]>
Commit | Line | Data |
---|---|---|
44d6f47a JE |
1 | #include <linux/module.h> |
2 | #include <linux/version.h> | |
3 | #include <linux/netfilter_ipv4/ip_tables.h> | |
4 | #include <net/tcp.h> | |
5 | #include <net/udp.h> | |
0712d0fd | 6 | #include <asm/unaligned.h> |
44d6f47a JE |
7 | #include "xt_ipp2p.h" |
8 | #include "compat_xtables.h" | |
9 | ||
c237fe24 JE |
10 | //#define IPP2P_DEBUG_ARES |
11 | //#define IPP2P_DEBUG_SOUL | |
12 | //#define IPP2P_DEBUG_WINMX | |
13 | ||
74e7eb28 JE |
14 | #define get_u8(X, O) (*(const __u8 *)((X) + O)) |
15 | #define get_u16(X, O) get_unaligned((const __u16 *)((X) + O)) | |
16 | #define get_u32(X, O) get_unaligned((const __u32 *)((X) + O)) | |
44d6f47a JE |
17 | |
18 | MODULE_AUTHOR("Eicke Friedrich/Klaus Degner <ipp2p@ipp2p.org>"); | |
19 | MODULE_DESCRIPTION("An extension to iptables to identify P2P traffic."); | |
20 | MODULE_LICENSE("GPL"); | |
21 | ||
a6079ae9 JS |
22 | #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) |
23 | static inline unsigned int | |
24 | ip_transport_len(const struct sk_buff *skb) | |
25 | { | |
26 | return ntohs(ip_hdr(skb)->tot_len) - skb_network_header_len(skb); | |
27 | } | |
28 | static inline unsigned int | |
29 | ipv6_transport_len(const struct sk_buff *skb) | |
30 | { | |
31 | return ntohs(ipv6_hdr(skb)->payload_len) + sizeof(struct ipv6hdr) - | |
32 | skb_network_header_len(skb); | |
33 | } | |
34 | #endif | |
35 | ||
ad554f10 | 36 | struct ipp2p_result_printer { |
f144c2eb | 37 | const union nf_inet_addr *saddr, *daddr; |
ad554f10 | 38 | short sport, dport; |
f144c2eb | 39 | void (*print)(const union nf_inet_addr *, short, const union nf_inet_addr *, short, bool, unsigned int); |
ad554f10 JS |
40 | }; |
41 | ||
42 | static void | |
43 | print_result(const struct ipp2p_result_printer *rp, bool result, | |
44 | unsigned int hlen) | |
45 | { | |
46 | rp->print(rp->saddr, rp->sport, | |
47 | rp->daddr, rp->dport, | |
48 | result, hlen); | |
49 | } | |
50 | ||
c237fe24 | 51 | /* Search for UDP eDonkey/eMule/Kad commands */ |
569643ac | 52 | static unsigned int |
cb407ce7 | 53 | udp_search_edk(const unsigned char *t, const unsigned int packet_len) |
44d6f47a | 54 | { |
17a03128 CB |
55 | if (packet_len < 4) |
56 | return 0; | |
57 | ||
44d6f47a | 58 | switch (t[0]) { |
c237fe24 | 59 | case 0xe3: |
30ddb4f8 | 60 | /* eDonkey */ |
c237fe24 JE |
61 | switch (t[1]) { |
62 | /* client -> server status request */ | |
63 | case 0x96: | |
c66d291e | 64 | if (packet_len == 6) |
c237fe24 | 65 | return IPP2P_EDK * 100 + 50; |
44d6f47a | 66 | break; |
c237fe24 JE |
67 | |
68 | /* server -> client status request */ | |
69 | case 0x97: | |
c66d291e | 70 | if (packet_len == 34) |
c237fe24 JE |
71 | return IPP2P_EDK * 100 + 51; |
72 | break; | |
73 | ||
74 | /* server description request */ | |
75 | /* e3 2a ff f0 .. | size == 6 */ | |
76 | case 0xa2: | |
c66d291e | 77 | if (packet_len == 6 && |
c237fe24 JE |
78 | get_u16(t, 2) == __constant_htons(0xfff0)) |
79 | return IPP2P_EDK * 100 + 52; | |
80 | break; | |
81 | ||
82 | /* server description response */ | |
83 | /* e3 a3 ff f0 .. | size > 40 && size < 200 */ | |
84 | /* | |
85 | case 0xa3: | |
86 | return IPP2P_EDK * 100 + 53; | |
87 | break; | |
88 | */ | |
89 | ||
90 | case 0x9a: | |
c66d291e | 91 | if (packet_len == 18) |
c237fe24 JE |
92 | return IPP2P_EDK * 100 + 54; |
93 | break; | |
94 | ||
95 | case 0x92: | |
c66d291e | 96 | if (packet_len == 10) |
c237fe24 | 97 | return IPP2P_EDK * 100 + 55; |
44d6f47a JE |
98 | break; |
99 | } | |
c237fe24 JE |
100 | break; |
101 | ||
102 | case 0xe4: | |
103 | switch (t[1]) { | |
c66d291e | 104 | /* e4 20 .. | size == 35 */ |
c237fe24 | 105 | case 0x20: |
c66d291e | 106 | if (packet_len == 35 && t[2] != 0x00 && t[34] != 0x00) |
c237fe24 JE |
107 | return IPP2P_EDK * 100 + 60; |
108 | break; | |
44d6f47a | 109 | |
c66d291e | 110 | /* e4 00 .. 00 | size == 27 ? */ |
c237fe24 | 111 | case 0x00: |
c66d291e | 112 | if (packet_len == 27 && t[26] == 0x00) |
c237fe24 | 113 | return IPP2P_EDK * 100 + 61; |
44d6f47a | 114 | break; |
c237fe24 | 115 | |
c66d291e | 116 | /* e4 10 .. 00 | size == 27 ? */ |
c237fe24 | 117 | case 0x10: |
c66d291e | 118 | if (packet_len == 27 && t[26] == 0x00) |
c237fe24 | 119 | return IPP2P_EDK * 100 + 62; |
44d6f47a | 120 | break; |
c237fe24 | 121 | |
c66d291e | 122 | /* e4 18 .. 00 | size == 27 ? */ |
c237fe24 | 123 | case 0x18: |
c66d291e | 124 | if (packet_len == 27 && t[26] == 0x00) |
c237fe24 | 125 | return IPP2P_EDK * 100 + 63; |
44d6f47a | 126 | break; |
c237fe24 | 127 | |
c66d291e | 128 | /* e4 52 .. | size = 36 */ |
c237fe24 | 129 | case 0x52: |
c66d291e | 130 | if (packet_len == 36) |
c237fe24 | 131 | return IPP2P_EDK * 100 + 64; |
44d6f47a | 132 | break; |
c237fe24 JE |
133 | |
134 | /* e4 58 .. | size == 6 */ | |
135 | case 0x58: | |
c66d291e | 136 | if (packet_len == 6) |
c237fe24 | 137 | return IPP2P_EDK * 100 + 65; |
44d6f47a | 138 | break; |
c237fe24 JE |
139 | |
140 | /* e4 59 .. | size == 2 */ | |
141 | case 0x59: | |
c66d291e | 142 | if (packet_len == 2) |
