webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'kernel25'

Browse Source
This commit is contained in:
Arne Fitzenreiter
2008-09-29 22:21:52 +02:00
parent 3c5d386e57 999dc5dc3b
commit fe114e3488
19 changed files with 5779 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config/grub/grub.conf
View File

@@ -34,3 +34,8 @@ title IPFire (all storage drivers)
kernel /vmlinuz-KVER-ipfire root=ROOT rootdelay=10 panic=10 MOUNT
initrd /ipfirerd-KVER-emergency.img
savedefault 5
title IPFire - experimental kernel-2.6.25.17 - no ipsec (vesafb 640x480)
root (hd0,0)
kernel /vmlinuz-2.6.25.17-ipfire root=ROOT rootdelay=10 panic=10 vga=785 MOUNT
initrd /ipfirerd-2.6.25.17.img
savedefault 6

3277
config/kernel/kernel25.config.i586 Normal file
View File

File diff suppressed because it is too large Load Diff

6
config/rootfiles/common/linux-fusion-7.0.1
View File

@@ -1,6 +0,0 @@
#lib/modules/2.6.23.17-ipfire/misc
#lib/modules/2.6.23.17-ipfire/misc/drivers
#lib/modules/2.6.23.17-ipfire/misc/drivers/char
#lib/modules/2.6.23.17-ipfire/misc/drivers/char/fusion
#lib/modules/2.6.23.17-ipfire/misc/drivers/char/fusion/fusion.ko
#usr/include/linux/fusion.h

1302
config/rootfiles/common/linux25 Normal file
View File

File diff suppressed because it is too large Load Diff

1
config/rootfiles/updater/filelists/linux25 Symbolic link
View File

@@ -0,0 +1 @@
../../common/linux25

1
config/rootfiles/updater/update.sh
View File

@@ -144,6 +144,7 @@ fi
fi
mkinitcpio -k $KVER-ipfire -g /boot/ipfirerd-$KVER.img
#mkinitcpio -k $KVER-ipfire-smp -g /boot/ipfirerd-$KVER-smp.img
mkinitcpio -k 2.6.25.17-ipfire -g /boot/ipfirerd-2.6.25.17.img
#
# ReInstall grub
#

17
doc/packages-list.txt
View File

@@ -34,14 +34,16 @@
* Unix-Syslog-0.100
* XML-Parser-2.34
* alsa-lib-1.0.17
* alsa-lib-1.0.17-kmod
* alsa-lib-1.0.17-kmod-2.6.23.17
* alsa-lib-1.0.17-kmod-2.6.25.17
* amavisd-new-2.5.2
* apcupsd-3.14.4
* applejuice-0.30
* arping-2.05
* as86-0.16.17
* asterisk-1.4.18
* atl2-2.0.4
* atl2-2.0.4-kmod-2.6.23.17
* atl2-2.0.4-kmod-2.6.25.17
* autoconf-2.59
* automake-1.9.6
* backup-ipfire
@@ -143,7 +145,8 @@
* jpegsrc.v6b
* kbd-1.12
* klibc-1.5.14
* kqemu-1.3.0pre11
* kqemu-1.3.0pre11-kmod-2.6.23.17
* kqemu-1.3.0pre11-kmod-2.6.25.17
* kudzu-1.2.64
* l7-protocols-2008-04-23
* lame-3.97
@@ -173,8 +176,8 @@
* libxml2-2.6.26
* libxslt-1.1.17
* linux-2.6.23.17
* linux-2.6.25.17
* linux-atm-2.4.1
* linux-fusion-7.0.1
* linux-libc-headers-2.6.12.0
* linuxigd-0.95
* lm_sensors-3.0.2
@@ -184,7 +187,8 @@
* lzo-2.02
* m4-1.4.4
* mISDNuser-1_1_8
* madwifi-hal-2008-08-15-r3862-20080903
* madwifi-hal-2008-08-15-r3862-20080903-kmod-2.6.23.17
* madwifi-hal-2008-08-15-r3862-20080903-kmod-2.6.25.17
* make-3.81
* man-db-2.4.3
* man-pages-2.34
@@ -294,7 +298,8 @@
* urlgrabber-3.1.0
* usbutils-0.72
* util-linux-2.12r
* v4l-dvb-e9a442d3b53a
* v4l-dvb-e9a442d3b53a-kmod-2.6.23.17
* v4l-dvb-e9a442d3b53a-kmod-2.6.25.17
* vdr-1.6.0
* vim-7.0
* vlan.1.9

2
lfs/alsa
View File

@@ -34,7 +34,7 @@ ifeq "$(KMOD)" "1"
ifeq "$(SMP)" "1"
TARGET = $(DIR_INFO)/$(THISAPP)-kmod-smp
else
TARGET = $(DIR_INFO)/$(THISAPP)-kmod
TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)
endif
else
TARGET = $(DIR_INFO)/$(THISAPP)

2
lfs/atl2
View File

@@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
ifeq "$(SMP)" "1"
TARGET = $(DIR_INFO)/$(THISAPP)-smp
else
TARGET = $(DIR_INFO)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)
endif

2
lfs/directfb
View File

@@ -82,7 +82,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && sed -i "s/checkfor_matrox=yes/checkfor_matrox=no/g" configure
cd $(DIR_APP) && sed -i "s/checkfor_cle266=no/checkfor_cle266=yes/g" configure
cd $(DIR_APP) && ./configure --prefix=/usr --disable-x11 --enable-sdl \
--enable-video4linux2 --enable-multi
--enable-video4linux2
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
ln -s $(THISAPP) /usr/src/directfb

1
lfs/initrd
View File

@@ -61,6 +61,7 @@ $(TARGET) :
# make new dependencies
depmod -a -F /boot/System.map-$(KVER)-ipfire $(KVER)-ipfire
#depmod -a -F /boot/System.map-$(KVER)-ipfire-smp $(KVER)-ipfire-smp
depmod -a -F /boot/System.map-2.6.25.17-ipfire 2.6.25.17-ipfire
cp -a /lib/modules/$(KVER)-ipfire/ /install/initrd/lib/modules/

2
lfs/kqemu
View File

@@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
ifeq "$(SMP)" "1"
TARGET = $(DIR_INFO)/$(THISAPP)-smp
else
TARGET = $(DIR_INFO)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)
endif

