[MATCH] a match for qq

[MATCH] a match for qq

[zhongyu]

QQ is a very popular IM tool in Chinese. Some people may need this
match :-)

###########This is the begin of ipt_qq.c########
/***************************************************
 * ipt_qq : a iptables match for qq 
 *
 * Author : Triplex Chung <xxx.phy@gmail.com>
 *
***************************************************/
#include <linux/config.h>
#include <linux/skbuff.h> 
#include <linux/kmod.h>
#include <linux/vmalloc.h>
#include <linux/netdevice.h>
#include <linux/module.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/udp.h> 
#include <linux/icmp.h>
#include <linux/types.h>
#include <linux/spinlock.h>
#include <linux/sched.h>
#include <linux/sysctl.h>
#include <linux/timer.h>
#include <net/ip.h> 
#include <asm/uaccess.h>
#include <asm/semaphore.h>

MODULE_LICENSE("GPL");

static int mach_qq_bin(unsigned char *data, int dlen)
{
        if(dlen < 6)
                return 0; 
        if(data[0] != 0x2)
                return 0;
        if(data[3] != 0x0)
                return 0;
        if(data[4] != 0x16 || data[4] != 0x62)
                return 0;
        if(data[dlen - 1] != 0x3) 
                return 0;
        return 1;
}

static int
match(const struct sk_buff *skb,
      const struct net_device *in,
      const struct net_device *out,
      const void *matchinfo,
      int offset,
      const void *hdr,
      u_int16_t datalen,
      int *hotdrop)
{
        int dlen;
        unsigned char *data;
        struct iphdr *iph;

         /* Must not be a fragment. */ 
        if(offset)
                return 0;

        /*make sure that skb is linear*/
        if(skb_is_nonlinear(skb)){
                printk("QQ.match: nonlinear skb found\n");
                return 0; 
        }

        iph = skb->nh.iph;
        if(iph->protocol == IPPROTO_TCP) {
                struct tcphdr *th = (void *)iph + iph->ihl * 4;
                if (th->fin)
                        return 0; 
                if (th->syn)
                        return 0;
                if (th->rst)
                        return 0;
                /*if(ntohs(th->dest) != 80) {
                        return 0; 
                }*/
                dlen = ntohs(iph->tot_len) - (iph->ihl * 4) - th->doff *
4;
                data = (void *)th + th->doff * 4;
                return mach_qq_bin(data, dlen);
        } else if (iph->protocol == IPPROTO_UDP) {
                struct udphdr *uh = (void *)iph + iph->ihl * 4;
                dlen = ntohs(iph->tot_len) - (iph->ihl * 4) -
sizeof(struct udphdr);
                data = (void *)uh + sizeof(struct udphdr);
                return mach_qq_bin(data, dlen);
        }

        return 0;
}

static int
checkentry(const char *tablename,
         const struct ipt_ip *ip, 
         void *matchinfo,
         unsigned int matchsize,
         unsigned int hook_mask)
{
        return 1;
}

static struct ipt_match qq_match = {
        .name           = "qq", 
        .match          = &match,
        .checkentry     = &checkentry,
        .me             = THIS_MODULE
};

static int __init init(void)
{
        return ipt_register_match(&qq_match); 
}

static void __exit fini(void)
{
}

MODULE_AUTHOR("TripleX Chung <xxx.phy@gmail.com>");
MODULE_DESCRIPTION("An extension to iptables to identify QQ."); 
MODULE_LICENSE("GPL");

module_init(init);
module_exit(fini);

##############this is the end of ipt_qq.c########

#############this is the begin of libipt_qq.c########

#include <stdio.h >
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <limits.h>
#include <getopt.h>
#include <iptables.h>

/* Function which prints out usage message. */ 
static void
help(void)
{
        printf("no options %s", IPTABLES_VERSION);
}

static struct option opts[] = {
        {0}
};

/* Initialize the target. */
static void
init(struct ipt_entry_match *m, unsigned int *nfcache) 
{
}

