]>
Commit | Line | Data |
---|---|---|
3dad5558 AF |
1 | diff -Naur iptables-1.4.6.org/extensions/.ipp2p-test iptables-1.4.6/extensions/.ipp2p-test |
2 | --- iptables-1.4.6.org/extensions/.ipp2p-test 1970-01-01 01:00:00.000000000 +0100 | |
3 | +++ iptables-1.4.6/extensions/.ipp2p-test 2010-02-13 20:02:52.000000000 +0100 | |
4 | @@ -0,0 +1,2 @@ | |
5 | +#! /bin/sh | |
6 | +[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ipp2p.h ] && echo ipp2p | |
7 | diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.c iptables-1.4.6/extensions/libipt_ipp2p.c | |
8 | --- iptables-1.4.6.org/extensions/libipt_ipp2p.c 1970-01-01 01:00:00.000000000 +0100 | |
9 | +++ iptables-1.4.6/extensions/libipt_ipp2p.c 2010-02-13 20:02:52.000000000 +0100 | |
10 | @@ -0,0 +1,424 @@ | |
11 | +#include <stdio.h> | |
12 | +#include <netdb.h> | |
13 | +#include <string.h> | |
14 | +#include <stdlib.h> | |
15 | +#include <getopt.h> | |
16 | +#include <ctype.h> | |
17 | + | |
18 | +#include <iptables.h> | |
19 | + | |
20 | +#include <linux/netfilter_ipv4/ipt_ipp2p.h> | |
21 | + | |
22 | +#ifndef XTABLES_VERSION | |
23 | +#define XTABLES_VERSION IPTABLES_VERSION | |
24 | +#endif | |
25 | + | |
26 | +#ifdef IPT_LIB_DIR | |
27 | +#define xtables_target iptables_target | |
28 | +#define xtables_register_target register_target | |
29 | +#endif | |
30 | + | |
31 | +static void | |
32 | +help(void) | |
33 | +{ | |
34 | + printf( | |
35 | + "IPP2P v%s options:\n" | |
36 | + " --ipp2p Grab all known p2p packets\n" | |
37 | + " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n" | |
38 | + " --dc [TCP] All known Direct Connect packets\n" | |
39 | + " --kazaa [TCP&UDP] All known KaZaA packets\n" | |
40 | + " --gnu [TCP&UDP] All known Gnutella packets\n" | |
41 | + " --bit [TCP&UDP] All known BitTorrent packets\n" | |
42 | + " --apple [TCP] All known AppleJuice packets\n" | |
43 | + " --winmx [TCP] All known WinMX\n" | |
44 | + " --soul [TCP] All known SoulSeek\n" | |
45 | + " --ares [TCP] All known Ares\n\n" | |
46 | + " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n" | |
47 | + " --mute [TCP] All known Mute packets\n" | |
48 | + " --waste [TCP] All known Waste packets\n" | |
49 | + " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n" | |
50 | + " DEBUG SUPPPORT, use only if you know why\n" | |
51 | + " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n" | |
52 | + "\nNote that the follwing options will have the same meaning:\n" | |
53 | + " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n" | |
54 | + "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n" | |
55 | + "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n" | |
56 | + "\nSee README included with this package for more details or visit http://www.ipp2p.org\n" | |
57 | + "\nExamples:\n" | |
58 | + " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n" | |
59 | + " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n" | |
60 | + " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n" | |
61 | + , IPP2P_VERSION); | |
62 | +} | |
63 | + | |
64 | +static struct option opts[] = { | |
65 | + { "ipp2p", 0, 0, '1' }, | |
66 | + { "edk", 0, 0, '2' }, | |
67 | + { "dc", 0, 0, '7' }, | |
68 | + { "gnu", 0, 0, '9' }, | |
69 | + { "kazaa", 0, 0, 'a' }, | |
70 | + { "bit", 0, 0, 'b' }, | |
71 | + { "apple", 0, 0, 'c' }, | |
72 | + { "soul", 0, 0, 'd' }, | |
73 | + { "winmx", 0, 0, 'e' }, | |
74 | + { "ares", 0, 0, 'f' }, | |
75 | + { "mute", 0, 0, 'g' }, | |
76 | + { "waste", 0, 0, 'h' }, | |
77 | + { "xdcc", 0, 0, 'i' }, | |
78 | + { "debug", 0, 0, 'j' }, | |
79 | + {0} | |
80 | +}; | |
81 | + | |
82 | + | |
83 | +static void | |
84 | +#ifdef _XTABLES_H | |
85 | +init(struct xt_entry_match *m) | |
86 | +#else | |
87 | +init(struct ipt_entry_match *t, unsigned int *nfcache) | |
88 | +#endif | |
89 | +{ | |
90 | + struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data; | |
91 | + | |
92 | +#ifndef _XTABLES_H | |
93 | + *nfcache |= NFC_UNKNOWN; | |
94 | +#endif | |
95 | + | |
96 | + /*init the module with default values*/ | |
97 | + info->cmd = 0; | |
98 | + info->debug = 0; | |
99 | + | |
100 | +} | |
101 | + | |
102 | + | |
103 | +static int | |