c237fe24 | 143 | return IPP2P_EDK * 100 + 66; |
44d6f47a | 144 | break; |
c237fe24 | 145 | |
c66d291e | 146 | /* e4 28 .. | packet_len == 49,69,94,119... */ |
c237fe24 | 147 | case 0x28: |
c66d291e | 148 | if ((packet_len - 44) % 25 == 0) |
c237fe24 | 149 | return IPP2P_EDK * 100 + 67; |
44d6f47a | 150 | break; |
c237fe24 JE |
151 | |
152 | /* e4 50 xx xx | size == 4 */ | |
153 | case 0x50: | |
c66d291e | 154 | if (packet_len == 4) |
c237fe24 JE |
155 | return IPP2P_EDK * 100 + 68; |
156 | break; | |
157 | ||
158 | /* e4 40 xx xx | size == 48 */ | |
159 | case 0x40: | |
c66d291e | 160 | if (packet_len == 48) |
c237fe24 | 161 | return IPP2P_EDK * 100 + 69; |
44d6f47a | 162 | break; |
44d6f47a | 163 | } |
c237fe24 | 164 | break; |
44d6f47a | 165 | } |
c237fe24 JE |
166 | return 0; |
167 | } | |
168 | ||
169 | /* Search for UDP Gnutella commands */ | |
569643ac | 170 | static unsigned int |
cb407ce7 | 171 | udp_search_gnu(const unsigned char *t, const unsigned int packet_len) |
c237fe24 | 172 | { |
17a03128 | 173 | if (packet_len >= 3 && memcmp(t, "GND", 3) == 0) |
c237fe24 | 174 | return IPP2P_GNU * 100 + 51; |
17a03128 | 175 | if (packet_len >= 9 && memcmp(t, "GNUTELLA ", 9) == 0) |
c237fe24 JE |
176 | return IPP2P_GNU * 100 + 52; |
177 | return 0; | |
178 | } | |
179 | ||
180 | /* Search for UDP KaZaA commands */ | |
569643ac | 181 | static unsigned int |
cb407ce7 | 182 | udp_search_kazaa(const unsigned char *t, const unsigned int packet_len) |
c237fe24 | 183 | { |
17a03128 CB |
184 | if (packet_len < 6) |
185 | return 0; | |
186 | if (memcmp(t + packet_len - 6, "KaZaA\x00", 6) == 0) | |
187 | return IPP2P_KAZAA * 100 + 50; | |
c237fe24 JE |
188 | return 0; |
189 | } | |
190 | ||
191 | /* Search for UDP DirectConnect commands */ | |
cb407ce7 | 192 | static unsigned int udp_search_directconnect(const unsigned char *t, |
569643ac | 193 | const unsigned int packet_len) |
c237fe24 | 194 | { |
17a03128 CB |
195 | if (packet_len < 5) |
196 | return 0; | |
197 | if (t[0] == 0x24 && t[packet_len-1] == 0x7c) { | |
198 | if (memcmp(&t[1], "SR ", 3) == 0) | |
c237fe24 | 199 | return IPP2P_DC * 100 + 60; |
17a03128 | 200 | if (packet_len >= 7 && memcmp(&t[1], "Ping ", 5) == 0) |
c237fe24 JE |
201 | return IPP2P_DC * 100 + 61; |
202 | } | |
203 | return 0; | |
204 | } | |
205 | ||
206 | /* Search for UDP BitTorrent commands */ | |
569643ac JE |
207 | static unsigned int |
208 | udp_search_bit(const unsigned char *haystack, const unsigned int packet_len) | |
c237fe24 JE |
209 | { |
210 | switch (packet_len) { | |
c66d291e | 211 | case 16: |
c237fe24 | 212 | /* ^ 00 00 04 17 27 10 19 80 */ |
c66d291e CB |
213 | if (ntohl(get_u32(haystack, 0)) == 0x00000417 && |
214 | ntohl(get_u32(haystack, 4)) == 0x27101980) | |
c237fe24 JE |
215 | return IPP2P_BIT * 100 + 50; |
216 | break; | |
c66d291e CB |
217 | case 36: |
218 | if (get_u32(haystack, 8) == __constant_htonl(0x00000400) && | |
219 | get_u32(haystack, 28) == __constant_htonl(0x00000104)) | |
c237fe24 | 220 | return IPP2P_BIT * 100 + 51; |
c66d291e | 221 | if (get_u32(haystack, 8) == __constant_htonl(0x00000400)) |
c237fe24 JE |
222 | return IPP2P_BIT * 100 + 61; |
223 | break; | |
c66d291e CB |
224 | case 57: |
225 | if (get_u32(haystack, 8) == __constant_htonl(0x00000404) && | |
226 | get_u32(haystack, 28) == __constant_htonl(0x00000104)) | |
c237fe24 | 227 | return IPP2P_BIT * 100 + 52; |
c66d291e | 228 | if (get_u32(haystack, 8) == __constant_htonl(0x00000404)) |
c237fe24 JE |
229 | return IPP2P_BIT * 100 + 62; |
230 | break; | |
c66d291e CB |
231 | case 59: |
232 | if (get_u32(haystack, 8) == __constant_htonl(0x00000406) && | |
233 | get_u32(haystack, 28) == __constant_htonl(0x00000104)) | |
c237fe24 | 234 | return (IPP2P_BIT * 100 + 53); |
c66d291e | 235 | if (get_u32(haystack, 8) == __constant_htonl(0x00000406)) |
c237fe24 JE |
236 | return (IPP2P_BIT * 100 + 63); |
237 | break; | |
c66d291e CB |
238 | case 203: |
239 | if (get_u32(haystack, 0) == __constant_htonl(0x00000405)) | |
c237fe24 JE |
240 | return IPP2P_BIT * 100 + 54; |
241 | break; | |
c66d291e CB |
242 | case 21: |
243 | if (get_u32(haystack, 0) == __constant_htonl(0x00000401)) | |
c237fe24 JE |
244 | return IPP2P_BIT * 100 + 55; |
245 | break; | |
c66d291e CB |
246 | case 44: |
247 | if (get_u32(haystack, 0) == __constant_htonl(0x00000827) && | |
248 | get_u32(haystack, 4) == __constant_htonl(0x37502950)) | |
c237fe24 JE |
249 | return IPP2P_BIT * 100 + 80; |
250 | break; | |
251 | default: | |
252 | /* this packet does not have a constant size */ | |
c66d291e CB |
253 | if (packet_len >= 32 && |
254 | get_u32(haystack, 8) == __constant_htonl(0x00000402) && | |
255 | get_u32(haystack, 28) == __constant_htonl(0x00000104)) | |
c237fe24 JE |
256 | return IPP2P_BIT * 100 + 56; |
257 | break; | |
258 | } | |
259 | ||
260 | /* some extra-bitcomet rules: "d1:" [a|r] "d2:id20:" */ | |
c66d291e CB |
261 | if (packet_len > 22 && get_u8(haystack, 0) == 'd' && |
262 | get_u8(haystack, 1) == '1' && get_u8(haystack, 2) == ':') | |
263 | if (get_u8(haystack, 3) == 'a' || | |
