]>
Commit | Line | Data |
---|---|---|
253ea758 | 1 | diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/Kconfig linux-2.6.0-test9/net/ipv4/netfilter/Kconfig |
2 | --- linux-2.6.0-test9.org/net/ipv4/netfilter/Kconfig 2003-11-04 11:53:04.000000000 +0100 | |
3 | +++ linux-2.6.0-test9/net/ipv4/netfilter/Kconfig 2003-11-04 11:12:46.000000000 +0100 | |
4 | @@ -5,6 +5,11 @@ | |
5 | menu "IP: Netfilter Configuration" | |
6 | depends on INET && NETFILTER | |
7 | ||
8 | +config IP_NF_P2P | |
9 | + tristate "P2P netfilter" | |
10 | + help | |
11 | + empty | |
12 | + | |
13 | config IP_NF_CONNTRACK | |
14 | tristate "Connection tracking (required for masq/NAT)" | |
15 | ---help--- | |
16 | diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/Makefile linux-2.6.0-test9/net/ipv4/netfilter/p2p/Makefile | |
17 | --- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/Makefile 1970-01-01 01:00:00.000000000 +0100 | |
18 | +++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/Makefile 2003-11-04 11:03:39.000000000 +0100 | |
19 | @@ -0,0 +1,4 @@ | |
20 | +ipt_p2p-objs := main.o match_http.o match_edonkey.o match_dc.o match_bittorrent.o | |
21 | + | |
22 | +obj-$(CONFIG_IP_NF_P2P) := ipt_p2p.o | |
23 | + | |
24 | diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/main.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/main.c | |
25 | --- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/main.c 1970-01-01 01:00:00.000000000 +0100 | |
26 | +++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/main.c 2003-11-04 11:15:28.000000000 +0100 | |
27 | @@ -0,0 +1,103 @@ | |
28 | +/* | |
29 | + * p2p iptables match module | |
30 | + * filipe@rnl.ist.utl.pt | |
31 | + */ | |
32 | + | |
33 | + | |
34 | +#include <linux/module.h> | |
35 | +#include <linux/skbuff.h> | |
36 | +#include <linux/tcp.h> | |
37 | + | |
38 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
39 | +#include <linux/version.h> | |
40 | + | |
41 | + | |
42 | +#define KERNEL_2_6 | |
43 | + | |
44 | + | |
45 | +MODULE_AUTHOR("Filipe Almeida <filipe@rnl.ist.utl.pt>"); | |
46 | +MODULE_DESCRIPTION("IP tables p2p match module"); | |
47 | +MODULE_LICENSE("GPL"); | |
48 | + | |
49 | +int | |
50 | +match_http( const unsigned char *data, | |
51 | + const unsigned char *end); | |
52 | +int | |
53 | +match_edonkey( const unsigned char *data, | |
54 | + const unsigned char *end); | |
55 | +int | |
56 | +match_dc( const unsigned char *data, | |
57 | + const unsigned char *end); | |
58 | +int | |
59 | +match_bittorrent( const unsigned char *data, | |
60 | + const unsigned char *end); | |
61 | + | |
62 | +static int | |
63 | +match(const struct sk_buff *skb, | |
64 | + const struct net_device *in, | |
65 | + const struct net_device *out, | |
66 | + const void *matchinfo, | |
67 | + int offset, | |
68 | + int *hotdrop) | |
69 | +{ | |
70 | + const struct iphdr *iph = skb->nh.iph; | |
71 | + const struct tcphdr *tcph; | |
72 | + const unsigned char *data; | |
73 | + const unsigned char *end; | |
74 | + | |
75 | + int datalen; | |
76 | + datalen = skb->len - (iph->ihl<<2); | |
77 | + | |
78 | + if ( !iph || iph->protocol != IPPROTO_TCP) return 0; | |
79 | + | |
80 | + tcph = (void *)skb->nh.iph + skb->nh.iph->ihl*4; | |