104 | +parse(int c, char **argv, int invert, unsigned int *flags, | |
105 | +#ifdef _XTABLES_H | |
106 | + const void *entry, struct xt_entry_match **match) | |
107 | +#else | |
108 | + const struct ipt_entry *entry, unsigned int *nfcache, struct ipt_entry_match **match) | |
109 | +#endif | |
110 | +{ | |
111 | + struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data; | |
112 | + | |
113 | + switch (c) { | |
114 | + case '1': /*cmd: ipp2p*/ | |
115 | + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) | |
07275e88 | 116 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
117 | + "ipp2p: `--ipp2p' may only be " |
118 | + "specified once!"); | |
119 | + | |
120 | +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) | |
07275e88 | 121 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
122 | + "ipp2p: `--ipp2p-data' may only be " |
123 | + "specified alone!"); | |
124 | +*/ | |
125 | + | |
126 | + if ((*flags) != 0) | |
07275e88 | 127 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
128 | + "ipp2p: `--ipp2p' may only be " |
129 | + "specified alone!"); | |
07275e88 | 130 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
131 | + *flags += SHORT_HAND_IPP2P; |
132 | + info->cmd = *flags; | |
133 | + break; | |
134 | + | |
135 | + case '2': /*cmd: edk*/ | |
136 | + if ((*flags & IPP2P_EDK) == IPP2P_EDK) | |
07275e88 | 137 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
138 | + "ipp2p: `--edk' may only be " |
139 | + "specified once"); | |
140 | + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) | |
07275e88 | 141 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
142 | + "ipp2p: `--ipp2p' may only be " |
143 | + "specified alone!"); | |
144 | +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) | |
07275e88 | 145 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
146 | + "ipp2p: `--ipp2p-data' may only be " |
147 | + "specified alone!");*/ | |
148 | + if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) | |
07275e88 | 149 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 | 150 | + "ipp2p: use `--edk' OR `--edk-data' but not both of them!"); |
07275e88 | 151 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
152 | + *flags += IPP2P_EDK; |
153 | + info->cmd = *flags; | |
154 | + break; | |
155 | + | |
156 | + | |
157 | + case '7': /*cmd: dc*/ | |
158 | + if ((*flags & IPP2P_DC) == IPP2P_DC) | |
07275e88 | 159 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
160 | + "ipp2p: `--dc' may only be " |
161 | + "specified once!"); | |
162 | + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) | |
07275e88 | 163 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
164 | + "ipp2p: `--ipp2p' may only be " |
165 | + "specified alone!"); | |
166 | +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) | |
07275e88 | 167 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
168 | + "ipp2p: `--ipp2p-data' may only be " |
169 | + "specified alone!");*/ | |
170 | + if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC) | |
07275e88 | 171 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 | 172 | + "ipp2p: use `--dc' OR `--dc-data' but not both of them!"); |
07275e88 | 173 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
174 | + *flags += IPP2P_DC; |
175 | + info->cmd = *flags; | |
176 | + break; | |
177 | + | |
178 | + | |
179 | + case '9': /*cmd: gnu*/ | |
180 | + if ((*flags & IPP2P_GNU) == IPP2P_GNU) | |
07275e88 | 181 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
182 | + "ipp2p: `--gnu' may only be " |
183 | + "specified once!"); | |
184 | +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) | |
07275e88 | 185 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
186 | + "ipp2p: `--ipp2p-data' may only be " |
187 | + "specified alone!");*/ | |
188 | + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) | |
07275e88 | 189 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
190 | + "ipp2p: `--ipp2p' may only be " |
191 | + "specified alone!"); | |
192 | + if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) | |
07275e88 | 193 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 | 194 | + "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!"); |
