1 diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/Kconfig linux-2.6.0-test9/net/ipv4/netfilter/Kconfig
2 --- linux-2.6.0-test9.org/net/ipv4/netfilter/Kconfig 2003-11-04 11:53:04.000000000 +0100
3 +++ linux-2.6.0-test9/net/ipv4/netfilter/Kconfig 2003-11-04 11:12:46.000000000 +0100
5 menu "IP: Netfilter Configuration"
6 depends on INET && NETFILTER
9 + tristate "P2P netfilter"
13 config IP_NF_CONNTRACK
14 tristate "Connection tracking (required for masq/NAT)"
16 diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/Makefile linux-2.6.0-test9/net/ipv4/netfilter/p2p/Makefile
17 --- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/Makefile 1970-01-01 01:00:00.000000000 +0100
18 +++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/Makefile 2003-11-04 11:03:39.000000000 +0100
20 +ipt_p2p-objs := main.o match_http.o match_edonkey.o match_dc.o match_bittorrent.o
22 +obj-$(CONFIG_IP_NF_P2P) := ipt_p2p.o
24 diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/main.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/main.c
25 --- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/main.c 1970-01-01 01:00:00.000000000 +0100
26 +++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/main.c 2003-11-04 11:15:28.000000000 +0100
29 + * p2p iptables match module
30 + * filipe@rnl.ist.utl.pt
34 +#include <linux/module.h>
35 +#include <linux/skbuff.h>
36 +#include <linux/tcp.h>
38 +#include <linux/netfilter_ipv4/ip_tables.h>
39 +#include <linux/version.h>
45 +MODULE_AUTHOR("Filipe Almeida <filipe@rnl.ist.utl.pt>");
46 +MODULE_DESCRIPTION("IP tables p2p match module");
47 +MODULE_LICENSE("GPL");
50 +match_http( const unsigned char *data,
51 + const unsigned char *end);
53 +match_edonkey( const unsigned char *data,
54 + const unsigned char *end);
56 +match_dc( const unsigned char *data,
57 + const unsigned char *end);
59 +match_bittorrent( const unsigned char *data,
60 + const unsigned char *end);
63 +match(const struct sk_buff *skb,
64 + const struct net_device *in,
65 + const struct net_device *out,
66 + const void *matchinfo,
70 + const struct iphdr *iph = skb->nh.iph;
71 + const struct tcphdr *tcph;
72 + const unsigned char *data;
73 + const unsigned char *end;
76 + datalen = skb->len - (iph->ihl<<2);
78 + if ( !iph || iph->protocol != IPPROTO_TCP) return 0;
80 + tcph = (void *)skb->nh.iph + skb->nh.iph->ihl*4;
81 + data = (const unsigned char *) tcph + tcph->doff * 4;
82 + end = data + datalen - tcph->doff * 4;
84 + if (match_http(data, end)) return 1;
85 + if (match_edonkey(data, end)) return 1;
86 + if (match_dc(data, end)) return 1;
87 + if (match_bittorrent(data, end)) return 1;
93 +checkentry(const char *tablename,
94 + const struct ipt_ip *ip,
96 + unsigned int matchsize,
97 + unsigned int hook_mask)
99 + if (matchsize != IPT_ALIGN(0))
107 +static struct ipt_match p2p_match
108 += { { NULL, NULL }, "p2p", &match, &checkentry, NULL, THIS_MODULE };
111 +static struct ipt_match p2p_match = {
114 + .checkentry = &checkentry,
118 +static int __init init(void)
120 + printk(KERN_INFO "Module ipt_p2p loaded.\n");
121 + return ipt_register_match(&p2p_match);
124 +static void __exit fini(void)
126 + ipt_unregister_match(&p2p_match);
131 diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_bittorrent.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_bittorrent.c
132 --- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_bittorrent.c 1970-01-01 01:00:00.000000000 +0100
133 +++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_bittorrent.c 2003-10-18 00:33:35.000000000 +0200
136 + * match_bittorrent.c
138 + * filipe@rnl.ist.utl.pt
142 +#define __NO_VERSION__
144 +#include <linux/config.h>
147 +#ifdef CONFIG_MODVERSIONS
148 +#include <linux/modversions.h>
152 +#include <linux/smp.h>
153 +#include <linux/module.h>
154 +#include <linux/skbuff.h>
155 +#include <linux/file.h>
156 +#include <net/sock.h>
158 +#include <linux/netfilter_ipv4/ip_tables.h>
162 +#define SIZE_MAX 500
164 +const unsigned char bittorrent_string[] = "\x13"
165 + "BitTorrent protocol"
166 + "\x0\x0\x0\x0\x0\x0\x0\x0";
170 +match_bittorrent( const unsigned char *data,
171 + const unsigned char *end)
173 + if (end - data < SIZE_MIN || end - data > SIZE_MAX) return 0;
175 + if(memcmp(data, bittorrent_string, sizeof(bittorrent_string) - 1) == 0) return 1;
178 diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_dc.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_dc.c
