]>
git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - src/ipp2p/libipt_ipp2p.c
11 #include "ipt_ipp2p.h"
17 "IPP2P v%s options:\n"
18 " --ipp2p Grab all known p2p packets\n"
19 " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n"
20 " --dc [TCP] All known Direct Connect packets\n"
21 " --kazaa [TCP&UDP] All known KaZaA packets\n"
22 " --gnu [TCP&UDP] All known Gnutella packets\n"
23 " --bit [TCP&UDP] All known BitTorrent packets\n"
24 " --apple [TCP] All known AppleJuice packets\n"
25 " --winmx [TCP] All known WinMX\n"
26 " --soul [TCP] All known SoulSeek\n"
27 " --ares [TCP] All known Ares\n\n"
28 " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n"
29 " --mute [TCP] All known Mute packets\n"
30 " --waste [TCP] All known Waste packets\n"
31 " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n"
32 " DEBUG SUPPPORT, use only if you know why\n"
33 " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n"
34 "\nNote that the follwing options will have the same meaning:\n"
35 " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n"
36 "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n"
37 "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n"
38 "\nSee README included with this package for more details or visit http://www.ipp2p.org\n"
40 " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n"
41 " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n"
42 " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n"
46 static struct option opts
[] = {
47 { "ipp2p", 0, 0, '1' },
51 { "kazaa", 0, 0, 'a' },
53 { "apple", 0, 0, 'c' },
54 { "soul", 0, 0, 'd' },
55 { "winmx", 0, 0, 'e' },
56 { "ares", 0, 0, 'f' },
57 { "mute", 0, 0, 'g' },
58 { "waste", 0, 0, 'h' },
59 { "xdcc", 0, 0, 'i' },
60 { "debug", 0, 0, 'j' },
67 init(struct ipt_entry_match
*m
, unsigned int *nfcache
)
69 struct ipt_p2p_info
*info
= (struct ipt_p2p_info
*)m
->data
;
71 *nfcache
|= NFC_UNKNOWN
;
73 /*init the module with default values*/
81 parse(int c
, char **argv
, int invert
, unsigned int *flags
,
82 const struct ipt_entry
*entry
,
83 unsigned int *nfcache
,
84 struct ipt_entry_match
**match
)
86 struct ipt_p2p_info
*info
= (struct ipt_p2p_info
*)(*match
)->data
;
89 case '1': /*cmd: ipp2p*/
90 if ((*flags
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
)
91 exit_error(PARAMETER_PROBLEM
,
92 "ipp2p: `--ipp2p' may only be "
94 /* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
95 exit_error(PARAMETER_PROBLEM,
96 "ipp2p: `--ipp2p-data' may only be "
97 "specified alone!");*/
99 exit_error(PARAMETER_PROBLEM
,
100 "ipp2p: `--ipp2p' may only be "
102 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
103 *flags
+= SHORT_HAND_IPP2P
;
107 case '2': /*cmd: edk*/
108 if ((*flags
& IPP2P_EDK
) == IPP2P_EDK
)
109 exit_error(PARAMETER_PROBLEM
,
110 "ipp2p: `--edk' may only be "
112 if ((*flags
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
)
113 exit_error(PARAMETER_PROBLEM
,
114 "ipp2p: `--ipp2p' may only be "
116 /* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
117 exit_error(PARAMETER_PROBLEM,
118 "ipp2p: `--ipp2p-data' may only be "
119 "specified alone!");*/
120 if ((*flags
& IPP2P_DATA_EDK
) == IPP2P_DATA_EDK
)
121 exit_error(PARAMETER_PROBLEM
,
122 "ipp2p: use `--edk' OR `--edk-data' but not both of them!");
123 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
129 case '7': /*cmd: dc*/
130 if ((*flags
& IPP2P_DC
) == IPP2P_DC
)
131 exit_error(PARAMETER_PROBLEM
,
132 "ipp2p: `--dc' may only be "
134 if ((*flags
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
)
135 exit_error(PARAMETER_PROBLEM
,
136 "ipp2p: `--ipp2p' may only be "
138 /* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
139 exit_error(PARAMETER_PROBLEM,
140 "ipp2p: `--ipp2p-data' may only be "
141 "specified alone!");*/
142 if ((*flags
& IPP2P_DATA_DC