264 | get_u8(haystack, 3) == 'r') | |
265 | if (memcmp(haystack + 4, "d2:id20:", 8) == 0) | |
c237fe24 JE |
266 | return IPP2P_BIT * 100 + 57; |
267 | ||
44d6f47a JE |
268 | #if 0 |
269 | /* bitlord rules */ | |
c66d291e | 270 | /* packetlen must be bigger than 32 */ |
44d6f47a | 271 | /* first 4 bytes are zero */ |
c66d291e | 272 | if (packet_len > 32 && get_u32(haystack, 0) == 0x00000000) { |
30ddb4f8 | 273 | /* first rule: 00 00 00 00 01 00 00 xx xx xx xx 00 00 00 00 */ |
c66d291e CB |
274 | if (get_u32(haystack, 4) == 0x00000000 && |
275 | get_u32(haystack, 8) == 0x00010000 && | |
276 | get_u32(haystack, 16) == 0x00000000) | |
c237fe24 JE |
277 | return IPP2P_BIT * 100 + 71; |
278 | ||
30ddb4f8 | 279 | /* 00 01 00 00 0d 00 00 xx xx xx xx 00 00 00 00 */ |
c66d291e CB |
280 | if (get_u32(haystack, 4) == 0x00000001 && |
281 | get_u32(haystack, 8) == 0x000d0000 && | |
282 | get_u32(haystack, 16) == 0x00000000) | |
c237fe24 | 283 | return IPP2P_BIT * 100 + 71; |
44d6f47a JE |
284 | } |
285 | #endif | |
286 | ||
c237fe24 JE |
287 | return 0; |
288 | } | |
44d6f47a | 289 | |
c237fe24 | 290 | /* Search for Ares commands */ |
569643ac JE |
291 | static unsigned int |
292 | search_ares(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 293 | { |
17a03128 CB |
294 | if (plen < 3) |
295 | return 0; | |
44d6f47a | 296 | /* all ares packets start with */ |
c237fe24 JE |
297 | if (payload[1] == 0 && plen - payload[0] == 3) { |
298 | switch (payload[2]) { | |
299 | case 0x5a: | |
300 | /* ares connect */ | |
301 | if (plen == 6 && payload[5] == 0x05) | |
302 | return IPP2P_ARES * 100 + 1; | |
303 | break; | |
304 | case 0x09: | |
305 | /* | |
306 | * ares search, min 3 chars --> 14 bytes | |
307 | * lets define a search can be up to 30 chars | |
308 | * --> max 34 bytes | |
309 | */ | |
310 | if (plen >= 14 && plen <= 34) | |
311 | return IPP2P_ARES * 100 + 1; | |
312 | break; | |
44d6f47a | 313 | #ifdef IPP2P_DEBUG_ARES |
c237fe24 JE |
314 | default: |
315 | printk(KERN_DEBUG "Unknown Ares command %x " | |
316 | "recognized, len: %u\n", | |
317 | (unsigned int)payload[2], plen); | |
318 | #endif | |
44d6f47a JE |
319 | } |
320 | } | |
321 | ||
c237fe24 | 322 | #if 0 |
44d6f47a JE |
323 | /* found connect packet: 03 00 5a 04 03 05 */ |
324 | /* new version ares 1.8: 03 00 5a xx xx 05 */ | |
c237fe24 JE |
325 | if (plen == 6) |
326 | /* possible connect command */ | |
327 | if (payload[0] == 0x03 && payload[1] == 0x00 && | |
328 | payload[2] == 0x5a && payload[5] == 0x05) | |
329 | return IPP2P_ARES * 100 + 1; | |
330 | ||
331 | if (plen == 60) | |
30ddb4f8 | 332 | /* possible download command */ |
c237fe24 JE |
333 | if (payload[59] == 0x0a && payload[58] == 0x0a) |
334 | if (memcmp(t, "PUSH SHA1:", 10) == 0) | |
335 | /* found download command */ | |
336 | return IPP2P_ARES * 100 + 2; | |
44d6f47a JE |
337 | #endif |
338 | ||
c237fe24 JE |
339 | return 0; |
340 | } | |
44d6f47a | 341 | |
c237fe24 | 342 | /* Search for SoulSeek commands */ |
569643ac JE |
343 | static unsigned int |
344 | search_soul(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 345 | { |
17a03128 CB |
346 | if (plen < 8) |
347 | return 0; | |
c237fe24 JE |
348 | /* match: xx xx xx xx | xx = sizeof(payload) - 4 */ |
349 | if (get_u32(payload, 0) == plen - 4) { | |
569643ac JE |
350 | const uint32_t m = get_u32(payload, 4); |
351 | ||
c237fe24 JE |
352 | /* match 00 yy yy 00, yy can be everything */ |
353 | if (get_u8(payload, 4) == 0x00 && get_u8(payload, 7) == 0x00) { | |
44d6f47a | 354 | #ifdef IPP2P_DEBUG_SOUL |
c237fe24 JE |
355 | printk(KERN_DEBUG "0: Soulseek command 0x%x " |
356 | "recognized\n", get_u32(payload, 4)); | |
357 | #endif | |
358 | return IPP2P_SOUL * 100 + 1; | |
359 | } | |
360 | ||
361 | /* next match: 01 yy 00 00 | yy can be everything */ | |
362 | if (get_u8(payload, 4) == 0x01 && get_u16(payload, 6) == 0x0000) { | |
44d6f47a | 363 | #ifdef IPP2P_DEBUG_SOUL |
c237fe24 JE |
364 | printk(KERN_DEBUG "1: Soulseek command 0x%x " |
365 | "recognized\n", get_u16(payload, 4)); | |
366 | #endif | |
367 | return IPP2P_SOUL * 100 + 2; | |
368 | } | |
369 | ||
370 | /* other soulseek commandos are: 1-5,7,9,13-18,22,23,26,28,35-37,40-46,50,51,60,62-69,91,92,1001 */ | |
371 | /* try to do this in an intelligent way */ | |
372 | /* get all small commandos */ | |
373 | switch (m) { | |
44d6f47a JE |
374 | case 7: |
375 | case 9: | |
376 | case 22: | |
377 | case 23: | |
378 | case 26: | |
379 | case 28: | |
380 | case 50: | |
381 | case 51: | |
382 | case 60: | |
383 | case 91: | |
384 | case 92: | |
385 | case 1001: | |
386 | #ifdef IPP2P_DEBUG_SOUL | |
c237fe24 JE |
387 | printk(KERN_DEBUG "2: Soulseek command 0x%x " |
388 | "recognized\n", get_u16(payload, 4)); | |
389 | #endif | |
390 | return IPP2P_SOUL * 100 + 3; | |
391 | } | |
392 | ||
393 | if (m > 0 && m < 6) { | |
44d6f47a | 394 | #ifdef IPP2P_DEBUG_SOUL |
c237fe24 JE |
395 | printk(KERN_DEBUG "3: Soulseek command 0x%x " |
396 | "recognized\n", get_u16(payload, 4)); | |
397 | #endif | |
398 | return IPP2P_SOUL * 100 + 4; | |
399 | } | |