07275e88 | 195 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
196 | + *flags += IPP2P_GNU; |
197 | + info->cmd = *flags; | |
198 | + break; | |
199 | + | |
200 | + case 'a': /*cmd: kazaa*/ | |
201 | + if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA) | |
07275e88 | 202 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
203 | + "ipp2p: `--kazaa' may only be " |
204 | + "specified once!"); | |
205 | +/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) | |
07275e88 | 206 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
207 | + "ipp2p: `--ipp2p-data' may only be " |
208 | + "specified alone!");*/ | |
209 | + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) | |
07275e88 | 210 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
211 | + "ipp2p: `--ipp2p' may only be " |
212 | + "specified alone!"); | |
213 | + if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) | |
07275e88 | 214 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 | 215 | + "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!"); |
07275e88 | 216 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
217 | + *flags += IPP2P_KAZAA; |
218 | + info->cmd = *flags; | |
219 | + break; | |
220 | + | |
221 | + case 'b': /*cmd: bit*/ | |
222 | + if ((*flags & IPP2P_BIT) == IPP2P_BIT) | |
07275e88 | 223 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
224 | + "ipp2p: `--bit' may only be " |
225 | + "specified once!"); | |
226 | + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) | |
07275e88 | 227 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
228 | + "ipp2p: `--ipp2p' may only be " |
229 | + "specified alone!"); | |
07275e88 | 230 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
231 | + *flags += IPP2P_BIT; |
232 | + info->cmd = *flags; | |
233 | + break; | |
234 | + | |
235 | + case 'c': /*cmd: apple*/ | |
236 | + if ((*flags & IPP2P_APPLE) == IPP2P_APPLE) | |
07275e88 | 237 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
238 | + "ipp2p: `--apple' may only be " |
239 | + "specified once!"); | |
240 | + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) | |
07275e88 | 241 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
242 | + "ipp2p: `--ipp2p' may only be " |
243 | + "specified alone!"); | |
07275e88 | 244 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
245 | + *flags += IPP2P_APPLE; |
246 | + info->cmd = *flags; | |
247 | + break; | |
248 | + | |
249 | + | |
250 | + case 'd': /*cmd: soul*/ | |
251 | + if ((*flags & IPP2P_SOUL) == IPP2P_SOUL) | |
07275e88 | 252 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
253 | + "ipp2p: `--soul' may only be " |
254 | + "specified once!"); | |
255 | + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) | |
07275e88 | 256 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
257 | + "ipp2p: `--ipp2p' may only be " |
258 | + "specified alone!"); | |
07275e88 | 259 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
260 | + *flags += IPP2P_SOUL; |
261 | + info->cmd = *flags; | |
262 | + break; | |
263 | + | |
264 | + | |
265 | + case 'e': /*cmd: winmx*/ | |
266 | + if ((*flags & IPP2P_WINMX) == IPP2P_WINMX) | |
07275e88 | 267 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
268 | + "ipp2p: `--winmx' may only be " |
269 | + "specified once!"); | |
270 | + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) | |
07275e88 | 271 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
272 | + "ipp2p: `--ipp2p' may only be " |
273 | + "specified alone!"); | |
07275e88 | 274 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
275 | + *flags += IPP2P_WINMX; |
276 | + info->cmd = *flags; | |
277 | + break; | |
278 | + | |
279 | + case 'f': /*cmd: ares*/ | |
280 | + if ((*flags & IPP2P_ARES) == IPP2P_ARES) | |
07275e88 | 281 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
282 | + "ipp2p: `--ares' may only be " |
283 | + "specified once!"); | |
284 | + if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) | |
07275e88 | 285 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
286 | + "ipp2p: `--ipp2p' may only be " |
287 | + "specified alone!"); | |
07275e88 | 288 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
289 | + *flags += IPP2P_ARES; |
290 | + info->cmd = *flags; | |
291 | + break; | |
292 | + | |
293 | + case 'g': /*cmd: mute*/ | |
294 | + if ((*flags & IPP2P_MUTE) == IPP2P_MUTE) | |
07275e88 | 295 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
296 | + "ipp2p: `--mute' may only be " |
297 | + "specified once!"); | |
07275e88 | 298 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
299 | + *flags += IPP2P_MUTE; |
300 | + info->cmd = *flags; | |
301 | + break; | |
302 | + case 'h': /*cmd: waste*/ | |
303 | + if ((*flags & IPP2P_WASTE) == IPP2P_WASTE) | |
07275e88 | 304 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
305 | + "ipp2p: `--waste' may only be " |
306 | + "specified once!"); | |
07275e88 | 307 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
308 | + *flags += IPP2P_WASTE; |
309 | + info->cmd = *flags; | |
310 | + break; | |
311 | + case 'i': /*cmd: xdcc*/ | |
312 | + if ((*flags & IPP2P_XDCC) == IPP2P_XDCC) | |
07275e88 | 313 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
314 | + "ipp2p: `--ares' may only be " |
315 | + "specified once!"); | |
07275e88 | 316 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
317 | + *flags += IPP2P_XDCC; |
318 | + info->cmd = *flags; | |
319 | + break; | |
320 | + | |
321 | + case 'j': /*cmd: debug*/ | |
07275e88 | 322 | + if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); |
3dad5558 AF |
323 | + info->debug = 1; |
324 | + break; | |
325 | + | |
326 | + default: | |
07275e88 | 327 | +// xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
328 | +// "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n"); |
329 | + return 0; | |
330 | + } | |
331 | + return 1; | |
332 | +} | |
333 | + | |
334 | + | |
335 | +static void | |
336 | +final_check(unsigned int flags) | |
337 | +{ | |
338 | + if (!flags) | |
07275e88 | 339 | + xtables_error(PARAMETER_PROBLEM, |
3dad5558 AF |
340 | + "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n"); |
341 | +} | |
342 | + | |
343 | +static void | |
344 | +#ifdef _XTABLES_H | |
345 | +print(const void *ip, | |
346 | + const struct xt_entry_match *match, | |
347 | +#else | |
348 | +print(const struct ipt_ip *ip, | |
349 | + const struct ipt_entry_match *match, | |
350 | +#endif | |
351 | + int numeric) | |
352 | +{ | |
353 | + struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data; | |
354 | + | |
355 | + printf("ipp2p v%s", IPP2P_VERSION); | |
356 | + if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p"); | |
357 | +// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data"); | |
358 | + if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa"); | |
359 | +// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data"); | |
360 | +// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data"); | |
361 | + if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu"); | |
362 | + if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk"); | |
363 | +// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data"); | |
364 | +// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data"); | |
365 | + if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc"); | |
366 | + if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit"); | |
367 | + if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple"); | |
368 | + if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul"); | |
369 | + if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx"); | |
370 | + if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares"); | |
371 | + if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute"); | |
372 | + if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste"); | |
373 | + if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc"); | |
374 | + if (info->debug != 0) printf(" --debug"); | |
375 | + printf(" "); | |
376 | +} | |
377 | + | |
378 | +static void | |
379 | +#ifdef _XTABLES_H | |
380 | +save(const void *ip, | |
381 | + const struct xt_entry_match *match) | |
382 | +#else | |
383 | +save(const struct ipt_ip *ip, | |
384 | + const struct ipt_entry_match *match) | |
385 | +#endif | |
386 | +{ | |
