From a1d307e33684a9562defad429e64fcb4f78b7ee7 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 26 Mar 2008 07:53:10 +0100 Subject: [PATCH] ipp2p: internally simplify selecting protocol searches --- extensions/libxt_ipp2p.c | 188 ++++++--------------------------------- extensions/xt_ipp2p.c | 50 +++++------ extensions/xt_ipp2p.h | 57 +++++++----- 3 files changed, 85 insertions(+), 210 deletions(-) diff --git a/extensions/libxt_ipp2p.c b/extensions/libxt_ipp2p.c index 4994dc0..b34ffc2 100644 --- a/extensions/libxt_ipp2p.c +++ b/extensions/libxt_ipp2p.c @@ -11,7 +11,6 @@ static void ipp2p_mt_help(void) { printf( "IPP2P v%s options:\n" - " --ipp2p Grab all known p2p packets\n" " --edk [tcp,udp] All known eDonkey/eMule/Overnet packets\n" " --dc [tcp] All known Direct Connect packets\n" " --kazaa [tcp,udp] All known KaZaA packets\n" @@ -27,8 +26,6 @@ static void ipp2p_mt_help(void) " --xdcc [tcp] All known XDCC packets (only xdcc login)\n\n" "DEBUG SUPPPORT, use only if you know why\n" " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n" - "\nNote that the follwing options will have the same meaning:\n" - " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n" "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n" "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n" "\nSee README included with this package for more details or visit http://www.ipp2p.org\n" @@ -40,7 +37,6 @@ static void ipp2p_mt_help(void) } static const struct option ipp2p_mt_opts[] = { - { "ipp2p", 0, 0, '1' }, { "edk", 0, 0, '2' }, { "dc", 0, 0, '7' }, { "gnu", 0, 0, '9' }, @@ -63,37 +59,11 @@ static int ipp2p_mt_parse(int c, char **argv, int invert, unsigned int *flags, struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data; switch (c) { - case '1': /*cmd: ipp2p*/ - if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p' may only be " - "specified once!"); -/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p-data' may only be " - "specified alone!");*/ - if ((*flags) != 0) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p' may only be " - "specified alone!"); - if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); - *flags += SHORT_HAND_IPP2P; - info->cmd = *flags; - break; - case '2': /*cmd: edk*/ if ((*flags & IPP2P_EDK) == IPP2P_EDK) exit_error(PARAMETER_PROBLEM, "ipp2p: `--edk' may only be " "specified once"); - if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p' may only be " - "specified alone!"); -/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p-data' may only be " - "specified alone!");*/ if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) exit_error(PARAMETER_PROBLEM, "ipp2p: use `--edk' OR `--edk-data' but not both of them!"); @@ -107,14 +77,6 @@ static int ipp2p_mt_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "ipp2p: `--dc' may only be " "specified once!"); - if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p' may only be " - "specified alone!"); -/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p-data' may only be " - "specified alone!");*/ if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC) exit_error(PARAMETER_PROBLEM, "ipp2p: use `--dc' OR `--dc-data' but not both of them!"); @@ -128,14 +90,6 @@ static int ipp2p_mt_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "ipp2p: `--gnu' may only be " "specified once!"); -/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p-data' may only be " - "specified alone!");*/ - if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p' may only be " - "specified alone!"); if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) exit_error(PARAMETER_PROBLEM, "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!"); @@ -149,14 +103,6 @@ static int ipp2p_mt_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "ipp2p: `--kazaa' may only be " "specified once!"); -/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p-data' may