summaryrefslogtreecommitdiff
path: root/pcr/moblock
diff options
context:
space:
mode:
Diffstat (limited to 'pcr/moblock')
-rw-r--r--pcr/moblock/MoBlock-nfq.sh.patch53
-rw-r--r--pcr/moblock/PKGBUILD55
-rw-r--r--pcr/moblock/config30
-rw-r--r--pcr/moblock/moblock70
-rw-r--r--pcr/moblock/moblock-update174
-rw-r--r--pcr/moblock/moblock.install26
-rw-r--r--pcr/moblock/moblock.logrotate11
-rw-r--r--pcr/moblock/moblock_0.9_rc2.patch912
-rw-r--r--pcr/moblock/moblock_include.patch10
9 files changed, 0 insertions, 1341 deletions
diff --git a/pcr/moblock/MoBlock-nfq.sh.patch b/pcr/moblock/MoBlock-nfq.sh.patch
deleted file mode 100644
index f9136c3c7..000000000
--- a/pcr/moblock/MoBlock-nfq.sh.patch
+++ /dev/null
@@ -1,53 +0,0 @@
---- MoBlock-0.8/MoBlock-nfq.sh.orig 2008-11-30 03:44:02.000000000 -0500
-+++ MoBlock-0.8/MoBlock-nfq.sh 2008-12-01 18:56:15.000000000 -0500
-@@ -3,14 +3,10 @@
- # MoBlock.sh - MoBlock start script
- # ---------------------------------
-
--ACTIVATE_CHAINS=1
--WHITE_TCP_IN=""
--WHITE_UDP_IN=""
--WHITE_TCP_OUT=""
--WHITE_UDP_OUT=""
--WHITE_TCP_FORWARD=""
--WHITE_UDP_FORWARD=""
-+# Some configuration options have been moved to an external conf file
-+# This should make maintenance and upgrading easier
-
-+. /etc/moblock/config
-
- PIDF=/var/run/moblock.pid
-
-@@ -78,6 +74,17 @@
- iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT
- done
-
-+# For added IP whitelisting support
-+
-+for IP in $WHITE_IP_OUT; do
-+ iptables -I MOBLOCK_OUT -p all -m iprange --dst-range $IP -j ACCEPT
-+done
-+for IP in $WHITE_IP_IN; do
-+ iptables -I MOBLOCK_IN -p all -m iprange --src-range $IP -j ACCEPT
-+done
-+for IP in $WHITE_IP_FW; do
-+ iptables -I MOBLOCK_FW -p all -m iprange --dst-range $IP -j ACCEPT
-+done
-
- # Loopback traffic fix
-
-@@ -85,7 +92,8 @@
- iptables -I OUTPUT -p all -o lo -j ACCEPT
-
- # Here you can change block list and log files
--./moblock -p /etc/guarding.p2p ./moblock.log
-+#./moblock -p /etc/guarding.p2p ./moblock.log
-+/usr/bin/moblock -p /etc/moblock/banned.list /var/log/moblock.log >/dev/null 2>&1
-
- # On exit delete the rules we added
-
-@@ -108,3 +116,4 @@
- if [ -f $PIDF ]; then
- rm $PIDF;
- fi
-+
diff --git a/pcr/moblock/PKGBUILD b/pcr/moblock/PKGBUILD
deleted file mode 100644
index 15504d1c1..000000000
--- a/pcr/moblock/PKGBUILD
+++ /dev/null
@@ -1,55 +0,0 @@
-# Contributor: Kevin Edmonds <edmondskevin@hotmail.com>
-# Contributor: Filip Wojciechowski, filip at loka dot pl
-# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
-
-pkgname=moblock
-pkgver=0.9rc2
-pkgrel=8
-pkgdesc="Console application that blocks connections from/to hosts listed in a file in peerguardian format"
-arch=('i686' 'x86_64')
-url="http://moblock.berlios.de/"
-license=('GPL')
-depends=(libnetfilter_queue iptables)
-backup=(etc/moblock/config)
-install=moblock.install
-source=(http://download.berlios.de/moblock/MoBlock-0.8-i586.tar.bz2 \
- moblock_0.9_rc2.patch \
- MoBlock-nfq.sh.patch \
- moblock_include.patch \
- config \
- moblock-update \
- moblock \
- moblock.logrotate)
-
-build() {
- cd $startdir/src/MoBlock-0.8
-
- # patch to update moblock to the latest cvs version
- patch -Np1 -i ../moblock_0.9_rc2.patch || return 1
- # add IP whitelisting and move configs to a separate conf file
- patch -Np1 -i ../MoBlock-nfq.sh.patch || return 1
- # necessary to make moblock build with recent kernels
- patch -Np1 -i ../moblock_include.patch || return 1
-
- # change the CFLAGS for both i686 and x84_64 builds
- sed -i "s#-Wall -O.*-ffast-math#$CFLAGS#g" Makefile
-
- # build
- make || return 1
-
- #move the files
- install -D -m 755 ./MoBlock-nfq.sh $startdir/pkg/usr/bin/moblock-nfq || return 1
- install -D -m 744 ./moblock $startdir/pkg/usr/bin/moblock || return 1
