Configuration"
	6	depends on INET && NETFILTER
	7
	8	+config IP_NF_P2P
	9	+ tristate "P2P netfilter"
	10	+ help
	11	+ empty
	12	+
	13	config IP_NF_CONNTRACK
	14	tristate "Connection tracking (required for masq/NAT)"
	15	---help---
	16	diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/Makefile linux-2.6.0-test9/net/ipv4/netfilter/p2p/Makefile
	17	--- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/Makefile 1970-01-01 01:00:00.000000000 +0100
	18	+++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/Makefile 2003-11-04 11:03:39.000000000 +0100
	19	@@ -0,0 +1,4 @@
	20	+ipt_p2p-objs := main.o match_http.o match_edonkey.o match_dc.o match_bittorrent.o
	21	+
	22	+obj-$(CONFIG_IP_NF_P2P) := ipt_p2p.o
	23	+
	24	diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/main.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/main.c
	25	--- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/main.c 1970-01-01 01:00:00.000000000 +0100
	26	+++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/main.c 2003-11-04 11:15:28.000000000 +0100
	27	@@ -0,0 +1,103 @@
	28	+/*
	29	+ * p2p iptables match module
	30	+ * filipe@rnl.ist.utl.pt
	31	+ */
	32	+
	33	+
	34	+#include <linux/module.h>
	35	+#include <linux/skbuff.h>
	36	+#include <linux/tcp.h>
	37	+
	38	+#include <linux/netfilter_ipv4/ip_tables.h>
	39	+#include <linux/version.h>
	40	+
	41	+
	42	+#define KERNEL_2_6
	43	+
	44	+
	45	+MODULE_AUTHOR("Filipe Almeida <filipe@rnl.ist.utl.pt>");
	46	+MODULE_DESCRIPTION("IP tables p2p match module");
	47	+MODULE_LICENSE("GPL");
	48	+
	49	+int
	50	+match_http( const unsigned char *data,
	51	+ const unsigned char *end);
	52	+int
	53	+match_edonkey( const unsigned char *data,
	54	+ const unsigned char *end);
	55	+int
	56	+match_dc( const unsigned char *data,
	57	+ const unsigned char *end);
	58	+int
	59	+match_bittorrent( const unsigned char *data,
	60	+ const unsigned char *end);
	61	+
	62	+static int
	63	+match(const struct sk_buff *skb,
	64	+ const struct net_device *in,
65	+ const struct net_device *out,
66	+ const void *matchinfo,
67	+ int offset,
68	+ int *hotdrop)
69	+{
70	+ const struct iphdr *iph = skb->nh.iph;
71	+ const struct tcphdr *tcph;
72	+ const unsigned char *data;
73	+ const unsigned char *end;
74	+
75	+ int datalen;
76	+ datalen = skb->len - (iph->ihl<<2);
77	+
78	+ if ( !iph \|\| iph->protocol != IPPROTO_TCP) return 0;
79	+
80	+ tcph = (void )skb->nh.iph + skb->nh.iph->ihl4;
81	+ data = (const unsigned char ) tcph + tcph->doff 4;
82	+ end = data + datalen - tcph->doff * 4;
83	+
84	+ if (match_http(data, end)) return 1;
85	+ if (match_edonkey(data, end)) return 1;
86	+ if (match_dc(data, end)) return 1;
87	+ if (match_bittorrent(data, end)) return 1;
88	+
89	+ return 0;
90	+}
91	+
92	+static int
93	+checkentry(const char *tablename,
94	+ const struct ipt_ip *ip,
95	+ void *matchinfo,
96	+ unsigned int matchsize,
97	+ unsigned int hook_mask)
98	+{
99	+ if (matchsize != IPT_ALIGN(0))
100	+ return 0;
101	+
102	+ return 1;
103	+}
104	+
105	+
106	+/*
107	+static struct ipt_match p2p_match
108	+= { { NULL, NULL }, "p2p", &match, &checkentry, NULL, THIS_MODULE };
109	+*/
110	+
111	+static struct ipt_match p2p_match = {
112	+ .name = "p2p",
113	+ .match = &match,
114	+ .checkentry = &checkentry,
115	+ .me = THIS_MODULE,
116	+};
117	+
118	+static int __init init(void)
119	+{
120	+ printk(KERN_INFO "Module ipt_p2p loaded.\n");
121	+ return ipt_register_match(&p2p_match);
122	+}
123	+
124	+static void __exit fini(void)
125	+{
126	+ ipt_unregister_match(&p2p_match);
127	+}
128	+
129	+module_init(init);
130	+module_exit(fini);
131	diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_bittorrent.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_bittorrent.c
132	--- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_bittorrent.c 1970-01-01 01:00:00.000000000 +0100