91
lfs/linux-fusion
View File

@@ -1,91 +0,0 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 7.0.1
THISAPP = linux-fusion-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
ifeq "$(SMP)" "1"
TARGET = $(DIR_INFO)/$(THISAPP)-smp
else
TARGET = $(DIR_INFO)/$(THISAPP)
endif
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 937028c98dbfd512f0c570c5ffe13769
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
dist:
$(PAK)
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && sed -i "s@MODLIB)/drivers@MODLIB)/misc/drivers@g" Makefile
ifeq "$(SMP)" "1"
cd $(DIR_APP) && sed -i "s/\x24(shell uname -r)/$(KVER)-ipfire-smp/g" Makefile
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
else
cd $(DIR_APP) && sed -i "s/\x24(shell uname -r)/$(KVER)-ipfire/g" Makefile
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
endif
@rm -rf $(DIR_APP)
@$(POSTBUILD)

179
lfs/linux25 Normal file
View File

@@ -0,0 +1,179 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
PATCHLEVEL = .17
VER = 2.6.25.17
THISAPP = linux-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
CFLAGS =
CXXFLAGS =
# Normal build or SMP build.
#
ifeq "$(SMP)" "1"
TARGET = $(DIR_INFO)/linux-$(VER)-smp
else
TARGET = $(DIR_INFO)/linux-$(VER)
endif
###############################################################################
# Top-level Rules
###############################################################################
objects =$(DL_FILE) \
mISDN-1_1_8.tar.gz \
squashfs3.4.tar.gz \
netfilter-layer7-v2.20.tar.gz \
patch-2.6.16-nath323-1.3.bz2 \
reiser4-for-2.6.25.patch.bz2
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
netfilter-layer7-v2.20.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.20.tar.gz
patch-2.6.16-nath323-1.3.bz2 = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2
squashfs3.4.tar.gz = $(URL_IPFIRE)/squashfs3.4.tar.gz
mISDN-1_1_8.tar.gz = $(URL_IPFIRE)/mISDN-1_1_8.tar.gz
reiser4-for-2.6.25.patch.bz2 = $(URL_IPFIRE)/reiser4-for-2.6.25.patch.bz2
$(DL_FILE)_MD5 = 30618bff93fd4fd048e20a9a6aab8e5d
netfilter-layer7-v2.20.tar.gz_MD5 = 525a821c973b730c8feaf9eedb57d1e4
patch-2.6.16-nath323-1.3.bz2_MD5 = f926409ff703a307baf54b57ab75d138
squashfs3.4.tar.gz_MD5 = 2a4d2995ad5aa6840c95a95ffa6b1da6
mISDN-1_1_8.tar.gz_MD5 = 29c55ffe0b35668a41eaed3b1c3ddfe2
reiser4-for-2.6.25.patch.bz2_MD5 = 4294bbcb39e5ee859b94b09ff4fb1e0c
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) $(DIR_SRC)/linux $(DIR_SRC)/xen-* && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
ln -s linux-$(VER) /usr/src/linux
# Fix crash on Twinhead H12Y notebooks
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-h12y-mmio-quirks.patch
# Openswan
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openswan-2.4.x.kernel-2.6.23-natt.patch
# Reiser4
cd $(DIR_APP) && bzip2 -d -c $(DIR_DL)/reiser4-for-2.6.25.patch.bz2 | patch -Np1
# SquashFS
cd $(DIR_SRC) && rm -rf squashfs*
cd $(DIR_SRC) && tar xfz $(DIR_DL)/squashfs3.4.tar.gz
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/squashfs3.4/kernel-patches/linux-2.6.25/squashfs3.4-patch
# ip_conntrack permissions from 440 to 444
# cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch
# ipp2p 0.8.2-pomng
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.25.17-ipp2p-0.8.2-pomng.patch
# Layer7-patch
cd $(DIR_SRC) && rm -rf $(DIR_SRC)/netfilter-layer7-v2.20
cd $(DIR_SRC) && tar xzf $(DIR_DL)/netfilter-layer7-v2.20.tar.gz
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.20/kernel-2.6.25-layer7-2.20.patch
# Linux Intermediate Queueing Device
ifeq "$(XEN)" ""
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.25-imq5.diff
endif
# mISDN
cd $(DIR_SRC) && rm -rf mISDN-*
cd $(DIR_SRC) && tar xfz $(DIR_DL)/mISDN-1_1_8.tar.gz
cd $(DIR_SRC)/mISDN-1_1_8 && yes 'yes' | ./std2kern -k /usr/src/linux
cd $(DIR_APP)/drivers/isdn/hardware/mISDN && patch -Np0 < $(DIR_SRC)/src/patches/mISDN-avmfritz.patch
# Cleanup kernel source
cd $(DIR_APP) && make mrproper
ifeq "$(SMP)" "1"
cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE).smp $(DIR_APP)/.config
else
cp $(DIR_SRC)/config/kernel/kernel25.config.$(MACHINE) $(DIR_APP)/.config
endif
cd $(DIR_APP) && make CC="$(KGCC)" oldconfig
cd $(DIR_APP) && make CC="$(KGCC)" clean
ifeq "$(SMP)" "1"
cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ $(PATCHLEVEL)-ipfire-smp/' Makefile
cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage
cd $(DIR_APP) && cp -v arch/i386/boot/bzImage /boot/vmlinuz-$(VER)-ipfire-smp
cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-ipfire-smp
ln -sf vmlinuz-$(VER)-ipfire-smp /boot/vmlinuz-ipfire-smp
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install
else
cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ $(PATCHLEVEL)-ipfire/' Makefile
cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage
cd $(DIR_APP) && cp -v arch/i386/boot/bzImage /boot/vmlinuz-$(VER)-ipfire
cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-ipfire
cd $(DIR_APP) && cp -v .config /boot/config-$(VER)-ipfire
# ln -sf vmlinuz-$(VER)-ipfire /boot/vmlinuz-ipfire
# ln -sf System.map-$(VER)-ipfire /boot/System.map-ipfire
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install
endif
ifeq "$(SMP)" ""
# Only do this once on the non-SMP pass
cd $(DIR_APP) && install -m 755 usr/gen_init_cpio /sbin/
endif
# Rename ide-cd module to match with old kernel
mv /lib/modules/$(VER)-ipfire/kernel/drivers/ide/ide-cd_mod.ko \
/lib/modules/$(VER)-ipfire/kernel/drivers/ide/ide-cd.ko
@rm -rf $(DIR_SRC)/patch-o-matic* $(DIR_SRC)/iptables* $(DIR_SRC)/squashfs* $(DIR_SRC)/mISDN-* $(DIR_SRC)/netfilter-layer7-*
@$(POSTBUILD)

2
lfs/madwifi
View File

@@ -31,7 +31,7 @@ DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
ifeq "$(SMP)" ""
TARGET = $(DIR_INFO)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)
else
TARGET = $(DIR_INFO)/$(THISAPP)-smp
endif

2
lfs/v4l-dvb
View File

@@ -35,7 +35,7 @@ PAK_VER = 2
ifeq "$(SMP)" "1"
TARGET = $(DIR_INFO)/$(THISAPP)-smp
else
TARGET = $(DIR_INFO)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)
endif