only be " - "specified alone!");*/ - if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p' may only be " - "specified alone!"); if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) exit_error(PARAMETER_PROBLEM, "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!"); @@ -170,11 +116,6 @@ static int ipp2p_mt_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "ipp2p: `--bit' may only be " "specified once!"); - if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p' may only be " - "specified alone!"); - if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); *flags += IPP2P_BIT; info->cmd = *flags; break; @@ -184,10 +125,6 @@ static int ipp2p_mt_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "ipp2p: `--apple' may only be " "specified once!"); - if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p' may only be " - "specified alone!"); if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); *flags += IPP2P_APPLE; info->cmd = *flags; @@ -198,10 +135,6 @@ static int ipp2p_mt_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "ipp2p: `--soul' may only be " "specified once!"); - if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p' may only be " - "specified alone!"); if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); *flags += IPP2P_SOUL; info->cmd = *flags; @@ -212,10 +145,6 @@ static int ipp2p_mt_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "ipp2p: `--winmx' may only be " "specified once!"); - if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p' may only be " - "specified alone!"); if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); *flags += IPP2P_WINMX; info->cmd = *flags; @@ -226,10 +155,6 @@ static int ipp2p_mt_parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "ipp2p: `--ares' may only be " "specified once!"); - if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - exit_error(PARAMETER_PROBLEM, - "ipp2p: `--ipp2p' may only be " - "specified alone!"); if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!"); *flags += IPP2P_ARES; info->cmd = *flags; @@ -283,104 +208,43 @@ static void ipp2p_mt_check(unsigned int flags) "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n"); } +static const char *const ipp2p_cmds[] = { + [IPP2N_EDK] = "--edk", + [IPP2N_DATA_KAZAA] = "--kazaa-data", + [IPP2N_DATA_EDK] = "--edk-data", + [IPP2N_DATA_DC] = "--dc-data", + [IPP2N_DC] = "--dc", + [IPP2N_DATA_GNU] = "--gnu-data", + [IPP2N_GNU] = "--gnu", + [IPP2N_KAZAA] = "--kazaa", + [IPP2N_BIT] = "--bit", + [IPP2N_APPLE] = "--apple", + [IPP2N_SOUL] = "--soul", + [IPP2N_WINMX] = "--winmx", + [IPP2N_ARES] = "--ares", + [IPP2N_MUTE] = "--mute", + [IPP2N_WASTE] = "--waste", + [IPP2N_XDCC] = "--xdcc", +}; + static void ipp2p_mt_print(const void *entry, const struct xt_entry_match *match, int numeric) { const struct ipt_p2p_info *info = (const void *)match->data; + unsigned int i; + + for (i = IPP2N_EDK; i <= IPP2N_XDCC; ++i) + if (info->cmd & (1 << i)) + printf("%s ", ipp2p_cmds[i]); - printf("ipp2p v%s", IPP2P_VERSION); - if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - printf(" --ipp2p"); -/* - if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) - printf(" --ipp2p-data"); -*/ - if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) - printf(" --kazaa"); -/* - if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) - printf(" --kazaa-data"); - if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) - printf(" --gnu-data"); -*/ - if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu"); - if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk"); -/* - if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) - printf(" --edk-data"); - if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) - printf(" --dc-data"); -*/ - if ((info->cmd & IPP2P_DC) == IPP2P_DC) - printf(" --dc"); - if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) - printf(" --bit"); - if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) - printf(" --apple"); - if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) - printf(" --soul"); - if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) - printf(" --winmx"); - if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) - printf(" --ares"); - if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) - printf(" --mute"); - if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) - printf(" --waste"); - if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) - printf(" --xdcc"); if (info->debug != 0) - printf(" --debug"); - printf(" "); + printf("--debug "); } static void ipp2p_mt_save(const void *entry, const struct xt_entry_match *match) { - const struct ipt_p2p_info *info = (const void *)match->data; - - if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) - printf("--ipp2p "); -/* - if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) - printf("--ipp2p-data "); -*/ - if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) - printf("--kazaa "); -/* if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) - printf("--kazaa-data "); - if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) - printf("--gnu-data "); -*/ - if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) - printf("--gnu "); - if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) - printf("--edk "); -/* if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) - printf("--edk-data "); - if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) - printf("--dc-data "); -*/ - if ((info->cmd & IPP2P_DC) == IPP2P_DC) - printf("--dc "); - if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) - printf("--bit "); - if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) - printf("--apple "); - if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) - printf("--soul "); - if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) - printf("--winmx "); - if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) - printf("--ares "); - if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) - printf(" --mute"); - if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) - printf(" --waste"); - if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) - printf(" --xdcc"); - if (info->debug != 0) - printf("--debug "); + ipp2p_mt_print(entry, match, true); } static struct xtables_match ipp2p_mt_reg = { diff --git a/extensions/xt_ipp2p.c b/extensions/xt_ipp2p.c index c4c2eea..63bd656 100644 --- a/extensions/xt_ipp2p.c +++ b/extensions/xt_ipp2p.c @@ -749,40 +749,38 @@ search_waste(const unsigned char *payload, const unsigned int plen) static const struct { unsigned int command; - __u8 short_hand; /* for fucntions included in short hands */ unsigned int packet_len; unsigned int (*function_name)(const unsigned char *, const unsigned int); } matchlist[] = { - {IPP2P_EDK, SHORT_HAND_IPP2P, 20, search_all_edk}, -// {IPP2P_DATA_KAZAA, SHORT_HAND_DATA, 200, search_kazaa}, -// {IPP2P_DATA_EDK, SHORT_HAND_DATA, 60, search_edk}, -// {IPP2P_DATA_DC, SHORT_HAND_DATA, 26, search_dc}, - {IPP2P_DC, SHORT_HAND_IPP2P, 5, search_all_dc}, -// {IPP2P_DATA_GNU, SHORT_HAND_DATA, 40, search_gnu}, - {IPP2P_GNU, SHORT_HAND_IPP2P, 5, search_all_gnu}, - {IPP2P_KAZAA, SHORT_HAND_IPP2P, 5, search_all_kazaa}, - {IPP2P_BIT, SHORT_HAND_IPP2P, 20, search_bittorrent}, - {IPP2P_APPLE, SHORT_HAND_IPP2P, 5, search_apple}, - {IPP2P_SOUL, SHORT_HAND_IPP2P, 5, search_soul}, - {IPP2P_WINMX, SHORT_HAND_IPP2P, 2, search_winmx}, - {IPP2P_ARES, SHORT_HAND_IPP2P, 5, search_ares}, - {IPP2P_MUTE, SHORT_HAND_NONE, 200, search_mute}, - {IPP2P_WASTE, SHORT_HAND_NONE, 5, search_waste}, - {IPP2P_XDCC, SHORT_HAND_NONE, 5, search_xdcc}, + {IPP2P_EDK, 20, search_all_edk}, +// {IPP2P_DATA_KAZAA, 200, search_kazaa}, +// {IPP2P_DATA_EDK, 