Main Menu (suckerfish)

Install IPP2P in Debian Etch to Block P2P

Submitted by webmaster on Fri, 11/14/2008 - 16:40.


What is IPP2P

The goal of the IPP2P project is to identify peer-to-peer (P2P) data in IP traffic. For this purpose we extended the iptables/netfilter architecture by a new matching module. Thereby IPP2P integrates itself easily into existing Linux firewalls and it's functionality can be used by adding appropriate filter rules.

IPP2P uses suitable search patterns to identify P2P traffic thus allowing the reliable identifcation of traffic belonging to many P2P networks. Once identified one may handle P2P traffic in different ways - dropping such traffic, putting into low priority classes or shaping to a given bandwidth limit is possible. Reducing costs, freeing network ressources and therefore improving network performance is often the result of using IPP2P.

Supported IPP2P protocol

  • eDonkey, eMule
  • KaZaA
  • Gnutella
  • Direct Connect
  • BitTorrent
  • AppleJuice
  • WinMX
  • SoulSeek
  • Ares, AresLite

To compile ipp2p you need to install the kernel headers and iptables headers.

apt-get install linux-headers-$(uname -r) iptables-dev

Download ipp2p source from their website

wget http://www.ipp2p.org/downloads/ipp2p-0.8.2.tar.gz

Untar the file and download Gentoo's kernel patch for ipp2p or you can download the patch attached from this blog.

cd ../ipp2p-0.8.2
wget http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/net-firewall/...
wget http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/net-firewall/...

Apply the patch for ipp2p

patch -p1 < ipp2p-0.8.2-kernel-2.6.22.patch
patch -p1 < ipp2p-0.8.2-iptables-1.4.0.patch

Modify the Makefile file

vi Makefile

and change:

libipt_ipp2p.so: libipt_ipp2p.c ipt_ipp2p.h
$(CC) $(CFLAGS) $(IPTABLES_OPTION) $(IPTABLES_INCLUDE) -fPIC -c libipt_ipp2p.c
	ld -shared -o libipt_ipp2p.so libipt_ipp2p.o

to:

        $(CC) -shared -o libipt_ipp2p.so libipt_ipp2p.o

Compile ipp2p using this command:

make

Copy libraries

cp libipt_ipp2p.so /lib/iptables/
cp ipt_ipp2p.ko /lib/modules/2.6.18-6-686/kernel/net/netfilter/

and run

depmod -a

IPP2P is now installed, you can check using this command:

iptables -m ipp2p --help

You can start blocking P2P applications such as bittorrent and gnutella.


Bookmark/Search this post with:
AttachmentSize
ipp2p_patch.tar.gz1.62 KB
Your rating: None
Anonymous's picture

anyone can help?

Submitted by Anonymous (not verified) on Tue, 03/17/2009 - 19:24.

I have the same problem did someone solve it allready?
greatings

Anonymous's picture

Switch to xtables ipp2p as p-o-m ipp2p probably won't be fixed

Submitted by Anonymous (not verified) on Sat, 01/10/2009 - 03:20.

To all having trouble look into the xtables-addons packages. I had to run the xtables-addons-source from experimental in order to get module-assistant to build correctly. The resulting kernel modules will work with the sid version of xtables-addons-common. Note that -m ipp2p --ipp2p is deprecated and individual protocols need to be specified as in -m ipp2p --bit --edk --kazaa.

Hope this helps people who use ipp2p filtering on debian.

Upstream source is of course mentioned in the package description.

http://jengelh.medozas.de/projects/xtables/

Anonymous's picture

ipp2p is now part of

Submitted by Anonymous (not verified) on Tue, 12/23/2008 - 21:57.

ipp2p is now part of xtables-addons project.
Check if your distribution has a package.
This is what solved the problem in my case (Debian).

webmaster's picture

Download and install...

Submitted by webmaster on Thu, 12/04/2008 - 17:18.


JoeyC wrote:

I too am getting the "variable 'ipp2p' has initializer but incomplete type" etc... error.. resulting in the make process stalling on libipt_ipp2p.so. I get the same error if I patch for ipt 1.4.0 or not... sure is strange. A little nudge would be appreciated

Remove the iptables currently installed on your system and download iptables 1.4.0 from netfilter's website.

apt-get --purge remove iptables iptables-dev
wget http://netfilter.org/projects/iptables/files/iptables-1.4.0.tar.bz2

Remove installed ipp2p modules

rm /lib/modules/2.6.18-6-486/kernel/net/netfilter/ipt_ipp2p.ko
rm -rf /lib/iptables/

Untar and compile the downloaded iptables source

tar -jxvf iptables-1.4.0.tar.bz2
cd iptables-1.4.0
make KERNEL_DIR=/usr/src/linux-headers-2.6.18-6-486
make install KERNEL_DIR=/usr/src/linux-headers-2.6.18-6-486

Install the ipp2p

cd ..
cd ipp2p-0.8.2
make clean
make
cp libipt_ipp2p.so /usr/local/lib/iptables/
cp ipt_ipp2p.ko /lib/modules/2.6.18-6-486/kernel/net/netfilter/
depmod -a
/usr/local/sbin/iptables -m ipp2p --help
/usr/local/sbin/iptables -A FORWARD -m ipp2p --ipp2p -j DROP

Hope this helps...
Cheers!!!

sed -i 's/windows/linux/' os

JoeyC's picture

Dito

Submitted by JoeyC (not verified) on Tue, 12/02/2008 - 03:40.

I too am getting the "variable 'ipp2p' has initializer but incomplete type" etc... error.. resulting in the make process stalling on libipt_ipp2p.so. I get the same error if I patch for ipt 1.4.0 or not... sure is strange. A little nudge would be appreciated

wouter's picture

segmentation fault

Submitted by wouter on Thu, 11/27/2008 - 05:57.

Hello,
I followed your tutorial, and I reached the last step,
but when I want to use ipp2p in the iptables command,
even when I use the examples given in the helpfile, I keep getting the error 'segmentation fault'..

Does anyone know an answer?

Kind regards,
Wouter

Anonymous's picture

HELP! The kernel module

Submitted by Anonymous (not verified) on Sat, 11/15/2008 - 10:32.

HELP!
The kernel module compiles alright (fail on insmod, but success with modprobe after cpy and depmod)

But

Build fails with:
gcc -O3 -Wall -DIPTABLES_VERSION=\"1.4.1.1\" -I/usr/src/iptables-1.4.1.1/include -fPIC -c libipt_ipp2p.c
libipt_ipp2p.c:376: error: variable 'ipp2p' has initializer but incomplete type
libipt_ipp2p.c:378: error: unknown field 'next' specified in initializer
libipt_ipp2p.c:378: warning: excess elements in struct initializer
libipt_ipp2p.c:378: warning: (near initialization for 'ipp2p')
...
...
...
libipt_ipp2p.c:390: warning: (near initialization for 'ipp2p')
libipt_ipp2p.c: In function '_INIT':
libipt_ipp2p.c:396: warning: implicit declaration of function 'register_match'
make: *** [libipt_ipp2p.so] Error 1

Any ideas?
cheers

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • You may quote other posts using [quote] tags.

More information about formatting options