7
make.sh
View File

@@ -343,8 +343,13 @@ buildipfire() {
# ipfiremake alsa KMOD=1 SMP=1
# ipfiremake sane KMOD=1 SMP=1
# ipfiremake openswan KMOD=1 SMP=1
ipfiremake linux25
ipfiremake atl2 KVER=2.6.25.17
ipfiremake kqemu KVER=2.6.25.17
ipfiremake v4l-dvb KVER=2.6.25.17
ipfiremake madwifi KVER=2.6.25.17
ipfiremake alsa KMOD=1 KVER=2.6.25.17
ipfiremake linux
ipfiremake linux-fusion
ipfiremake atl2
ipfiremake r8168
ipfiremake r8169

10
src/install+setup/install/main.c
View File

@@ -455,6 +455,11 @@ int main(int argc, char *argv[])
KERNEL_VERSION);
mysystem(commandstring);
*/
snprintf(commandstring, STRING_SIZE,
"/bin/touch /harddisk/lib/modules/2.6.25.17-ipfire/modules.dep");
mysystem(commandstring);
/* Rename uname */
rename ("/harddisk/bin/uname.bak", "/harddisk/bin/uname");
@@ -527,6 +532,11 @@ int main(int argc, char *argv[])
/* snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitcpio -g /boot/ipfirerd-%s-smp.img -k %s-ipfire-smp", KERNEL_VERSION, KERNEL_VERSION );
runcommandwithstatus(commandstring, ctr[TR_BUILDING_INITRD]);
*/
snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitcpio -g /boot/ipfirerd-2.6.25.17.img -k 2.6.25.17-ipfire");
runcommandwithstatus(commandstring, ctr[TR_BUILDING_INITRD]);
sprintf(string, "root=%s3", hdparams.devnode_part_run);
replace( "/harddisk/boot/grub/grub.conf", "root=ROOT", string);
mysystem("ln -s grub.conf /harddisk/boot/grub/menu.lst");

980
src/patches/linux-2.6.25.17-ipp2p-0.8.2-pomng.patch Normal file
View File

@@ -0,0 +1,980 @@
diff -Naur linux-2.6.25.17.org/include/linux/netfilter_ipv4/ipt_ipp2p.h linux-2.6.25.17/include/linux/netfilter_ipv4/ipt_ipp2p.h
--- linux-2.6.25.17.org/include/linux/netfilter_ipv4/ipt_ipp2p.h 1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6.25.17/include/linux/netfilter_ipv4/ipt_ipp2p.h 2008-09-29 15:19:39.000000000 +0000
@@ -0,0 +1,31 @@
+#ifndef __IPT_IPP2P_H
+#define __IPT_IPP2P_H
+#define IPP2P_VERSION "0.8.2-pomng"
+
+struct ipt_p2p_info {
+ int cmd;
+ int debug;
+};
+
+#endif //__IPT_IPP2P_H
+
+#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/
+//#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/
+#define SHORT_HAND_NONE 5 /* no short hand*/
+
+#define IPP2P_EDK (1 << 1)
+#define IPP2P_DATA_KAZAA (1 << 2)
+#define IPP2P_DATA_EDK (1 << 3)
+#define IPP2P_DATA_DC (1 << 4)
+#define IPP2P_DC (1 << 5)
+#define IPP2P_DATA_GNU (1 << 6)
+#define IPP2P_GNU (1 << 7)
+#define IPP2P_KAZAA (1 << 8)
+#define IPP2P_BIT (1 << 9)
+#define IPP2P_APPLE (1 << 10)
+#define IPP2P_SOUL (1 << 11)
+#define IPP2P_WINMX (1 << 12)
+#define IPP2P_ARES (1 << 13)
+#define IPP2P_MUTE (1 << 14)
+#define IPP2P_WASTE (1 << 15)
+#define IPP2P_XDCC (1 << 16)
diff -Naur linux-2.6.25.17.org/net/ipv4/netfilter/Kconfig linux-2.6.25.17/net/ipv4/netfilter/Kconfig
--- linux-2.6.25.17.org/net/ipv4/netfilter/Kconfig 2008-09-08 10:20:51.000000000 +0000
+++ linux-2.6.25.17/net/ipv4/netfilter/Kconfig 2008-09-29 15:19:39.000000000 +0000
@@ -379,5 +379,15 @@
Allows altering the ARP packet payload: source and destination
hardware and network addresses.
+config IP_NF_MATCH_IPP2P
+ tristate 'IPP2P match support'
+ depends on IP_NF_IPTABLES
+ help
+ This option makes possible to match some P2P packets
+ therefore helps controlling such traffic.
+
+ If you want to compile it as a module, say M here and read
+ <file:Documentation/modules.txt>. If unsure, say `N'.
+
endmenu
diff -Naur linux-2.6.25.17.org/net/ipv4/netfilter/Makefile linux-2.6.25.17/net/ipv4/netfilter/Makefile
--- linux-2.6.25.17.org/net/ipv4/netfilter/Makefile 2008-09-08 10:20:51.000000000 +0000
+++ linux-2.6.25.17/net/ipv4/netfilter/Makefile 2008-09-29 15:19:39.000000000 +0000
@@ -45,6 +45,7 @@
obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
+obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o
obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
# targets
diff -Naur linux-2.6.25.17.org/net/ipv4/netfilter/ipt_ipp2p.c linux-2.6.25.17/net/ipv4/netfilter/ipt_ipp2p.c
--- linux-2.6.25.17.org/net/ipv4/netfilter/ipt_ipp2p.c 1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6.25.17/net/ipv4/netfilter/ipt_ipp2p.c 2008-09-29 15:19:39.000000000 +0000
@@ -0,0 +1,911 @@
+#if defined(MODVERSIONS)
+#include <linux/modversions.h>
+#endif
+#include <linux/module.h>
+#include <linux/version.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_ipp2p.h>
+#include <net/tcp.h>
+#include <net/udp.h>
+
+#define get_u8(X,O) (*(__u8 *)(X + O))
+#define get_u16(X,O) (*(__u16 *)(X + O))
+#define get_u32(X,O) (*(__u32 *)(X + O))
+
+MODULE_AUTHOR("Eicke Friedrich/Klaus Degner <ipp2p@ipp2p.org>");
+MODULE_DESCRIPTION("An extension to iptables to identify P2P traffic.");
+MODULE_LICENSE("GPL");
+
+
+/*Search for UDP eDonkey/eMule/Kad commands*/
+int
+udp_search_edk (unsigned char *haystack, int packet_len)
+{
+ unsigned char *t = haystack;
+ t += 8;
+
+ switch (t[0]) {
+ case 0xe3:
+ { /*edonkey*/
+ switch (t[1])
+ {
+ /* client -> server status request */
+ case 0x96:
+ if (packet_len == 14) return ((IPP2P_EDK * 100) + 50);
+ break;
+ /* server -> client status request */
+ case 0x97: if (packet_len == 42) return ((IPP2P_EDK * 100) + 51);
+ break;
+ /* server description request */
+ /* e3 2a ff f0 .. | size == 6 */
+ case 0xa2: if ( (packet_len == 14) && ( get_u16(t,2) == __constant_htons(0xfff0) ) ) return ((IPP2P_EDK * 100) + 52);
+ break;
+ /* server description response */
+ /* e3 a3 ff f0 .. | size > 40 && size < 200 */
+ //case 0xa3: return ((IPP2P_EDK * 100) + 53);
+ // break;
+ case 0x9a: if (packet_len==26) return ((IPP2P_EDK * 100) + 54);
+ break;
+
+ case 0x92: if (packet_len==18) return ((IPP2P_EDK * 100) + 55);
+ break;
+ }
+ break;
+ }
+ case 0xe4:
+ {
+ switch (t[1])
+ {
+ /* e4 20 .. | size == 43 */
+ case 0x20: if ((packet_len == 43) && (t[2] != 0x00) && (t[34] != 0x00)) return ((IPP2P_EDK * 100) + 60);
+ break;
+ /* e4 00 .. 00 | size == 35 ? */
+ case 0x00: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 61);
+ break;
+ /* e4 10 .. 00 | size == 35 ? */
+ case 0x10: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 62);
+ break;
+ /* e4 18 .. 00 | size == 35 ? */
+ case 0x18: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 63);
+ break;
+ /* e4 52 .. | size = 44 */
+ case 0x52: if (packet_len == 44 ) return ((IPP2P_EDK * 100) + 64);
+ break;
+ /* e4 58 .. | size == 6 */
+ case 0x58: if (packet_len == 14 ) return ((IPP2P_EDK * 100) + 65);
+ break;
+ /* e4 59 .. | size == 2 */
+ case 0x59: if (packet_len == 10 )return ((IPP2P_EDK * 100) + 66);
+ break;
+ /* e4 28 .. | packet_len == 52,77,102,127... */
+ case 0x28: if (((packet_len-52) % 25) == 0) return ((IPP2P_EDK * 100) + 67);
+ break;
+ /* e4 50 xx xx | size == 4 */
+ case 0x50: if (packet_len == 12) return ((IPP2P_EDK * 100) + 68);
+ break;
+ /* e4 40 xx xx | size == 48 */
+ case 0x40: if (packet_len == 56) return ((IPP2P_EDK * 100) + 69);
+ break;
+ }
+ break;
+ }
+ } /* end of switch (t[0]) */
+ return 0;
+}/*udp_search_edk*/
+
+
