📄 110-ipp2p_0.8.1rc1.patch
字号:
+search_apple (const unsigned char *payload, const u16 plen)+{+ if ( (plen > 7) && (payload[6] == 0x0d) && (payload[7] == 0x0a) && (memcmp(payload, "ajprot", 6) == 0)) return (IPP2P_APPLE * 100);++ return 0;+}+++/*Search for BitTorrent commands*/+int+search_bittorrent (const unsigned char *payload, const u16 plen)+{+ if (plen > 20)+ {+ /* test for match 0x13+"BitTorrent protocol" */+ if (payload[0] == 0x13)+ {+ if (memcmp(payload+1, "BitTorrent protocol", 19) == 0) return (IPP2P_BIT * 100);+ }++ /* get tracker commandos, all starts with GET /+ * then it can follow: scrape| announce+ * and then ?hash_info=+ */+ if (memcmp(payload,"GET /",5) == 0)+ {+ /* message scrape */+ if ( memcmp(payload+5,"scrape?info_hash=",17)==0 ) return (IPP2P_BIT * 100 + 1);+ /* message announce */+ if ( memcmp(payload+5,"announce?info_hash=",19)==0 ) return (IPP2P_BIT * 100 + 2);+ }+ }+ else+ {+ /* bitcomet encryptes the first packet, so we have to detect another+ * one later in the flow */+ /* first try failed, too many missdetections */+ //if ( size == 5 && get_u32(t,0) == __constant_htonl(1) && t[4] < 3) return (IPP2P_BIT * 100 + 3);++ /* second try: block request packets */+ if ( plen == 17 && get_u32(payload,0) == __constant_htonl(0x0d) && payload[4] == 0x06 && get_u32(payload,13) == __constant_htonl(0x4000) ) return (IPP2P_BIT * 100 + 3);+ }++ return 0;+}++++/*check for Kazaa get command*/+int+search_kazaa (const unsigned char *payload, const u16 plen)++{+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a) && memcmp(payload, "GET /.hash=", 11) == 0)+ return (IPP2P_DATA_KAZAA * 100);++ return 0;+}+++/*check for gnutella get command*/+int+search_gnu (const unsigned char *payload, const u16 plen)+{+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a))+ {+ if (memcmp(payload, "GET /get/", 9) == 0) return ((IPP2P_DATA_GNU * 100) + 1);+ if (memcmp(payload, "GET /uri-res/", 13) == 0) return ((IPP2P_DATA_GNU * 100) + 2);+ }+ return 0;+}+++/*check for gnutella get commands and other typical data*/+int+search_all_gnu (const unsigned char *payload, const u16 plen)+{++ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a))+ {++ if (memcmp(payload, "GNUTELLA CONNECT/", 17) == 0) return ((IPP2P_GNU * 100) + 1);+ if (memcmp(payload, "GNUTELLA/", 9) == 0) return ((IPP2P_GNU * 100) + 2);+++ if ((memcmp(payload, "GET /get/", 9) == 0) || (memcmp(payload, "GET /uri-res/", 13) == 0))+ {+ u16 c=8;+ const u16 end=plen-22;+ while (c < end) {+ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Gnutella-", 11) == 0) || (memcmp(&payload[c+2], "X-Queue:", 8) == 0)))+ return ((IPP2P_GNU * 100) + 3);+ c++;+ }+ }+ }+ return 0;+}+++/*check for KaZaA download commands and other typical data*/+int+search_all_kazaa (const unsigned char *payload, const u16 plen)+{+ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a))+ {++ if (memcmp(payload, "GIVE ", 5) == 0) return ((IPP2P_KAZAA * 100) + 1);++ if (memcmp(payload, "GET /", 5) == 0) {+ u16 c = 8;+ const u16 end=plen-22;+ while (c < end) {+ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Kazaa-Username: ", 18) == 0) || (memcmp(&payload[c+2], "User-Agent: PeerEnabler/", 24) == 0)))+ return ((IPP2P_KAZAA * 100) + 2);+ c++;+ }+ }+ }+ return 0;+}++/*fast check for edonkey file segment transfer command*/+int+search_edk (const unsigned char *payload, const u16 plen)+{+ if (payload[0] != 0xe3)+ return 0;+ else {+ if (payload[5] == 0x47)+ return (IPP2P_DATA_EDK * 100);+ else+ return 0;+ }+}++++/*intensive but slower search for some edonkey packets including size-check*/+int+search_all_edk (const unsigned char *payload, const u16 plen)+{+ if (payload[0] != 0xe3)+ return 0;+ else {+ //t += head_len;+ const u16 cmd = get_u16(payload, 1);+ if (cmd == (plen - 5)) {+ switch (payload[5]) {+ case 0x01: return ((IPP2P_EDK * 100) + 1); /*Client: hello or Server:hello*/+ case 0x4c: return ((IPP2P_EDK * 100) + 9); /*Client: Hello-Answer*/+ }+ }+ return 0;+ }+}+++/*fast check for Direct Connect send command*/+int+search_dc (const unsigned char *payload, const u16 plen)+{++ if (payload[0] != 0x24 )+ return 0;+ else {+ if (memcmp(&payload[1], "Send|", 5) == 0)+ return (IPP2P_DATA_DC * 100);+ else+ return 0;+ }++}+++/*intensive but slower check for all direct connect packets*/+int+search_all_dc (const unsigned char *payload, const u16 plen)+{+// unsigned char *t = haystack;++ if (payload[0] == 0x24 && payload[plen-1] == 0x7c)+ {+ const unsigned char *t=&payload[1];+ /* Client-Hub-Protocol */+ if (memcmp(t, "Lock ", 5) == 0) return ((IPP2P_DC * 100) + 1);+ /* Client-Client-Protocol, some are already recognized by client-hub (like lock) */+ if (memcmp(t, "MyNick ", 7) == 0) return ((IPP2P_DC * 100) + 38);+ }+ return 0;+}++/*check for mute*/+int+search_mute (const unsigned char *payload, const u16 plen)+{+ if ( plen == 209 || plen == 345 || plen == 473 || plen == 609 || plen == 1121 )+ {+ //printk(KERN_DEBUG "size hit: %u",size);+ if (memcmp(payload,"PublicKey: ",11) == 0 )+ {+ return ((IPP2P_MUTE * 100) + 0);++/* if (memcmp(t+size-14,"\x0aEndPublicKey\x0a",14) == 0)+ {+ printk(KERN_DEBUG "end pubic key hit: %u",size);++ }*/+ }+ }+ return 0;+}+++/* check for xdcc */+int+search_xdcc (const unsigned char *payload, const u16 plen)+{+ /* search in small packets only */+ if (plen > 20 && plen < 200 && payload[plen-1] == 0x0a && payload[plen-2] == 0x0d && memcmp(payload,"PRIVMSG ",8) == 0)+ {++ u16 x=10;+ const u16 end=plen - 13;++ /* is seems to be a irc private massage, chedck for xdcc command */+ while (x < end)+ {+ if (payload[x] == ':')+ {+ if ( memcmp(&payload[x+1],"xdcc send #",11) == 0 )+ return ((IPP2P_XDCC * 100) + 0);+ }+ x++;+ }+ }+ return 0;+}++/* search for waste */+int search_waste(const unsigned char *payload, const u16 plen)+{+ if ( plen >= 8 && memcmp(payload,"GET.sha1:",9) == 0)+ return ((IPP2P_WASTE * 100) + 0);++ return 0;+}+++static struct {+ int command;+ __u8 short_hand; /*for fucntions included in short hands*/+ int packet_len;+ int (*function_name) (const unsigned char *, const u16);+} matchlist[] = {+ {IPP2P_EDK,SHORT_HAND_IPP2P,20, &search_all_edk},+// {IPP2P_DATA_KAZAA,SHORT_HAND_DATA,200, &search_kazaa},+// {IPP2P_DATA_EDK,SHORT_HAND_DATA,60, &search_edk},+// {IPP2P_DATA_DC,SHORT_HAND_DATA,26, &search_dc},+ {IPP2P_DC,SHORT_HAND_IPP2P,5, search_all_dc},+// {IPP2P_DATA_GNU,SHORT_HAND_DATA,40, &search_gnu},+ {IPP2P_GNU,SHORT_HAND_IPP2P,5, &search_all_gnu},+ {IPP2P_KAZAA,SHORT_HAND_IPP2P,5, &search_all_kazaa},+ {IPP2P_BIT,SHORT_HAND_IPP2P,20, &search_bittorrent},+ {IPP2P_APPLE,SHORT_HAND_IPP2P,5, &search_apple},+ {IPP2P_SOUL,SHORT_HAND_IPP2P,5, &search_soul},+ {IPP2P_WINMX,SHORT_HAND_IPP2P,2, &search_winmx},+ {IPP2P_ARES,SHORT_HAND_IPP2P,5, &search_ares},+ {IPP2P_MUTE,SHORT_HAND_NONE,200, &search_mute},+ {IPP2P_WASTE,SHORT_HAND_NONE,5, &search_waste},+ {IPP2P_XDCC,SHORT_HAND_NONE,5, &search_xdcc},+ {0,0,0,NULL}+};+++static struct {+ int command;+ __u8 short_hand; /*for fucntions included in short hands*/+ int packet_len;+ int (*function_name) (unsigned char *, int);+} udp_list[] = {+ {IPP2P_KAZAA,SHORT_HAND_IPP2P,14, &udp_search_kazaa},+ {IPP2P_BIT,SHORT_HAND_IPP2P,23, &udp_search_bit},+ {IPP2P_GNU,SHORT_HAND_IPP2P,11, &udp_search_gnu},+ {IPP2P_EDK,SHORT_HAND_IPP2P,9, &udp_search_edk},+ {IPP2P_DC,SHORT_HAND_IPP2P,12, &udp_search_directconnect},+ {0,0,0,NULL}+};+++static int+match(const struct sk_buff *skb,+ const struct net_device *in,+ const struct net_device *out,+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)+ const struct xt_match *match,+#endif+ const void *matchinfo,+ int offset,+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)+ unsigned int protoff,+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)+ const void *hdr,+ u_int16_t datalen,+#endif+ int *hotdrop)+{+ const struct ipt_p2p_info *info = matchinfo;+ unsigned char *haystack;+ struct iphdr *ip = ip_hdr(skb);+ int p2p_result = 0, i = 0;+// int head_len;+ int hlen = ntohs(ip->tot_len)-(ip->ihl*4); /*hlen = packet-data length*/++ /*must not be a fragment*/+ if (offset) {+ if (info->debug) printk("IPP2P.match: offset found %i \n",offset);+ return 0;+ }++ /*make sure that skb is linear*/+ if(skb_is_nonlinear(skb)){+ if (info->debug) printk("IPP2P.match: nonlinear skb found\n");+ return 0;+ }+++ haystack=(char *)ip+(ip->ihl*4); /*haystack = packet data*/++ switch (ip->protocol){+ case IPPROTO_TCP: /*what to do with a TCP packet*/+ {+ struct tcphdr *tcph = (void *) ip + ip->ihl * 4;++ if (tcph->fin) return 0; /*if FIN bit is set bail out*/+ if (tcph->syn) return 0; /*if SYN bit is set bail out*/+ if (tcph->rst) return 0; /*if RST bit is set bail out*/++ haystack += tcph->doff * 4; /*get TCP-Header-Size*/+ hlen -= tcph->doff * 4;+ while (matchlist[i].command) {+ if ((((info->cmd & matchlist[i].command) == matchlist[i].command) ||+ ((info->cmd & matchlist[i].short_hand) == matchlist[i].short_hand)) &&+ (hlen > matchlist[i].packet_len)) {+ p2p_result = matchlist[i].function_name(haystack, hlen);+ if (p2p_result)+ {+ if (info->debug) printk("IPP2P.debug:TCP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n",+ p2p_result, NIPQUAD(ip->saddr),ntohs(tcph->source), NIPQUAD(ip->daddr),ntohs(tcph->dest),hlen);+ return p2p_result;+ }+ }+ i++;+ }+ return p2p_result;+ }++ case IPPROTO_UDP: /*what to do with an UDP packet*/+ {+ struct udphdr *udph = (void *) ip + ip->ihl * 4;++ while (udp_list[i].command){+ if ((((info->cmd & udp_list[i].command) == udp_list[i].command) ||+ ((info->cmd & udp_list[i].short_hand) == udp_list[i].short_hand)) &&+ (hlen > udp_list[i].packet_len)) {+ p2p_result = udp_list[i].function_name(haystack, hlen);+ if (p2p_result){+ if (info->debug) printk("IPP2P.debug:UDP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n",+ p2p_result, NIPQUAD(ip->saddr),ntohs(udph->source), NIPQUAD(ip->daddr),ntohs(udph->dest),hlen);+ return p2p_result;+ }+ }+ i++;+ }+ return p2p_result;+ }++ default: return 0;+ }+}++++static int+checkentry(const char *tablename,+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)+ const void *ip,+ const struct xt_match *match,+#else+ const struct ipt_ip *ip,+#endif+ void *matchinfo,+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)+ unsigned int matchsize,+#endif+ unsigned int hook_mask)+{+ /* Must specify -p tcp */+/* if (ip->proto != IPPROTO_TCP || (ip->invflags & IPT_INV_PROTO)) {+ * printk("ipp2p: Only works on TCP packets, use -p tcp\n");+ * return 0;+ * }*/+ return 1;+}+++++static struct ipt_match ipp2p_match = {+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)+ { NULL, NULL },+ "ipp2p",+ &match,+ &checkentry,+ NULL,+ THIS_MODULE+#endif+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)+ .name = "ipp2p",+ .match = &match,+ .family = AF_INET,+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)+ .matchsize = sizeof(struct ipt_p2p_info),+#endif+ .checkentry = &checkentry,+ .me = THIS_MODULE,+#endif+};+++static int __init init(void)+{+ printk(KERN_INFO "IPP2P v%s loading\n", IPP2P_VERSION);+ return xt_register_match(&ipp2p_match);+}++static void __exit fini(void)+{+ xt_unregister_match(&ipp2p_match);+ printk(KERN_INFO "IPP2P v%s unloaded\n", IPP2P_VERSION);+}++module_init(init);+module_exit(fini);++Index: linux-2.6.21.7/net/ipv4/netfilter/Kconfig===================================================================--- linux-2.6.21.7.orig/net/ipv4/netfilter/Kconfig+++ linux-2.6.21.7/net/ipv4/netfilter/Kconfig@@ -245,6 +245,12 @@ config IP_NF_MATCH_IPRANGE To compile it as a module, choose M here. If unsure, say N. +config IP_NF_MATCH_IPP2P+ tristate "IPP2P"+ depends on IP_NF_IPTABLES+ help+ Module for matching traffic of various Peer-to-Peer applications+ config IP_NF_MATCH_TOS tristate "TOS match support" depends on IP_NF_IPTABLESIndex: linux-2.6.21.7/net/ipv4/netfilter/Makefile===================================================================--- linux-2.6.21.7.orig/net/ipv4/netfilter/Makefile+++ linux-2.6.21.7/net/ipv4/netfilter/Makefile@@ -91,6 +91,7 @@ obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o+obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o # targets obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -