From af370f81f0cdfcbfa875676c8e93c6c1da15198a Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Fri, 9 Jan 2009 20:24:41 +0100
Subject: [PATCH 1/5] ipp2p: update manpage

(With suggestions from Stanley Pinchak.)
---
 extensions/libxt_ipp2p.man | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/extensions/libxt_ipp2p.man b/extensions/libxt_ipp2p.man
index cdaf3c3..9a76451 100644
--- a/extensions/libxt_ipp2p.man
+++ b/extensions/libxt_ipp2p.man
@@ -1,12 +1,12 @@
 This module matches certain packets in P2P flows. It is not
 designed to match all packets belonging to a P2P connection - 
-use IPP2P together with CONNMARK for this purpose. Also visit
-http://www.ipp2p.org for detailed information.
-
+use IPP2P together with CONNMARK for this purpose.
+.PP
 Use it together with -p tcp or -p udp to search these protocols
 only or without -p switch to search packets of both protocols.
-
-IPP2P provides the following options:
+.PP
+IPP2P provides the following options, of which one or more may be specified
+on the command line:
 .TP
 .B "--edk "
 Matches as many eDonkey/eMule packets as possible.
@@ -38,3 +38,11 @@ Matches Ares and AresLite packets. Use together with -j DROP only.
 .B "--debug "
 Prints some information about each hit into kernel logfile. May 
 produce huge logfiles so beware!
+.PP
+Note that ipp2p may not (and often, does not) identify all packets that are
+exchanged as a result of running filesharing programs.
+.PP
+There is more information on http://ipp2p.org/ , but it has not been updated
+since September 2006, and the syntax there is different from the ipp2p.c
+provided in Xtables-addons; most importantly, the --ipp2p flag was removed due
+to its ambiguity to match "all known" protocols.

From 019c9de2910f1776994064c81ed721c6db81deb6 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Sat, 10 Jan 2009 04:42:27 +0100
Subject: [PATCH 2/5] ipp2p: update help text

More suggestions from Stanley Pinchak.
---
 extensions/libxt_ipp2p.c | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/extensions/libxt_ipp2p.c b/extensions/libxt_ipp2p.c
index eb0d1f0..5fa1e9c 100644
--- a/extensions/libxt_ipp2p.c
+++ b/extensions/libxt_ipp2p.c
@@ -22,7 +22,7 @@
 static void ipp2p_mt_help(void)
 {
 	printf(
-	"IPP2P v%s options:\n"
+	"ipp2p v%s match options:\n"
 	"  --edk    [tcp,udp]  All known eDonkey/eMule/Overnet packets\n"
 	"  --dc     [tcp]      All known Direct Connect packets\n"
 	"  --kazaa  [tcp,udp]  All known KaZaA packets\n"
@@ -32,19 +32,10 @@ static void ipp2p_mt_help(void)
 	"  --winmx  [tcp]      All known WinMX\n"
 	"  --soul   [tcp]      All known SoulSeek\n"
 	"  --ares   [tcp]      All known Ares\n\n"
-	"EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n"
+	"EXPERIMENTAL protocols:\n"
 	"  --mute   [tcp]      All known Mute packets\n"
 	"  --waste  [tcp]      All known Waste packets\n"
 	"  --xdcc   [tcp]      All known XDCC packets (only xdcc login)\n\n"
-	"DEBUG SUPPPORT, use only if you know why\n"
-	"  --debug             Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n"
-	"\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n"
-	"You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n"
-	"\nSee README included with this package for more details or visit http://www.ipp2p.org\n"
-	"\nExamples:\n"
-	" iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n"
-	" iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n"
-	" iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n"
 	, IPP2P_VERSION);
 }
 

From 879e964f60dad2bb55553cd119f1a8d881caed0e Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Sat, 10 Jan 2009 04:46:26 +0100
Subject: [PATCH 3/5] ipp2p: remove log flooding

Syslog was flooded by lots of messages due to if (plen >= 5) firing
on any packet, when it should have been plen < 5. Incidentally, this
turned up that plen also takes on huge nonsense values, assuming
underflow - yet to be investigated.
---
 extensions/xt_ipp2p.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/extensions/xt_ipp2p.c b/extensions/xt_ipp2p.c
index 9c407ea..16203f9 100644
--- a/extensions/xt_ipp2p.c
+++ b/extensions/xt_ipp2p.c
@@ -603,8 +603,13 @@ search_all_kazaa(const unsigned char *payload, const unsigned int plen)
 {
 	uint16_t c, end, rem;
 
-	if (plen >= 5) {
-		printk(KERN_WARNING KBUILD_MODNAME ": %s: plen (%u) < 5\n",
+	if (plen < 5)
+		/* too short for anything we test for - early bailout */
+		return 0;
+
+	if (plen >= 65535) {
+		/* Something seems _really_ fishy */
+		printk(KERN_WARNING KBUILD_MODNAME ": %s: plen (%u) >= 65535\n",
 		       __func__, plen);
 		return 0;
 	}

From 4cdfd496376ca9ae2ed9ea70df22a2c672fcfc01 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Sat, 10 Jan 2009 06:11:13 +0100
Subject: [PATCH 4/5] ipp2p: add boundary check in search_all_kazaa

To avoid underflow on "end - 18", we must check for plen >= 18.
---
 extensions/xt_ipp2p.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/extensions/xt_ipp2p.c b/extensions/xt_ipp2p.c
index 16203f9..3c5f238 100644
--- a/extensions/xt_ipp2p.c
+++ b/extensions/xt_ipp2p.c
@@ -623,6 +623,10 @@ search_all_kazaa(const unsigned char *payload, const unsigned int plen)
 	if (memcmp(payload, "GET /", 5) != 0)
 		return 0;
 
+	if (plen < 18)
+		/* The next tests would not succeed anyhow. */
+		return 0;
+
 	end = plen - 18;
 	rem = plen - 5;
 	for (c = 5; c < end; ++c, --rem) {

From fbbca68790708c280acaea4e771d1fdba71833c6 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Sat, 10 Jan 2009 08:23:27 +0100
Subject: [PATCH 5/5] ipp2p: partial revert of 3c8131b9

Revert part of 3c8131b976d2fb61c8e54437658bc632b46fd77f.

The transport header offset is not (yet) set by the time Netfilter
is invoked so using tcp_hdr/udp_hdr has undefined behavior.
---
 extensions/xt_ipp2p.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions/xt_ipp2p.c b/extensions/xt_ipp2p.c
index 3c5f238..83fa201 100644
--- a/extensions/xt_ipp2p.c
+++ b/extensions/xt_ipp2p.c
@@ -837,7 +837,7 @@ ipp2p_mt(const struct sk_buff *skb, const struct xt_match_param *par)
 	switch (ip->protocol) {
 	case IPPROTO_TCP:	/* what to do with a TCP packet */
 	{
-		const struct tcphdr *tcph = tcp_hdr(skb);
+		const struct tcphdr *tcph = (const void *)ip + ip_hdrlen(skb);
 
 		if (tcph->fin) return 0;  /* if FIN bit is set bail out */
 		if (tcph->syn) return 0;  /* if SYN bit is set bail out */
@@ -864,7 +864,7 @@ ipp2p_mt(const struct sk_buff *skb, const struct xt_match_param *par)
 
 	case IPPROTO_UDP:	/* what to do with an UDP packet */
 	{
-		const struct udphdr *udph = udp_hdr(skb);
+		const struct udphdr *udph = (const void *)ip + ip_hdrlen(skb);
 
 		while (udp_list[i].command) {
 			if ((info->cmd & udp_list[i].command) == udp_list[i].command &&