projects / openwrt / svn-archive / archive.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Finally fix iptables -m conntrack (#988), bump release numnber
[openwrt/svn-archive/archive.git] / package / iptables / patches / 1.4.0 / 001-ipp2p-0.8.1rc1.patch
1 Index: iptables-1.4.0/extensions/Makefile
2 ===================================================================
3 --- iptables-1.4.0.orig/extensions/Makefile
4 +++ iptables-1.4.0/extensions/Makefile
5 @@ -19,6 +19,10 @@ PF6_EXT_SE_SLIB:=$(PF6_EXT_SELINUX_SLIB)
6 PFX_EXT_SE_SLIB:=$(PFX_EXT_SELINUX_SLIB)
7 endif
8
9 +
10 +# ipp2p
11 +PF_EXT_SLIB += ipp2p
12 +
13 # Optionals
14 PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
15 PF6_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test6),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
16 Index: iptables-1.4.0/extensions/libipt_ipp2p.c
17 ===================================================================
18 --- /dev/null
19 +++ iptables-1.4.0/extensions/libipt_ipp2p.c
20 @@ -0,0 +1,398 @@
21 +
22 +#include <stdio.h>
23 +#include <netdb.h>
24 +#include <string.h>
25 +#include <stdlib.h>
26 +#include <getopt.h>
27 +#include <ctype.h>
28 +
29 +#include <iptables.h>
30 +
31 +#include <linux/netfilter_ipv4/ipt_ipp2p.h>
32 +
33 +static void
34 +help(void)
35 +{
36 + printf(
37 + "IPP2P v%s options:\n"
38 + " --ipp2p Grab all known p2p packets\n"
39 + " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n"
40 + " --dc [TCP] All known Direct Connect packets\n"
41 + " --kazaa [TCP&UDP] All known KaZaA packets\n"
42 + " --gnu [TCP&UDP] All known Gnutella packets\n"
43 + " --bit [TCP&UDP] All known BitTorrent packets\n"
44 + " --apple [TCP] All known AppleJuice packets\n"
45 + " --winmx [TCP] All known WinMX\n"
46 + " --soul [TCP] All known SoulSeek\n"
47 + " --ares [TCP] All known Ares\n\n"
48 + " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n"
49 + " --mute [TCP] All known Mute packets\n"
50 + " --waste [TCP] All known Waste packets\n"
51 + " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n"
52 + " DEBUG SUPPPORT, use only if you know why\n"
53 + " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n"
54 + "\nNote that the follwing options will have the same meaning:\n"
55 + " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n"
56 + "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n"
57 + "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n"
58 + "\nSee README included with this package for more details or visit http://www.ipp2p.org\n"
59 + "\nExamples:\n"
60 + " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n"
61 + " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n"
62 + " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n"
63 + , IPP2P_VERSION);
64 +}
65 +
66 +static struct option opts[] = {
67 + { "ipp2p", 0, 0, '1' },
68 + { "edk", 0, 0, '2' },
69 + { "dc", 0, 0, '7' },
70 + { "gnu", 0, 0, '9' },
71 + { "kazaa", 0, 0, 'a' },
72 + { "bit", 0, 0, 'b' },
73 + { "apple", 0, 0, 'c' },
74 + { "soul", 0, 0, 'd' },
75 + { "winmx", 0, 0, 'e' },
76 + { "ares", 0, 0, 'f' },
77 + { "mute", 0, 0, 'g' },
78 + { "waste", 0, 0, 'h' },
79 + { "xdcc", 0, 0, 'i' },
80 + { "debug", 0, 0, 'j' },
81 + {0}
82 +};
83 +
84 +
85 +
86 +static void
87 +init(struct xt_entry_match *m)
88 +{
89 + struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data;
90 +
91 + /*init the module with default values*/
92 + info->cmd = 0;
93 + info->debug = 0;
94 +
95 +}
96 +
97 +
98 +static int
99 +parse(int c, char **argv, int invert, unsigned int *flags,
100 + const void *entry,
101 + struct xt_entry_match **match)
102 +{
103 + struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data;
104 +
105 + switch (c) {
106 + case '1': /*cmd: ipp2p*/
107 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
108 + exit_error(PARAMETER_PROBLEM,
109 + "ipp2p: `--ipp2p' may only be "
110 + "specified once!");
111 +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
112 + exit_error(PARAMETER_PROBLEM,