81 | + data = (const unsigned char *) tcph + tcph->doff * 4; | |
82 | + end = data + datalen - tcph->doff * 4; | |
83 | + | |
84 | + if (match_http(data, end)) return 1; | |
85 | + if (match_edonkey(data, end)) return 1; | |
86 | + if (match_dc(data, end)) return 1; | |
87 | + if (match_bittorrent(data, end)) return 1; | |
88 | + | |
89 | + return 0; | |
90 | +} | |
91 | + | |
92 | +static int | |
93 | +checkentry(const char *tablename, | |
94 | + const struct ipt_ip *ip, | |
95 | + void *matchinfo, | |
96 | + unsigned int matchsize, | |
97 | + unsigned int hook_mask) | |
98 | +{ | |
99 | + if (matchsize != IPT_ALIGN(0)) | |
100 | + return 0; | |
101 | + | |
102 | + return 1; | |
103 | +} | |
104 | + | |
105 | + | |
106 | +/* | |
107 | +static struct ipt_match p2p_match | |
108 | += { { NULL, NULL }, "p2p", &match, &checkentry, NULL, THIS_MODULE }; | |
109 | +*/ | |
110 | + | |
111 | +static struct ipt_match p2p_match = { | |
112 | + .name = "p2p", | |
113 | + .match = &match, | |
114 | + .checkentry = &checkentry, | |
115 | + .me = THIS_MODULE, | |
116 | +}; | |
117 | + | |
118 | +static int __init init(void) | |
119 | +{ | |
120 | + printk(KERN_INFO "Module ipt_p2p loaded.\n"); | |
121 | + return ipt_register_match(&p2p_match); | |
122 | +} | |
123 | + | |
124 | +static void __exit fini(void) | |
125 | +{ | |
126 | + ipt_unregister_match(&p2p_match); | |
127 | +} | |
128 | + | |
129 | +module_init(init); | |
130 | +module_exit(fini); | |
131 | diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_bittorrent.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_bittorrent.c | |
132 | --- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_bittorrent.c 1970-01-01 01:00:00.000000000 +0100 | |
133 | +++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_bittorrent.c 2003-10-18 00:33:35.000000000 +0200 | |
134 | @@ -0,0 +1,43 @@ | |
135 | +/* | |
136 | + * match_bittorrent.c | |
137 | + * | |
138 | + * filipe@rnl.ist.utl.pt | |
139 | + * | |
140 | + */ | |
141 | + | |
142 | +#define __NO_VERSION__ | |
143 | + | |
144 | +#include <linux/config.h> | |
145 | + | |
146 | +/* | |
147 | +#ifdef CONFIG_MODVERSIONS | |
148 | +#include <linux/modversions.h> | |
149 | +#endif | |
150 | +*/ | |
151 | + | |
152 | +#include <linux/smp.h> | |
153 | +#include <linux/module.h> | |
154 | +#include <linux/skbuff.h> | |
155 | +#include <linux/file.h> | |
156 | +#include <net/sock.h> | |
157 | + | |
158 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
159 | + | |
160 | + | |
161 | +#define SIZE_MIN 20 | |
162 | +#define SIZE_MAX 500 | |
163 | + | |
164 | +const unsigned char bittorrent_string[] = "\x13" | |
165 | + "BitTorrent protocol" | |
166 | + "\x0\x0\x0\x0\x0\x0\x0\x0"; | |
167 | + | |
168 | + | |
169 | +int | |
170 | +match_bittorrent( const unsigned char *data, | |
171 | + const unsigned char *end) | |
172 | +{ | |
173 | + if (end - data < SIZE_MIN || end - data > SIZE_MAX) return 0; | |
174 | + | |
175 | + if(memcmp(data, bittorrent_string, sizeof(bittorrent_string) - 1) == 0) return 1; | |
176 | + return 0; | |
177 | +} | |
178 | diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_dc.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_dc.c | |