400 | ||
401 | if (m > 12 && m < 19) { | |
44d6f47a | 402 | #ifdef IPP2P_DEBUG_SOUL |
c237fe24 JE |
403 | printk(KERN_DEBUG "4: Soulseek command 0x%x " |
404 | "recognized\n", get_u16(payload, 4)); | |
405 | #endif | |
406 | return IPP2P_SOUL * 100 + 5; | |
407 | } | |
44d6f47a | 408 | |
c237fe24 | 409 | if (m > 34 && m < 38) { |
44d6f47a | 410 | #ifdef IPP2P_DEBUG_SOUL |
c237fe24 JE |
411 | printk(KERN_DEBUG "5: Soulseek command 0x%x " |
412 | "recognized\n", get_u16(payload, 4)); | |
413 | #endif | |
414 | return IPP2P_SOUL * 100 + 6; | |
415 | } | |
44d6f47a | 416 | |
c237fe24 | 417 | if (m > 39 && m < 47) { |
44d6f47a | 418 | #ifdef IPP2P_DEBUG_SOUL |
c237fe24 JE |
419 | printk(KERN_DEBUG "6: Soulseek command 0x%x " |
420 | "recognized\n", get_u16(payload, 4)); | |
421 | #endif | |
422 | return IPP2P_SOUL * 100 + 7; | |
423 | } | |
44d6f47a | 424 | |
c237fe24 | 425 | if (m > 61 && m < 70) { |
44d6f47a | 426 | #ifdef IPP2P_DEBUG_SOUL |
c237fe24 JE |
427 | printk(KERN_DEBUG "7: Soulseek command 0x%x " |
428 | "recognized\n", get_u16(payload, 4)); | |
429 | #endif | |
430 | return IPP2P_SOUL * 100 + 8; | |
431 | } | |
44d6f47a JE |
432 | |
433 | #ifdef IPP2P_DEBUG_SOUL | |
c237fe24 JE |
434 | printk(KERN_DEBUG "unknown SOULSEEK command: 0x%x, first " |
435 | "16 bit: 0x%x, first 8 bit: 0x%x ,soulseek ???\n", | |
436 | get_u32(payload, 4), get_u16(payload, 4) >> 16, | |
437 | get_u8(payload, 4) >> 24); | |
438 | #endif | |
439 | } | |
440 | ||
44d6f47a | 441 | /* match 14 00 00 00 01 yy 00 00 00 STRING(YY) 01 00 00 00 00 46|50 00 00 00 00 */ |
30ddb4f8 | 442 | /* without size at the beginning! */ |
c237fe24 | 443 | if (get_u32(payload, 0) == 0x14 && get_u8(payload, 4) == 0x01) { |
569643ac JE |
444 | uint32_t y = get_u32(payload, 5); |
445 | ||
44d6f47a | 446 | /* we need 19 chars + string */ |
c237fe24 JE |
447 | if (y + 19 <= plen) { |
448 | const unsigned char *w = payload + 9 + y; | |
449 | if (get_u32(w, 0) == 0x01 && | |
450 | (get_u16(w, 4) == 0x4600 || | |
451 | get_u16(w, 4) == 0x5000) && | |
452 | get_u32(w, 6) == 0x00) | |
453 | ; | |
44d6f47a JE |
454 | #ifdef IPP2P_DEBUG_SOUL |
455 | printk(KERN_DEBUG "Soulssek special client command recognized\n"); | |
c237fe24 JE |
456 | #endif |
457 | return IPP2P_SOUL * 100 + 9; | |
44d6f47a JE |
458 | } |
459 | } | |
c237fe24 | 460 | return 0; |
44d6f47a JE |
461 | } |
462 | ||
c237fe24 | 463 | /* Search for WinMX commands */ |
569643ac JE |
464 | static unsigned int |
465 | search_winmx(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 466 | { |
c237fe24 JE |
467 | if (plen == 4 && memcmp(payload, "SEND", 4) == 0) |
468 | return IPP2P_WINMX * 100 + 1; | |
469 | if (plen == 3 && memcmp(payload, "GET", 3) == 0) | |
470 | return IPP2P_WINMX * 100 + 2; | |
471 | /* | |
472 | if (packet_len < head_len + 10) | |
473 | return 0; | |
474 | */ | |
475 | if (plen < 10) | |
476 | return 0; | |
477 | ||
478 | if (memcmp(payload, "SEND", 4) == 0 || memcmp(payload, "GET", 3) == 0) { | |
569643ac JE |
479 | uint16_t c = 4; |
480 | const uint16_t end = plen - 2; | |
481 | uint8_t count = 0; | |
c237fe24 JE |
482 | |
483 | while (c < end) { | |
484 | if (payload[c] == 0x20 && payload[c+1] == 0x22) { | |
485 | c++; | |
486 | count++; | |
487 | if (count >= 2) | |
488 | return IPP2P_WINMX * 100 + 3; | |
489 | } | |
490 | c++; | |
491 | } | |
492 | } | |
493 | ||
494 | if (plen == 149 && payload[0] == '8') { | |
44d6f47a | 495 | #ifdef IPP2P_DEBUG_WINMX |
c237fe24 | 496 | printk(KERN_INFO "maybe WinMX\n"); |
44d6f47a | 497 | #endif |
c237fe24 JE |
498 | if (get_u32(payload, 17) == 0 && get_u32(payload, 21) == 0 && |
499 | get_u32(payload, 25) == 0 && | |
500 | // get_u32(payload, 33) == __constant_htonl(0x71182b1a) && | |
501 | // get_u32(payload, 37) == __constant_htonl(0x05050000) && | |
502 | // get_u32(payload, 133) == __constant_htonl(0x31097edf) && | |
503 | // get_u32(payload, 145) == __constant_htonl(0xdcb8f792)) | |
504 | get_u16(payload, 39) == 0 && | |
505 | get_u16(payload, 135) == __constant_htons(0x7edf) && | |
506 | get_u16(payload,147) == __constant_htons(0xf792)) | |
507 | { | |
44d6f47a | 508 | #ifdef IPP2P_DEBUG_WINMX |
c237fe24 | 509 | printk(KERN_INFO "got WinMX\n"); |
44d6f47a | 510 | #endif |
c237fe24 JE |
511 | return IPP2P_WINMX * 100 + 4; |
512 | } | |
513 | } | |
514 | return 0; | |
515 | } | |
516 | ||
517 | /* Search for appleJuice commands */ | |
569643ac JE |
518 | static unsigned int |
519 | search_apple(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 520 | { |
c237fe24 JE |
521 | if (plen > 7 && payload[6] == 0x0d && payload[7] == 0x0a && |
522 | memcmp(payload, "ajprot", 6) == 0) | |
523 | return IPP2P_APPLE * 100; | |
524 | ||
525 | return 0; | |
44d6f47a JE |
526 | } |
527 | ||
c237fe24 | 528 | /* Search for BitTorrent commands */ |
569643ac JE |
529 | static unsigned int |
530 | search_bittorrent(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 531 | { |
c237fe24 JE |
532 | if (plen > 20) { |
533 | /* test for match 0x13+"BitTorrent protocol" */ | |
534 | if (payload[0] == 0x13) | |