- install -D -m 755 ../moblock-update $startdir/pkg/usr/bin/moblock-update || return 1
- install -D -m 744 ../moblock $startdir/pkg/etc/rc.d/moblock || return 1
- install -D -m 644 ../config $startdir/pkg/etc/moblock/config || return 1
- install -D -m 644 ../moblock.logrotate $startdir/pkg/etc/logrotate.d/moblock || return 1
-}
-md5sums=('199967adb48b153be90db10fe21325c5'
- 'e4e33c515677fa53eaca4616591d4e44'
- 'e9f3c6b09f5e07dee948450780340ea3'
- 'b23b5214965df59632de5cec317ddbde'
- '840bb52a99529305e49212a69c9ced8a'
- '49a16feb221d4d912cc7200313517f7b'
- '1bdc949fcff0ce751a5096e489061513'
- 'a8285fd3e68043cd8d21993d3dbbf9d4')
diff --git a/pcr/moblock/config b/pcr/moblock/config
deleted file mode 100644
index 7d7c287cc..000000000
--- a/pcr/moblock/config
+++ /dev/null
@@ -1,30 +0,0 @@
-# Original MoBlock configuration options from MoBlock-nfq.sh file
-ACTIVATE_CHAINS=1
-WHITE_TCP_IN=""
-WHITE_UDP_IN=""
-WHITE_TCP_OUT="" # Add "http https" here to prevent moblock from blocking webpages
-WHITE_UDP_OUT=""
-WHITE_TCP_FORWARD=""
-WHITE_UDP_FORWARD=""
-
-# Added IP whitelisting support
-WHITE_IP_IN=""
-WHITE_IP_OUT=""
-WHITE_IP_FW=""
-
-# Individual lists can be disabled by prefixing them with '!'
-# Bluetack blacklists (http://www.bluetack.co.uk)
-BLUETACK=(level1 level2 !level3 !edu ads-trackers-and-bad-pr0n bogon spyware spider Microsoft !proxy hijacked templist !rangetest dshield)
-
-# blocklist.org lists (currently doesn't work)
-#BLOCKLIST=(p2p gov spy ads edu)
-
-# backup lists (might be outdated)
-#PHOENIXLABS=(!p2b.p2b edu.txt spider.txt spyware.txt level1.txt !level2.txt !level3.txt)
-
-# Change to 'yes' if you want to backup up the old list before writing
-# a new one. Only one backup copy will be kept.
-BACKUP_OLD_LIST="no"
-
-# Options passed to wget
-WGET_OPTS="-q"
diff --git a/pcr/moblock/moblock b/pcr/moblock/moblock
deleted file mode 100644
index d88bd2e8d..000000000
--- a/pcr/moblock/moblock
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/bin/bash
-
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-case "$1" in
- start)
- stat_busy "Starting MoBlock"
- if [ ! -f /var/run/moblock.pid ]
- then
- /usr/bin/moblock-nfq &
- if [ $? -gt 0 ]
- then
- stat_fail
- else
- add_daemon moblock
- stat_done
- fi
- else
- stat_fail
- fi
- ;;
- update)
- stat_busy "Updating MoBlock block list..."
- error=0
- /usr/bin/moblock-update || error=1
- stat_busy "Updating MoBlock block list"
- if [ $error -eq 1 ]; then
- stat_fail
- else
- stat_done
- fi
- ;;
- stats)
- stat_busy "Logging stats to /var/log/MoBlock.stats"
- PID=`cat /var/run/moblock.pid 2>/dev/null`
- if [ ! -z "$PID" ]; then
- /bin/kill -USR2 $PID
- if [ $? -gt 0 ]; then
- stat_fail
- else
- stat_done
- fi
- else
- stat_fail
- fi
- ;;
- stop)
- stat_busy "Stopping MoBlock"
- PID=`cat /var/run/moblock.pid 2>/dev/null`
- if [ ! -z "$PID" ]; then
- /bin/kill $PID
- if [ $? -gt 0 ]; then
- stat_fail
- else
- rm_daemon moblock
- stat_done
- fi
- else
- stat_fail
- fi
- ;;
- restart)
- $0 stop
- sleep 2
- $0 start
- ;;
- *)
- echo "usage: $0 {start|stop|restart|update|stats}"
-esac
diff --git a/pcr/moblock/moblock-update b/pcr/moblock/moblock-update
deleted file mode 100644
index aae861d13..000000000
--- a/pcr/moblock/moblock-update
+++ /dev/null
@@ -1,174 +0,0 @@
-#!/bin/bash
-
-. /etc/moblock/config
-
-CONF_DIR=/etc/moblock
-TEMP_DIR=$(/usr/bin/mktemp -t -d moblock-updateXXXXXXXX)
-LIST_FILE=banned.list
-
-USECOLOR="no"
-. /etc/rc.d/functions
-PREFIX_REG=" >"
-PREFIX_HL="::"
-
-function extract()
-{
- /usr/bin/find $TEMP_DIR -type f -name '*.gz' -o -name '*.zip' |\
- while read N
- do
- case "$N" in
- *.zip) /usr/bin/unzip -oqq "$N" 2>/dev/null
- if [ $? -gt 0 ]; then
- rm -f "$N"
- return 1
- else
- rm -f "$N"
- fi
- ;;
- *.gz) /bin/gunzip -f "$N" 2>/dev/null
- if [ $? -gt 0 ]; then