179 | --- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_dc.c 1970-01-01 01:00:00.000000000 +0100 | |
180 | +++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_dc.c 2003-10-18 20:14:34.000000000 +0200 | |
181 | @@ -0,0 +1,65 @@ | |
182 | +/* | |
183 | + * match_dc.c | |
184 | + * | |
185 | + * filipe@rnl.ist.utl.pt | |
186 | + * | |
187 | + */ | |
188 | + | |
189 | +#define __NO_VERSION__ | |
190 | + | |
191 | +#include <linux/config.h> | |
192 | + | |
193 | +/* | |
194 | +#ifdef CONFIG_MODVERSIONS | |
195 | +#include <linux/modversions.h> | |
196 | +#endif | |
197 | +*/ | |
198 | + | |
199 | +#include <linux/smp.h> | |
200 | +#include <linux/module.h> | |
201 | +#include <linux/skbuff.h> | |
202 | +#include <linux/file.h> | |
203 | +#include <net/sock.h> | |
204 | + | |
205 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
206 | + | |
207 | + | |
208 | +#define SIZE_MIN 30 | |
209 | +#define SIZE_MAX 200 | |
210 | + | |
211 | +static const unsigned char *dc_cmd[] = { | |
212 | + "MyNick", | |
213 | + "Lock", | |
214 | + NULL | |
215 | +}; | |
216 | + | |
217 | +static const unsigned char *next_cmd( const unsigned char *data, | |
218 | + const unsigned char *end) | |
219 | +{ | |
220 | + while(data <= end) | |
221 | + if(*data++ == '|') return data; | |
222 | + return NULL; | |
223 | +} | |
224 | + | |
225 | +int | |
226 | +match_dc( const unsigned char *data, | |
227 | + const unsigned char *end) | |
228 | +{ | |
229 | + int count=0; | |
230 | + | |
231 | + if (end - data < SIZE_MIN || end - data > SIZE_MAX) return 0; | |
232 | + | |
233 | + while(dc_cmd[count]) { | |
234 | + if(*data != '$') return 0; /* Quick Exit */ | |
235 | + if(end - data < strlen(dc_cmd[count])) return 0; | |
236 | + if(memcmp(data + 1, dc_cmd[count], strlen(dc_cmd[count]))) return 0; | |
237 | + | |
238 | + data = next_cmd(data, end); | |
239 | + if(!data) return 0; | |
240 | + | |
241 | + count++; | |
242 | + } | |
243 | + | |
244 | + | |
245 | + return 1; | |
246 | +} | |
247 | diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_edonkey.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_edonkey.c | |
248 | --- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_edonkey.c 1970-01-01 01:00:00.000000000 +0100 | |
249 | +++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_edonkey.c 2003-10-18 20:14:52.000000000 +0200 | |
250 | @@ -0,0 +1,78 @@ | |
251 | +/* | |
252 | + * eDonkey iptables match module | |
253 | + * filipe@rnl.ist.utl.pt | |
254 | + */ | |
255 | + | |
256 | +#define __NO_VERSION__ | |
257 | + | |
258 | +#include <linux/config.h> | |
259 | +#include <linux/module.h> | |
260 | + | |
261 | +#define get_u8(X,O) (*(__u8 *)(X + O)) | |
262 | +#define get_u16(X,O) (*(__u16 *)(X + O)) | |
263 | +#define get_u32(X,O) (*(__u32 *)(X + O)) | |
264 | + | |
265 | +#define EDONKEY_PACKET 0xe3 | |
266 | +#define TYPE_HELLO 0x01 | |
267 | +#define TAG_NAME 0x01000102 | |
268 | +#define TAG_VERSION 0x11000103 | |
269 | +#define TAG_PORT 0x0f000103 | |
270 | + | |
271 | +#define POS_MAGIC 0 | |
272 | +#define POS_LEN 1 | |
273 | +#define POS_TYPE 5 | |
274 | +#define POS_TAGCOUNT 28 | |
275 | +#define POS_FIRSTTAG 32 | |
276 | + | |
277 | +#define SIZE_MIN 30 | |
278 |