535 | if (memcmp(payload + 1, "BitTorrent protocol", 19) == 0) | |
536 | return IPP2P_BIT * 100; | |
c237fe24 | 537 | /* |
43864ac6 TT |
538 | * Any tracker command starts with GET / then *may be* some file on web server |
539 | * (e.g. announce.php or dupa.pl or whatever.cgi or NOTHING for tracker on root dir) | |
540 | * but *must have* one (or more) of strings listed below (true for scrape and announce) | |
c237fe24 JE |
541 | */ |
542 | if (memcmp(payload, "GET /", 5) == 0) { | |
8579fd2b | 543 | if (HX_memmem(payload, plen, "info_hash=", 10) != NULL) |
c237fe24 | 544 | return IPP2P_BIT * 100 + 1; |
43864ac6 | 545 | if (HX_memmem(payload, plen, "peer_id=", 8) != NULL) |
c237fe24 | 546 | return IPP2P_BIT * 100 + 2; |
43864ac6 TT |
547 | if (HX_memmem(payload, plen, "passkey=", 8) != NULL) |
548 | return IPP2P_BIT * 100 + 4; | |
c237fe24 JE |
549 | } |
550 | } else { | |
551 | /* bitcomet encryptes the first packet, so we have to detect another | |
552 | * one later in the flow */ | |
304e5e52 | 553 | /* first try failed, too many false positives */ |
c237fe24 JE |
554 | /* |
555 | if (size == 5 && get_u32(t, 0) == __constant_htonl(1) && | |
556 | t[4] < 3) | |
557 | return IPP2P_BIT * 100 + 3; | |
558 | */ | |
559 | ||
560 | /* second try: block request packets */ | |
561 | if (plen == 17 && | |
562 | get_u32(payload, 0) == __constant_htonl(0x0d) && | |
563 | payload[4] == 0x06 && | |
564 | get_u32(payload,13) == __constant_htonl(0x4000)) | |
565 | return IPP2P_BIT * 100 + 3; | |
44d6f47a | 566 | } |
c237fe24 JE |
567 | |
568 | return 0; | |
44d6f47a JE |
569 | } |
570 | ||
c237fe24 | 571 | /* check for Kazaa get command */ |
569643ac JE |
572 | static unsigned int |
573 | search_kazaa(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 574 | { |
17a03128 CB |
575 | if (plen < 13) |
576 | return 0; | |
c237fe24 JE |
577 | if (payload[plen-2] == 0x0d && payload[plen-1] == 0x0a && |
578 | memcmp(payload, "GET /.hash=", 11) == 0) | |
579 | return IPP2P_DATA_KAZAA * 100; | |
44d6f47a | 580 | |
c237fe24 | 581 | return 0; |
44d6f47a JE |
582 | } |
583 | ||
30ddb4f8 | 584 | /* check for Gnutella get command */ |
569643ac JE |
585 | static unsigned int |
586 | search_gnu(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 587 | { |
17a03128 CB |
588 | if (plen < 11) |
589 | return 0; | |
c237fe24 JE |
590 | if (payload[plen-2] == 0x0d && payload[plen-1] == 0x0a) { |
591 | if (memcmp(payload, "GET /get/", 9) == 0) | |
592 | return IPP2P_DATA_GNU * 100 + 1; | |
304e5e52 | 593 | if (plen >= 15 && memcmp(payload, "GET /uri-res/", 13) == 0) |
c237fe24 JE |
594 | return IPP2P_DATA_GNU * 100 + 2; |
595 | } | |
596 | return 0; | |
44d6f47a JE |
597 | } |
598 | ||
30ddb4f8 | 599 | /* check for Gnutella get commands and other typical data */ |
569643ac JE |
600 | static unsigned int |
601 | search_all_gnu(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 602 | { |
17a03128 CB |
603 | if (plen < 11) |
604 | return 0; | |
c237fe24 | 605 | if (payload[plen-2] == 0x0d && payload[plen-1] == 0x0a) { |
304e5e52 | 606 | if (plen >= 19 && memcmp(payload, "GNUTELLA CONNECT/", 17) == 0) |
c237fe24 | 607 | return IPP2P_GNU * 100 + 1; |
304e5e52 | 608 | if (memcmp(payload, "GNUTELLA/", 9) == 0) |
c237fe24 JE |
609 | return IPP2P_GNU * 100 + 2; |
610 | ||
17a03128 CB |
611 | if (plen >= 22 && (memcmp(payload, "GET /get/", 9) == 0 || |
612 | memcmp(payload, "GET /uri-res/", 13) == 0)) | |
c237fe24 | 613 | { |
17a03128 | 614 | unsigned int c; |
569643ac | 615 | |
17a03128 | 616 | for (c = 0; c < plen - 22; ++c) |
3f7288ab CB |
617 | if (payload[c] == 0x0d && |
618 | payload[c+1] == 0x0a && | |
c237fe24 JE |
619 | (memcmp(&payload[c+2], "X-Gnutella-", 11) == 0 || |
620 | memcmp(&payload[c+2], "X-Queue:", 8) == 0)) | |
621 | return IPP2P_GNU * 100 + 3; | |
44d6f47a JE |
622 | } |
623 | } | |
c237fe24 | 624 | return 0; |
44d6f47a JE |
625 | } |
626 | ||
c237fe24 | 627 | /* check for KaZaA download commands and other typical data */ |
d01a5f3d | 628 | /* plen is guaranteed to be >= 5 (see @matchlist) */ |
569643ac JE |
629 | static unsigned int |
630 | search_all_kazaa(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 631 | { |
d01a5f3d JE |
632 | uint16_t c, end, rem; |
633 | ||
17a03128 | 634 | if (plen < 7) |
879e964f JE |
635 | /* too short for anything we test for - early bailout */ |
636 | return 0; | |
637 | ||
22db3bcb JE |
638 | if (payload[plen-2] != 0x0d || payload[plen-1] != 0x0a) |
639 | return 0; | |
c237fe24 | 640 | |
22db3bcb JE |
641 | if (memcmp(payload, "GIVE ", 5) == 0) |
642 | return IPP2P_KAZAA * 100 + 1; | |
643 | ||
d01a5f3d JE |
644 | if (memcmp(payload, "GET /", 5) != 0) |
645 | return 0; | |
646 | ||
4cdfd496 JE |
647 | if (plen < 18) |
648 | /* The next tests would not succeed anyhow. */ | |
649 | return 0; | |
650 | ||
d01a5f3d JE |
651 | end = plen - 18; |
652 | rem = plen - 5; | |
653 | for (c = 5; c < end; ++c, --rem) { | |
654 | if (payload[c] != 0x0d) | |
655 | continue; | |
656 | if (payload[c+1] != 0x0a) | |
657 | continue; | |
658 | if (rem >= 18 && | |