- rm -f "$N"
- return 1
- fi
- ;;
- *) continue
- ;;
- esac
- done
- return 0
-}
-
-cd $TEMP_DIR
-
-printf "${C_SEPARATOR} ------------------------------\n"
-printhl "Downloading and extracting files:\n"
-
-# Bluetack lists (with fallback)
-for i in ${BLUETACK[@]}
-do
- if [ $(echo $i | /bin/grep '^[^\!]' | /usr/bin/wc -l) -eq 1 ]; then
- stat_busy "BLUETACK '${i}'... "
- /usr/bin/wget ${WGET_OPTS} "http://www.bluetack.co.uk/config/${i}.gz" && extract
- if [ $? -gt 0 ] || [ ! -f ${i} ]; then
- stat_fail
- bfile=$i
- if [ "$bfile" = "ads-trackers-and-bad-pr0n" ]; then
- bfile="ads"
- elif [ "$bfile" = "Microsoft" ];then
- bfile="microsoft"
- fi
- stat_busy "[!!] BLUETACK '${i}' (fallback link)... "
- /usr/bin/wget ${WGET_OPTS} "http://list.iblocklist.com/?list=bt_${bfile%%-*}" -O "${i}.gz" && extract
- if [ $? -gt 0 ]; then
- stat_fail
- else
- stat_done
- fi
- else
- stat_done
- fi
- fi
-done
-
-# Blocklist lists
-for i in ${BLOCKLIST[@]}
-do
- if [ $(echo $i | /bin/grep '^[^\!]' | /usr/bin/wc -l) -eq 1 ]; then
- stat_busy "BLOCKLIST '${i}'... "
- /usr/bin/wget ${WGET_OPTS} "blocklist.org/${i}.p2b.gz" && extract
- if [ $? -gt 0 ]; then
- stat_fail
- else
- stat_done
- fi
- fi
-done
-
-# Old phoenixlabs.org lists
-for i in ${PHOENIXLABS[@]}
-do
- if [ $(echo $i | /bin/grep '^[^\!]' | /usr/bin/wc -l) -eq 1 ]; then
- stat_busy "PHOENIXLABS '${i}'... "
- /usr/bin/wget ${WGET_OPTS} "fox.phoenixlabs.org/${i}" && extract
- if [ $? -gt 0 ]; then
- stat_fail
- else
- stat_done
- fi
- fi
-done
-
-if [ $(/bin/cat "$TEMP_DIR"/* | /usr/bin/wc -l) -eq 0 ]; then
- printf "\n"
- printhl "ERROR: No files were downloaded"
- printf "${C_SEPARATOR} ------------------------------\n"
- exit 1
-fi
-
-# Check files
-printsep
-printhl "Checking integrity of downloaded files:\n"
-
-/usr/bin/find -type f | while read N
-do
- stat_busy "File '$(echo $N | /bin/awk -F/ '{print $NF}')'... "
- scan1=$(/bin/cat "$N" | /usr/bin/wc -l)
- scan2=$(/bin/egrep -o ":[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*-[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" "$N" | /usr/bin/wc -l)
- if [ $scan1 -eq $scan2 ]; then
- stat_done
- else
- if [ $scan2 -gt 0 ]; then
- if [ $scan1 -gt $scan2 ]; then
- stat_append "$(($scan1-$scan2)) of $scan1 entries failed validation; keeping the file"
- stat_done
- fi
- else
- stat_fail
- stat_busy "[!!] Removing corrupted file... "
- rm "$N" 2>/dev/null
- if [ $? -gt 0 ]; then
- stat_fail
- exit 1
- else
- stat_done
- fi
- fi
- fi
-done
-
-printsep
-printhl "Saving the list:\n"
-
-# Make backup
-if [ "$BACKUP_OLD_LIST" = "yes" ] && [ -f "$CONF_DIR"/"$LIST_FILE" ]; then
- stat_busy "Backing up old list to '$CONF_DIR/$LIST_FILE.gz'... "
- /bin/gzip -f "$CONF_DIR"/"$LIST_FILE" 2>/dev/null
- if [ $? -gt 0 ]; then
- stat_fail
- else
- stat_done
- fi
-fi
-
-# Save the list
-stat_busy "Saving new list to '$CONF_DIR/$LIST_FILE'... "
-/bin/cat "$TEMP_DIR"/* > "$CONF_DIR"/"$LIST_FILE" 2>&1
-if [ $? -gt 0 ]; then
- stat_fail
- exit 1
-else
- stat_done
- printf "\n"
- printhl "Saved `cat "$CONF_DIR"/"$LIST_FILE" | wc -l` ranges"
- printf "${C_SEPARATOR} ------------------------------\n"
-fi
-
-rm -rf "$TEMP_DIR"
-
-# Restart MoBlock
-if [ -f /var/run/moblock.pid ]; then
- /bin/kill -HUP `cat /var/run/moblock.pid` >/dev/null 2>&1
-fi
-
-exit 0
-
diff --git a/pcr/moblock/moblock.install b/pcr/moblock/moblock.install
deleted file mode 100644
index 6afe1d5d9..000000000
--- a/pcr/moblock/moblock.install
+++ /dev/null
@@ -1,26 +0,0 @@
-post_install() {
- #clean up after an old hack
- if [ -h /usr/lib/libnfnetlink.so.1 ]; then
- rm /usr/lib/libnfnetlink.so.1
- fi
- echo ""
- echo ">>> moblock-update script no longer uses /var/spool/moblock"
- echo ">>> as a temporary directory. You can safely delete it."
