qos-scripts: remove ipp2p from the default ruleset
[openwrt/svn-archive/archive.git] / package / iptables / patches / 1.3.8 / 001-ipp2p_0.8.1rc1.patch
1 Index: iptables-1.3.8/extensions/Makefile
2 ===================================================================
3 --- iptables-1.3.8.orig/extensions/Makefile
4 +++ iptables-1.3.8/extensions/Makefile
5 @@ -13,6 +13,10 @@ PF_EXT_SE_SLIB:=SECMARK CONNSECMARK
6 PF6_EXT_SE_SLIB:=SECMARK CONNSECMARK
7 endif
8
9 +
10 +# ipp2p
11 +PF_EXT_SLIB += ipp2p
12 +
13 # Optionals
14 PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
15 PF6_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test6),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
16 Index: iptables-1.3.8/extensions/libipt_ipp2p.c
17 ===================================================================
18 --- /dev/null
19 +++ iptables-1.3.8/extensions/libipt_ipp2p.c
20 @@ -0,0 +1,401 @@
21 +
22 +#include <stdio.h>
23 +#include <netdb.h>
24 +#include <string.h>
25 +#include <stdlib.h>
26 +#include <getopt.h>
27 +#include <ctype.h>
28 +
29 +#include <iptables.h>
30 +
31 +#include <linux/netfilter_ipv4/ipt_ipp2p.h>
32 +
33 +static void
34 +help(void)
35 +{
36 + printf(
37 + "IPP2P v%s options:\n"
38 + " --ipp2p Grab all known p2p packets\n"
39 + " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n"
40 + " --dc [TCP] All known Direct Connect packets\n"
41 + " --kazaa [TCP&UDP] All known KaZaA packets\n"
42 + " --gnu [TCP&UDP] All known Gnutella packets\n"
43 + " --bit [TCP&UDP] All known BitTorrent packets\n"
44 + " --apple [TCP] All known AppleJuice packets\n"
45 + " --winmx [TCP] All known WinMX\n"
46 + " --soul [TCP] All known SoulSeek\n"
47 + " --ares [TCP] All known Ares\n\n"
48 + " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n"
49 + " --mute [TCP] All known Mute packets\n"
50 + " --waste [TCP] All known Waste packets\n"
51 + " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n"
52 + " DEBUG SUPPPORT, use only if you know why\n"
53 + " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n"
54 + "\nNote that the follwing options will have the same meaning:\n"
55 + " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n"
56 + "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n"
57 + "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n"
58 + "\nSee README included with this package for more details or visit http://www.ipp2p.org\n"
59 + "\nExamples:\n"
60 + " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n"
61 + " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n"
62 + " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n"
63 + , IPP2P_VERSION);
64 +}
65 +
66 +static struct option opts[] = {
67 + { "ipp2p", 0, 0, '1' },
68 + { "edk", 0, 0, '2' },
69 + { "dc", 0, 0, '7' },
70 + { "gnu", 0, 0, '9' },
71 + { "kazaa", 0, 0, 'a' },
72 + { "bit", 0, 0, 'b' },
73 + { "apple", 0, 0, 'c' },
74 + { "soul", 0, 0, 'd' },
75 + { "winmx", 0, 0, 'e' },
76 + { "ares", 0, 0, 'f' },
77 + { "mute", 0, 0, 'g' },
78 + { "waste", 0, 0, 'h' },
79 + { "xdcc", 0, 0, 'i' },
80 + { "debug", 0, 0, 'j' },
81 + {0}
82 +};
83 +
84 +
85 +
86 +static void
87 +init(struct ipt_entry_match *m, unsigned int *nfcache)
88 +{
89 + struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data;
90 +
91 + *nfcache |= NFC_UNKNOWN;
92 +
93 + /*init the module with default values*/
94 + info->cmd = 0;
95 + info->debug = 0;
96 +
97 +}
98 +
99 +
100 +static int
101 +parse(int c, char **argv, int invert, unsigned int *flags,
102 + const struct ipt_entry *entry,
103 + unsigned int *nfcache,
104 + struct ipt_entry_match **match)
105 +{
106 + struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data;
107 +
108 + switch (c) {
109 + case '1': /*cmd: ipp2p*/
110 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
111 + exit_error(PARAMETER_PROBLEM,
112 + "ipp2p: `--ipp2p' may only be "
113 + "specified once!");
114 +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
115 + exit_error(PARAMETER_PROBLEM,
116 + "ipp2p: `--ipp2p-data' may only be "