659 | memcmp(&payload[c+2], "X-Kazaa-Username: ", 18) == 0) | |
660 | return IPP2P_KAZAA * 100 + 2; | |
661 | if (rem >= 24 && | |
662 | memcmp(&payload[c+2], "User-Agent: PeerEnabler/", 24) == 0) | |
663 | return IPP2P_KAZAA * 100 + 2; | |
44d6f47a | 664 | } |
22db3bcb | 665 | |
c237fe24 | 666 | return 0; |
44d6f47a JE |
667 | } |
668 | ||
30ddb4f8 | 669 | /* fast check for eDonkey file segment transfer command */ |
569643ac JE |
670 | static unsigned int |
671 | search_edk(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 672 | { |
17a03128 CB |
673 | if (plen < 6) |
674 | return 0; | |
c237fe24 JE |
675 | if (payload[0] != 0xe3) { |
676 | return 0; | |
677 | } else { | |
678 | if (payload[5] == 0x47) | |
679 | return IPP2P_DATA_EDK * 100; | |
680 | else | |
681 | return 0; | |
682 | } | |
44d6f47a JE |
683 | } |
684 | ||
30ddb4f8 | 685 | /* intensive but slower search for some eDonkey packets including size check */ |
569643ac JE |
686 | static unsigned int |
687 | search_all_edk(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 688 | { |
17a03128 CB |
689 | if (plen < 6) |
690 | return 0; | |
c237fe24 JE |
691 | if (payload[0] != 0xe3) { |
692 | return 0; | |
693 | } else { | |
17a03128 | 694 | unsigned int cmd = get_u16(payload, 1); |
c237fe24 JE |
695 | |
696 | if (cmd == plen - 5) { | |
697 | switch (payload[5]) { | |
698 | case 0x01: | |
699 | /* Client: hello or Server:hello */ | |
700 | return IPP2P_EDK * 100 + 1; | |
701 | case 0x4c: | |
702 | /* Client: Hello-Answer */ | |
703 | return IPP2P_EDK * 100 + 9; | |
704 | } | |
705 | } | |
706 | return 0; | |
44d6f47a | 707 | } |
44d6f47a JE |
708 | } |
709 | ||
c237fe24 | 710 | /* fast check for Direct Connect send command */ |
569643ac JE |
711 | static unsigned int |
712 | search_dc(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 713 | { |
17a03128 CB |
714 | if (plen < 6) |
715 | return 0; | |
c237fe24 JE |
716 | if (payload[0] != 0x24) { |
717 | return 0; | |
718 | } else { | |
719 | if (memcmp(&payload[1], "Send|", 5) == 0) | |
720 | return IPP2P_DATA_DC * 100; | |
721 | else | |
722 | return 0; | |
723 | } | |
44d6f47a JE |
724 | } |
725 | ||
c237fe24 | 726 | /* intensive but slower check for all direct connect packets */ |
569643ac JE |
727 | static unsigned int |
728 | search_all_dc(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 729 | { |
17a03128 CB |
730 | if (plen < 7) |
731 | return 0; | |
c237fe24 JE |
732 | if (payload[0] == 0x24 && payload[plen-1] == 0x7c) { |
733 | const unsigned char *t = &payload[1]; | |
734 | ||
735 | /* Client-Hub-Protocol */ | |
736 | if (memcmp(t, "Lock ", 5) == 0) | |
737 | return IPP2P_DC * 100 + 1; | |
738 | ||
739 | /* | |
740 | * Client-Client-Protocol, some are already recognized by | |
741 | * client-hub (like lock) | |
742 | */ | |
17a03128 | 743 | if (plen >= 9 && memcmp(t, "MyNick ", 7) == 0) |
c237fe24 JE |
744 | return IPP2P_DC * 100 + 38; |
745 | } | |
746 | return 0; | |
44d6f47a JE |
747 | } |
748 | ||
c237fe24 | 749 | /* check for mute */ |
569643ac JE |
750 | static unsigned int |
751 | search_mute(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 752 | { |
c237fe24 JE |
753 | if (plen == 209 || plen == 345 || plen == 473 || plen == 609 || |
754 | plen == 1121) { | |
755 | //printk(KERN_DEBUG "size hit: %u", size); | |
756 | if (memcmp(payload,"PublicKey: ", 11) == 0) { | |
757 | return IPP2P_MUTE * 100 + 0; | |
758 | /* | |
759 | if (memcmp(t + size - 14, "\x0aEndPublicKey\x0a", 14) == 0) | |
760 | printk(KERN_DEBUG "end pubic key hit: %u", size); | |
761 | */ | |
44d6f47a JE |
762 | } |
763 | } | |
764 | return 0; | |
765 | } | |
766 | ||
44d6f47a | 767 | /* check for xdcc */ |
569643ac JE |
768 | static unsigned int |
769 | search_xdcc(const unsigned char *payload, const unsigned int plen) | |
44d6f47a JE |
770 | { |
771 | /* search in small packets only */ | |
c237fe24 JE |
772 | if (plen > 20 && plen < 200 && payload[plen-1] == 0x0a && |
773 | payload[plen-2] == 0x0d && memcmp(payload, "PRIVMSG ", 8) == 0) | |
44d6f47a | 774 | { |
569643ac JE |
775 | uint16_t x = 10; |
776 | const uint16_t end = plen - 13; | |
c237fe24 JE |
777 | |
778 | /* | |
30ddb4f8 | 779 | * is seems to be an IRC private massage, check for |
c237fe24 JE |
780 | * xdcc command |
781 | */ | |
782 | while (x < end) { | |
44d6f47a | 783 | if (payload[x] == ':') |
c237fe24 JE |
784 | if (memcmp(&payload[x+1], "xdcc send #", 11) == 0) |
785 | return IPP2P_XDCC * 100 + 0; | |
44d6f47a JE |
786 | x++; |
787 | } | |
788 | } | |
789 | return 0; | |
790 | } | |
791 | ||
792 | /* search for waste */ | |
569643ac JE |
793 | static unsigned int |
794 | search_waste(const unsigned char *payload, const unsigned int plen) | |
44d6f47a | 795 | { |
c237fe24 JE |
796 | if (plen >= 8 && memcmp(payload, "GET.sha1:", 9) == 0) |
797 | return IPP2P_WASTE * 100 + 0; | |
44d6f47a JE |
798 | |
799 | return 0; | |
800 | } | |
801 | ||
569643ac JE |
802 | static const struct { |
803 | unsigned int command; | |
569643ac JE |
804 | unsigned int packet_len; |