- echo ""
-}
-
-post_upgrade() {
- #clean up after an old hack
- if [ -h /usr/lib/libnfnetlink.so.1 ]; then
- rm /usr/lib/libnfnetlink.so.1
- fi
- echo ""
- echo ">>> moblock-update script no longer uses /var/spool/moblock"
- echo ">>> as a temporary directory. You can safely delete it."
- echo ""
-}
-
-op=$1
-shift
-$op $*
-
diff --git a/pcr/moblock/moblock.logrotate b/pcr/moblock/moblock.logrotate
deleted file mode 100644
index 6ed64bb81..000000000
--- a/pcr/moblock/moblock.logrotate
+++ /dev/null
@@ -1,11 +0,0 @@
-"/var/log/moblock.log" /var/log/MoBlock.stats {
- daily
- missingok
- notifempty
- sharedscripts
- postrotate
- /usr/bin/test -f /var/run/moblock.pid && /bin/kill -HUP `cat /var/run/moblock.pid 2>/dev/null` 2>/dev/null || exit 0
- endscript
- compress
-}
-
diff --git a/pcr/moblock/moblock_0.9_rc2.patch b/pcr/moblock/moblock_0.9_rc2.patch
deleted file mode 100644
index 69994ffe8..000000000
--- a/pcr/moblock/moblock_0.9_rc2.patch
+++ /dev/null
@@ -1,912 +0,0 @@
-diff -Naur MoBlock-0.8_orig/Changelog MoBlock-0.8/Changelog
---- MoBlock-0.8_orig/Changelog 2006-03-22 12:44:31.000000000 -0500
-+++ MoBlock-0.8/Changelog 2008-02-10 11:56:08.000000000 -0500
-@@ -4,6 +4,23 @@
-
- ---
-
-+0.9: - fix for kernel 2.6.23
-+ - support for MARKing packets instead of DROPping or
-+ ACCEPTing
-+ - example start script that REJECTs packets instead of
-+ DROPping.
-+ - Integrated a patch from David Walluck for proper loading
-+ of p2b files (version 2)
-+ - command line options for logging to syslog, stdout
-+ and log timestamping
-+ - fixed loading pg1 lists with comments (lines starting
-+ with '#')
-+ - fixed a bug in ranges merge
-+ - applied patch 2223 by badfish99: "IPs logged with bytes
-+ reversed on big-endian m/c"
-+
-+---
-+
- 0.8: - support for NFQUEUE-ing from iptables FORWARD chain (thx to
- hyakki for suggestions and testing!)
- - included patches from Maximilian Mehnert to support log file
-diff -Naur MoBlock-0.8_orig/Makefile MoBlock-0.8/Makefile
---- MoBlock-0.8_orig/Makefile 2006-03-22 12:44:31.000000000 -0500
-+++ MoBlock-0.8/Makefile 2007-11-22 08:10:44.000000000 -0500
-@@ -1,4 +1,3 @@
--
- # To use the old-soon-to-be-deprecated libipq interface
- # uncomment the following line and comment the NFQUEUE one,
- # then comment the gcc line with netfilter_queue and
-@@ -7,7 +6,7 @@
- #QUEUE_LIB=LIBIPQ
- QUEUE_LIB=NFQUEUE
-
--CFLAGS=-Wall -O2 -march=i586 -mtune=i686 -fomit-frame-pointer -ffast-math \
-+CFLAGS=-Wall -O3 -march=i586 -mtune=i686 -fomit-frame-pointer -ffast-math \
- -D_GNU_SOURCE -D$(QUEUE_LIB) -L/usr/include/libipq
- CC=gcc
-
-diff -Naur MoBlock-0.8_orig/MoBlock-nfq-reject.sh MoBlock-0.8/MoBlock-nfq-reject.sh
---- MoBlock-0.8_orig/MoBlock-nfq-reject.sh 1969-12-31 19:00:00.000000000 -0500
-+++ MoBlock-0.8/MoBlock-nfq-reject.sh 2007-11-22 08:10:44.000000000 -0500
-@@ -0,0 +1,104 @@
-+#!/bin/sh
-+#
-+# MoBlock.sh - MoBlock start script
-+# ---------------------------------
-+
-+ACTIVATE_CHAINS=1
-+WHITE_TCP_IN=""
-+WHITE_UDP_IN=""
-+WHITE_TCP_OUT=""
-+WHITE_UDP_OUT=""
-+WHITE_TCP_FORWARD=""
-+WHITE_UDP_FORWARD=""
-+REJECT_MARK="10"
-+
-+PIDF=/var/run/moblock.pid
-+
-+FNAME=`basename $0 .sh`
-+MODE=`echo $FNAME|awk -F- '{print $2}'`
-+
-+if [ -f $PIDF ]; then
-+ PID=`cat $PIDF`
-+ if [ `ps -p $PID|wc -l` -gt 1 ]; then
-+ echo "$0: $PIDF exists and processs seems to be running. Exiting."
