IPP2P homepage

News

27.09.2006	*release for version 0.8.2* New version 0.8.2 download the new version here changes are: compile cleanly for kernel >= 2.6.17 -- THANKS to http://www.sieglitzhof.net/~doc/ipp2p/ I have seen some pieces of code from ipoque which can detect encypted bittorrent and edonkey traffic. Unforunately, this code will not work with iptables, because it needs more information about the flow history and the history of an ip address. Right now, I do not have the time and the money to develop a filter like this, but if you are interested in a developement in this direction, please contact me. I get a LOT of support emails, especially from companies selling traffic management solutions with a support request. If you are a company or an admin who earns money with traffic management and you have a question, then: donate ipp2p ask your question I have decided to put up a paypal button for every admin and / or company who wants to support me (see on the left menu bar) And also, feel free to contact me about further developements ;-) >> Contact
04.01.2006	*New test version 0.8.1_rc1 released* New test version 0.8.1_rc1 is out download the new version here changes are: new (experimental) protocols: mute, xdcc(block only) and waste (THX to joco) detects BitComet header encryption edonkey udp bug fixed some new rules for winmx more code cleanup (the code does not look very well) All in all send me your results >> Contact
20.10.2005	*Stable version 0.8.0 released* The latest test version 0.8.0_rc3 was so stable that I have had to fix only one iptables parameter error. (THX to Alex for his bug report) download the new version here I will integrate new p2p detections in the future. If you think P2P protocol X is important for you, contact me. Please do not ask for skype. It is impossible to block skype with just one packet. It is possible to block Skype by a complete flow analysis. If you really need it, a solution is sold by ipoque Last but not least I have figured out that many companies and even some firewall vendors are using the ipp2p source code without any GPL-like regards IF YOU ARE A COMPANY AND YOU USE MY P2P FILTER ENGINE OR EVEN SELL IT, PLEASE CONTACT ME FOR A SMALL DONATION The company ipoque uses my detection and have donated me a lot (like this webspace, a notebook,...) So feel free to contact me ;-) >> Contact
02.07.2005	*New version 0.8.0_rc3* New test version out, changes are: dropping ares works now (again) removed unesseary rules, this should be a speedup all BitComet packets will be detected now download the new version here Some udp rules cannot be stronger, the detection of udp is weak. If you drop or shape udp packets, I suggest to do no connection tracking with udp packets, only with tcp packets. The udp rules should hit every udp packet because there is no udp data flow in any p2p programs. If someone uses VoIP or online games, there is now a statistical chance that ONE packet can be dropped, not the whole connection. I suggest the following tcp and udp for connection tracking (see docu section) 01# iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark 02# iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT 03# iptables -t mangle -A PREROUTING -p tcp -m ipp2p --ipp2p -j MARK --set-mark 1 04# iptables -t mangle -A PREROUTING -p tcp -m mark --mark 1 -j CONNMARK --save-mark 05# iptables -t mangle -A PREROUTING -p udp -m ipp2p --ipp2p -j MARK --set-mark 1 detect TCP FIRST, SAVE MARK , and detect udp after you saved the mark !! You will have now every p2p packet marked, but a dramtic reduce of udp missmatches. >> Contact
24.06.2005	*UDP IS EXPERIMENTAL AND ARES NOT WORKING (YET)* It seems, the udp rules are not so strong as they should be. UDP makes more problems than it solves. Some games and VoIP clients create udp packets which looks like p2p. All p2p programs uses tcp for data transfer, so blocking tcp with ipp2p is enough to prevent p2p downloads. But some p2p programs will create traffic without blocking p2p. This traffic is very low (compared to the tcp traffic). There is a bug in the actual ares detection, i am working on a new better one. About kazaa 3.0, the first packet is a random 12 bytes packet and it looks like random data (secret key exchange ??). If someone know how to detect this, it would be a great help. I also checked the ipp2p filter with BitComet and it blocked all connections. does anybody else have problems with BitComet and mark or drop ??? IF YOU FIND OTHER BUGS, PLEASE REPORT THEM TO ME !!! >> Contact