/* Function which parses command options; returns true if it
   ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
      const struct ipt_entry *entry,
      unsigned int *nfcache,
      struct ipt_entry_match **match)
{
        return 1;
}

/* Final check; don't care. */
static void final_check(unsigned int flags)
{
}

/* Saves the targinfo in parsable form to stdout. */ 
static void
save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
{
}

static
struct iptables_match qq
= { NULL,
    "qq",
    IPTABLES_VERSION,
    IPT_ALIGN(0), 
    IPT_ALIGN(0),
    &help,
    &init,
    &parse,
    &final_check,
    NULL, /* print */
    &save,
    opts
};

void _init(void)
{
        register_match(&qq); 
}

###########this is the end of libipt_qq.c########

Re: [MATCH] a match for qq

[zhongyu]

Ofcause, and I had added the msn support for this match, so the module
name was changed to ipt_im. I will search the STL protocol and add the
GoogleTalk support soon (my current idea is match the STL
certifacation's common name).
The new code is here
http://www.18mail.cn/ipt_im.tgz

2006-07-20 18:26 +0200，Patrick McHardy：
> zhongyu wrote:
> > QQ is a very popular IM tool in Chinese. Some people may need this
> > match :-)
> 
> If you want to set up a pomng repository for this we can include it
> in the distributed sources.list.
> 
> 

Re: [MATCH] a match for qq

[Patrick McHardy]

zhongyu wrote:
> QQ is a very popular IM tool in Chinese. Some people may need this
> match :-)

If you want to set up a pomng repository for this we can include it
in the distributed sources.list.

Re: [MATCH] a match for qq

[Toby DiPasquale]

On 7/19/06, zhongyu <zhongyu@18mail.cn> wrote:
> Ofcause, and I had added the msn support for this match, so the module
> name was changed to ipt_im. I will search the STL protocol and add the
> GoogleTalk support soon (my current idea is match the STL
> certifacation's common name).
> The new code is here
> http://www.18mail.cn/ipt_im.tgz

I think perhaps that multiple match modules, one per IM protocol,
would be best here. For example, ipt_im_qq, ipt_im_jabber, ipt_im_msn,
ipt_im_aim, etc. Having them all in one match module will hinder fast
update when one or another of the supported protocols has changed and
make the match module's code large and unwieldy.

-- 
Toby DiPasquale
0x636f6465736c696e67657240676d61696c2e636f6d

Re: [MATCH] a match for qq

[Patrick McHardy]

Toby DiPasquale wrote:
> I think perhaps that multiple match modules, one per IM protocol,
> would be best here. For example, ipt_im_qq, ipt_im_jabber, ipt_im_msn,
> ipt_im_aim, etc. Having them all in one match module will hinder fast
> update when one or another of the supported protocols has changed and
> make the match module's code large and unwieldy.

Updates shouldn't really make a difference. I agree with putting it
in seperate matches, but they can still be part of the same module
IMO. We currently have way to many modules basically doing the same
thing (match one field of packet data, match of field of meta data)
and I would like to get rid of the "one match per module" attitude.

Re: [MATCH] a match for qq

[Patrick McHardy]

zhongyu wrote:
> Ofcause, and I had added the msn support for this match, so the module
> name was changed to ipt_im. I will search the STL protocol and add the
> GoogleTalk support soon (my current idea is match the STL
> certifacation's common name).
> The new code is here
> http://www.18mail.cn/ipt_im.tgz

You need to publish an index file for a pomng repository.

Check out one of the existing repositories for examples:

# geoip, maintained by Samuel Jean <jix@bugmachine.ca>
http://mynodes.net/pub/linux/netfilter/patchlets

# condition, maintained by Massimiliano Hofer <max@nucleus.it>
http://www.nucleus.it/pom-repo

# ipp2p and time maintained by Krzysztof Oledzki <ole@ans.pl>
http://people.netfilter.org/ole/pom/

Re: [MATCH] a match for qq

[zhongyu]

I setup a repository
http://218.241.65.3:8080/svn
Is it ok?
MSN and QQ are still in the same match now, I will seperate them if
there are too many functions :-)

2006-07-21 01:39 +0200，Patrick McHardy：
> zhongyu wrote:
> > Ofcause, and I had added the msn support for this match, so the module
> > name was changed to ipt_im. I will search the STL protocol and add the
> > GoogleTalk support soon (my current idea is match the STL
> > certifacation's common name).
> > The new code is here
> > http://www.18mail.cn/ipt_im.tgz
> 
> You need to publish an index file for a pomng repository.
> 
> Check out one of the existing repositories for examples:
> 
> # geoip, maintained by Samuel Jean <jix@bugmachine.ca>
> http://mynodes.net/pub/linux/netfilter/patchlets
> 
> # condition, maintained by Massimiliano Hofer <max@nucleus.it>
> http://www.nucleus.it/pom-repo
> 
> # ipp2p and time maintained by Krzysztof Oledzki <ole@ans.pl>
> http://people.netfilter.org/ole/pom/
> 

Re: [MATCH] a match for qq

[zhongyu]

Sorry I forgot to add the help/info file. They are ok now, but I still
have no idea what index file is, because I can check out none of the
extra repository like
# geoip, maintained by Samuel Jean <jix@bugmachine.ca>
http://mynodes.net/pub/linux/netfilter/patchlets
# condition, maintained by Massimiliano Hofer <max@nucleus.it>
http://www.nucleus.it/pom-repo
# ipp2p and time maintained by Krzysztof Oledzki <ole@ans.pl>
http://people.netfilter.org/ole/pom/
And there are no index file in pom-ng patchlets from
https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng/patchlets
Please help me :-)

2006-07-2 03:24 +0200，Patrick McHardy：
> zhongyu wrote:
> > I setup a repository
> > http://218.241.65.3:8080/svn
> > Is it ok?
> 
> The index and help/info files appear to be still missing.
> Please check out one of the existing patchlet repository
> for an example.
> 
> 

Re: [MATCH] a match for qq

[Patrick McHardy]

zhongyu wrote:
> I setup a repository
> http://218.241.65.3:8080/svn
> Is it ok?

The index and help/info files appear to be still missing.
Please check out one of the existing patchlet repository
for an example.

Re: [MATCH] a match for qq

[zhongyu]

Thanks~~, The index file was added :-)

2006-07-25 12:23 +0000，Samuel Jean：
> Hi!
> 
> On Mon, Jul 24, 2006, zhongyu <zhongyu@18mail.cn> said:
> 
> > Sorry I forgot to add the help/info file. They are ok now, but I still
> > have no idea what index file is, because I can check out none of the
> > extra repository like
> > # geoip, maintained by Samuel Jean <jix@bugmachine.ca>
> > http://mynodes.net/pub/linux/netfilter/patchlets
> 
> Basically, that file contains the external patchlets available from your
> repository.
> 
> Look at -- for exemple -- http://people.netfilter.org/peejix/patchlets/
> 
> This is not required to be a Subversion repository. Interesting idea tho.
> 
> > Please help me :-)
> 
> Hope that helps,
> 
> Samuel
> 
> 
> 
> 

Re: [MATCH] a match for qq

[Samuel Jean]

Hi!

On Mon, Jul 24, 2006, zhongyu <zhongyu@18mail.cn> said:

> Sorry I forgot to add the help/info file. They are ok now, but I still
> have no idea what index file is, because I can check out none of the
> extra repository like
> # geoip, maintained by Samuel Jean <jix@bugmachine.ca>
> http://mynodes.net/pub/linux/netfilter/patchlets

Basically, that file contains the external patchlets available from your
repository.

Look at -- for exemple -- http://people.netfilter.org/peejix/patchlets/

This is not required to be a Subversion repository. Interesting idea tho.

> Please help me :-)

Hope that helps,

Samuel