-+ exit 1;
-+ fi;
-+fi;
-+
-+if [ $MODE == "ipq" ]; then
-+ modprobe ip_queue
-+ TARGET="QUEUE"
-+elif [ $MODE == "nfq" ]; then
-+ modprobe ipt_NFQUEUE
-+ TARGET="NFQUEUE"
-+fi;
-+
-+modprobe ipt_state
-+
-+# Filter all traffic, edit for your needs
-+
-+iptables -N MOBLOCK_IN
-+iptables -N MOBLOCK_OUT
-+iptables -N MOBLOCK_FW
-+
-+if [ $ACTIVATE_CHAINS -eq 1 ]; then
-+ iptables -I INPUT -p all -m state --state NEW -j MOBLOCK_IN
-+ iptables -I OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
-+ iptables -I FORWARD -p all -m state --state NEW -j MOBLOCK_FW
-+fi;
-+
-+
-+iptables -I MOBLOCK_IN -p all -j $TARGET
-+
-+iptables -I MOBLOCK_OUT -p all -j $TARGET
-+
-+iptables -I MOBLOCK_FW -p all -j $TARGET
-+
-+for PORT in $WHITE_TCP_OUT; do
-+ iptables -I MOBLOCK_OUT -p tcp --dport $PORT -j ACCEPT
-+done
-+for PORT in $WHITE_UDP_OUT; do
-+ iptables -I MOBLOCK_OUT -p udp --dport $PORT -j ACCEPT
-+done
-+
-+for PORT in $WHITE_TCP_IN; do
-+ iptables -I MOBLOCK_IN -p tcp --dport $PORT -j ACCEPT
-+done
-+for PORT in $WHITE_UDP_IN; do
-+ iptables -I MOBLOCK_IN -p udp --dport $PORT -j ACCEPT
-+done
-+
-+for PORT in $WHITE_TCP_FORWARD; do
-+ iptables -I MOBLOCK_FW -p tcp --dport $PORT -j ACCEPT
-+done
-+for PORT in $WHITE_UDP_FORWARD; do
-+ iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT
-+done
-+
-+iptables -I OUTPUT -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT
-+iptables -I FORWARD -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT
-+
-+# Here you can change block list and log files
-+./moblock -d /etc/ipfilter.dat -t -s -r $REJECT_MARK ./moblock.log
-+
-+# On exit delete the rules we added
-+
-+if [ $ACTIVATE_CHAINS -eq 1 ]; then
-+ iptables -D INPUT -p all -m state --state NEW -j MOBLOCK_IN
-+ iptables -D OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
-+ iptables -D FORWARD -p all -m state --state NEW -j MOBLOCK_FW
-+fi;
-+
-+iptables -D OUTPUT -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT
-+iptables -D FORWARD -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT
-+
-+iptables -F MOBLOCK_IN
-+iptables -X MOBLOCK_IN
-+iptables -F MOBLOCK_OUT
-+iptables -X MOBLOCK_OUT
-+iptables -F MOBLOCK_FW
-+iptables -X MOBLOCK_FW
-+
-+if [ -f $PIDF ]; then
-+ rm $PIDF;
-+fi
-diff -Naur MoBlock-0.8_orig/MoBlock.c MoBlock-0.8/MoBlock.c
---- MoBlock-0.8_orig/MoBlock.c 2006-03-22 12:44:31.000000000 -0500
-+++ MoBlock-0.8/MoBlock.c 2008-02-10 11:56:08.000000000 -0500
-@@ -35,6 +35,8 @@
- #include <linux/netfilter_ipv4.h>
- #include <signal.h>
- #include <regex.h>
-+#include <time.h>
-+#include <syslog.h>
-
- // in Makefile define LIBIPQ to use soon-to-be-deprecated ip_queue,
- // NFQUEUE for ipt_NFQUEUE (from kernel 2.6.14)
-@@ -46,7 +48,7 @@
- #include <libnetfilter_queue/libnetfilter_queue.h>
- #endif
-
--#define MB_VERSION "0.8"
-+#define MB_VERSION "0.9rc2"
-
- #define BUFSIZE 2048
- #define PAYLOADSIZE 21
-@@ -58,6 +60,9 @@
- #define SRC_ADDR(payload) (*(in_addr_t *)((payload)+12))
- #define DST_ADDR(payload) (*(in_addr_t *)((payload)+16))
-
-+#define likely(x) __builtin_expect((x),1)
-+#define unlikely(x) __builtin_expect((x),0)
-+
- // rbt datatypes/functions
-
- typedef enum {
-@@ -96,7 +101,8 @@
- char filename[100];
- } blocklist_info;
-
--int merged_ranges=0, skipped_ranges=0;
-+u_int32_t merged_ranges=0, skipped_ranges=0, accept_mark=0, reject_mark=0;
-+u_int8_t log2syslog=0, log2file=0, log2stdout=0, timestamp=0;
-
- #ifdef LIBIPQ
- static void die(struct ipq_handle *h)
-@@ -112,11 +118,13 @@
- static char buf[2][ sizeof("aaa.bbb.ccc.ddd") ];
- static short int index=0;
-
-+ ip = ntohl(ip);
-+
- sprintf(buf[index],"%d.%d.%d.%d",
-- (ip) & 0xff,
-- (ip >> 8) & 0xff,
-+ (ip >> 24) & 0xff,
- (ip >> 16) & 0xff,
-- (ip >> 24) & 0xff);
-+ (ip >> 8) & 0xff,
-+ (ip) & 0xff);
-
- if (index) {
- index=0;
-@@ -134,10 +142,38 @@
- fflush(stdout);
- }
-
-+void log_action(char *msg)
-+{
-+ char timestr[30];
-+ time_t tv;
-+
-+ if (timestamp) {
-+ tv = time(NULL);
-+ strncpy(timestr, ctime(&tv), 19);
-+ timestr[19] = '\0';
-+ strcat(timestr, "| ");
-+ }
-+ else strcpy(timestr, "");
-+
-+ if (log2syslog) {
-+ syslog(LOG_INFO, msg);
-+ }
-+
-+ if (log2file) {
-+ fprintf(logfile,"%s%s",timestr,msg);
-+ fflush(logfile);
-+ }
-+
-+ if (log2stdout) {
-+ fprintf(stdout,"%s%s",timestr,msg);
-+ }
-+}
-+
- inline void ranged_insert(char *name,char *ipmin,char *ipmax)
- {
- recType tmprec;
- int ret;
-+ char msgbuf[255];
-
- if ( strlen(name) > (BNAME_LEN-1) ) {
- strncpy(tmprec.blockname, name, BNAME_LEN);
-@@ -149,10 +185,11 @@
- if ( (ret=insert(ntohl(inet_addr(ipmin)),&tmprec)) != STATUS_OK )
- switch(ret) {
- case STATUS_MEM_EXHAUSTED:
-- fprintf(logfile,"Error inserting range, MEM_EXHAUSTED.\n");
-+ log_action("Error inserting range, MEM_EXHAUSTED.\n");
- break;
- case STATUS_DUPLICATE_KEY:
-- fprintf(logfile,"Duplicated range ( %s )\n",name);
-+ sprintf(msgbuf,"Duplicated range ( %s )\n",name);
-+ log_action(msgbuf);
- break;
- case STATUS_MERGED:
- merged_ranges++;
-@@ -161,8 +198,9 @@
- skipped_ranges++;
- break;
- default:
-- fprintf(logfile,"Unexpected return value from ranged_insert()!\n");
-- fprintf(logfile,"Return value was: %d\n",ret);
-+ log_action("Unexpected return value from ranged_insert()!\n");
-+ sprintf(msgbuf,"Return value was: %d\n",ret);
-+ log_action(msgbuf);
- break;
- }
- }
-@@ -177,15 +215,19 @@
- regex_t regmain;
- regmatch_t matches[4];
- int i;
-+ char msgbuf[255];
-
- regcomp(&regmain, "^(.*)[:]([0-9.]*)[-]([0-9.]*)$", REG_EXTENDED);
-
- fp=fopen(filename,"r");
- if ( fp == NULL ) {
-- fprintf(logfile,"Error opening %s, aborting...\n", filename);
-+ sprintf(msgbuf,"Error opening %s, aborting...\n", filename);
-+ log_action(msgbuf);
- exit(-1);
- }
- while ( (count=getline(&line,&len,fp)) != -1 ) {
-+ if ( line[0] == '#' ) //comment line, skip
-+ continue;
- for(i=count-1; i>=0; i--) {
- if ((line[i] == '\r') || (line[i] == '\n') || (line[i] == ' ')) {
- line[i] = 0;
-@@ -207,36 +249,78 @@
- line+matches[3].rm_so);
- ntot++;
- } else {
-- fprintf(logfile,"Short guarding.p2p line %s, skipping it...\n", line);
-+ sprintf(msgbuf,"Short guarding.p2p line %s, skipping it...\n", line);
-+ log_action(msgbuf);
- }
- }
- if (line)
- free(line);
- fclose(fp);
-- fprintf(logfile,"Ranges loaded: %d\n",ntot);
-- printf("* Ranges loaded: %d\n",ntot);
-+ sprintf(msgbuf, "* Ranges loaded: %d\n", ntot);
-+ log_action(msgbuf);
-+ if ( !log2stdout )
-+ printf(msgbuf);
- }
-
--void loadlist_pg2(char *filename) // experimental, no check for list sanity
-+void loadlist_pg2(char *filename) // supports only v2 files
- {
- FILE *fp;
-- int i,retval,ntot=0;
-- char name[100],ipmin[16]; // hope we don't have a list with longer names...
-+ int i, j, c, retval=0, ntot=0;
-+ char name[100],ipmin[16], msgbuf[255]; // hope we don't have a list with longer names...
- uint32_t start_ip, end_ip;
- struct in_addr startaddr,endaddr;
-+ size_t s;
-
- fp=fopen(filename,"r");
- if ( fp == NULL ) {
-- fprintf(logfile,"Error opening %s, aborting...\n", filename);
-+ sprintf(msgbuf, "Error opening %s, aborting...\n", filename);
-+ log_action(msgbuf);
- exit(-1);
- }
-
-- fgetc(fp); // skip first 4 bytes, don't know what they are
-- fgetc(fp);
-- fgetc(fp);
-- retval=fgetc(fp);
-+ for (j=0; j<4; j++) {
-+ c=fgetc(fp);
-+ if ( c != 0xff ) {
-+ sprintf(msgbuf,"Byte %d: 0x%x != 0xff, aborting...\n", j+1, c);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+ }
-+
-+ c=fgetc(fp);
-+ if ( c != 'P' ) {
-+ sprintf(msgbuf,"Byte 5: %c != P, aborting...\n", c);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+
-+ c=fgetc(fp);
-+ if ( c != '2' ) {
-+ sprintf(msgbuf,"Byte 6: %c != 2, aborting...\n", c);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-
-- while ( retval != EOF ) {
-+ c=fgetc(fp);
-+ if ( c != 'B' ) {
-+ sprintf(msgbuf,"Byte 7: %c != B, aborting...\n", c);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+
-+ c=fgetc(fp);
-+ if ( c != 0x02 ) {
-+ sprintf(msgbuf,"Byte 8: version: %d != 2, aborting...\n", c);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+
-+ do {
- i=0;
- do {
- name[i]=fgetc(fp);
-@@ -244,9 +328,22 @@
- } while ( name[i-1] != 0x00 && name[i-1] != EOF);
- if ( name[i-1] != EOF ) {
- name[i-1]='\0';
-- fread(&start_ip,4,1,fp);
-- fread(&end_ip,4,1,fp);
-- startaddr.s_addr=start_ip;
-+ s=fread(&start_ip,4,1,fp);
-+ if ( s != 1 ) {
-+ sprintf(msgbuf,"Failed to read start IP: %d != 1, aborting...\n", (int)s);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+ s=fread(&end_ip,4,1,fp);
-+ if ( s != 1 ) {
-+ sprintf(msgbuf,"Failed to read end IP: %d != 1, aborting...\n", (int)s);
-+ log_action(msgbuf);
-+ fclose(fp);
-+ exit(-1);
-+ }
-+
-+ startaddr.s_addr=start_ip;
- endaddr.s_addr=end_ip;
- strcpy(ipmin,inet_ntoa(startaddr));
- ranged_insert(name,ipmin,inet_ntoa(endaddr));
-@@ -255,22 +352,25 @@
- else {
- retval=EOF;
- }
-- }
-+ } while ( retval != EOF );
- fclose(fp);
-- fprintf(logfile,"Ranges loaded: %d\n",ntot);
-- printf("* Ranges loaded: %d\n",ntot);
-+ sprintf(msgbuf, "* Ranges loaded: %d\n",ntot);
-+ log_action(msgbuf);
-+ if ( !log2stdout )
-+ printf(msgbuf);
- }
-
- void loadlist_dat(char *filename)
- {
- FILE *fp;
- int ntot=0;
-- char readbuf[200], *name, start_ip[16], end_ip[16];
-+ char readbuf[200], *name, start_ip[16], end_ip[16], msgbuf[255];
- unsigned short ip1_0, ip1_1, ip1_2, ip1_3, ip2_0, ip2_1, ip2_2, ip2_3;
-
- fp=fopen(filename,"r");
- if ( fp == NULL ) {
-- fprintf(logfile,"Error opening %s, aborting...\n", filename);
-+ sprintf(msgbuf,"Error opening %s, aborting...\n", filename);
-+ log_action(msgbuf);
- exit(-1);
- }
-
-@@ -286,38 +386,45 @@
- ntot++;
- }
- fclose(fp);
-- fprintf(logfile,"Ranges loaded: %d\n",ntot);
-- printf("* Ranges loaded: %d\n",ntot);
-+ sprintf(msgbuf, "* Ranges loaded: %d\n", ntot);
-+ log_action(msgbuf);
-+ if ( !log2stdout )
-+ printf(msgbuf);
- }
-
- void reopen_logfile(void)
- {
-+ char msgbuf[255];
-+
- if (logfile != NULL) {
- fclose(logfile);
- logfile=NULL;
- }
- logfile=fopen(logfile_name,"a");
- if (logfile == NULL) {
-- fprintf(stderr, "Unable to open logfile %s\n", logfile_name);
-+ sprintf(msgbuf, "Unable to open logfile %s\n", logfile_name);
-+ log_action(msgbuf);
- exit(-1);
- }
-- fprintf(logfile, "Reopening logfile.\n");
-+ log_action("Reopening logfile.\n");
- }
-
- void my_sahandler(int sig)
- {
-+ char msgbuf[255];
-+
- switch( sig ) {
- case SIGUSR1:
-- fprintf(logfile,"Got SIGUSR1! Dumping stats...\n");
-+ log_action("Got SIGUSR1! Dumping stats...\n");
- ll_show(logfile);
- reopen_logfile();
- break;
- case SIGUSR2:
-- fprintf(logfile,"Got SIGUSR2! Dumping stats to /var/log/MoBlock.stats\n");
-+ log_action("Got SIGUSR2! Dumping stats to /var/log/MoBlock.stats\n");
- ll_log();
- break;
- case SIGHUP:
-- fprintf(logfile,"\nGot SIGHUP! Dumping and resetting stats, reloading blocklist\n\n");
-+ log_action("Got SIGHUP! Dumping and resetting stats, reloading blocklist\n");
- ll_log();
- ll_clear(); // clear stats list
- destroy_tree(); // clear loaded ranges
-@@ -332,17 +439,18 @@
- loadlist_pg2(blocklist_info.filename);
- break;
- default:
-- fprintf(logfile,"Unknown blocklist type while reloading list, contact the developer!\n");