179 --- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_dc.c 1970-01-01 01:00:00.000000000 +0100
180 +++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_dc.c 2003-10-18 20:14:34.000000000 +0200
185 + * filipe@rnl.ist.utl.pt
189 +#define __NO_VERSION__
191 +#include <linux/config.h>
194 +#ifdef CONFIG_MODVERSIONS
195 +#include <linux/modversions.h>
199 +#include <linux/smp.h>
200 +#include <linux/module.h>
201 +#include <linux/skbuff.h>
202 +#include <linux/file.h>
203 +#include <net/sock.h>
205 +#include <linux/netfilter_ipv4/ip_tables.h>
209 +#define SIZE_MAX 200
211 +static const unsigned char *dc_cmd[] = {
217 +static const unsigned char *next_cmd( const unsigned char *data,
218 + const unsigned char *end)
221 + if(*data++ == '|') return data;
226 +match_dc( const unsigned char *data,
227 + const unsigned char *end)
231 + if (end - data < SIZE_MIN || end - data > SIZE_MAX) return 0;
233 + while(dc_cmd[count]) {
234 + if(*data != '$') return 0; /* Quick Exit */
235 + if(end - data < strlen(dc_cmd[count])) return 0;
236 + if(memcmp(data + 1, dc_cmd[count], strlen(dc_cmd[count]))) return 0;
238 + data = next_cmd(data, end);
239 + if(!data) return 0;
247 diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_edonkey.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_edonkey.c
248 --- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_edonkey.c 1970-01-01 01:00:00.000000000 +0100
249 +++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_edonkey.c 2003-10-18 20:14:52.000000000 +0200
252 + * eDonkey iptables match module
253 + * filipe@rnl.ist.utl.pt
256 +#define __NO_VERSION__
258 +#include <linux/config.h>
259 +#include <linux/module.h>
261 +#define get_u8(X,O) (*(__u8 *)(X + O))
262 +#define get_u16(X,O) (*(__u16 *)(X + O))
263 +#define get_u32(X,O) (*(__u32 *)(X + O))
265 +#define EDONKEY_PACKET 0xe3
266 +#define TYPE_HELLO 0x01
267 +#define TAG_NAME 0x01000102
268 +#define TAG_VERSION 0x11000103
269 +#define TAG_PORT 0x0f000103
274 +#define POS_TAGCOUNT 28
275 +#define POS_FIRSTTAG 32
278 +#define SIZE_MAX 200 /* TODO: Um nome muito grande serĂ¡ maior que isto? */
281 +match_edonkey( const unsigned char *data,
282 + const unsigned char *end)
285 + int tag_count, tag_type;
287 + if (end - data < POS_FIRSTTAG) return 0;
288 + if (get_u8(data, POS_MAGIC) != EDONKEY_PACKET) return 0;
289 + packet_len = get_u32(data, POS_LEN);
291 + if (packet_len < SIZE_MIN || packet_len > SIZE_MAX) return 0;
292 + if (get_u8(data, POS_TYPE) != TYPE_HELLO ) return 0; /* Not Hello Packet */
294 + tag_count = get_u32(data, POS_TAGCOUNT);
295 + if(tag_count != 2 && tag_count != 3) {
297 + tag_count = get_u32(data, POS_TAGCOUNT);
298 + if(tag_count != 2 && tag_count != 3) return 0;
301 + data += POS_FIRSTTAG;
303 + while(tag_count--) {
304 + tag_type = get_u32(data,0);
306 + if (data > end) return 0;
310 + data += 2 + get_u16(data,0);
311 + if (data > end) return 0;
315 + if (data > end) return 0;
319 + if (data > end) return 0;
329 diff -Nur linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_http.c linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_http.c
330 --- linux-2.6.0-test9.org/net/ipv4/netfilter/p2p/match_http.c 1970-01-01 01:00:00.000000000 +0100
331 +++ linux-2.6.0-test9/net/ipv4/netfilter/p2p/match_http.c 2003-10-18 20:14:40.000000000 +0200
336 + * filipe@rnl.ist.utl.pt
339 +#define __NO_VERSION__
341 +#include <linux/config.h>
344 +#ifdef CONFIG_MODVERSIONS
345 +#include <linux/modversions.h>
349 +#include <linux/smp.h>
350 +#include <linux/module.h>
351 +#include <linux/skbuff.h>
352 +#include <linux/file.h>
353 +#include <net/sock.h>
356 +#define SIZE_MAX 1000
357 +#define HEADER_SIZE_MIN 15
359 +static const unsigned char *methods_list[] = {
367 +static const unsigned char *headers_list[] = {
373 +static inline const unsigned char *
374 +next_line(const unsigned char *data,
375 + const unsigned char *end)
378 + if(*data++ == '\n') return data;
384 +string_match(const unsigned char *data,
385 + const unsigned char **strings)
388 + while (strings[i]) {
389 + if(memcmp(data, strings[i], sizeof(strings[i]) - 1) == 0)
398 +match_http( const unsigned char *data,
399 + const unsigned char *end)
401 + if (end - data < SIZE_MIN || end - data > SIZE_MAX) return 0;
403 + if( string_match(data, methods_list) == 0 )
406 + while ( (data = next_line(data, end)) ) {
407 + if(end - data < HEADER_SIZE_MIN)
409 + if( string_match(data, headers_list) )
410 + return 1; /* match */