133	+++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_bittorrent.c 2003-10-18 00:33:35.000000000 +0200
134	@@ -0,0 +1,43 @@
135	+/*
136	+ * match_bittorrent.c
137	+ *
138	+ * filipe@rnl.ist.utl.pt
139	+ *
140	+ */
141	+
142	+#define __NO_VERSION__
143	+
144	+#include <linux/config.h>
145	+
146	+/*
147	+#ifdef CONFIG_MODVERSIONS
148	+#include <linux/modversions.h>
149	+#endif
150	+*/
151	+
152	+#include <linux/smp.h>
153	+#include <linux/module.h>
154	+#include <linux/skbuff.h>
155	+#include <linux/file.h>
156	+#include <net/sock.h>
157	+
158	+#include <linux/netfilter_ipv4/ip_tables.h>
159	+
160	+
161	+#define SIZE_MIN 20
162	+#define SIZE_MAX 500
163	+
164	+const unsigned char bittorrent_string[] = "\x13"
165	+ "BitTorrent protocol"
166	+ "\x0\x0\x0\x0\x0\x0\x0\x0";
167	+
168	+
169	+int
170	+match_bittorrent( const unsigned char *data,
171	+ const unsigned char *end)
172	+{
173	+ if (end - data < SIZE_MIN \|\| end - data > SIZE_MAX) return 0;
174	+
175	+ if(memcmp(data, bittorrent_string, sizeof(bittorrent_string) - 1) == 0) return 1;
176	+ return 0;
177	+}
178	diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_dc.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_dc.c
179	--- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_dc.c 1970-01-01 01:00:00.000000000 +0100
180	+++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_dc.c 2003-10-18 20:14:34.000000000 +0200
181	@@ -0,0 +1,65 @@
182	+/*
183	+ * match_dc.c
184	+ *
185	+ * filipe@rnl.ist.utl.pt
186	+ *
187	+ */
188	+
189	+#define __NO_VERSION__
190	+
191	+#include <linux/config.h>
192	+
193	+/*
194	+#ifdef CONFIG_MODVERSIONS
195	+#include <linux/modversions.h>
196	+#endif
197	+*/
198	+
199	+#include <linux/smp.h>
200	+#include <linux/module.h>
201	+#include <linux/skbuff.h>
202	+#include <linux/file.h>
203	+#include <net/sock.h>
204	+
205	+#include <linux/netfilter_ipv4/ip_tables.h>
206	+
207	+
208	+#define SIZE_MIN 30
209	+#define SIZE_MAX 200
210	+
211	+static const unsigned char *dc_cmd[] = {
212	+ "MyNick",
213	+ "Lock",
214	+ NULL
215	+};
216	+
217	+static const unsigned char next_cmd( const unsigned char data,
218	+ const unsigned char *end)
219	+{
220	+ while(data <= end)
221	+ if(*data++ == '\|') return data;
222	+ return NULL;
223	+}
224	+
225	+int
226	+match_dc( const unsigned char *data,
227	+ const unsigned char *end)
228	+{
229	+ int count=0;
230	+
231	+ if (end - data < SIZE_MIN \|\| end - data > SIZE_MAX) return 0;
232	+
233	+ while(dc_cmd[count]) {
234	+ if(data != '$') return 0; / Quick Exit */
235	+ if(end - data < strlen(dc_cmd[count])) return 0;
236	+ if(memcmp(data + 1, dc_cmd[count], strlen(dc_cmd[count]))) return 0;
237	+
238	+ data = next_cmd(data, end);
239	+ if(!data) return 0;
240	+
241	+ count++;
242	+ }
243	+
244	+
245	+ return 1;
246	+}
247	diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_edonkey.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_edonkey.c
248	--- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_edonkey.c 1970-01-01 01:00:00.000000000 +0100
249	+++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_edonkey.c 2003-10-18 20:14:52.000000000 +0200
250	@@ -0,0 +1,78 @@
251	+/*
252	+ * eDonkey iptables match module
253	+ * filipe@rnl.ist.utl.pt
254	+ */
255	+
256	+#define __NO_VERSION__
257	+
258	+#include <linux/config.h>
259	+#include <linux/module.h>
260	+
261	+#define get_u8(X,O) ((__u8 )(X + O))
262	+#define get_u16(X,O) ((__u16 )(X + O))
263	+#define get_u32(X,O) ((__u32 )(X + O))
264	+
265	+#define EDONKEY_PACKET 0xe3
266	+#define TYPE_HELLO 0x01
267	+#define TAG_NAME 0x01000102
268	+#define TAG_VERSION 0x11000103
269	+#define TAG_PORT 0x0f000103
270	+
271	+#define POS_MAGIC 0
272	+#define POS_LEN 1
273	+#define POS_TYPE 5
274	+#define POS_TAGCOUNT 28
275	+#define POS_FIRSTTAG 32
276	+
277	+#define SIZE_MIN 30
278