) == IPP2P_DATA_DC
)
143 exit_error(PARAMETER_PROBLEM
,
144 "ipp2p: use `--dc' OR `--dc-data' but not both of them!");
145 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
151 case '9': /*cmd: gnu*/
152 if ((*flags
& IPP2P_GNU
) == IPP2P_GNU
)
153 exit_error(PARAMETER_PROBLEM
,
154 "ipp2p: `--gnu' may only be "
156 /* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
157 exit_error(PARAMETER_PROBLEM,
158 "ipp2p: `--ipp2p-data' may only be "
159 "specified alone!");*/
160 if ((*flags
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
)
161 exit_error(PARAMETER_PROBLEM
,
162 "ipp2p: `--ipp2p' may only be "
164 if ((*flags
& IPP2P_DATA_GNU
) == IPP2P_DATA_GNU
)
165 exit_error(PARAMETER_PROBLEM
,
166 "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!");
167 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
172 case 'a': /*cmd: kazaa*/
173 if ((*flags
& IPP2P_KAZAA
) == IPP2P_KAZAA
)
174 exit_error(PARAMETER_PROBLEM
,
175 "ipp2p: `--kazaa' may only be "
177 /* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
178 exit_error(PARAMETER_PROBLEM,
179 "ipp2p: `--ipp2p-data' may only be "
180 "specified alone!");*/
181 if ((*flags
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
)
182 exit_error(PARAMETER_PROBLEM
,
183 "ipp2p: `--ipp2p' may only be "
185 if ((*flags
& IPP2P_DATA_KAZAA
) == IPP2P_DATA_KAZAA
)
186 exit_error(PARAMETER_PROBLEM
,
187 "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!");
188 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
189 *flags
+= IPP2P_KAZAA
;
193 case 'b': /*cmd: bit*/
194 if ((*flags
& IPP2P_BIT
) == IPP2P_BIT
)
195 exit_error(PARAMETER_PROBLEM
,
196 "ipp2p: `--bit' may only be "
198 if ((*flags
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
)
199 exit_error(PARAMETER_PROBLEM
,
200 "ipp2p: `--ipp2p' may only be "
202 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
207 case 'c': /*cmd: apple*/
208 if ((*flags
& IPP2P_APPLE
) == IPP2P_APPLE
)
209 exit_error(PARAMETER_PROBLEM
,
210 "ipp2p: `--apple' may only be "
212 if ((*flags
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
)
213 exit_error(PARAMETER_PROBLEM
,
214 "ipp2p: `--ipp2p' may only be "
216 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
217 *flags
+= IPP2P_APPLE
;
222 case 'd': /*cmd: soul*/
223 if ((*flags
& IPP2P_SOUL
) == IPP2P_SOUL
)
224 exit_error(PARAMETER_PROBLEM
,
225 "ipp2p: `--soul' may only be "
227 if ((*flags
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
)
228 exit_error(PARAMETER_PROBLEM
,
229 "ipp2p: `--ipp2p' may only be "
231 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
232 *flags
+= IPP2P_SOUL
;
237 case 'e': /*cmd: winmx*/
238 if ((*flags
& IPP2P_WINMX
) == IPP2P_WINMX
)
239 exit_error(PARAMETER_PROBLEM
,
240 "ipp2p: `--winmx' may only be "
242 if ((*flags
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
)
243 exit_error(PARAMETER_PROBLEM
,
244 "ipp2p: `--ipp2p' may only be "
246 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
247 *flags
+= IPP2P_WINMX
;
251 case 'f': /*cmd: ares*/
252 if ((*flags
& IPP2P_ARES
) == IPP2P_ARES
)
253 exit_error(PARAMETER_PROBLEM
,
254 "ipp2p: `--ares' may only be "
256 if ((*flags
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
)
257 exit_error(PARAMETER_PROBLEM
,
258 "ipp2p: `--ipp2p' may only be "
260 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
261 *flags
+= IPP2P_ARES
;
265 case 'g': /*cmd: mute*/
266 if ((*flags
& IPP2P_MUTE
) == IPP2P_MUTE
)
267 exit_error(PARAMETER_PROBLEM
,
268 "ipp2p: `--mute' may only be "
270 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
271 *flags
+= IPP2P_MUTE
;
274 case 'h': /*cmd: waste*/
275 if ((*flags
& IPP2P_WASTE
) == IPP2P_WASTE
)
276 exit_error(PARAMETER_PROBLEM
,
277 "ipp2p: `--waste' may only be "
279 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
280 *flags