805 | unsigned int (*function_name)(const unsigned char *, const unsigned int); | |
44d6f47a | 806 | } matchlist[] = { |
a1d307e3 | 807 | {IPP2P_EDK, 20, search_all_edk}, |
01df89eb JE |
808 | {IPP2P_DATA_KAZAA, 200, search_kazaa}, /* exp */ |
809 | {IPP2P_DATA_EDK, 60, search_edk}, /* exp */ | |
810 | {IPP2P_DATA_DC, 26, search_dc}, /* exp */ | |
a1d307e3 | 811 | {IPP2P_DC, 5, search_all_dc}, |
01df89eb | 812 | {IPP2P_DATA_GNU, 40, search_gnu}, /* exp */ |
a1d307e3 JE |
813 | {IPP2P_GNU, 5, search_all_gnu}, |
814 | {IPP2P_KAZAA, 5, search_all_kazaa}, | |
815 | {IPP2P_BIT, 20, search_bittorrent}, | |
816 | {IPP2P_APPLE, 5, search_apple}, | |
817 | {IPP2P_SOUL, 5, search_soul}, | |
818 | {IPP2P_WINMX, 2, search_winmx}, | |
819 | {IPP2P_ARES, 5, search_ares}, | |
820 | {IPP2P_MUTE, 200, search_mute}, | |
821 | {IPP2P_WASTE, 5, search_waste}, | |
822 | {IPP2P_XDCC, 5, search_xdcc}, | |
c237fe24 | 823 | {0}, |
44d6f47a JE |
824 | }; |
825 | ||
569643ac JE |
826 | static const struct { |
827 | unsigned int command; | |
569643ac JE |
828 | unsigned int packet_len; |
829 | unsigned int (*function_name)(const unsigned char *, const unsigned int); | |
44d6f47a | 830 | } udp_list[] = { |
a1d307e3 JE |
831 | {IPP2P_KAZAA, 14, udp_search_kazaa}, |
832 | {IPP2P_BIT, 23, udp_search_bit}, | |
833 | {IPP2P_GNU, 11, udp_search_gnu}, | |
834 | {IPP2P_EDK, 9, udp_search_edk}, | |
835 | {IPP2P_DC, 12, udp_search_directconnect}, | |
c237fe24 | 836 | {0}, |
44d6f47a JE |
837 | }; |
838 | ||
ad554f10 | 839 | static void |
f144c2eb JE |
840 | ipp2p_print_result_tcp4(const union nf_inet_addr *saddr, short sport, |
841 | const union nf_inet_addr *daddr, short dport, | |
baa9e72b | 842 | bool p2p_result, unsigned int hlen) |
ad554f10 JS |
843 | { |
844 | printk("IPP2P.debug:TCP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %u\n", | |
845 | p2p_result, &saddr->ip, sport, &daddr->ip, dport, hlen); | |
846 | } | |
847 | ||
baa9e72b | 848 | static void |
f144c2eb JE |
849 | ipp2p_print_result_tcp6(const union nf_inet_addr *saddr, short sport, |
850 | const union nf_inet_addr *daddr, short dport, | |
baa9e72b JE |
851 | bool p2p_result, unsigned int hlen) |
852 | { | |
853 | printk("IPP2P.debug:TCP-match: %d from: %pI6:%hu to: %pI6:%hu Length: %u\n", | |
854 | p2p_result, &saddr->in6, sport, &daddr->in6, dport, hlen); | |
855 | } | |
856 | ||
f68c44f2 JS |
857 | static bool |
858 | ipp2p_mt_tcp(const struct ipt_p2p_info *info, const struct tcphdr *tcph, | |
859 | const unsigned char *haystack, unsigned int hlen, | |
ad554f10 | 860 | const struct ipp2p_result_printer *rp) |
f68c44f2 JS |
861 | { |
862 | size_t tcph_len = tcph->doff * 4; | |
863 | bool p2p_result = false; | |
864 | int i = 0; | |
865 | ||
866 | if (tcph->fin) return 0; /* if FIN bit is set bail out */ | |
867 | if (tcph->syn) return 0; /* if SYN bit is set bail out */ | |
868 | if (tcph->rst) return 0; /* if RST bit is set bail out */ | |
869 | ||
870 | if (hlen < tcph_len) { | |
871 | if (info->debug) | |
872 | pr_info("TCP header indicated packet larger than it is\n"); | |
873 | return 0; | |
874 | } | |
875 | if (hlen == tcph_len) | |
876 | return 0; | |
877 | ||
878 | haystack += tcph_len; | |
879 | hlen -= tcph_len; | |
880 | ||
881 | while (matchlist[i].command) { | |
882 | if ((info->cmd & matchlist[i].command) == matchlist[i].command && | |
883 | hlen > matchlist[i].packet_len) | |
884 | { | |
885 | p2p_result = matchlist[i].function_name(haystack, hlen); | |
886 | if (p2p_result) { | |
887 | if (info->debug) | |
ad554f10 | 888 | print_result(rp, p2p_result, hlen); |
f68c44f2 JS |
889 | return p2p_result; |
890 | } | |
891 | } | |
892 | i++; | |
893 | } | |
894 | return p2p_result; | |
895 | } | |
896 | ||
ad554f10 | 897 | static void |
f144c2eb JE |
898 | ipp2p_print_result_udp4(const union nf_inet_addr *saddr, short sport, |
899 | const union nf_inet_addr *daddr, short dport, | |
baa9e72b | 900 | bool p2p_result, unsigned int hlen) |
ad554f10 JS |
901 | { |
902 | printk("IPP2P.debug:UDP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %u\n", | |
903 | p2p_result, &saddr->ip, sport, &daddr->ip, dport, hlen); | |
904 | } | |
905 | ||
baa9e72b | 906 | static void |
f144c2eb JE |
907 | ipp2p_print_result_udp6(const union nf_inet_addr *saddr, short sport, |
908 | const union nf_inet_addr *daddr, short dport, | |
baa9e72b JE |
909 | bool p2p_result, unsigned int hlen) |
910 | { | |
911 | printk("IPP2P.debug:UDP-match: %d from: %pI6:%hu to: %pI6:%hu Length: %u\n", | |
912 | p2p_result, &saddr->in6, sport, &daddr->in6, dport, hlen); | |
913 | } | |
914 | ||
f68c44f2 JS |
915 | static bool |
916 | ipp2p_mt_udp(const struct ipt_p2p_info *info, const struct udphdr *udph, | |
917 | const unsigned char *haystack, unsigned int hlen, | |
ad554f10 | 918 | const struct ipp2p_result_printer *rp) |
f68c44f2 JS |
919 | { |
920 | size_t udph_len = sizeof(*udph); | |
921 | bool p2p_result = false; | |
922 | int i = 0; | |
923 | ||
924 | if (hlen < udph_len) { | |
925 | if (info->debug) | |
926 | pr_info("UDP header indicated packet larger than it is\n"); | |