+/*Search for UDP Gnutella commands*/
+int
+udp_search_gnu (unsigned char *haystack, int packet_len)
+{
+ unsigned char *t = haystack;
+ t += 8;
+
+ if (memcmp(t, "GND", 3) == 0) return ((IPP2P_GNU * 100) + 51);
+ if (memcmp(t, "GNUTELLA ", 9) == 0) return ((IPP2P_GNU * 100) + 52);
+ return 0;
+}/*udp_search_gnu*/
+
+
+/*Search for UDP KaZaA commands*/
+int
+udp_search_kazaa (unsigned char *haystack, int packet_len)
+{
+ unsigned char *t = haystack;
+
+ if (t[packet_len-1] == 0x00){
+ t += (packet_len - 6);
+ if (memcmp(t, "KaZaA", 5) == 0) return (IPP2P_KAZAA * 100 +50);
+ }
+
+ return 0;
+}/*udp_search_kazaa*/
+
+/*Search for UDP DirectConnect commands*/
+int
+udp_search_directconnect (unsigned char *haystack, int packet_len)
+{
+ unsigned char *t = haystack;
+ if ((*(t + 8) == 0x24) && (*(t + packet_len - 1) == 0x7c)) {
+ t+=8;
+ if (memcmp(t, "SR ", 3) == 0) return ((IPP2P_DC * 100) + 60);
+ if (memcmp(t, "Ping ", 5) == 0) return ((IPP2P_DC * 100) + 61);
+ }
+ return 0;
+}/*udp_search_directconnect*/
+
+
+
+/*Search for UDP BitTorrent commands*/
+int
+udp_search_bit (unsigned char *haystack, int packet_len)
+{
+ switch(packet_len)
+ {
+ case 24:
+ /* ^ 00 00 04 17 27 10 19 80 */
+ if ((ntohl(get_u32(haystack, 8)) == 0x00000417) && (ntohl(get_u32(haystack, 12)) == 0x27101980))
+ return (IPP2P_BIT * 100 + 50);
+ break;
+ case 44:
+ if (get_u32(haystack, 16) == __constant_htonl(0x00000400) && get_u32(haystack, 36) == __constant_htonl(0x00000104))
+ return (IPP2P_BIT * 100 + 51);
+ if (get_u32(haystack, 16) == __constant_htonl(0x00000400))
+ return (IPP2P_BIT * 100 + 61);
+ break;
+ case 65:
+ if (get_u32(haystack, 16) == __constant_htonl(0x00000404) && get_u32(haystack, 36) == __constant_htonl(0x00000104))
+ return (IPP2P_BIT * 100 + 52);
+ if (get_u32(haystack, 16) == __constant_htonl(0x00000404))
+ return (IPP2P_BIT * 100 + 62);
+ break;
+ case 67:
+ if (get_u32(haystack, 16) == __constant_htonl(0x00000406) && get_u32(haystack, 36) == __constant_htonl(0x00000104))
+ return (IPP2P_BIT * 100 + 53);
+ if (get_u32(haystack, 16) == __constant_htonl(0x00000406))
+ return (IPP2P_BIT * 100 + 63);
+ break;
+ case 211:
+ if (get_u32(haystack, 8) == __constant_htonl(0x00000405))
+ return (IPP2P_BIT * 100 + 54);
+ break;
+ case 29:
+ if ((get_u32(haystack, 8) == __constant_htonl(0x00000401)))
+ return (IPP2P_BIT * 100 + 55);
+ break;
+ case 52:
+ if (get_u32(haystack,8) == __constant_htonl(0x00000827) &&
+ get_u32(haystack,12) == __constant_htonl(0x37502950))
+ return (IPP2P_BIT * 100 + 80);
+ break;
+ default:
+ /* this packet does not have a constant size */
+ if (packet_len >= 40 && get_u32(haystack, 16) == __constant_htonl(0x00000402) && get_u32(haystack, 36) == __constant_htonl(0x00000104))
+ return (IPP2P_BIT * 100 + 56);
+ break;
+ }
+
+ /* some extra-bitcomet rules:
+ * "d1:" [a|r] "d2:id20:"
+ */
+ if (packet_len > 30 && get_u8(haystack, 8) == 'd' && get_u8(haystack, 9) == '1' && get_u8(haystack, 10) == ':' )
+ {
+ if (get_u8(haystack, 11) == 'a' || get_u8(haystack, 11) == 'r')
+ {
+ if (memcmp(haystack+12,"d2:id20:",8)==0)
+ return (IPP2P_BIT * 100 + 57);
+ }
+ }
+
+#if 0
+ /* bitlord rules */
+ /* packetlen must be bigger than 40 */
+ /* first 4 bytes are zero */
+ if (packet_len > 40 && get_u32(haystack, 8) == 0x00000000)
+ {
+ /* first rule: 00 00 00 00 01 00 00 xx xx xx xx 00 00 00 00*/
+ if (get_u32(haystack, 12) == 0x00000000 &&
+ get_u32(haystack, 16) == 0x00010000 &&
+ get_u32(haystack, 24) == 0x00000000 )
+ return (IPP2P_BIT * 100 + 71);
+
+ /* 00 01 00 00 0d 00 00 xx xx xx xx 00 00 00 00*/
+ if (get_u32(haystack, 12) == 0x00000001 &&
+ get_u32(haystack, 16) == 0x000d0000 &&
+ get_u32(haystack, 24) == 0x00000000 )
+ return (IPP2P_BIT * 100 + 71);
+
+
+ }
+#endif
+
+ return 0;
+}/*udp_search_bit*/
+
+
+
+/*Search for Ares commands*/
+//#define IPP2P_DEBUG_ARES
+int
+search_ares (const unsigned char *payload, const u16 plen)
+//int search_ares (unsigned char *haystack, int packet_len, int head_len)
+{
+// const unsigned char *t = haystack + head_len;
+
+ /* all ares packets start with */
+ if (payload[1] == 0 && (plen - payload[0]) == 3)
+ {
+ switch (payload[2])
+ {
+ case 0x5a:
+ /* ares connect */
+ if ( plen == 6 && payload[5] == 0x05 ) return ((IPP2P_ARES * 100) + 1);
+ break;
+ case 0x09:
+ /* ares search, min 3 chars --> 14 bytes
+ * lets define a search can be up to 30 chars --> max 34 bytes
+ */
+ if ( plen >= 14 && plen <= 34 ) return ((IPP2P_ARES * 100) + 1);
+ break;
+#ifdef IPP2P_DEBUG_ARES
+ default:
+ printk(KERN_DEBUG "Unknown Ares command %x recognized, len: %u \n", (unsigned int) payload[2],plen);
+#endif /* IPP2P_DEBUG_ARES */
+ }
+ }
+
+#if 0
+ /* found connect packet: 03 00 5a 04 03 05 */
+ /* new version ares 1.8: 03 00 5a xx xx 05 */
+ if ((plen) == 6){ /* possible connect command*/
+ if ((payload[0] == 0x03) && (payload[1] == 0x00) && (payload[2] == 0x5a) && (payload[5] == 0x05))
+ return ((IPP2P_ARES * 100) + 1);
+ }
+ if ((plen) == 60){ /* possible download command*/
+ if ((payload[59] == 0x0a) && (payload[58] == 0x0a)){
+ if (memcmp(t, "PUSH SHA1:", 10) == 0) /* found download command */
+ return ((IPP2P_ARES * 100) + 2);
+ }
+ }
+#endif
+
+ return 0;
+} /*search_ares*/
+
+/*Search for SoulSeek commands*/
+int
+search_soul (const unsigned char *payload, const u16 plen)
+{
+//#define IPP2P_DEBUG_SOUL
+ /* match: xx xx xx xx | xx = sizeof(payload) - 4 */
+ if (get_u32(payload, 0) == (plen - 4)){
+ const __u32 m=get_u32(payload, 4);
+ /* match 00 yy yy 00, yy can be everything */
+ if ( get_u8(payload, 4) == 0x00 && get_u8(payload, 7) == 0x00 )