117 + "specified alone!");*/
118 + if ((*flags) != 0)
119 + exit_error(PARAMETER_PROBLEM,
120 + "ipp2p: `--ipp2p' may only be "
121 + "specified alone!");
122 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
123 + *flags += SHORT_HAND_IPP2P;
124 + info->cmd = *flags;
125 + break;
126 +
127 + case '2': /*cmd: edk*/
128 + if ((*flags & IPP2P_EDK) == IPP2P_EDK)
129 + exit_error(PARAMETER_PROBLEM,
130 + "ipp2p: `--edk' may only be "
131 + "specified once");
132 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
133 + exit_error(PARAMETER_PROBLEM,
134 + "ipp2p: `--ipp2p' may only be "
135 + "specified alone!");
136 +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
137 + exit_error(PARAMETER_PROBLEM,
138 + "ipp2p: `--ipp2p-data' may only be "
139 + "specified alone!");*/
140 + if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK)
141 + exit_error(PARAMETER_PROBLEM,
142 + "ipp2p: use `--edk' OR `--edk-data' but not both of them!");
143 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
144 + *flags += IPP2P_EDK;
145 + info->cmd = *flags;
146 + break;
147 +
148 +
149 + case '7': /*cmd: dc*/
150 + if ((*flags & IPP2P_DC) == IPP2P_DC)
151 + exit_error(PARAMETER_PROBLEM,
152 + "ipp2p: `--dc' may only be "
153 + "specified once!");
154 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
155 + exit_error(PARAMETER_PROBLEM,
156 + "ipp2p: `--ipp2p' may only be "
157 + "specified alone!");
158 +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
159 + exit_error(PARAMETER_PROBLEM,
160 + "ipp2p: `--ipp2p-data' may only be "
161 + "specified alone!");*/
162 + if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC)
163 + exit_error(PARAMETER_PROBLEM,
164 + "ipp2p: use `--dc' OR `--dc-data' but not both of them!");
165 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
166 + *flags += IPP2P_DC;
167 + info->cmd = *flags;
168 + break;
169 +
170 +
171 + case '9': /*cmd: gnu*/
172 + if ((*flags & IPP2P_GNU) == IPP2P_GNU)
173 + exit_error(PARAMETER_PROBLEM,
174 + "ipp2p: `--gnu' may only be "
175 + "specified once!");
176 +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
177 + exit_error(PARAMETER_PROBLEM,
178 + "ipp2p: `--ipp2p-data' may only be "
179 + "specified alone!");*/
180 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
181 + exit_error(PARAMETER_PROBLEM,
182 + "ipp2p: `--ipp2p' may only be "
183 + "specified alone!");
184 + if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU)
185 + exit_error(PARAMETER_PROBLEM,
186 + "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!");
187 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
188 + *flags += IPP2P_GNU;
189 + info->cmd = *flags;
190 + break;
191 +
192 + case 'a': /*cmd: kazaa*/
193 + if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA)
194 + exit_error(PARAMETER_PROBLEM,
195 + "ipp2p: `--kazaa' may only be "
196 + "specified once!");
197 +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
198 + exit_error(PARAMETER_PROBLEM,
199 + "ipp2p: `--ipp2p-data' may only be "
200 + "specified alone!");*/
201 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
202 + exit_error(PARAMETER_PROBLEM,
203 + "ipp2p: `--ipp2p' may only be "
204 + "specified alone!");
205 + if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA)
206 + exit_error(PARAMETER_PROBLEM,
207 + "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!");
208 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
209 + *flags += IPP2P_KAZAA;
210 + info->cmd = *flags;
211 + break;
212 +
213 + case 'b': /*cmd: bit*/
214 + if ((*flags & IPP2P_BIT) == IPP2P_BIT)
215 + exit_error(PARAMETER_PROBLEM,
216 + "ipp2p: `--bit' may only be "
217 + "specified once!");
218 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
219 + exit_error(PARAMETER_PROBLEM,
220 + "ipp2p: `--ipp2p' may only be "
221 + "specified alone!");
222 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
223 + *flags += IPP2P_BIT;
224 + info->cmd = *flags;
225 + break;
226 +