113 + "ipp2p: `--ipp2p-data' may only be "
114 + "specified alone!");*/
115 + if ((*flags) != 0)
116 + exit_error(PARAMETER_PROBLEM,
117 + "ipp2p: `--ipp2p' may only be "
118 + "specified alone!");
119 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
120 + *flags += SHORT_HAND_IPP2P;
121 + info->cmd = *flags;
122 + break;
123 +
124 + case '2': /*cmd: edk*/
125 + if ((*flags & IPP2P_EDK) == IPP2P_EDK)
126 + exit_error(PARAMETER_PROBLEM,
127 + "ipp2p: `--edk' may only be "
128 + "specified once");
129 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
130 + exit_error(PARAMETER_PROBLEM,
131 + "ipp2p: `--ipp2p' may only be "
132 + "specified alone!");
133 +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
134 + exit_error(PARAMETER_PROBLEM,
135 + "ipp2p: `--ipp2p-data' may only be "
136 + "specified alone!");*/
137 + if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK)
138 + exit_error(PARAMETER_PROBLEM,
139 + "ipp2p: use `--edk' OR `--edk-data' but not both of them!");
140 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
141 + *flags += IPP2P_EDK;
142 + info->cmd = *flags;
143 + break;
144 +
145 +
146 + case '7': /*cmd: dc*/
147 + if ((*flags & IPP2P_DC) == IPP2P_DC)
148 + exit_error(PARAMETER_PROBLEM,
149 + "ipp2p: `--dc' may only be "
150 + "specified once!");
151 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
152 + exit_error(PARAMETER_PROBLEM,
153 + "ipp2p: `--ipp2p' may only be "
154 + "specified alone!");
155 +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
156 + exit_error(PARAMETER_PROBLEM,
157 + "ipp2p: `--ipp2p-data' may only be "
158 + "specified alone!");*/
159 + if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC)
160 + exit_error(PARAMETER_PROBLEM,
161 + "ipp2p: use `--dc' OR `--dc-data' but not both of them!");
162 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
163 + *flags += IPP2P_DC;
164 + info->cmd = *flags;
165 + break;
166 +
167 +
168 + case '9': /*cmd: gnu*/
169 + if ((*flags & IPP2P_GNU) == IPP2P_GNU)
170 + exit_error(PARAMETER_PROBLEM,
171 + "ipp2p: `--gnu' may only be "
172 + "specified once!");
173 +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
174 + exit_error(PARAMETER_PROBLEM,
175 + "ipp2p: `--ipp2p-data' may only be "
176 + "specified alone!");*/
177 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
178 + exit_error(PARAMETER_PROBLEM,
179 + "ipp2p: `--ipp2p' may only be "
180 + "specified alone!");
181 + if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU)
182 + exit_error(PARAMETER_PROBLEM,
183 + "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!");
184 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
185 + *flags += IPP2P_GNU;
186 + info->cmd = *flags;
187 + break;
188 +
189 + case 'a': /*cmd: kazaa*/
190 + if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA)
191 + exit_error(PARAMETER_PROBLEM,
192 + "ipp2p: `--kazaa' may only be "
193 + "specified once!");
194 +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
195 + exit_error(PARAMETER_PROBLEM,
196 + "ipp2p: `--ipp2p-data' may only be "
197 + "specified alone!");*/
198 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
199 + exit_error(PARAMETER_PROBLEM,
200 + "ipp2p: `--ipp2p' may only be "
201 + "specified alone!");
202 + if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA)
203 + exit_error(PARAMETER_PROBLEM,
204 + "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!");
205 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
206 + *flags += IPP2P_KAZAA;
207 + info->cmd = *flags;
208 + break;
209 +
210 + case 'b': /*cmd: bit*/
211 + if ((*flags & IPP2P_BIT) == IPP2P_BIT)
212 + exit_error(PARAMETER_PROBLEM,
213 + "ipp2p: `--bit' may only be "
214 + "specified once!");
215 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
216 + exit_error(PARAMETER_PROBLEM,
217 + "ipp2p: `--ipp2p' may only be "
218 + "specified alone!");
219 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
220 + *flags += IPP2P_BIT;
221 + info->cmd = *flags;
222 + break;
223 +
224 + case 'c': /*cmd: apple*/
225 + if ((*flags & IPP2P_APPLE) == IPP2P_APPLE)
226 + exit_error(PARAMETER_PROBLEM,
227 + "ipp2p: `--apple' may only be "
228 + "specified once!");
229 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
230 + exit_error(PARAMETER_PROBLEM,
231 + "ipp2p: `--ipp2p' may only be "
232 + "specified alone!");
233 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
234 + *flags += IPP2P_APPLE;
235 + info->cmd = *flags;
236 + break;
237 +
238 +
239 + case 'd': /*cmd: soul*/
240 + if ((*flags & IPP2P_SOUL) == IPP2P_SOUL)
241 + exit_error(PARAMETER_PROBLEM,
242 + "ipp2p: `--soul' may only be "
243 + "specified once!");
244 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
245 + exit_error(PARAMETER_PROBLEM,
246 + "ipp2p: `--ipp2p' may only be "
247 + "specified alone!");
248 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
249 + *flags += IPP2P_SOUL;
250 + info->cmd = *flags;
251 + break;
252 +
253 +
254 + case 'e': /*cmd: winmx*/
255 + if ((*flags & IPP2P_WINMX) == IPP2P_WINMX)
256 + exit_error(PARAMETER_PROBLEM,
257 + "ipp2p: `--winmx' may only be "
258 + "specified once!");
259 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
260 + exit_error(PARAMETER_PROBLEM,
261 + "ipp2p: `--ipp2p' may only be "
262 + "specified alone!");
263 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
264 + *flags += IPP2P_WINMX;
265 + info->cmd = *flags;
266 + break;
267 +
268 + case 'f': /*cmd: ares*/
269 + if ((*flags & IPP2P_ARES) == IPP2P_ARES)
270 + exit_error(PARAMETER_PROBLEM,
271 + "ipp2p: `--ares' may only be "
272 + "specified once!");
273 + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
274 + exit_error(PARAMETER_PROBLEM,
275 + "ipp2p: `--ipp2p' may only be "
276 + "specified alone!");
277 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
278 + *flags += IPP2P_ARES;
279 + info->cmd = *flags;
280 + break;
281 +
282 + case 'g': /*cmd: mute*/
283 + if ((*flags & IPP2P_MUTE) == IPP2P_MUTE)
284 + exit_error(PARAMETER_PROBLEM,
285 + "ipp2p: `--mute' may only be "
286 + "specified once!");
287 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
288 + *flags += IPP2P_MUTE;
289 + info->cmd = *flags;
290 + break;
291 + case 'h': /*cmd: waste*/
292 + if ((*flags & IPP2P_WASTE) == IPP2P_WASTE)
293 + exit_error(PARAMETER_PROBLEM,
294 + "ipp2p: `--waste' may only be "
295 + "specified once!");
296 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
297 + *flags += IPP2P_WASTE;
298 + info->cmd = *flags;
299 + break;
300 + case 'i': /*cmd: xdcc*/
301 + if ((*flags & IPP2P_XDCC) == IPP2P_XDCC)
302 + exit_error(PARAMETER_PROBLEM,
303 + "ipp2p: `--ares' may only be "
304 + "specified once!");
305 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
306 + *flags += IPP2P_XDCC;
307 + info->cmd = *flags;
308 + break;
309 +
310 + case 'j': /*cmd: debug*/
311 + if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
312 + info->debug = 1;
313 + break;
314 +
315 + default:
316 +// exit_error(PARAMETER_PROBLEM,
317 +// "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
318 + return 0;
319 + }
320 + return 1;
321 +}
322 +
323 +
324 +static void
325 +final_check(unsigned int flags)
326 +{
327 + if (!flags)
328 + exit_error(PARAMETER_PROBLEM,
329 + "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
330 +}
331 +
332 +
333 +
334 +static void
335 +print(const void *ip,
336 + const struct xt_entry_match *match,
337 + int numeric)
338 +{
339 + struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
340 +
341 + printf("ipp2p v%s", IPP2P_VERSION);
342 + if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p");
343 +// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data");
344 + if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa");
345 +// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data");
346 +// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data");
347 + if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu");
348 + if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk");
349 +// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data");
350 +// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data");
351 + if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc");
352 + if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit");
353 + if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple");
354 + if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul");
355 + if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx");
356 + if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares");
357 + if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
358 + if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
359 + if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
360 + if (info->debug != 0) printf(" --debug");
361 + printf(" ");
362 +}
363 +
364 +
365 +
366 +static void
367 +save(const void *ip, const struct xt_entry_match *match)
368 +{
369 + struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
370 +
371 + if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p ");
372 +// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data ");
373 + if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa ");
374 +// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data ");
375 +// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data ");
376 + if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu ");
377 + if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk ");
378 +// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data ");
379 +// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data ");
380 + if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc ");
381 + if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit ");
382 + if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple ");
383 + if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul ");
384 + if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx ");
385 + if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares ");
386 + if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
387 + if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
388 + if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
389 + if (info->debug != 0) printf("--debug ");
390 +}
391 +
392 +
393 +
394 +
395 +static
396 +struct iptables_match ipp2p=
397 +{
398 + .family = AF_INET,
399 + .name = "ipp2p",
400 + .version = IPTABLES_VERSION,
401 + .size = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
402 + .userspacesize = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
403 + .help = help,
404 + .init = init,
405 + .parse = parse,
406 + .final_check = final_check,
407 + .print = print,
408 + .save = save,
409 + .extra_opts = opts
410 +};
411 +
412 +
413 +
414 +void _init(void)
415 +{
416 + register_match(&ipp2p);
417 +}
418 +
419 Index: iptables-1.4.0/include/linux/netfilter_ipv4/ipt_ipp2p.h
420 ===================================================================
421 --- /dev/null
422 +++ iptables-1.4.0/include/linux/netfilter_ipv4/ipt_ipp2p.h
423 @@ -0,0 +1,31 @@
424 +#ifndef __IPT_IPP2P_H
425 +#define __IPT_IPP2P_H
426 +#define IPP2P_VERSION "0.8.1_rc1"
427 +
428 +struct ipt_p2p_info {
429 + int cmd;
430 + int debug;
431 +};
432 +
433 +#endif //__IPT_IPP2P_H
434 +
435 +#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/
436 +//#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/
437 +#define SHORT_HAND_NONE 5 /* no short hand*/
438 +
439 +#define IPP2P_EDK (1 << 1)
440 +#define IPP2P_DATA_KAZAA (1 << 2)
441 +#define IPP2P_DATA_EDK (1 << 3)
442 +#define IPP2P_DATA_DC (1 << 4)
443 +#define IPP2P_DC (1 << 5)
444 +#define IPP2P_DATA_GNU (1 << 6)
445 +#define IPP2P_GNU (1 << 7)
446 +#define IPP2P_KAZAA (1 << 8)
447 +#define IPP2P_BIT (1 << 9)
448 +#define IPP2P_APPLE (1 << 10)
449 +#define IPP2P_SOUL (1 << 11)
450 +#define IPP2P_WINMX (1 << 12)
451 +#define IPP2P_ARES (1 << 13)
452 +#define IPP2P_MUTE (1 << 14)
453 +#define IPP2P_WASTE (1 << 15)
454 +#define IPP2P_XDCC (1 << 16)
OpenWrt SVN history