+ {
+#ifdef IPP2P_DEBUG_SOUL
+ printk(KERN_DEBUG "0: Soulseek command 0x%x recognized\n",get_u32(payload, 4));
+#endif /* IPP2P_DEBUG_SOUL */
+ return ((IPP2P_SOUL * 100) + 1);
+ }
+
+ /* next match: 01 yy 00 00 | yy can be everything */
+ if ( get_u8(payload, 4) == 0x01 && get_u16(payload, 6) == 0x0000 )
+ {
+#ifdef IPP2P_DEBUG_SOUL
+ printk(KERN_DEBUG "1: Soulseek command 0x%x recognized\n",get_u16(payload, 4));
+#endif /* IPP2P_DEBUG_SOUL */
+ return ((IPP2P_SOUL * 100) + 2);
+ }
+
+ /* other soulseek commandos are: 1-5,7,9,13-18,22,23,26,28,35-37,40-46,50,51,60,62-69,91,92,1001 */
+ /* try to do this in an intelligent way */
+ /* get all small commandos */
+ switch(m)
+ {
+ case 7:
+ case 9:
+ case 22:
+ case 23:
+ case 26:
+ case 28:
+ case 50:
+ case 51:
+ case 60:
+ case 91:
+ case 92:
+ case 1001:
+#ifdef IPP2P_DEBUG_SOUL
+ printk(KERN_DEBUG "2: Soulseek command 0x%x recognized\n",get_u16(payload, 4));
+#endif /* IPP2P_DEBUG_SOUL */
+ return ((IPP2P_SOUL * 100) + 3);
+ }
+
+ if (m > 0 && m < 6 )
+ {
+#ifdef IPP2P_DEBUG_SOUL
+ printk(KERN_DEBUG "3: Soulseek command 0x%x recognized\n",get_u16(payload, 4));
+#endif /* IPP2P_DEBUG_SOUL */
+ return ((IPP2P_SOUL * 100) + 4);
+ }
+ if (m > 12 && m < 19 )
+ {
+#ifdef IPP2P_DEBUG_SOUL
+ printk(KERN_DEBUG "4: Soulseek command 0x%x recognized\n",get_u16(payload, 4));
+#endif /* IPP2P_DEBUG_SOUL */
+ return ((IPP2P_SOUL * 100) + 5);
+ }
+
+ if (m > 34 && m < 38 )
+ {
+#ifdef IPP2P_DEBUG_SOUL
+ printk(KERN_DEBUG "5: Soulseek command 0x%x recognized\n",get_u16(payload, 4));
+#endif /* IPP2P_DEBUG_SOUL */
+ return ((IPP2P_SOUL * 100) + 6);
+ }
+
+ if (m > 39 && m < 47 )
+ {
+#ifdef IPP2P_DEBUG_SOUL
+ printk(KERN_DEBUG "6: Soulseek command 0x%x recognized\n",get_u16(payload, 4));
+#endif /* IPP2P_DEBUG_SOUL */
+ return ((IPP2P_SOUL * 100) + 7);
+ }
+
+ if (m > 61 && m < 70 )
+ {
+#ifdef IPP2P_DEBUG_SOUL
+ printk(KERN_DEBUG "7: Soulseek command 0x%x recognized\n",get_u16(payload, 4));
+#endif /* IPP2P_DEBUG_SOUL */
+ return ((IPP2P_SOUL * 100) + 8);
+ }
+
+#ifdef IPP2P_DEBUG_SOUL
+ printk(KERN_DEBUG "unknown SOULSEEK command: 0x%x, first 16 bit: 0x%x, first 8 bit: 0x%x ,soulseek ???\n",get_u32(payload, 4),get_u16(payload, 4) >> 16,get_u8(payload, 4) >> 24);
+#endif /* IPP2P_DEBUG_SOUL */
+ }
+
+ /* match 14 00 00 00 01 yy 00 00 00 STRING(YY) 01 00 00 00 00 46|50 00 00 00 00 */
+ /* without size at the beginning !!! */
+ if ( get_u32(payload, 0) == 0x14 && get_u8(payload, 4) == 0x01 )
+ {
+ __u32 y=get_u32(payload, 5);
+ /* we need 19 chars + string */
+ if ( (y + 19) <= (plen) )
+ {
+ const unsigned char *w=payload+9+y;
+ if (get_u32(w, 0) == 0x01 && ( get_u16(w, 4) == 0x4600 || get_u16(w, 4) == 0x5000) && get_u32(w, 6) == 0x00);
+#ifdef IPP2P_DEBUG_SOUL
+ printk(KERN_DEBUG "Soulssek special client command recognized\n");
+#endif /* IPP2P_DEBUG_SOUL */
+ return ((IPP2P_SOUL * 100) + 9);
+ }
+ }
+ return 0;
+}
+
+
+/*Search for WinMX commands*/
+int
+search_winmx (const unsigned char *payload, const u16 plen)
+{
+//#define IPP2P_DEBUG_WINMX
+ if (((plen) == 4) && (memcmp(payload, "SEND", 4) == 0)) return ((IPP2P_WINMX * 100) + 1);
+ if (((plen) == 3) && (memcmp(payload, "GET", 3) == 0)) return ((IPP2P_WINMX * 100) + 2);
+ //if (packet_len < (head_len + 10)) return 0;
+ if (plen < 10) return 0;
+
+ if ((memcmp(payload, "SEND", 4) == 0) || (memcmp(payload, "GET", 3) == 0)){
+ u16 c=4;
+ const u16 end=plen-2;
+ u8 count=0;
+ while (c < end)
+ {
+ if (payload[c]== 0x20 && payload[c+1] == 0x22)
+ {
+ c++;
+ count++;
+ if (count>=2) return ((IPP2P_WINMX * 100) + 3);
+ }
+ c++;
+ }
+ }
+
+ if ( plen == 149 && payload[0] == '8' )
+ {
+#ifdef IPP2P_DEBUG_WINMX
+ printk(KERN_INFO "maybe WinMX\n");
+#endif
+ if (get_u32(payload,17) == 0 && get_u32(payload,21) == 0 && get_u32(payload,25) == 0 &&
+// get_u32(payload,33) == __constant_htonl(0x71182b1a) && get_u32(payload,37) == __constant_htonl(0x05050000) &&
+// get_u32(payload,133) == __constant_htonl(0x31097edf) && get_u32(payload,145) == __constant_htonl(0xdcb8f792))
+ get_u16(payload,39) == 0 && get_u16(payload,135) == __constant_htons(0x7edf) && get_u16(payload,147) == __constant_htons(0xf792))
+
+ {
+#ifdef IPP2P_DEBUG_WINMX
+ printk(KERN_INFO "got WinMX\n");
+#endif
+ return ((IPP2P_WINMX * 100) + 4);
+ }
+ }
+ return 0;
+} /*search_winmx*/
+
+
+/*Search for appleJuice commands*/
+int
+search_apple (const unsigned char *payload, const u16 plen)
+{
+ if ( (plen > 7) && (payload[6] == 0x0d) && (payload[7] == 0x0a) && (memcmp(payload, "ajprot", 6) == 0)) return (IPP2P_APPLE * 100);
+
+ return 0;
+}
+
+
+/*Search for BitTorrent commands*/
+int
+search_bittorrent (const unsigned char *payload, const u16 plen)
+{
+ if (plen > 20)
+ {
+ /* test for match 0x13+"BitTorrent protocol" */
+ if (payload[0] == 0x13)
+ {
+ if (memcmp(payload+1, "BitTorrent protocol", 19) == 0) return (IPP2P_BIT * 100);
+ }
+
+ /* get tracker commandos, all starts with GET /
+ * then it can follow: scrape| announce
+ * and then ?hash_info=
+ */
+ if (memcmp(payload,"GET /",5) == 0)
+ {
+ /* message scrape */
+ if ( memcmp(payload+5,"scrape?info_hash=",17)==0 ) return (IPP2P_BIT * 100 + 1);
+ /* message announce */
+ if ( memcmp(payload+5,"announce?info_hash=",19)==0 ) return (IPP2P_BIT * 100 + 2);
+ }
+ }
+ else
+ {
+ /* bitcomet encryptes the first packet, so we have to detect another
+ * one later in the flow */
+ /* first try failed, too many missdetections */
+ //if ( size == 5 && get_u32(t,0) == __constant_htonl(1) && t[4] < 3) return (IPP2P_BIT * 100 + 3);
+