60, search_edk}, +// {IPP2P_DATA_DC, 26, search_dc}, + {IPP2P_DC, 5, search_all_dc}, +// {IPP2P_DATA_GNU, 40, search_gnu}, + {IPP2P_GNU, 5, search_all_gnu}, + {IPP2P_KAZAA, 5, search_all_kazaa}, + {IPP2P_BIT, 20, search_bittorrent}, + {IPP2P_APPLE, 5, search_apple}, + {IPP2P_SOUL, 5, search_soul}, + {IPP2P_WINMX, 2, search_winmx}, + {IPP2P_ARES, 5, search_ares}, + {IPP2P_MUTE, 200, search_mute}, + {IPP2P_WASTE, 5, search_waste}, + {IPP2P_XDCC, 5, search_xdcc}, {0}, }; static const struct { unsigned int command; - __u8 short_hand; /* for fucntions included in short hands */ unsigned int packet_len; unsigned int (*function_name)(const unsigned char *, const unsigned int); } udp_list[] = { - {IPP2P_KAZAA, SHORT_HAND_IPP2P, 14, udp_search_kazaa}, - {IPP2P_BIT, SHORT_HAND_IPP2P, 23, udp_search_bit}, - {IPP2P_GNU, SHORT_HAND_IPP2P, 11, udp_search_gnu}, - {IPP2P_EDK, SHORT_HAND_IPP2P, 9, udp_search_edk}, - {IPP2P_DC, SHORT_HAND_IPP2P, 12, udp_search_directconnect}, + {IPP2P_KAZAA, 14, udp_search_kazaa}, + {IPP2P_BIT, 23, udp_search_bit}, + {IPP2P_GNU, 11, udp_search_gnu}, + {IPP2P_EDK, 9, udp_search_edk}, + {IPP2P_DC, 12, udp_search_directconnect}, {0}, }; @@ -826,8 +824,7 @@ ipp2p_mt(const struct sk_buff *skb, const struct net_device *in, haystack += tcph->doff * 4; /* get TCP-Header-Size */ hlen -= tcph->doff * 4; while (matchlist[i].command) { - if (((info->cmd & matchlist[i].command) == matchlist[i].command || - (info->cmd & matchlist[i].short_hand) == matchlist[i].short_hand) && + if ((info->cmd & matchlist[i].command) == matchlist[i].command && hlen > matchlist[i].packet_len) { p2p_result = matchlist[i].function_name(haystack, hlen); @@ -848,8 +845,7 @@ ipp2p_mt(const struct sk_buff *skb, const struct net_device *in, const struct udphdr *udph = udp_hdr(skb); while (udp_list[i].command) { - if (((info->cmd & udp_list[i].command) == udp_list[i].command || - (info->cmd & udp_list[i].short_hand) == udp_list[i].short_hand) && + if ((info->cmd & udp_list[i].command) == udp_list[i].command && hlen > udp_list[i].packet_len) { p2p_result = udp_list[i].function_name(haystack, hlen); diff --git a/extensions/xt_ipp2p.h b/extensions/xt_ipp2p.h index 1bd3f64..c051d85 100644 --- a/extensions/xt_ipp2p.h +++ b/extensions/xt_ipp2p.h @@ -2,30 +2,45 @@ #define __IPT_IPP2P_H #define IPP2P_VERSION "0.8.1_rc1" +enum { + IPP2N_EDK, + IPP2N_DATA_KAZAA, + IPP2N_DATA_EDK, + IPP2N_DATA_DC, + IPP2N_DC, + IPP2N_DATA_GNU, + IPP2N_GNU, + IPP2N_KAZAA, + IPP2N_BIT, + IPP2N_APPLE, + IPP2N_SOUL, + IPP2N_WINMX, + IPP2N_ARES, + IPP2N_MUTE, + IPP2N_WASTE, + IPP2N_XDCC, + + IPP2P_EDK = 1 << IPP2N_EDK, + IPP2P_DATA_KAZAA = 1 << IPP2N_DATA_KAZAA, + IPP2P_DATA_EDK = 1 << IPP2N_DATA_EDK, + IPP2P_DATA_DC = 1 << IPP2N_DATA_DC, + IPP2P_DC = 1 << IPP2N_DC, + IPP2P_DATA_GNU = 1 << IPP2N_DATA_GNU, + IPP2P_GNU = 1 << IPP2N_GNU, + IPP2P_KAZAA = 1 << IPP2N_KAZAA, + IPP2P_BIT = 1 << IPP2N_BIT, + IPP2P_APPLE = 1 << IPP2N_APPLE, + IPP2P_SOUL = 1 << IPP2N_SOUL, + IPP2P_WINMX = 1 << IPP2N_WINMX, + IPP2P_ARES = 1 << IPP2N_ARES, + IPP2P_MUTE = 1 << IPP2N_MUTE, + IPP2P_WASTE = 1 << IPP2N_WASTE, + IPP2P_XDCC = 1 << IPP2N_XDCC, +}; + struct ipt_p2p_info { int cmd; int debug; }; #endif //__IPT_IPP2P_H - -#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/ -//#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/ -#define SHORT_HAND_NONE 5 /* no short hand*/ - -#define IPP2P_EDK (1 << 1) -#define IPP2P_DATA_KAZAA (1 << 2) -#define IPP2P_DATA_EDK (1 << 3) -#define IPP2P_DATA_DC (1 << 4) -#define IPP2P_DC (1 << 5) -#define IPP2P_DATA_GNU (1 << 6) -#define IPP2P_GNU (1 << 7) -#define IPP2P_KAZAA (1 << 8) -#define IPP2P_BIT (1 << 9) -#define IPP2P_APPLE (1 << 10) -#define IPP2P_SOUL (1 << 11) -#define IPP2P_WINMX (1 << 12) -#define IPP2P_ARES (1 << 13) -#define IPP2P_MUTE (1 << 14) -#define IPP2P_WASTE (1 << 15) -#define IPP2P_XDCC (1 << 16)