227 + case 'c': /*cmd: apple*/
228 + if ((*flags & IPP2P_APPLE) == IPP2P_APPLE)
229 + exit_error(PARAMETER_PROBLEM,
230 + "ipp2p: `--apple' may only be "
231 + "specified once!");
232 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
233 + exit_error(PARAMETER_PROBLEM,
234 + "ipp2p: `--ipp2p' may only be "
235 + "specified alone!");
236 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
237 + *flags += IPP2P_APPLE;
238 + info->cmd = *flags;
239 + break;
240 +
241 +
242 + case 'd': /*cmd: soul*/
243 + if ((*flags & IPP2P_SOUL) == IPP2P_SOUL)
244 + exit_error(PARAMETER_PROBLEM,
245 + "ipp2p: `--soul' may only be "
246 + "specified once!");
247 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
248 + exit_error(PARAMETER_PROBLEM,
249 + "ipp2p: `--ipp2p' may only be "
250 + "specified alone!");
251 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
252 + *flags += IPP2P_SOUL;
253 + info->cmd = *flags;
254 + break;
255 +
256 +
257 + case 'e': /*cmd: winmx*/
258 + if ((*flags & IPP2P_WINMX) == IPP2P_WINMX)
259 + exit_error(PARAMETER_PROBLEM,
260 + "ipp2p: `--winmx' may only be "
261 + "specified once!");
262 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
263 + exit_error(PARAMETER_PROBLEM,
264 + "ipp2p: `--ipp2p' may only be "
265 + "specified alone!");
266 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
267 + *flags += IPP2P_WINMX;
268 + info->cmd = *flags;
269 + break;
270 +
271 + case 'f': /*cmd: ares*/
272 + if ((*flags & IPP2P_ARES) == IPP2P_ARES)
273 + exit_error(PARAMETER_PROBLEM,
274 + "ipp2p: `--ares' may only be "
275 + "specified once!");
276 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
277 + exit_error(PARAMETER_PROBLEM,
278 + "ipp2p: `--ipp2p' may only be "
279 + "specified alone!");
280 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
281 + *flags += IPP2P_ARES;
282 + info->cmd = *flags;
283 + break;
284 +
285 + case 'g': /*cmd: mute*/
286 + if ((*flags & IPP2P_MUTE) == IPP2P_MUTE)
287 + exit_error(PARAMETER_PROBLEM,
288 + "ipp2p: `--mute' may only be "
289 + "specified once!");
290 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
291 + *flags += IPP2P_MUTE;
292 + info->cmd = *flags;
293 + break;
294 + case 'h': /*cmd: waste*/
295 + if ((*flags & IPP2P_WASTE) == IPP2P_WASTE)
296 + exit_error(PARAMETER_PROBLEM,
297 + "ipp2p: `--waste' may only be "
298 + "specified once!");
299 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
300 + *flags += IPP2P_WASTE;
301 + info->cmd = *flags;
302 + break;
303 + case 'i': /*cmd: xdcc*/
304 + if ((*flags & IPP2P_XDCC) == IPP2P_XDCC)
305 + exit_error(PARAMETER_PROBLEM,
306 + "ipp2p: `--ares' may only be "
307 + "specified once!");
308 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
309 + *flags += IPP2P_XDCC;
310 + info->cmd = *flags;
311 + break;
312 +
313 + case 'j': /*cmd: debug*/
314 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
315 + info->debug = 1;
316 + break;
317 +
318 + default:
319 +// exit_error(PARAMETER_PROBLEM,
320 +// "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
321 + return 0;
322 + }
323 + return 1;
324 +}
325 +
326 +
327 +static void
328 +final_check(unsigned int flags)
329 +{
330 + if (!flags)
331 + exit_error(PARAMETER_PROBLEM,
332 + "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
333 +}
334 +
335 +
336 +
337 +static void
338 +print(const struct ipt_ip *ip,
339 + const struct ipt_entry_match *match,
340 + int numeric)
341 +{
342 + struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
343 +
344 + printf("ipp2p v%s", IPP2P_VERSION);
345 + if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p");
346 +// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data");
347 + if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa");
348 +// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data");
349 +// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data");
350 + if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu");
351 + if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk");