927 | return 0; | |
928 | } | |
929 | if (hlen == udph_len) | |
930 | return 0; | |
931 | ||
932 | haystack += udph_len; | |
933 | hlen -= udph_len; | |
934 | ||
935 | while (udp_list[i].command) { | |
936 | if ((info->cmd & udp_list[i].command) == udp_list[i].command && | |
937 | hlen > udp_list[i].packet_len) | |
938 | { | |
939 | p2p_result = udp_list[i].function_name(haystack, hlen); | |
940 | if (p2p_result) { | |
941 | if (info->debug) | |
ad554f10 | 942 | print_result(rp, p2p_result, hlen); |
f68c44f2 JS |
943 | return p2p_result; |
944 | } | |
945 | } | |
946 | i++; | |
947 | } | |
948 | return p2p_result; | |
949 | } | |
950 | ||
cc23d0a2 | 951 | static bool |
9a18a05d | 952 | ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par) |
44d6f47a | 953 | { |
ee7e4f5a | 954 | const struct ipt_p2p_info *info = par->matchinfo; |
ad554f10 | 955 | struct ipp2p_result_printer printer; |
f144c2eb | 956 | union nf_inet_addr saddr, daddr; |
f68c44f2 JS |
957 | const unsigned char *haystack; /* packet data */ |
958 | unsigned int hlen; /* packet data length */ | |
baa9e72b JE |
959 | uint8_t family = xt_family(par); |
960 | int protocol; | |
c237fe24 | 961 | |
baa9e72b JE |
962 | /* |
963 | * must not be a fragment | |
964 | * | |
965 | * NB, `par->fragoff` may be zero for a fragmented IPv6 packet. | |
966 | * However, in that case the later call to `ipv6_find_hdr` will not find | |
967 | * a transport protocol, and so we will return 0 there. | |
968 | */ | |
ee7e4f5a | 969 | if (par->fragoff != 0) { |
c237fe24 | 970 | if (info->debug) |
ee7e4f5a | 971 | printk("IPP2P.match: offset found %d\n", par->fragoff); |
c237fe24 JE |
972 | return 0; |
973 | } | |
974 | ||
975 | /* make sure that skb is linear */ | |
976 | if (skb_is_nonlinear(skb)) { | |
977 | if (info->debug) | |
978 | printk("IPP2P.match: nonlinear skb found\n"); | |
979 | return 0; | |
980 | } | |
44d6f47a | 981 | |
baa9e72b JE |
982 | if (family == NFPROTO_IPV4) { |
983 | const struct iphdr *ip = ip_hdr(skb); | |
984 | saddr.ip = ip->saddr; | |
985 | daddr.ip = ip->daddr; | |
986 | protocol = ip->protocol; | |
987 | hlen = ip_transport_len(skb); | |
988 | } else { | |
989 | const struct ipv6hdr *ip = ipv6_hdr(skb); | |
990 | int thoff = 0; | |
44d6f47a | 991 | |
baa9e72b JE |
992 | saddr.in6 = ip->saddr; |
993 | daddr.in6 = ip->daddr; | |
994 | protocol = ipv6_find_hdr(skb, &thoff, -1, NULL, NULL); | |
995 | if (protocol < 0) | |
996 | return 0; | |
997 | hlen = ipv6_transport_len(skb); | |
998 | } | |
ad554f10 JS |
999 | |
1000 | printer.saddr = &saddr; | |
1001 | printer.daddr = &daddr; | |
baa9e72b | 1002 | haystack = skb_transport_header(skb); |
ad554f10 | 1003 | |
baa9e72b | 1004 | switch (protocol) { |
c237fe24 | 1005 | case IPPROTO_TCP: /* what to do with a TCP packet */ |
44d6f47a | 1006 | { |
f68c44f2 | 1007 | const struct tcphdr *tcph = tcp_hdr(skb); |
90835b11 | 1008 | |
ad554f10 JS |
1009 | printer.sport = ntohs(tcph->source); |
1010 | printer.dport = ntohs(tcph->dest); | |
baa9e72b JE |
1011 | printer.print = family == NFPROTO_IPV6 ? |
1012 | ipp2p_print_result_tcp6 : ipp2p_print_result_tcp4; | |
ad554f10 | 1013 | return ipp2p_mt_tcp(info, tcph, haystack, hlen, &printer); |
44d6f47a | 1014 | } |
f68c44f2 | 1015 | case IPPROTO_UDP: /* what to do with a UDP packet */ |
939d3c8b | 1016 | case IPPROTO_UDPLITE: |
44d6f47a | 1017 | { |
f68c44f2 | 1018 | const struct udphdr *udph = udp_hdr(skb); |
c237fe24 | 1019 | |
ad554f10 JS |
1020 | printer.sport = ntohs(udph->source); |
1021 | printer.dport = ntohs(udph->dest); | |
baa9e72b JE |
1022 | printer.print = family == NFPROTO_IPV6 ? |
1023 | ipp2p_print_result_udp6 : ipp2p_print_result_udp4; | |
ad554f10 | 1024 | return ipp2p_mt_udp(info, udph, haystack, hlen, &printer); |
c237fe24 | 1025 | } |
c237fe24 JE |
1026 | default: |
1027 | return 0; | |
44d6f47a | 1028 | } |
44d6f47a JE |
1029 | } |
1030 | ||
baa9e72b JE |
1031 | static struct xt_match ipp2p_mt_reg[] __read_mostly = { |
1032 | { | |
1033 | .name = "ipp2p", | |
1034 | .revision = 1, | |
1035 | .family = NFPROTO_IPV4, | |
1036 | .match = ipp2p_mt, | |
1037 | .matchsize = sizeof(struct ipt_p2p_info), | |
1038 | .me = THIS_MODULE, | |
1039 | }, | |
1040 | { | |
1041 | .name = "ipp2p", | |
1042 | .revision = 1, | |
1043 | .family = NFPROTO_IPV6, | |
1044 | .match = ipp2p_mt, | |
1045 | .matchsize = sizeof(struct ipt_p2p_info), | |
1046 | .me = THIS_MODULE, | |
1047 | }, | |
44d6f47a JE |
1048 | }; |
1049 | ||
cc23d0a2 | 1050 | static int __init ipp2p_mt_init(void) |
44d6f47a | 1051 | { |
baa9e72b | 1052 | return xt_register_matches(ipp2p_mt_reg, ARRAY_SIZE(ipp2p_mt_reg)); |
44d6f47a | 1053 | } |
c237fe24 | 1054 | |
cc23d0a2 | 1055 | static void __exit ipp2p_mt_exit(void) |
44d6f47a | 1056 | { |
baa9e72b | 1057 | xt_unregister_matches(ipp2p_mt_reg, ARRAY_SIZE(ipp2p_mt_reg)); |
44d6f47a | 1058 | } |
c237fe24 | 1059 | |
cc23d0a2 JE |
1060 | module_init(ipp2p_mt_init); |
1061 | module_exit(ipp2p_mt_exit); | |
29139c14 | 1062 | MODULE_ALIAS("ipt_ipp2p"); |
71599a0f | 1063 | MODULE_ALIAS("ip6t_ipp2p"); |