387 | + struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data; | |
388 | + | |
389 | + if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p "); | |
390 | +// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data "); | |
391 | + if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa "); | |
392 | +// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data "); | |
393 | +// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data "); | |
394 | + if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu "); | |
395 | + if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk "); | |
396 | +// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data "); | |
397 | +// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data "); | |
398 | + if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc "); | |
399 | + if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit "); | |
400 | + if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple "); | |
401 | + if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul "); | |
402 | + if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx "); | |
403 | + if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares "); | |
404 | + if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute"); | |
405 | + if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste"); | |
406 | + if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc"); | |
407 | + if (info->debug != 0) printf("--debug "); | |
408 | +} | |
409 | + | |
410 | + | |
411 | +static | |
412 | +struct xtables_match ipp2p= | |
413 | +{ | |
414 | + .next = NULL, | |
415 | + .name = "ipp2p", | |
416 | + .version = XTABLES_VERSION, | |
df137470 AF |
417 | + .size = XT_ALIGN(sizeof(struct ipt_p2p_info)), |
418 | + .userspacesize = XT_ALIGN(sizeof(struct ipt_p2p_info)), | |
3dad5558 AF |
419 | + .help = &help, |
420 | + .init = &init, | |
421 | + .parse = &parse, | |
422 | + .final_check = &final_check, | |
423 | + .print = &print, | |
424 | + .save = &save, | |
425 | + .extra_opts = opts | |
426 | +}; | |
427 | + | |
428 | + | |
429 | + | |
430 | +void _init(void) | |
431 | +{ | |
432 | + xtables_register_match(&ipp2p); | |
433 | +} | |
434 | + | |
435 | diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.man iptables-1.4.6/extensions/libipt_ipp2p.man | |
436 | --- iptables-1.4.6.org/extensions/libipt_ipp2p.man 1970-01-01 01:00:00.000000000 +0100 | |
437 | +++ iptables-1.4.6/extensions/libipt_ipp2p.man 2010-02-13 20:02:52.000000000 +0100 | |
438 | @@ -0,0 +1,43 @@ | |
439 | +This module matches certain packets in P2P flows. It is not | |
440 | +designed to match all packets belonging to a P2P connection - | |
441 | +use IPP2P together with CONNMARK for this purpose. Also visit | |
442 | +http://www.ipp2p.org for detailed information. | |
443 | + | |
444 | +Use it together with -p tcp or -p udp to search these protocols | |
445 | +only or without -p switch to search packets of both protocols. | |
446 | + | |
447 | +IPP2P provides the following options: | |
448 | +.TP | |
449 | +.B "--edk " | |
450 | +Matches as many eDonkey/eMule packets as possible. | |
451 | +.TP | |
452 | +.B "--kazaa " | |
453 | +Matches as many KaZaA packets as possible. | |
454 | +.TP | |
455 | +.B "--gnu " | |
456 | +Matches as many Gnutella packets as possible. | |
457 | +.TP | |
458 | +.B "--dc " | |
459 | +Matches as many Direct Connect packets as possible. | |
460 | +.TP | |
461 | +.B "--bit " | |
462 | +Matches BitTorrent packets. | |
463 | +.TP | |
464 | +.B "--apple " | |
465 | +Matches AppleJuice packets. | |
466 | +.TP | |
467 | +.B "--soul " | |
468 | +Matches some SoulSeek packets. Considered as beta, use careful! | |
469 | +.TP | |
470 | +.B "--winmx " | |
471 | +Matches some WinMX packets. Considered as beta, use careful! | |
472 | +.TP | |
473 | +.B "--ares " | |
474 | +Matches Ares and AresLite packets. Use together with -j DROP only. | |
475 | +.TP | |
476 | +.B "--ipp2p " | |
477 | +Short hand for: --edk --kazaa --gnu --dc | |
478 | +.TP | |
479 | +.B "--debug " | |
480 | +Prints some information about each hit into kernel logfile. May | |
481 | +produce huge logfiles so beware! |