352 +// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data");
353 +// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data");
354 + if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc");
355 + if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit");
356 + if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple");
357 + if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul");
358 + if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx");
359 + if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares");
360 + if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
361 + if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
362 + if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
363 + if (info->debug != 0) printf(" --debug");
364 + printf(" ");
365 +}
366 +
367 +
368 +
369 +static void
370 +save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
371 +{
372 + struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
373 +
374 + if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p ");
375 +// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data ");
376 + if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa ");
377 +// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data ");
378 +// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data ");
379 + if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu ");
380 + if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk ");
381 +// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data ");
382 +// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data ");
383 + if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc ");
384 + if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit ");
385 + if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple ");
386 + if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul ");
387 + if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx ");
388 + if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares ");
389 + if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
390 + if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
391 + if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
392 + if (info->debug != 0) printf("--debug ");
393 +}
394 +
395 +
396 +
397 +
398 +static
399 +struct iptables_match ipp2p=
400 +{
401 + .next = NULL,
402 + .name = "ipp2p",
403 + .version = IPTABLES_VERSION,
404 + .size = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
405 + .userspacesize = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
406 + .help = &help,
407 + .init = &init,
408 + .parse = &parse,
409 + .final_check = &final_check,
410 + .print = &print,
411 + .save = &save,
412 + .extra_opts = opts
413 +};
414 +
415 +
416 +
417 +void _init(void)
418 +{
419 + register_match(&ipp2p);
420 +}
421 +
422 Index: iptables-1.3.8/include/linux/netfilter_ipv4/ipt_ipp2p.h
423 ===================================================================
424 --- /dev/null
425 +++ iptables-1.3.8/include/linux/netfilter_ipv4/ipt_ipp2p.h
426 @@ -0,0 +1,31 @@
427 +#ifndef __IPT_IPP2P_H
428 +#define __IPT_IPP2P_H
429 +#define IPP2P_VERSION "0.8.1_rc1"
430 +
431 +struct ipt_p2p_info {
432 + int cmd;
433 + int debug;
434 +};
435 +
436 +#endif //__IPT_IPP2P_H
437 +
438 +#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/
439 +//#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/
440 +#define SHORT_HAND_NONE 5 /* no short hand*/
441 +
442 +#define IPP2P_EDK (1 << 1)
443 +#define IPP2P_DATA_KAZAA (1 << 2)
444 +#define IPP2P_DATA_EDK (1 << 3)
445 +#define IPP2P_DATA_DC (1 << 4)
446 +#define IPP2P_DC (1 << 5)
447 +#define IPP2P_DATA_GNU (1 << 6)
448 +#define IPP2P_GNU (1 << 7)
449 +#define IPP2P_KAZAA (1 << 8)
450 +#define IPP2P_BIT (1 << 9)
451 +#define IPP2P_APPLE (1 << 10)
452 +#define IPP2P_SOUL (1 << 11)
453 +#define IPP2P_WINMX (1 << 12)
454 +#define IPP2P_ARES (1 << 13)
455 +#define IPP2P_MUTE (1 << 14)
456 +#define IPP2P_WASTE (1 << 15)
457 +#define IPP2P_XDCC (1 << 16)