+ /* second try: block request packets */
+ if ( plen == 17 && get_u32(payload,0) == __constant_htonl(0x0d) && payload[4] == 0x06 && get_u32(payload,13) == __constant_htonl(0x4000) ) return (IPP2P_BIT * 100 + 3);
+ }
+
+ return 0;
+}
+
+
+
+/*check for Kazaa get command*/
+int
+search_kazaa (const unsigned char *payload, const u16 plen)
+
+{
+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a) && memcmp(payload, "GET /.hash=", 11) == 0)
+ return (IPP2P_DATA_KAZAA * 100);
+
+ return 0;
+}
+
+
+/*check for gnutella get command*/
+int
+search_gnu (const unsigned char *payload, const u16 plen)
+{
+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a))
+ {
+ if (memcmp(payload, "GET /get/", 9) == 0) return ((IPP2P_DATA_GNU * 100) + 1);
+ if (memcmp(payload, "GET /uri-res/", 13) == 0) return ((IPP2P_DATA_GNU * 100) + 2);
+ }
+ return 0;
+}
+
+
+/*check for gnutella get commands and other typical data*/
+int
+search_all_gnu (const unsigned char *payload, const u16 plen)
+{
+
+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a))
+ {
+
+ if (memcmp(payload, "GNUTELLA CONNECT/", 17) == 0) return ((IPP2P_GNU * 100) + 1);
+ if (memcmp(payload, "GNUTELLA/", 9) == 0) return ((IPP2P_GNU * 100) + 2);
+
+
+ if ((memcmp(payload, "GET /get/", 9) == 0) || (memcmp(payload, "GET /uri-res/", 13) == 0))
+ {
+ u16 c=8;
+ const u16 end=plen-22;
+ while (c < end) {
+ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Gnutella-", 11) == 0) || (memcmp(&payload[c+2], "X-Queue:", 8) == 0)))
+ return ((IPP2P_GNU * 100) + 3);
+ c++;
+ }
+ }
+ }
+ return 0;
+}
+
+
+/*check for KaZaA download commands and other typical data*/
+int
+search_all_kazaa (const unsigned char *payload, const u16 plen)
+{
+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a))
+ {
+
+ if (memcmp(payload, "GIVE ", 5) == 0) return ((IPP2P_KAZAA * 100) + 1);
+
+ if (memcmp(payload, "GET /", 5) == 0) {
+ u16 c = 8;
+ const u16 end=plen-22;
+ while (c < end) {
+ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Kazaa-Username: ", 18) == 0) || (memcmp(&payload[c+2], "User-Agent: PeerEnabler/", 24) == 0)))
+ return ((IPP2P_KAZAA * 100) + 2);
+ c++;
+ }
+ }
+ }
+ return 0;
+}
+
+/*fast check for edonkey file segment transfer command*/
+int
+search_edk (const unsigned char *payload, const u16 plen)
+{
+ if (payload[0] != 0xe3)
+ return 0;
+ else {
+ if (payload[5] == 0x47)
+ return (IPP2P_DATA_EDK * 100);
+ else
+ return 0;
+ }
+}
+
+
+
+/*intensive but slower search for some edonkey packets including size-check*/
+int
+search_all_edk (const unsigned char *payload, const u16 plen)
+{
+ if (payload[0] != 0xe3)
+ return 0;
+ else {
+ //t += head_len;
+ const u16 cmd = get_u16(payload, 1);
+ if (cmd == (plen - 5)) {
+ switch (payload[5]) {
+ case 0x01: return ((IPP2P_EDK * 100) + 1); /*Client: hello or Server:hello*/
+ case 0x4c: return ((IPP2P_EDK * 100) + 9); /*Client: Hello-Answer*/
+ }
+ }
+ return 0;
+ }
+}
+
+
+/*fast check for Direct Connect send command*/
+int
+search_dc (const unsigned char *payload, const u16 plen)
+{
+
+ if (payload[0] != 0x24 )
+ return 0;
+ else {
+ if (memcmp(&payload[1], "Send|", 5) == 0)
+ return (IPP2P_DATA_DC * 100);
+ else
+ return 0;
+ }
+
+}
+
+
+/*intensive but slower check for all direct connect packets*/
+int
+search_all_dc (const unsigned char *payload, const u16 plen)
+{
+// unsigned char *t = haystack;
+
+ if (payload[0] == 0x24 && payload[plen-1] == 0x7c)
+ {
+ const unsigned char *t=&payload[1];
+ /* Client-Hub-Protocol */
+ if (memcmp(t, "Lock ", 5) == 0) return ((IPP2P_DC * 100) + 1);
+ /* Client-Client-Protocol, some are already recognized by client-hub (like lock) */
+ if (memcmp(t, "MyNick ", 7) == 0) return ((IPP2P_DC * 100) + 38);
+ }
+ return 0;
+}
+
+/*check for mute*/
+int
+search_mute (const unsigned char *payload, const u16 plen)
+{
+ if ( plen == 209 || plen == 345 || plen == 473 || plen == 609 || plen == 1121 )
+ {
+ //printk(KERN_DEBUG "size hit: %u",size);
+ if (memcmp(payload,"PublicKey: ",11) == 0 )
+ {
+ return ((IPP2P_MUTE * 100) + 0);
+
+/* if (memcmp(t+size-14,"\x0aEndPublicKey\x0a",14) == 0)
+ {
+ printk(KERN_DEBUG "end pubic key hit: %u",size);
+
+ }*/
+ }
+ }
+ return 0;
+}
+
+
+/* check for xdcc */
+int
+search_xdcc (const unsigned char *payload, const u16 plen)
+{
+ /* search in small packets only */
+ if (plen > 20 && plen < 200 && payload[plen-1] == 0x0a && payload[plen-2] == 0x0d && memcmp(payload,"PRIVMSG ",8) == 0)
+ {
+
+ u16 x=10;
+ const u16 end=plen - 13;
+
+ /* is seems to be a irc private massage, chedck for xdcc command */
+ while (x < end)
+ {
+ if (payload[x] == ':')
+ {
+ if ( memcmp(&payload[x+1],"xdcc send #",11) == 0 )
+ return ((IPP2P_XDCC * 100) + 0);
+ }
+ x++;
+ }
+ }
+ return 0;
+}
+
+/* search for waste */
+int search_waste(const unsigned char *payload, const u16 plen)
+{
+ if ( plen >= 8 && memcmp(payload,"GET.sha1:",9) == 0)
+ return ((IPP2P_WASTE * 100) + 0);
+
+ return 0;
+}
+
+
+static struct {
+ int command;
+ __u8 short_hand; /*for fucntions included in short hands*/
+ int packet_len;
+ int (*function_name) (const unsigned char *, const u16);
+} matchlist[] = {
+ {IPP2P_EDK,SHORT_HAND_IPP2P,20, &search_all_edk},
+// {IPP2P_DATA_KAZAA,SHORT_HAND_DATA,200, &search_kazaa},
+// {IPP2P_DATA_EDK,SHORT_HAND_DATA,60, &search_edk},
+// {IPP2P_DATA_DC,SHORT_HAND_DATA,26, &search_dc},
+ {IPP2P_DC,SHORT_HAND_IPP2P,5, search_all_dc},
+// {IPP2P_DATA_GNU,SHORT_HAND_DATA,40, &search_gnu},
+ {IPP2P_GNU,SHORT_HAND_IPP2P,5, &search_all_gnu},
+ {IPP2P_KAZAA,SHORT_HAND_IPP2P,5, &search_all_kazaa},