21.06.2005	*next test version (ipp2p-0.8.0_rc2)* I have disabled one rule, which detects Wolfenstein ET as Edonkey UDP packet. This update whould make some Wolfenstein ET players happy. If you block P2P with this filter, this rule has no effect. Only ONE very special P2P UDP packet is not detected. Thanks at Rene Koka for the dmesg output! :-) download this version here Open Bugs: no detection for KaZaa 3.0, they have changed their protocol completely got a report that BitComet can pass the filter IF YOU FIND OTHER BUGS, PLEASE REPORT THEM TO ME !!! >> Contact
16.06.2005	*New test version and maintainer changed* A new test version has been released (ipp2p-0.8.0_rc1). download this version here New Features: many filter improvements, many thanks to ipoque to offer us their filter improvements. Nice job :-) Here as list: Soulseek bug removed: longer ssh conncetions matched this rule DC, Bit, edk filter improved DC udp matches added The old maintainer was a little bit overworked, with this release the ipp2p project has a new maintainer. If you think, application XYZ gets recognized by this p2p filter, but it is no p2p, please run ipp2p with: --debug Then there will be a kernel dmesg like: IPP2P.debug:UDP-match: 102452 from: XXX.XXX.XXX.XXX:6881 to: XXX.XXX.XXX.XXX:6881 Length: 65 Submit this line to me and I will recheck this rule! If possible, add tracefile with tcpdump , snort or ethereal.
17.03.2005	*Help with BitTorrent needed!* Receiving various reports saying that --bit does not work reliable anymore I need someone who can do a traffic dump capturing the packets IPP2P 0.7.4 misses. I have no idea why and tried to reproduce this with no success. So if you're using IPP2P to drop BitTorrent packets and observe that some packets still come through please do a binary tcpdump or snort. Contact me for further information or if you can provide such a traffic capture. >> Contact
05.02.2005	*IPP2P 0.7.4 released* Changes BUGFIX: --kazaa and --gnu should work again - please send comments on this! Thanks at Paul Cunanne for the information! Makefile has been modified, Modversions shall work again Thanks at Michael Renzmann for the patches! Support for iptables 1.3.0 series added Get 0.7.4 from the snapshots section. For 0.7.4 being a possible candidate for a stable release it is very important that you send bugreports immediately to me. Thanks! >> Downloads
04.01.2005	*IPP2P 0.7.2 released* Changes: --udp and --tcp have been removed Being a duplicat of netfilters protocol match both options have been removed. If one needs to match TCP packets only use -p tcp, for UDP only use -p udp and for both protocols omit -p. There are no other changes in 0.7.2 compared to 0.7.1 - get it from snapshots section. I will update the documentation to fit this as soon as possible. >> Downloads
30.12.2004	*IPP2P 0.7.1 released* Changes: check for skb_is_nonlinear to make sure pattern matching works statement movements due to compile problems on some 2.4x machines Thanks at Chris for support! >> Downloads
23.12.2004	*IPP2P 0.7 released* Changes: UDP support for eDonkey, KaZaA, Gnutella and BitTorrent new option: --ares for Ares and AresLite network new option: --debug prints matchinfo to kernel logfile SoulSeek filter improved - should work now together with CONNMARK no need for "-p tcp" anymore - use buildin options instead bugfix in libipt_ipp2p.c to work with new debug flag Consult the documentation for more information about the new features. The homepage and the README are updated as well to cover all changes and new features. Any feedback on IPP2P 0.7 is highly appreciated! >> Downloads
18.12.2004	*Updates* I've decided to set the english version of http://www.ipp2p.org as default page because we've got many visitors not speaking german. You still can reach the german version through the menu. Furthermore some decisions were made: IPP2P version 0.7 will support UDP matching on some P2P networks I will offer latest source tarballs here again I will publish sporadic snapshots and hope to get some feedback about them >> Downloads
18.11.2004	*IPP2P homepage has moved* You can reach our project through http://www.ipp2p.org so update your bookmarks. Many thanks at ipoque for supporting us!
10.09.2004	*IPP2P 0.6.1 released* Changes: -new option: --winmx for WinMX packets
01.08.2004	*IPP2P development* Future releases of IPP2P will be delveloped for netfilter patch-o-matic-ng only. Patches and sourcecode-tarball will not be published here anymore.
24.06.2004	*IPP2P 0.6 released* Changes: -extension: --gnu for better matching of Shareaza -extension: --edk new eMule and Kademlia patterns -cleanup: match function of kernel module (thanks at Joerg Hoh) -merge: sources & Makefile for kernel 2.4 and 2.6 >> Downloads
14.03.2004	*IPP2P 0.5c released* Changes: -new option: --soul for SoulSeek (DROP only) -extension: --kazaa also matches iMesh packets now Note that SoulSeek opens a new TCP connection for every download. We can not recognize this connection so marking does not work. But we can detect CONNECT and TRANSFER REQUEST packets so a DROP rule will make Soulseek stop working. >> Downloads
05.03.2004	*IPP2P 0.5b sources for 2.6* Since pom-ng seems to reach a stable state I decided to modify IPP2P sources for use together with kernel series 2.6. Changes affect the Makefile and the kernel module. Grab the tarball from the downloads section. >> Downloads
06.02.2004	*IPP2P 0.5b released* Changes: -BUGFIX: corrected output for iptables-save -BUGFIX: missing includes in iptables patch fixed Thanks at Pawel Trepka for the information! >> Downloads
18.01.2004	*More scripts* -QoS shellscript to automatically start a HTB setup -IPP2P shellscript to load a set of rules (traffic shaping with IPP2P) >> Downloads
17.01.2004	*Bridge script* Today I rewrote a small shell script to control a bridge interface. Mainly intended to start a bridge in a certain runlevel automatically. >> Downloads
17.01.2004	*Patch updates* -Since the old patch stoped working against 2.4.24 here is a new one -Found and removed a bug in iptables patch >> Downloads
06.01.2004	*Kernel 2.6.0 and IPP2P* The structure changes in new 2.6.x Kernel series demand for some changes in netfilter (for example new POM). Until these changes do not reach a more or less stable state I will not port IPP2P to 2.6. If someone nevertheless wants to use IPP2P and 2.6. go to this page and find there unofficial (and untested) IPP2P and CONNMARK patches for Kernel 2.6. Thanks for the work Alex! >> Unofficial 2.6 patches
17.12.2003	*Latency investigation released* -Results of an (udp) investigation on a firewalling bridge (english) >> Links
05.12.2003	*IPP2P 0.5a patches* -IPP2P kernel patch released (against kernel 2.4.22) -IPP2P userspace patch released (against iptables 1.2.9) -IPP2P patches for POM released Any feedback on this patches is more than welcome! >> Downloads
29.11.2003	*Homepage update* Documentation section finished and uploaded. >> Documentation
28.11.2003	*IPP2P 0.5a released* Changes: -BUGFIX: --kazaa working again (bug was introduced in 0.5.rc1) >> Downloads
13.11.2003	*IPP2P 0.5 released* Changes: -only packets that can contain payload are beeing searched now -improved matches for eMule and eDonkey -turned off debug output >> Downloads
06.11.2003	*IPP2P 0.5.rc2 finished and testing phase started* Changes: -new options: --bit (BitTorrent) and --apple (appleJuice) -extended support for eMule commands (c5) >> Downloads
23.10.2003	*Release of the IPP2P homepage (but still under construction)*
22.10.2003	*IPP2P 0.5.rc1 finished and testing phase started* Changes: -renamed options: --gnu became --gnu-data and --kazaa became --kazaa-data -splitted --dec into --gnu and --kazaa -some minor bugfixes and sourcecode improvements -extended documentation (README; save, help, print) >> Downloads
16.10.2003	*Started work at IPP2P version 0.5*