Menu
▾
▴
iptables-p2p-commits — Distribution list for automated CVS commit notifications
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(8) |
Feb
(43) |
Mar
(18) |
Apr
(2) |
May
|
Jun
(3) |
Jul
|
Aug
|
Sep
(15) |
Oct
|
Nov
|
Dec
|
|
From: <li...@us...> - 2004-02-06 19:39:21
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23878 Modified Files: match_http.c Log Message: Several typos corrected Index: match_http.c =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- match_http.c 6 Feb 2004 19:19:26 -0000 1.13 +++ match_http.c 6 Feb 2004 19:36:36 -0000 1.14 @@ -48,13 +48,13 @@ #define MM_GET_URIRES 1 { STRING_MATCH("GET /uri-res/") }, -#define NM_GET_HASH 2 +#define MM_GET_HASH 2 { STRING_MATCH("GET /.hash=") }, -#define NM_GET_FILE 3 +#define MM_GET_FILE 3 { STRING_MATCH("GET /.file") }, -#define NM_GET_SIG 4 +#define MM_GET_SIG 4 { STRING_MATCH("GET /.sig") }, #define MM_GET_POISONED 5 @@ -174,11 +174,11 @@ * Kazaa */ /* Kazaa < 2.6 */ - if ((MM(NM_GET_HASH) || MM(MM_HTTP11)) && HM(HM_X_KAZAA)) + if ((MM(MM_GET_HASH) || MM(MM_HTTP11)) && HM(HM_X_KAZAA)) return IPT_P2P_PROTO_KAZAA; /* Kazaa >= 2.6 (TODO: needs testing) */ - if ((MM(NM_GET_FILE) || MM(NM_GET_SIG) || MM(MM_HTTP11)) && + if ((MM(MM_GET_FILE) || MM(MM_GET_SIG) || MM(MM_HTTP11)) && HM(HM_X_P2P_MESSAGE)) return IPT_P2P_PROTO_KAZAA; |
|
From: <li...@us...> - 2004-02-06 19:22:11
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19076 Modified Files: match_http.c Log Message: Support for FastTrack passive mode Index: match_http.c =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -d -r1.12 -r1.13 --- match_http.c 6 Feb 2004 19:00:33 -0000 1.12 +++ match_http.c 6 Feb 2004 19:19:26 -0000 1.13 @@ -63,7 +63,10 @@ #define MM_GET 6 { STRING_MATCH("GET /") }, -#define MM_HTTP11 7 +#define MM_GIVE 7 + { STRING_MATCH("GIVE ") }, + +#define MM_HTTP11 8 { STRING_MATCH("HTTP/1.1") }, { NULL, 0 } @@ -179,7 +182,9 @@ HM(HM_X_P2P_MESSAGE)) return IPT_P2P_PROTO_KAZAA; - /* TODO: Add support for PUSH command */ + /* Kazaa passive mode (TODO: Check if methos GIVE is used anywhere else) */ + if (MM(MM_GIVE)) + return IPT_P2P_PROTO_KAZAA; /* * Gnutella |
|
From: <li...@us...> - 2004-02-06 19:03:19
|
Update of /cvsroot/iptables-p2p/iptables-p2p/common In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14742/common Modified Files: ipt_p2p.h Log Message: OpenFT match tested and working Index: ipt_p2p.h =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/common/ipt_p2p.h,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- ipt_p2p.h 15 Dec 2003 11:04:06 -0000 1.4 +++ ipt_p2p.h 6 Feb 2004 19:00:32 -0000 1.5 @@ -22,7 +22,8 @@ #define IPT_P2P_PROTO_EDONKEY (0x04) #define IPT_P2P_PROTO_DIRECT_CONNECT (0x08) #define IPT_P2P_PROTO_BITTORRENT (0x10) -#define IPT_P2P_PROTO_ALL (0x1f) /* Maximum value for proto */ +#define IPT_P2P_PROTO_OPENFT (0x20) +#define IPT_P2P_PROTO_ALL (0xffff) /* Maximum value for proto */ /* Structure shared between the iptables_match module and the kernel's ipt_match module. */ |
|
From: <li...@us...> - 2004-02-06 19:03:19
|
Update of /cvsroot/iptables-p2p/iptables-p2p/iptables In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14742/iptables Modified Files: libipt_p2p.c Log Message: OpenFT match tested and working Index: libipt_p2p.c =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/iptables/libipt_p2p.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- libipt_p2p.c 30 Jan 2004 23:18:58 -0000 1.7 +++ libipt_p2p.c 6 Feb 2004 19:00:32 -0000 1.8 @@ -46,7 +46,8 @@ { "gnutella", IPT_P2P_PROTO_GNUTELLA }, { "edonkey", IPT_P2P_PROTO_EDONKEY }, { "dc", IPT_P2P_PROTO_DIRECT_CONNECT }, - { "bittorrent", IPT_P2P_PROTO_BITTORRENT } + { "bittorrent", IPT_P2P_PROTO_BITTORRENT }, + { "openft", IPT_P2P_PROTO_OPENFT } }; #define PROTOMAP_NELEM (sizeof(protomap) / (sizeof(protomap[0]))) |
|
From: <li...@us...> - 2004-02-06 19:03:19
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14742/kernel Modified Files: main.c match_http.c Log Message: OpenFT match tested and working Index: main.c =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/main.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- main.c 15 Dec 2003 11:04:09 -0000 1.7 +++ main.c 6 Feb 2004 19:00:33 -0000 1.8 @@ -46,7 +46,8 @@ const unsigned char *end) { if (pinfo->proto & IPT_P2P_PROTO_KAZAA || - pinfo->proto & IPT_P2P_PROTO_GNUTELLA) + pinfo->proto & IPT_P2P_PROTO_GNUTELLA || + pinfo->proto & IPT_P2P_PROTO_OPENFT) { int proto; Index: match_http.c =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -d -r1.11 -r1.12 --- match_http.c 6 Feb 2004 18:19:52 -0000 1.11 +++ match_http.c 6 Feb 2004 19:00:33 -0000 1.12 @@ -179,6 +179,8 @@ HM(HM_X_P2P_MESSAGE)) return IPT_P2P_PROTO_KAZAA; + /* TODO: Add support for PUSH command */ + /* * Gnutella */ @@ -198,14 +200,13 @@ * These are not supported or undrestood by the common ipt_p2p.h, and * so not used yet. */ -#if 0 + /* OpenFT */ if ((MM(MM_GET) || MM(MM_HTTP11)) && (HM(HM_X_OPENFTALIAS))) - return 1; + return IPT_P2P_PROTO_OPENFT; if (MM(MM_GET_POISONED)) - return 1; -#endif + return IPT_P2P_PROTO_OPENFT; return 0; } |
|
From: <li...@us...> - 2004-02-06 18:22:36
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv6067 Modified Files: match_http.c Log Message: typo Index: match_http.c =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- match_http.c 29 Jan 2004 17:46:37 -0000 1.10 +++ match_http.c 6 Feb 2004 18:19:52 -0000 1.11 @@ -175,7 +175,7 @@ return IPT_P2P_PROTO_KAZAA; /* Kazaa >= 2.6 (TODO: needs testing) */ - if ((MM(NM_GET_FILE) || MMM(NM_GET_SIG) || M(MM_HTTP11)) && + if ((MM(NM_GET_FILE) || MM(NM_GET_SIG) || MM(MM_HTTP11)) && HM(HM_X_P2P_MESSAGE)) return IPT_P2P_PROTO_KAZAA; |
|
From: <li...@pr...> - 2004-01-31 04:31:36
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31325 Modified Files: match_http.c Log Message: shareaza/gnutella2 support Index: match_http.c =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- match_http.c 1 Jan 2004 20:03:31 -0000 1.7 +++ match_http.c 29 Jan 2004 17:40:29 -0000 1.8 @@ -163,19 +163,33 @@ headers_matched[header] = 1; } - /* Kazaa */ + +/* + * Kazaa + */ + /* Kazaa < 2.6 */ if ((MM(NM_GET_HASH) || MM(MM_HTTP11)) && HM(HM_X_KAZAA)) return IPT_P2P_PROTO_KAZAA; - /* Kazaa 2.6 (TODO: needs testing) */ + /* Kazaa >= 2.6 (TODO: needs testing) */ if ((MM(NM_GET_FILE) || MM(MM_HTTP11)) && HM(HM_X_P2P_MESSAGE)) return IPT_P2P_PROTO_KAZAA; - /* Gnutella */ +/* + * Gnutella + */ + /* Gnutella 1 */ if ((MM(MM_GET_GET) || MM(MM_GET_URIRES) || MM(MM_HTTP11)) && (HM(HM_X_GNUTELLA))) return IPT_P2P_PROTO_GNUTELLA; + /* Shareazza/Gnutella 2 */ + if ((MM(MM_GET_URIRES) && (HM(HM_CONTENT_URN) || HM(HM_X_QUEUE)))) + return IPT_P2P_PROTO_GNUTELLA; + + if (MM(MM_HTTP11) && HM(HM_X_TIGER_THREE)) + return IPT_P2P_PROTO_GNUTELLA; + /* * These are not supported or undrestood by the common ipt_p2p.h, and * so not used yet. @@ -187,13 +201,6 @@ if (MM(MM_GET_POISONED)) return 1; - - /* Shareazza */ - if ((MM(MM_GET_URIRES) && (HM(HM_CONTENT_URN) || HM(HM_X_QUEUE)))) - return 1; - - if (MM(MM_HTTP11) && HM(HM_X_TIGER_THREE)) - return 1; #endif return 0; |
|
From: <li...@pr...> - 2004-01-31 04:15:22
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2571 Modified Files: match_http.c Log Message: improved kazaa 2.6 match Index: match_http.c =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -d -r1.9 -r1.10 --- match_http.c 29 Jan 2004 17:40:53 -0000 1.9 +++ match_http.c 29 Jan 2004 17:46:37 -0000 1.10 @@ -54,13 +54,16 @@ #define NM_GET_FILE 3 { STRING_MATCH("GET /.file") }, -#define MM_GET_POISONED 4 +#define NM_GET_SIG 4 + { STRING_MATCH("GET /.sig") }, + +#define MM_GET_POISONED 5 { STRING_MATCH("GET /PoisonedDownloads/") }, -#define MM_GET 5 +#define MM_GET 6 { STRING_MATCH("GET /") }, -#define MM_HTTP11 6 +#define MM_HTTP11 7 { STRING_MATCH("HTTP/1.1") }, { NULL, 0 } @@ -172,7 +175,8 @@ return IPT_P2P_PROTO_KAZAA; /* Kazaa >= 2.6 (TODO: needs testing) */ - if ((MM(NM_GET_FILE) || MM(MM_HTTP11)) && HM(HM_X_P2P_MESSAGE)) + if ((MM(NM_GET_FILE) || MMM(NM_GET_SIG) || M(MM_HTTP11)) && + HM(HM_X_P2P_MESSAGE)) return IPT_P2P_PROTO_KAZAA; /* |
|
From: <ja...@pr...> - 2004-01-30 23:20:34
|
Update of /cvsroot/iptables-p2p/iptables-p2p/iptables In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1831 Modified Files: libipt_p2p.c Log Message: formatting Index: libipt_p2p.c =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/iptables/libipt_p2p.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- libipt_p2p.c 19 Dec 2003 16:29:21 -0000 1.6 +++ libipt_p2p.c 30 Jan 2004 23:18:58 -0000 1.7 @@ -66,7 +66,7 @@ static struct option opts[] = { { "p2p-protocol", 1, NULL, 'P' }, - { "p2p", 1, NULL, 'P' }, /* synonym */ + { "p2p", 1, NULL, 'P' }, /* Synonym. */ { NULL } }; @@ -127,7 +127,7 @@ /* First check if they specified an integer constant. */ constant = strtoul(arg, &argend, 0); - /* Require that strtoul() slurp up the entire argument to succeed */ + /* Require that strtoul() slurp up the entire argument to succeed. */ if (argend[0] == '\0') { /* Successfully matched an integer constant. */ @@ -136,7 +136,7 @@ } else { - /* Try to match a protocol literal */ + /* Try to match a protocol literal. */ for (i = 0; i < PROTOMAP_NELEM; i++) { if (strcasecmp(protomap[i].name, arg) == 0) @@ -181,7 +181,7 @@ strncpy(buf, arg, protolen); buf[protolen] = '\0'; - /* Handle a single parameter */ + /* Handle a single parameter. */ if (invert) protoret &= ~(arg_to_proto(buf)); else @@ -244,7 +244,7 @@ /* Final check; must have specified --mac. */ static void final_check(unsigned int flags) { - /* Do nothing */ + /* Do nothing. */ } static void print(const struct ipt_ip *ip, const struct ipt_entry_match *m, |
|
From: <li...@pr...> - 2004-01-30 19:07:15
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31720 Modified Files: match_http.c Log Message: typo Index: match_http.c =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- match_http.c 29 Jan 2004 17:40:29 -0000 1.8 +++ match_http.c 29 Jan 2004 17:40:53 -0000 1.9 @@ -183,7 +183,7 @@ (HM(HM_X_GNUTELLA))) return IPT_P2P_PROTO_GNUTELLA; - /* Shareazza/Gnutella 2 */ + /* Shareaza/Gnutella 2 */ if ((MM(MM_GET_URIRES) && (HM(HM_CONTENT_URN) || HM(HM_X_QUEUE)))) return IPT_P2P_PROTO_GNUTELLA; |
|
From: <li...@us...> - 2004-01-01 21:23:57
|
Update of /cvsroot/iptables-p2p/iptables-p2p
In directory sc8-pr-cvs1:/tmp/cvs-serv12821
Modified Files:
NEWS
Log Message:
Using spaces instead of tabs, like the rest of the file
Index: NEWS
===================================================================
RCS file: /cvsroot/iptables-p2p/iptables-p2p/NEWS,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- NEWS 1 Jan 2004 21:09:01 -0000 1.4
+++ NEWS 1 Jan 2004 21:23:53 -0000 1.5
@@ -6,9 +6,9 @@
- Moved project to sourceforge.net
- Removed iptables patch, only needs headers installed
- Added the ability to specify specific protocols to match
- - KaZaa match updated for new version of KaZaa
- - eDonkey match updated
- - Fixes in kernel 2.6 support
+ - KaZaa match updated for new version of KaZaa
+ - eDonkey match updated
+ - Fixes in kernel 2.6 support
* 0.2.3
- eDonkey match updated for new version of eDonkey Hybrid
|
|
From: <li...@us...> - 2004-01-01 21:09:06
|
Update of /cvsroot/iptables-p2p/iptables-p2p
In directory sc8-pr-cvs1:/tmp/cvs-serv10374
Modified Files:
NEWS
Log Message:
update
Index: NEWS
===================================================================
RCS file: /cvsroot/iptables-p2p/iptables-p2p/NEWS,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- NEWS 15 Dec 2003 09:25:37 -0000 1.3
+++ NEWS 1 Jan 2004 21:09:01 -0000 1.4
@@ -6,6 +6,9 @@
- Moved project to sourceforge.net
- Removed iptables patch, only needs headers installed
- Added the ability to specify specific protocols to match
+ - KaZaa match updated for new version of KaZaa
+ - eDonkey match updated
+ - Fixes in kernel 2.6 support
* 0.2.3
- eDonkey match updated for new version of eDonkey Hybrid
|
|
From: <li...@us...> - 2004-01-01 20:56:39
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel In directory sc8-pr-cvs1:/tmp/cvs-serv7921 Removed Files: Makefile-2.6 Log Message: Not needed. Merged with Makefile --- Makefile-2.6 DELETED --- |
|
From: <li...@us...> - 2004-01-01 20:03:34
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel
In directory sc8-pr-cvs1:/tmp/cvs-serv30034
Modified Files:
match_http.c
Log Message:
updated to match kazaa 2.6 connections
Index: match_http.c
===================================================================
RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- match_http.c 15 Dec 2003 11:03:01 -0000 1.6
+++ match_http.c 1 Jan 2004 20:03:31 -0000 1.7
@@ -51,13 +51,16 @@
#define NM_GET_HASH 2
{ STRING_MATCH("GET /.hash=") },
-#define MM_GET_POISONED 3
+#define NM_GET_FILE 3
+ { STRING_MATCH("GET /.file") },
+
+#define MM_GET_POISONED 4
{ STRING_MATCH("GET /PoisonedDownloads/") },
-#define MM_GET 4
+#define MM_GET 5
{ STRING_MATCH("GET /") },
-#define MM_HTTP11 5
+#define MM_HTTP11 6
{ STRING_MATCH("HTTP/1.1") },
{ NULL, 0 }
@@ -73,16 +76,19 @@
#define HM_X_GNUTELLA 1
{ STRING_MATCH("X-Gnutella-") },
-#define HM_X_OPENFTALIAS 2
+#define HM_X_P2P_MESSAGE 2
+ { STRING_MATCH("X-P2P-Message:") },
+
+#define HM_X_OPENFTALIAS 3
{ STRING_MATCH("X-OpenftAlias:") },
-#define HM_CONTENT_URN 3
+#define HM_CONTENT_URN 4
{ STRING_MATCH("Content-URN:") },
-#define HM_X_QUEUE 4
+#define HM_X_QUEUE 5
{ STRING_MATCH("X-Queue:") },
-#define HM_X_TIGER_THREE 5
+#define HM_X_TIGER_THREE 6
{ STRING_MATCH("X-TigerTree") },
{ NULL, 0 }
@@ -159,6 +165,10 @@
/* Kazaa */
if ((MM(NM_GET_HASH) || MM(MM_HTTP11)) && HM(HM_X_KAZAA))
+ return IPT_P2P_PROTO_KAZAA;
+
+ /* Kazaa 2.6 (TODO: needs testing) */
+ if ((MM(NM_GET_FILE) || MM(MM_HTTP11)) && HM(HM_X_P2P_MESSAGE))
return IPT_P2P_PROTO_KAZAA;
/* Gnutella */
|
|
From: <li...@us...> - 2003-12-19 16:29:24
|
Update of /cvsroot/iptables-p2p/iptables-p2p/iptables In directory sc8-pr-cvs1:/tmp/cvs-serv16288 Modified Files: libipt_p2p.c Log Message: arg parsing typo Index: libipt_p2p.c =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/iptables/libipt_p2p.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- libipt_p2p.c 15 Dec 2003 11:04:07 -0000 1.5 +++ libipt_p2p.c 19 Dec 2003 16:29:21 -0000 1.6 @@ -183,9 +183,9 @@ /* Handle a single parameter */ if (invert) - protoret &= ~(arg_to_proto(arg)); + protoret &= ~(arg_to_proto(buf)); else - protoret |= arg_to_proto(arg); + protoret |= arg_to_proto(buf); arg += protolen; |
|
From: <ja...@us...> - 2003-12-15 11:04:15
|
Update of /cvsroot/iptables-p2p/iptables-p2p/iptables
In directory sc8-pr-cvs1:/tmp/cvs-serv32580/iptables
Modified Files:
libipt_p2p.c
Log Message:
greatly improved inverted protocol logic by simply parsing the option differently
Index: libipt_p2p.c
===================================================================
RCS file: /cvsroot/iptables-p2p/iptables-p2p/iptables/libipt_p2p.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- libipt_p2p.c 14 Dec 2003 16:05:53 -0000 1.4
+++ libipt_p2p.c 15 Dec 2003 11:04:07 -0000 1.5
@@ -116,7 +116,6 @@
/* Initialize default match options. */
pinfo->proto = IPT_P2P_PROTO_ALL;
- pinfo->proto_inverse = 0;
}
static int arg_to_proto(const char *arg)
@@ -160,11 +159,16 @@
* 0x6 = IPT_P2P_PROTO_GNUTELLA | IPT_P2P_PROTO_EDONKEY
* edonkey,16 = IPT_P2P_PROTO_EDONKEY | IPT_P2P_PROTO_BITTORRENT
*/
-static int arglist_to_proto(const char *arg)
+static int arglist_to_proto(const char *arg, int invert)
{
char buf[32]; /* Large enough to store proto name. */
size_t protolen;
- int protoret = 0;
+ int protoret;
+
+ if (invert)
+ protoret = IPT_P2P_PROTO_ALL;
+ else
+ protoret = 0;
while (1)
{
@@ -178,7 +182,10 @@
buf[protolen] = '\0';
/* Handle a single parameter */
- protoret |= arg_to_proto(arg);
+ if (invert)
+ protoret &= ~(arg_to_proto(arg));
+ else
+ protoret |= arg_to_proto(arg);
arg += protolen;
@@ -217,10 +224,9 @@
/* Where the hell is check_inverse() defined, and what the hell
does it do? */
check_inverse(optarg, &invert, &optind, 0);
- pinfo->proto = arglist_to_proto(argv[optind-1]);
- pinfo->proto_inverse = invert;
+ pinfo->proto = arglist_to_proto(argv[optind-1], invert);
- if (pinfo->proto == IPT_P2P_PROTO_ALL && pinfo->proto_inverse)
+ if (pinfo->proto == 0)
{
exit_error(PARAMETER_PROBLEM,
"P2P match: May not specify inverted 'all'");
@@ -248,18 +254,12 @@
printf("P2P match ");
- if (pinfo->proto_inverse)
- fputc('!', stdout);
-
fputs(proto_to_arg(pinfo->proto), stdout);
}
static void save(const struct ipt_ip *ip, const struct ipt_entry_match *m)
{
const struct ipt_p2p_info *pinfo = IPT_P2P_INFO_const(m);
-
- if (pinfo->proto_inverse)
- printf("! ");
printf("--p2p-protocol %s", proto_to_arg(pinfo->proto));
}
|
|
From: <ja...@us...> - 2003-12-15 11:04:14
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel
In directory sc8-pr-cvs1:/tmp/cvs-serv32580/kernel
Modified Files:
main.c
Log Message:
greatly improved inverted protocol logic by simply parsing the option differently
Index: main.c
===================================================================
RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/main.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- main.c 14 Dec 2003 16:05:07 -0000 1.6
+++ main.c 15 Dec 2003 11:04:09 -0000 1.7
@@ -27,6 +27,7 @@
MODULE_DESCRIPTION("IP tables P2P match module");
MODULE_LICENSE("GPL");
+/* WARNING: The return value differs from the rest of the match_ functions. */
int match_http(const unsigned char *data,
const unsigned char *end);
@@ -40,6 +41,39 @@
const unsigned char *end);
static int
+match_selected(const struct ipt_p2p_info *pinfo,
+ const unsigned char *data,
+ const unsigned char *end)
+{
+ if (pinfo->proto & IPT_P2P_PROTO_KAZAA ||
+ pinfo->proto & IPT_P2P_PROTO_GNUTELLA)
+ {
+ int proto;
+
+ /* Returns the protocol that matched, or zero if none of the
+ supported protocols were matched. */
+ proto = match_http(data, end);
+
+ if (proto != 0)
+ {
+ if ((pinfo->proto & proto) != 0)
+ return 1;
+ }
+ }
+
+ if (pinfo->proto & IPT_P2P_PROTO_EDONKEY)
+ if (match_edonkey(data, end)) return 1;
+
+ if (pinfo->proto & IPT_P2P_PROTO_BITTORRENT)
+ if (match_bittorrent(data, end)) return 1;
+
+ if (pinfo->proto & IPT_P2P_PROTO_DIRECT_CONNECT)
+ if (match_dc(data, end)) return 1;
+
+ return 0;
+}
+
+static int
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -73,40 +107,8 @@
data = (const unsigned char *) tcph + tcph->doff * 4;
end = data + datalen - tcph->doff * 4;
- /* Handle the requested protocol; this code is an absolute mess and
- needs to be cleaned up. */
- if (pinfo->proto_inverse)
- {
- if ((pinfo->proto & IPT_P2P_PROTO_KAZAA) == 0 &&
- (pinfo->proto & IPT_P2P_PROTO_GNUTELLA) == 0)
- if (match_http(data, end)) return 1;
-
- if ((pinfo->proto & IPT_P2P_PROTO_EDONKEY) == 0)
- if (match_edonkey(data, end)) return 1;
-
- if ((pinfo->proto & IPT_P2P_PROTO_BITTORRENT) == 0)
- if (match_bittorrent(data, end)) return 1;
-
- if ((pinfo->proto & IPT_P2P_PROTO_DIRECT_CONNECT) == 0)
- if (match_dc(data, end)) return 1;
- }
- else
- {
- if (pinfo->proto & IPT_P2P_PROTO_KAZAA ||
- pinfo->proto & IPT_P2P_PROTO_GNUTELLA)
- if (match_http(data, end)) return 1;
-
- if (pinfo->proto & IPT_P2P_PROTO_EDONKEY)
- if (match_edonkey(data, end)) return 1;
-
- if (pinfo->proto & IPT_P2P_PROTO_BITTORRENT)
- if (match_bittorrent(data, end)) return 1;
-
- if (pinfo->proto & IPT_P2P_PROTO_DIRECT_CONNECT)
- if (match_dc(data, end)) return 1;
- }
-
- return 0;
+ /* Handle the requested protocol(s). */
+ return match_selected(pinfo, data, end);
}
static int
|
|
From: <ja...@us...> - 2003-12-15 11:04:14
|
Update of /cvsroot/iptables-p2p/iptables-p2p/common
In directory sc8-pr-cvs1:/tmp/cvs-serv32580/common
Modified Files:
ipt_p2p.h
Log Message:
greatly improved inverted protocol logic by simply parsing the option differently
Index: ipt_p2p.h
===================================================================
RCS file: /cvsroot/iptables-p2p/iptables-p2p/common/ipt_p2p.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- ipt_p2p.h 14 Dec 2003 06:24:58 -0000 1.3
+++ ipt_p2p.h 15 Dec 2003 11:04:06 -0000 1.4
@@ -28,10 +28,8 @@
ipt_match module. */
struct ipt_p2p_info
{
- /* Application-layer peer-to-peer protocol set to match (default is "all");
- note that if proto_inverse is true, all except proto will be matched. */
+ /* Application-layer peer-to-peer protocol(s) to match. */
int proto;
- int proto_inverse;
};
/*****************************************************************************/
|
|
From: <ja...@us...> - 2003-12-15 11:03:09
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel
In directory sc8-pr-cvs1:/tmp/cvs-serv32319/kernel
Modified Files:
match_http.c
Log Message:
match_http() now returns the protocol that matched; major efficiency improvements (untested)
Index: match_http.c
===================================================================
RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- match_http.c 15 Dec 2003 09:41:06 -0000 1.5
+++ match_http.c 15 Dec 2003 11:03:01 -0000 1.6
@@ -24,48 +24,73 @@
#include <linux/file.h>
#include <net/sock.h>
+#include "ipt_p2p.h"
+
#define SIZE_MIN 30
#define SIZE_MAX 1000
-static const unsigned char *methods_list[] = {
- "GET /get/",
- "GET /uri-res/",
- "GET /.hash=",
- "GET /PoisonedDownloads/",
- "GET /",
- "HTTP/1.1",
- NULL
+/*****************************************************************************/
+
+/* Ugly short-hand to avoid costly initialization */
+#define STRING_MATCH(strobj) (strobj), (sizeof (strobj) - 1)
+
+struct string_match
+{
+ const char *name;
+ size_t len;
};
+static struct string_match methods[] =
+{
#define MM_GET_GET 0
+ { STRING_MATCH("GET /get/") },
+
#define MM_GET_URIRES 1
+ { STRING_MATCH("GET /uri-res/") },
+
#define NM_GET_HASH 2
+ { STRING_MATCH("GET /.hash=") },
+
#define MM_GET_POISONED 3
+ { STRING_MATCH("GET /PoisonedDownloads/") },
+
#define MM_GET 4
+ { STRING_MATCH("GET /") },
+
#define MM_HTTP11 5
+ { STRING_MATCH("HTTP/1.1") },
-static const unsigned char *headers_list[] = {
- "X-Kazaa-",
- "X-Gnutella-",
- "X-OpenftAlias:",
- "Content-URN:",
- "X-Queue:",
- "X-TigerTree",
- NULL
+ { NULL, 0 }
};
-#define HM_X_KAZZA 0
+#define METHODS_LEN (((sizeof(methods))/(sizeof(methods[0]))) - 1)
+
+struct string_match headers[] =
+{
+#define HM_X_KAZAA 0
+ { STRING_MATCH("X-Kazaa-") },
+
#define HM_X_GNUTELLA 1
+ { STRING_MATCH("X-Gnutella-") },
+
#define HM_X_OPENFTALIAS 2
+ { STRING_MATCH("X-OpenftAlias:") },
+
#define HM_CONTENT_URN 3
+ { STRING_MATCH("Content-URN:") },
+
#define HM_X_QUEUE 4
+ { STRING_MATCH("X-Queue:") },
+
#define HM_X_TIGER_THREE 5
+ { STRING_MATCH("X-TigerTree") },
-/*
- * <liquidk> Not pretty: Is there a better way?
- * <jasta> No.
- */
-#define HEADERS_COUNT (sizeof(methods_list)/sizeof(methods_list[0]))
+ { NULL, 0 }
+};
+
+#define HEADERS_LEN (((sizeof(headers))/(sizeof(headers[0]))) - 1)
+
+/*****************************************************************************/
static inline const unsigned char *
next_line(const unsigned char *data,
@@ -81,25 +106,20 @@
}
static inline int
-string_match(const unsigned char *data,
- const unsigned char *end,
- const unsigned char **strings)
+string_matchlist(const unsigned char *data,
+ const unsigned char *end,
+ const struct string_match *strings)
{
int i;
- size_t stringlen;
- for (i = 0; strings[i] != NULL; i++)
+ for (i = 0; strings[i].name != NULL; i++)
{
- /* TODO: We absolutely need to precalculate the size of the above
- * strings and store them somewhere */
- stringlen = strlen (strings[i]);
-
/* avoid overflow */
- if (data + stringlen > end)
+ if (data + strings[i].len > end)
continue;
- if (memcmp(data, strings[i], stringlen) == 0)
- return 1;
+ if (memcmp(data, strings[i].name, strings[i].len) == 0)
+ return i;
}
return -1;
@@ -112,39 +132,45 @@
match_http(const unsigned char *data,
const unsigned char *end)
{
- unsigned int method_matched; /* Methods matched */
- unsigned int headers_matched[HEADERS_COUNT]; /* Headers matched */
+ unsigned int method_matched; /* Methods matched */
+ unsigned int headers_matched[HEADERS_LEN]; /* Headers matched */
if (end - data < SIZE_MIN || end - data > SIZE_MAX)
return 0;
- /* <jasta> Why is this outside the loop below? */
- method_matched = string_match(data, end, methods_list);
+ /* Match method */
+ method_matched = string_matchlist(data, end, methods);
if (method_matched == -1)
return 0;
memset(headers_matched, 0, sizeof(headers_matched));
+ /* Match in headers */
while ((data = next_line(data, end)))
{
int header;
- header = string_match(data, end, headers_list);
+ header = string_matchlist(data, end, headers);
if (header != -1)
headers_matched[header] = 1;
}
/* Kazaa */
- if ((MM(NM_GET_HASH) || MM(MM_HTTP11)) && HM(HM_X_KAZZA))
- return 1;
+ if ((MM(NM_GET_HASH) || MM(MM_HTTP11)) && HM(HM_X_KAZAA))
+ return IPT_P2P_PROTO_KAZAA;
/* Gnutella */
if ((MM(MM_GET_GET) || MM(MM_GET_URIRES) || MM(MM_HTTP11)) &&
(HM(HM_X_GNUTELLA)))
- return 1;
+ return IPT_P2P_PROTO_GNUTELLA;
+ /*
+ * These are not supported or undrestood by the common ipt_p2p.h, and
+ * so not used yet.
+ */
+#if 0
/* OpenFT */
if ((MM(MM_GET) || MM(MM_HTTP11)) && (HM(HM_X_OPENFTALIAS)))
return 1;
@@ -158,6 +184,7 @@
if (MM(MM_HTTP11) && HM(HM_X_TIGER_THREE))
return 1;
+#endif
return 0;
}
|
|
From: <ja...@us...> - 2003-12-15 09:41:09
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel
In directory sc8-pr-cvs1:/tmp/cvs-serv18457
Modified Files:
match_http.c
Log Message:
prevent buffer overflow
Index: match_http.c
===================================================================
RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- match_http.c 15 Dec 2003 09:32:20 -0000 1.4
+++ match_http.c 15 Dec 2003 09:41:06 -0000 1.5
@@ -61,7 +61,11 @@
#define HM_X_QUEUE 4
#define HM_X_TIGER_THREE 5
-#define HEADERS_COUNT (sizeof(methods_list)/sizeof(char *)) /* Not pretty: Is there a better way? */
+/*
+ * <liquidk> Not pretty: Is there a better way?
+ * <jasta> No.
+ */
+#define HEADERS_COUNT (sizeof(methods_list)/sizeof(methods_list[0]))
static inline const unsigned char *
next_line(const unsigned char *data,
@@ -78,16 +82,24 @@
static inline int
string_match(const unsigned char *data,
+ const unsigned char *end,
const unsigned char **strings)
{
- int i = 0;
+ int i;
+ size_t stringlen;
- while (strings[i])
+ for (i = 0; strings[i] != NULL; i++)
{
- if (memcmp(data, strings[i], strlen(strings[i]) - 1) == 0)
- return i;
+ /* TODO: We absolutely need to precalculate the size of the above
+ * strings and store them somewhere */
+ stringlen = strlen (strings[i]);
- i++;
+ /* avoid overflow */
+ if (data + stringlen > end)
+ continue;
+
+ if (memcmp(data, strings[i], stringlen) == 0)
+ return 1;
}
return -1;
@@ -106,7 +118,8 @@
if (end - data < SIZE_MIN || end - data > SIZE_MAX)
return 0;
- method_matched = string_match(data, methods_list);
+ /* <jasta> Why is this outside the loop below? */
+ method_matched = string_match(data, end, methods_list);
if (method_matched == -1)
return 0;
@@ -117,12 +130,7 @@
{
int header;
- /*
- * FIXME: Should check for buffer overrun here.
- *
- * string_match should receive end - data as an argument
- */
- header = string_match(data, headers_list);
+ header = string_match(data, end, headers_list);
if (header != -1)
headers_matched[header] = 1;
|
|
From: <ja...@us...> - 2003-12-15 09:32:24
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel
In directory sc8-pr-cvs1:/tmp/cvs-serv16460/kernel
Modified Files:
match_http.c
Log Message:
formatting
Index: match_http.c
===================================================================
RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- match_http.c 15 Dec 2003 07:23:32 -0000 1.3
+++ match_http.c 15 Dec 2003 09:32:20 -0000 1.4
@@ -67,8 +67,11 @@
next_line(const unsigned char *data,
const unsigned char *end)
{
- while(data <= end)
- if(*data++ == '\n') return data;
+ while (data <= end)
+ {
+ if (*data++ == '\n')
+ return data;
+ }
return NULL;
}
@@ -78,66 +81,74 @@
const unsigned char **strings)
{
int i = 0;
- while (strings[i]) {
- if(memcmp(data, strings[i], strlen(strings[i]) - 1) == 0)
+
+ while (strings[i])
+ {
+ if (memcmp(data, strings[i], strlen(strings[i]) - 1) == 0)
return i;
+
i++;
}
+
return -1;
}
+#define MM(x) (method_matched == x)
+#define HM(x) headers_matched[x]
int
-match_http( const unsigned char *data,
- const unsigned char *end)
+match_http(const unsigned char *data,
+ const unsigned char *end)
{
- unsigned int method_matched; /* Methods matched */
- unsigned char headers_matched[ HEADERS_COUNT ]; /* headers matched*/
-
- if (end - data < SIZE_MIN || end - data > SIZE_MAX) return 0;
+ unsigned int method_matched; /* Methods matched */
+ unsigned int headers_matched[HEADERS_COUNT]; /* Headers matched */
+ if (end - data < SIZE_MIN || end - data > SIZE_MAX)
+ return 0;
method_matched = string_match(data, methods_list);
- if(method_matched == -1)
+ if (method_matched == -1)
return 0;
memset(headers_matched, 0, sizeof(headers_matched));
- while ( (data = next_line(data, end)) ) {
+ while ((data = next_line(data, end)))
+ {
int header;
-/* FIXME: Should check for buffer overrun here
- * string_match should receive end - data as an argument
- */
+ /*
+ * FIXME: Should check for buffer overrun here.
+ *
+ * string_match should receive end - data as an argument
+ */
header = string_match(data, headers_list);
- if( header != -1)
- headers_matched[ header ] = 1;
- }
-#define MM(x) (method_matched == x)
-#define HM(x) headers_matched[x]
+ if (header != -1)
+ headers_matched[header] = 1;
+ }
/* Kazaa */
- if( ( MM(NM_GET_HASH) || MM(MM_HTTP11) ) && HM(HM_X_KAZZA) )
+ if ((MM(NM_GET_HASH) || MM(MM_HTTP11)) && HM(HM_X_KAZZA))
return 1;
/* Gnutella */
- if ( (MM(MM_GET_GET) || MM(MM_GET_URIRES) || MM(MM_HTTP11)) && HM(HM_X_GNUTELLA) )
+ if ((MM(MM_GET_GET) || MM(MM_GET_URIRES) || MM(MM_HTTP11)) &&
+ (HM(HM_X_GNUTELLA)))
return 1;
/* OpenFT */
- if( (MM(MM_GET) || MM(MM_HTTP11)) && HM(HM_X_OPENFTALIAS) )
+ if ((MM(MM_GET) || MM(MM_HTTP11)) && (HM(HM_X_OPENFTALIAS)))
return 1;
- if( MM(MM_GET_POISONED) )
+ if (MM(MM_GET_POISONED))
return 1;
/* Shareazza */
- if( (MM(MM_GET_URIRES) && (HM(HM_CONTENT_URN) || HM(HM_X_QUEUE)) ))
+ if ((MM(MM_GET_URIRES) && (HM(HM_CONTENT_URN) || HM(HM_X_QUEUE))))
return 1;
- if( MM(MM_HTTP11) && HM(HM_X_TIGER_THREE) )
+ if (MM(MM_HTTP11) && HM(HM_X_TIGER_THREE))
return 1;
return 0;
|
|
From: <ja...@us...> - 2003-12-15 09:25:41
|
Update of /cvsroot/iptables-p2p/iptables-p2p In directory sc8-pr-cvs1:/tmp/cvs-serv14972 Modified Files: AUTHORS FAQ NEWS Log Message: updated documentation Index: AUTHORS =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/AUTHORS,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- AUTHORS 14 Dec 2003 16:05:53 -0000 1.2 +++ AUTHORS 15 Dec 2003 09:25:37 -0000 1.3 @@ -1,10 +1,18 @@ -Authors: - - - Filipe Almeida <fi...@rn...> - http://mega.ist.utl.pt/~filipe/ +$Id$ - - Josh Guilfoyle <ja...@us...> - http://sourceforge.net/users/jasta +Authors: - - Chris Zubrzycki <be...@us...> - http://sourceforge.net/users/beren12 + * Filipe Almeida <fi...@rn...> - http://mega.ist.utl.pt/~filipe/: + + - Original and current project maintainer. + - Main developer + + * Josh Guilfoyle <ja...@go...>: + + - Added option handling support + - Build environment improvements + + * Chris Zubrzycki <be...@us...>: + + - Documentation + - Build environment improvements Index: FAQ =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/FAQ,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- FAQ 14 Dec 2003 16:05:53 -0000 1.2 +++ FAQ 15 Dec 2003 09:25:37 -0000 1.3 @@ -1,3 +1,5 @@ +$Id$ + ipt_p2p FAQ @@ -37,7 +39,7 @@ 6. Is it possible to subvert the filter using a p2p client with custom changes? - + Possibly, altough it may not be that easy because matching is done in both directions (except for eDonkey). @@ -45,13 +47,20 @@ 7. What protocols are supported? Currently the supported protocols are: - - Kazaa - - eDonkey (and eMule of course) - - Direct Connect - - Gnutella - - BitTorrent + + * FastTrack (KaZaa, Grokster, ...) + * eDonkey (and eMule of course) + * Direct Connect + * Gnutella + * BitTorrent + + Future plans: + + * Optionally match control streams in addition to transfer streams. + * Napster/WinMX protocol support + * OpenFT protocol support 8. Where can I find future updates to ipt_p2p? - Just visit http://sourceforge.net/projects/iptables-p2p + Just visit http://sourceforge.net/projects/iptables-p2p. Index: NEWS =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/NEWS,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- NEWS 14 Dec 2003 16:05:53 -0000 1.2 +++ NEWS 15 Dec 2003 09:25:37 -0000 1.3 @@ -1,27 +1,30 @@ -- 0.1.2 - - gnutella match correctly implemented - -- 0.2.0 - - merged match_gnutella and match_kazaa matches into match_http.c - - improved gnutella and kazaa matching +$Id$ -- 0.2.1 - - BitTorrent peer xfer support - -- 0.2.2 - - Added FAQ file - - Added support for kernel 2.6 - - examples directory created with some example scripts +Release History: -- 0.2.2a - - Corrected an error in examples/limit-p2p.sh (Andres Gregori) + * 0.2.3.cvs + - Moved project to sourceforge.net + - Removed iptables patch, only needs headers installed + - Added the ability to specify specific protocols to match -- 0.2.3 + * 0.2.3 - eDonkey match updated for new version of eDonkey Hybrid - iptables-1.2.9 patch + + * 0.2.2a + - Corrected an error in examples/limit-p2p.sh (Andres Gregori) + + * 0.2.2 + - Added FAQ file + - Added support for kernel 2.6 + - examples/ directory created with some example scripts -- 0.2.3.cvs - - moved project to sourceforge.net - - removed iptables patch, only needs headers installed - - added the ability to match multiple protocols at once - (--p2p-protocol kazaa,gnutella) + * 0.2.1 + - BitTorrent peer xfer support + + * 0.2.0 + - Merged match_gnutella and match_kazaa matches into match_http.c + - Improved gnutella and kazaa matching + + * 0.1.2 + - Gnutella match correctly implemented |
|
From: <li...@us...> - 2003-12-15 07:31:48
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel In directory sc8-pr-cvs1:/tmp/cvs-serv27696 Modified Files: Makefile-2.6 Log Message: make clean now clears all object files Index: Makefile-2.6 =================================================================== RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/Makefile-2.6,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- Makefile-2.6 5 Dec 2003 21:43:16 -0000 1.4 +++ Makefile-2.6 15 Dec 2003 07:31:45 -0000 1.5 @@ -27,4 +27,4 @@ .PHONY: clean clean: - $(RM) *.o ipt_p2p.mod.* ipt_p2p.ko + $(RM) *.o ipt_p2p.mod.* ipt_p2p.ko .*.o.cmd .*.ko.cmd |
|
From: <li...@us...> - 2003-12-15 07:23:35
|
Update of /cvsroot/iptables-p2p/iptables-p2p/kernel
In directory sc8-pr-cvs1:/tmp/cvs-serv26517
Modified Files:
match_http.c
Log Message:
New version of match_http. Several protocols added.
Index: match_http.c
===================================================================
RCS file: /cvsroot/iptables-p2p/iptables-p2p/kernel/match_http.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- match_http.c 7 Dec 2003 03:05:10 -0000 1.2
+++ match_http.c 15 Dec 2003 07:23:32 -0000 1.3
@@ -12,45 +12,63 @@
* General Public License for more details.
*/
+
+/* TODO: This module needs more testing */
+
#define __NO_VERSION__
#include <linux/config.h>
-
#include <linux/smp.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/file.h>
#include <net/sock.h>
-#define SIZE_MIN (30)
-#define SIZE_MAX (1000)
-#define HEADER_SIZE_MIN (15)
+#define SIZE_MIN 30
+#define SIZE_MAX 1000
-static const unsigned char *methods_list[] =
-{
+static const unsigned char *methods_list[] = {
"GET /get/",
"GET /uri-res/",
"GET /.hash=",
+ "GET /PoisonedDownloads/",
+ "GET /",
"HTTP/1.1",
NULL
};
-static const unsigned char *headers_list[] =
-{
+#define MM_GET_GET 0
+#define MM_GET_URIRES 1
+#define NM_GET_HASH 2
+#define MM_GET_POISONED 3
+#define MM_GET 4
+#define MM_HTTP11 5
+
+static const unsigned char *headers_list[] = {
"X-Kazaa-",
"X-Gnutella-",
+ "X-OpenftAlias:",
+ "Content-URN:",
+ "X-Queue:",
+ "X-TigerTree",
NULL
};
+#define HM_X_KAZZA 0
+#define HM_X_GNUTELLA 1
+#define HM_X_OPENFTALIAS 2
+#define HM_CONTENT_URN 3
+#define HM_X_QUEUE 4
+#define HM_X_TIGER_THREE 5
+
+#define HEADERS_COUNT (sizeof(methods_list)/sizeof(char *)) /* Not pretty: Is there a better way? */
+
static inline const unsigned char *
next_line(const unsigned char *data,
const unsigned char *end)
{
- while (data <= end)
- {
- if (*data++ == '\n')
- return data;
- }
+ while(data <= end)
+ if(*data++ == '\n') return data;
return NULL;
}
@@ -59,36 +77,68 @@
string_match(const unsigned char *data,
const unsigned char **strings)
{
- int i;
-
- for (i = 0; strings[i] != NULL; i++)
- {
- if (memcmp(data, strings[i], sizeof(strings[i]) - 1) == 0)
- return 1;
+ int i = 0;
+ while (strings[i]) {
+ if(memcmp(data, strings[i], strlen(strings[i]) - 1) == 0)
+ return i;
+ i++;
}
-
- return 0;
+ return -1;
}
int
-match_http(const unsigned char *data,
- const unsigned char *end)
+match_http( const unsigned char *data,
+ const unsigned char *end)
{
- if (end - data < SIZE_MIN || end - data > SIZE_MAX)
- return 0;
+ unsigned int method_matched; /* Methods matched */
+ unsigned char headers_matched[ HEADERS_COUNT ]; /* headers matched*/
- if (string_match(data, methods_list) == 0)
+ if (end - data < SIZE_MIN || end - data > SIZE_MAX) return 0;
+
+
+ method_matched = string_match(data, methods_list);
+
+ if(method_matched == -1)
return 0;
- while ((data = next_line(data, end)))
- {
- if (end - data < HEADER_SIZE_MIN)
- return 0;
+ memset(headers_matched, 0, sizeof(headers_matched));
- if (string_match(data, headers_list))
- return 1;
+ while ( (data = next_line(data, end)) ) {
+ int header;
+
+/* FIXME: Should check for buffer overrun here
+ * string_match should receive end - data as an argument
+ */
+ header = string_match(data, headers_list);
+ if( header != -1)
+ headers_matched[ header ] = 1;
}
+
+#define MM(x) (method_matched == x)
+#define HM(x) headers_matched[x]
+
+ /* Kazaa */
+ if( ( MM(NM_GET_HASH) || MM(MM_HTTP11) ) && HM(HM_X_KAZZA) )
+ return 1;
+
+ /* Gnutella */
+ if ( (MM(MM_GET_GET) || MM(MM_GET_URIRES) || MM(MM_HTTP11)) && HM(HM_X_GNUTELLA) )
+ return 1;
+
+ /* OpenFT */
+ if( (MM(MM_GET) || MM(MM_HTTP11)) && HM(HM_X_OPENFTALIAS) )
+ return 1;
+
+ if( MM(MM_GET_POISONED) )
+ return 1;
+
+ /* Shareazza */
+ if( (MM(MM_GET_URIRES) && (HM(HM_CONTENT_URN) || HM(HM_X_QUEUE)) ))
+ return 1;
+
+ if( MM(MM_HTTP11) && HM(HM_X_TIGER_THREE) )
+ return 1;
return 0;
}
|
|
From: <be...@us...> - 2003-12-14 16:05:56
|
Update of /cvsroot/iptables-p2p/iptables-p2p/iptables
In directory sc8-pr-cvs1:/tmp/cvs-serv26171/iptables
Modified Files:
libipt_p2p.c
Log Message:
docs
Index: libipt_p2p.c
===================================================================
RCS file: /cvsroot/iptables-p2p/iptables-p2p/iptables/libipt_p2p.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- libipt_p2p.c 14 Dec 2003 06:24:58 -0000 1.3
+++ libipt_p2p.c 14 Dec 2003 16:05:53 -0000 1.4
@@ -38,6 +38,7 @@
const char *name;
int proto;
}
+
protomap[] =
{
{ "all", IPT_P2P_PROTO_ALL },
@@ -71,7 +72,7 @@
static struct iptables_match p2p =
{
- NULL,
+ NULL,
"p2p",
IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_p2p_info)),
@@ -99,7 +100,7 @@
{
printf(
"P2P match v%s options:\n"
-" --p2p-protocol [!] protocol\n"
+" --p2p-protocol [!] protocol[,proto2][,proto3...]\n"
" --p2p ...\n"
" match application-layer protocol\n",
IPT_P2P_VERSION);
|