+ {IPP2P_BIT,SHORT_HAND_IPP2P,20, &search_bittorrent},
+ {IPP2P_APPLE,SHORT_HAND_IPP2P,5, &search_apple},
+ {IPP2P_SOUL,SHORT_HAND_IPP2P,5, &search_soul},
+ {IPP2P_WINMX,SHORT_HAND_IPP2P,2, &search_winmx},
+ {IPP2P_ARES,SHORT_HAND_IPP2P,5, &search_ares},
+ {IPP2P_MUTE,SHORT_HAND_NONE,200, &search_mute},
+ {IPP2P_WASTE,SHORT_HAND_NONE,5, &search_waste},
+ {IPP2P_XDCC,SHORT_HAND_NONE,5, &search_xdcc},
+ {0,0,0,NULL}
+};
+
+
+static struct {
+ int command;
+ __u8 short_hand; /*for fucntions included in short hands*/
+ int packet_len;
+ int (*function_name) (unsigned char *, int);
+} udp_list[] = {
+ { IPP2P_KAZAA, SHORT_HAND_IPP2P, 14, &udp_search_kazaa},
+ { IPP2P_BIT, SHORT_HAND_IPP2P, 23, &udp_search_bit},
+ { IPP2P_GNU, SHORT_HAND_IPP2P, 11, &udp_search_gnu},
+ { IPP2P_EDK, SHORT_HAND_IPP2P, 9, &udp_search_edk},
+ { IPP2P_DC, SHORT_HAND_IPP2P, 12, &udp_search_directconnect},
+ { 0, 0, 0, NULL }
+};
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
+static bool
+#else
+static int
+#endif
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+ const struct xt_match *match,
+#endif
+ const void *matchinfo,
+ int offset,
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+ const void *hdr,
+ u_int16_t datalen,
+#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
+ unsigned int protoff,
+#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
+ bool *hotdrop)
+#else
+ bool *hotdrop)
+#endif
+{
+ const struct ipt_p2p_info *info = matchinfo;
+ unsigned char *haystack;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
+ struct iphdr *ip = ip_hdr(skb);
+#else
+ struct iphdr *ip = skb->nh.iph;
+#endif
+ int p2p_result = 0, i = 0;
+// int head_len;
+ int hlen = ntohs(ip->tot_len)-(ip->ihl*4); /*hlen = packet-data length*/
+
+ /*must not be a fragment*/
+ if (offset) {
+ if (info->debug) printk("IPP2P.match: offset found %i \n",offset);
+ return 0;
+ }
+
+ /*make sure that skb is linear*/
+ if(skb_is_nonlinear(skb)){
+ if (info->debug) printk("IPP2P.match: nonlinear skb found\n");
+ return 0;
+ }
+
+
+ haystack=(char *)ip+(ip->ihl*4); /*haystack = packet data*/
+
+ switch (ip->protocol){
+ case IPPROTO_TCP: /*what to do with a TCP packet*/
+ {
+ struct tcphdr *tcph = (void *) ip + ip->ihl * 4;
+
+ if (tcph->fin) return 0; /*if FIN bit is set bail out*/
+ if (tcph->syn) return 0; /*if SYN bit is set bail out*/
+ if (tcph->rst) return 0; /*if RST bit is set bail out*/
+
+ haystack += tcph->doff * 4; /*get TCP-Header-Size*/
+ hlen -= tcph->doff * 4;
+ while (matchlist[i].command) {
+ if ((((info->cmd & matchlist[i].command) == matchlist[i].command) ||
+ ((info->cmd & matchlist[i].short_hand) == matchlist[i].short_hand)) &&
+ (hlen > matchlist[i].packet_len)) {
+ p2p_result = matchlist[i].function_name(haystack, hlen);
+ if (p2p_result)
+ {
+ if (info->debug) printk("IPP2P.debug:TCP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n",
+ p2p_result, NIPQUAD(ip->saddr),ntohs(tcph->source), NIPQUAD(ip->daddr),ntohs(tcph->dest),hlen);
+ return p2p_result;
+ }
+ }
+ i++;
+ }
+ return p2p_result;
+ }
+
+ case IPPROTO_UDP: /*what to do with an UDP packet*/
+ {
+ struct udphdr *udph = (void *) ip + ip->ihl * 4;
+
+ while (udp_list[i].command){
+ if ((((info->cmd & udp_list[i].command) == udp_list[i].command) ||
+ ((info->cmd & udp_list[i].short_hand) == udp_list[i].short_hand)) &&
+ (hlen > udp_list[i].packet_len)) {
+ p2p_result = udp_list[i].function_name(haystack, hlen);
+ if (p2p_result){
+ if (info->debug) printk("IPP2P.debug:UDP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n",
+ p2p_result, NIPQUAD(ip->saddr),ntohs(udph->source), NIPQUAD(ip->daddr),ntohs(udph->dest),hlen);
+ return p2p_result;
+ }
+ }
+ i++;
+ }
+ return p2p_result;
+ }
+
+ default: return 0;
+ }
+}
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
+static bool
+#else
+static int
+#endif
+checkentry(const char *tablename,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
+ const void *ip,
+#else
+ const struct ipt_ip *ip,
+#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+ const struct xt_match *match,
+#endif
+ void *matchinfo,
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+ unsigned int matchsize,
+#endif
+ unsigned int hook_mask)
+{
+ /* Must specify -p tcp */
+/* if (ip->proto != IPPROTO_TCP || (ip->invflags & IPT_INV_PROTO)) {
+ * printk("ipp2p: Only works on TCP packets, use -p tcp\n");
+ * return 0;
+ * }*/
+ return 1;
+}
+
+
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+static struct xt_match ipp2p_match = {
+#else
+static struct ipt_match ipp2p_match = {
+#endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+ { NULL, NULL },
+ "ipp2p",
+ &ipp2p_match,
+ &ipp2p_checkentry,
+ NULL,
+ THIS_MODULE
+#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
+ .name = "ipp2p",
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+ .family = AF_INET,
+#endif
+ .match = &match,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+ .matchsize = sizeof(struct ipt_p2p_info),
+#endif
+ .checkentry = &checkentry,
+ .me = THIS_MODULE,
+#endif
+};
+
+
+static int __init init(void)
+{
+ printk(KERN_INFO "IPP2P v%s loading\n", IPP2P_VERSION);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+ return xt_register_match(&ipp2p_match);
+#else
+ return ipt_register_match(&ipp2p_match);
+#endif
+}
+
+static void __exit fini(void)
+{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+ xt_unregister_match(&ipp2p_match);
+#else
+ ipt_unregister_match(&ipp2p_match);
+#endif
+ printk(KERN_INFO "IPP2P v%s unloaded\n", IPP2P_VERSION);
+}
+
+module_init(init);
+module_exit(fini);
+
+