ipp2p at kernel 2.6.24.5
I just decide to upgrade one of our firewall servers… but for some reason I remember that it was hard the first time to install ipp2p on the old one… I decide to use Patch-o-Matic from NETFILTER, so what you need is Kernel-Source and IpTables-Source
[root@localhost patch-o-matic-ng-20080805]# ./runme –download ipp2p
Successfully downloaded external patch geoip
Successfully downloaded external patch condition
Successfully downloaded external patch IPMARK
Successfully downloaded external patch ROUTE
Successfully downloaded external patch connlimit
Successfully downloaded external patch ipp2p
Successfully downloaded external patch time
./patchlets/ipv4options exists and is not external
./patchlets/TARPIT exists and is not external
Successfully downloaded external patch ACCOUNT
Successfully downloaded external patch pknock
Hey! KERNEL_DIR is not set.
Where is your kernel source directory? [/usr/src/linux]
Hey! IPTABLES_DIR is not set.
Where is your iptables source code directory? [/usr/src/iptables] /usr/local/src/P2P/iptables-1.4.0
Loading patchlet definitions……………………. done
Welcome to Patch-o-matic ($Revision$)!
Kernel: 2.6.24, /usr/src/linux
Iptables: 1.4.0, /usr/local/src/P2P/iptables-1.4.0
Each patch is a new feature: many have minimal impact, some do not.
Almost every one has bugs, so don’t apply what you don’t need!
——————————————————-
Already applied:
Testing ipp2p… not applied
The ipp2p patch:
Author: Eicke Friedrich
Status: Stable
This option makes possible to match some P2P packets
therefore helps controlling such traffic. Dropping all
matches prohibits P2P networks. Combined with conntrack,
CONNMARK and a packet scheduler it can be used for
accounting or shaping of P2P traffic.
Examples:
iptables -A FORWARD -m ipp2p –edk –kazaa –bit -j DROP
iptables -A FORWARD -p tcp -m ipp2p –ares -j DROP
iptables -A FORWARD -p udp -m ipp2p –kazaa -j DROP
—————————————————————–
Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y
Excellent! Source trees are ready for compilation.
Recompile the kernel image (if there are non-modular netfilter modules).
Recompile the netfilter kernel modules.
Recompile the iptables binaries.
——————————————————-
——————————————————-
and now…….. Kernell compiling !! ( check the ipp2p support for the compilation 
)
——————————————————-
——————————————————-
cp /boot/config-ACTUAL-KERNEL-VERSION
make oldconfig
make dep clean bzImage modules modules_install
make install
Reboot and use your new and fresh kernell
and …. see that it doesn’t work !!! SHIT !!!!
Let’s fix this mess !!
—————————————————–
1- cp /usr/include/linux/netfilter_ipv4/ip_tables.h /usr/local/src/P2P/iptables-1.4.0/include/linux/netfilter_ipv4/ip_tables.h
/// This step to copy iptables.h is cause iptables source has 2 entries that doesn’t like to ipp2p
THIS ARE THE ONES AT IpTABLES DOWNLOAD SOURCES:
// #include < linux /compiler.h >
// struct xt_counters __user *counters
THIS ARE THE ONES AT IpTABLES LOCAL KERNEL SRC:
// -----------------------------------------------------
// struct xt_counters *counters;
2- cd /usr/local/src/P2P/ipp2p/
tar xvzf ipp2p-0.8.2.tar.gz
cd ipp2p-0.8.2
vi Makefile ( EDIT WHERE YOUR IPTABLES SOURCE IS )
- IPTABLES_SRC = $(wildcard /usr/src/iptables-$(IPTVER))
- in my case IPTABLES_SRC = $(wildcard /usr/local/src/P2P/iptables-$(IPTVER))
cp /usr/src/linux-2.6.24.5-2mnb-janux-01/net/ipv4/netfilter/ipt_ipp2p.* .
make clean
make
————————————————————————————–
ls -al lib*
-rw-r–r– 1 23881 users 15260 2006-01-04 10:24 libipt_ipp2p.c
-rw-r–r– 1 root root 14216 2008-08-05 16:59 libipt_ipp2p.o
-rwxr-xr-x 1 root root 9858 2008-08-05 16:59 libipt_ipp2p.so*
3- coping ….
/lib/modules/2.6.24.5-2mnb-janux-01/kernel/net/ipv4/netfilter/ipt_ipp2p.o
/lib/modules/2.6.24.5-2mnb-janux-01/kernel/net/ipv4/netfilter/ipt_ipp2p.ko
/lib/iptables.d/libipt_ipp2p.so
4- ldconfig -v
depmod -a
modprobe ipt_ipp2p
Now try: iptables -m ipp2p –help
xD Is working !! xD Is working !! xD Is working !! xD Is working !! xD Is working !!
IPP2P v0.8.2 options:
--ipp2p Grab all known p2p packets
--edk [TCP&UDP] All known eDonkey/eMule/Overnet packets
–dc [TCP] All known Direct Connect packets
–kazaa [TCP&UDP] All known KaZaA packets
–gnu [TCP&UDP] All known Gnutella packets
–bit [TCP&UDP] All known BitTorrent packets
–apple [TCP] All known AppleJuice packets
–winmx [TCP] All known WinMX
–soul [TCP] All known SoulSeek
–ares [TCP] All known Ares
EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :
–mute [TCP] All known Mute packets
–waste [TCP] All known Waste packets
–xdcc [TCP] All known XDCC packets (only xdcc login)
DEBUG SUPPPORT, use only if you know why
–debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER
Note that the follwing options will have the same meaning:
‘–ipp2p’ is equal to ‘–edk –dc –kazaa –gnu –bit –apple –winmx –soul –ares’
IPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.
You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.
See README included with this package for more details or visit http://www.ipp2p.org
Examples:
iptables -A FORWARD -m ipp2p –ipp2p -j MARK –set-mark 0×01
iptables -A FORWARD -p udp -m ipp2p –kazaa –bit -j DROP
iptables -A FORWARD -p tcp -m ipp2p –edk –soul -j DROP