+= IPP2P_WASTE
;
283 case 'i': /*cmd: xdcc*/
284 if ((*flags
& IPP2P_XDCC
) == IPP2P_XDCC
)
285 exit_error(PARAMETER_PROBLEM
,
286 "ipp2p: `--ares' may only be "
288 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
289 *flags
+= IPP2P_XDCC
;
293 case 'j': /*cmd: debug*/
294 if (invert
) exit_error(PARAMETER_PROBLEM
, "ipp2p: invert [!] is not allowed!");
299 // exit_error(PARAMETER_PROBLEM,
300 // "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
308 final_check(unsigned int flags
)
311 exit_error(PARAMETER_PROBLEM
,
312 "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
318 print(const struct ipt_ip
*ip
,
319 const struct ipt_entry_match
*match
,
322 struct ipt_p2p_info
*info
= (struct ipt_p2p_info
*)match
->data
;
324 printf("ipp2p v%s", IPP2P_VERSION
);
325 if ((info
->cmd
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
) printf(" --ipp2p");
326 // if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data");
327 if ((info
->cmd
& IPP2P_KAZAA
) == IPP2P_KAZAA
) printf(" --kazaa");
328 // if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data");
329 // if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data");
330 if ((info
->cmd
& IPP2P_GNU
) == IPP2P_GNU
) printf(" --gnu");
331 if ((info
->cmd
& IPP2P_EDK
) == IPP2P_EDK
) printf(" --edk");
332 // if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data");
333 // if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data");
334 if ((info
->cmd
& IPP2P_DC
) == IPP2P_DC
) printf(" --dc");
335 if ((info
->cmd
& IPP2P_BIT
) == IPP2P_BIT
) printf(" --bit");
336 if ((info
->cmd
& IPP2P_APPLE
) == IPP2P_APPLE
) printf(" --apple");
337 if ((info
->cmd
& IPP2P_SOUL
) == IPP2P_SOUL
) printf(" --soul");
338 if ((info
->cmd
& IPP2P_WINMX
) == IPP2P_WINMX
) printf(" --winmx");
339 if ((info
->cmd
& IPP2P_ARES
) == IPP2P_ARES
) printf(" --ares");
340 if ((info
->cmd
& IPP2P_MUTE
) == IPP2P_MUTE
) printf(" --mute");
341 if ((info
->cmd
& IPP2P_WASTE
) == IPP2P_WASTE
) printf(" --waste");
342 if ((info
->cmd
& IPP2P_XDCC
) == IPP2P_XDCC
) printf(" --xdcc");
343 if (info
->debug
!= 0) printf(" --debug");
350 save(const struct ipt_ip
*ip
, const struct ipt_entry_match
*match
)
352 struct ipt_p2p_info
*info
= (struct ipt_p2p_info
*)match
->data
;
354 if ((info
->cmd
& SHORT_HAND_IPP2P
) == SHORT_HAND_IPP2P
) printf("--ipp2p ");
355 // if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data ");
356 if ((info
->cmd
& IPP2P_KAZAA
) == IPP2P_KAZAA
) printf("--kazaa ");
357 // if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data ");
358 // if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data ");
359 if ((info
->cmd
& IPP2P_GNU
) == IPP2P_GNU
) printf("--gnu ");
360 if ((info
->cmd
& IPP2P_EDK
) == IPP2P_EDK
) printf("--edk ");
361 // if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data ");
362 // if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data ");
363 if ((info
->cmd
& IPP2P_DC
) == IPP2P_DC
) printf("--dc ");
364 if ((info
->cmd
& IPP2P_BIT
) == IPP2P_BIT
) printf("--bit ");
365 if ((info
->cmd
& IPP2P_APPLE
) == IPP2P_APPLE
) printf("--apple ");
366 if ((info
->cmd
& IPP2P_SOUL
) == IPP2P_SOUL
) printf("--soul ");
367 if ((info
->cmd
& IPP2P_WINMX
) == IPP2P_WINMX
) printf("--winmx ");
368 if ((info
->cmd
& IPP2P_ARES
) == IPP2P_ARES
) printf("--ares ");
369 if ((info
->cmd
& IPP2P_MUTE
) == IPP2P_MUTE
) printf(" --mute");
370 if ((info
->cmd
& IPP2P_WASTE
) == IPP2P_WASTE
) printf(" --waste");
371 if ((info
->cmd
& IPP2P_XDCC
) == IPP2P_XDCC
) printf(" --xdcc");
372 if (info
->debug
!= 0) printf("--debug ");
379 struct iptables_match ipp2p
=
383 .version
= IPTABLES_VERSION
,
384 .size
= IPT_ALIGN(sizeof(struct ipt_p2p_info
)),
385 .userspacesize
= IPT_ALIGN(sizeof(struct ipt_p2p_info
)),
389 .final_check
= &final_check
,
399 register_match(&ipp2p
);