-+ log_action("Unknown blocklist type while reloading list, contact the developer!\n");
- break;
- }
- reopen_logfile();
- break;
- case SIGTERM:
-- fprintf(logfile,"Got SIGTERM! Dumping stats and exiting.\n");
-+ log_action("Got SIGTERM! Dumping stats and exiting.\n");
- ll_log();
- exit(0);
- default:
-- fprintf(logfile,"Received signal = %d but not handled\n",sig);
-+ sprintf(msgbuf,"Received signal = %d but not handled\n",sig);
-+ log_action(msgbuf);
- break;
- }
- }
-@@ -378,7 +486,7 @@
- {
- int id=0, status=0;
- struct nfqnl_msg_packet_hdr *ph;
-- char *payload;
-+ char *payload, msgbuf[255];
- recType tmprec;
-
- ph = nfq_get_msg_packet_hdr(nfa);
-@@ -389,34 +497,78 @@
- switch (ph->hook) {
- case NF_IP_LOCAL_IN:
- if ( find(ntohl(SRC_ADDR(payload)),&tmprec) == STATUS_OK ) {
-+ // we drop the packet instead of rejecting
-+ // we don't want the other host to know we are alive
- status=nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
-- fprintf(logfile,"Blocked IN: %s,hits: %d,SRC: %s\n",tmprec.blockname,tmprec.hits,ip2str(SRC_ADDR(payload)));
-- } else status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ sprintf(msgbuf,"Blocked IN: %s,hits: %d,SRC: %s\n",tmprec.blockname,tmprec.hits,ip2str(SRC_ADDR(payload)));
-+ log_action(msgbuf);
-+ }
-+ else if ( unlikely(accept_mark) ) {
-+ // we set the user-defined accept_mark and set NF_REPEAT verdict
-+ // it's up to other iptables rules to decide what to do with this marked packet
-+ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, accept_mark, 0, NULL);
-+ }
-+ else {
-+ // no accept_mark, just NF_ACCEPT the packet
-+ status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ }
- break;
- case NF_IP_LOCAL_OUT:
- if ( find(ntohl(DST_ADDR(payload)),&tmprec) == STATUS_OK ) {
-- status=nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
-- fprintf(logfile,"Blocked OUT: %s,hits: %d,DST: %s\n",tmprec.blockname,tmprec.hits,ip2str(DST_ADDR(payload)));
-- } else status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ if ( likely(reject_mark) ) {
-+ // we set the user-defined reject_mark and set NF_REPEAT verdict
-+ // it's up to other iptables rules to decide what to do with this marked packet
-+ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, reject_mark, 0, NULL);
-+ }
-+ else {
-+ status = nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
-+ }
-+ sprintf(msgbuf,"Blocked OUT: %s,hits: %d,DST: %s\n",tmprec.blockname,tmprec.hits,ip2str(DST_ADDR(payload)));
-+ log_action(msgbuf);
-+ }
-+ else if ( unlikely(accept_mark) ) {
-+ // we set the user-defined accept_mark and set NF_REPEAT verdict
-+ // it's up to other iptables rules to decide what to do with this marked packet
-+ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, accept_mark, 0, NULL);
-+ }
-+ else {
-+ // no accept_mark, just NF_ACCEPT the packet
-+ status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ }
- break;
- case NF_IP_FORWARD:
- if ( find2(ntohl(SRC_ADDR(payload)), ntohl(DST_ADDR(payload)), &tmprec) == STATUS_OK ) {
-- status=nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
-- fprintf(logfile,"Blocked FWD: %s,hits: %d,SRC: %s, DST: %s\n",
-+ if ( likely(reject_mark) ) {
-+ // we set the user-defined reject_mark and set NF_REPEAT verdict
-+ // it's up to other iptables rules to decide what to do with this marked packet
-+ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, reject_mark, 0, NULL);
-+ }
-+ else {
-+ status = nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
-+ }
-+ sprintf(msgbuf,"Blocked FWD: %s,hits: %d,SRC: %s, DST: %s\n",
- tmprec.blockname, tmprec.hits, ip2str(SRC_ADDR(payload)), ip2str(DST_ADDR(payload)));
-- fflush(logfile);
-- } else status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ log_action(msgbuf);
-+ }
-+ else if ( unlikely(accept_mark) ) {
-+ // we set the user-defined accept_mark and set NF_REPEAT verdict
-+ // it's up to other iptables rules to decide what to do with this marked packet
-+ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, accept_mark, 0, NULL);
-+ }
-+ else {
-+ // no accept_mark, just NF_ACCEPT the packet
-+ status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
-+ }
- break;
- default:
-- fprintf(logfile,"Not NF_LOCAL_IN/OUT/FORWARD packet!\n");
-+ log_action("Not NF_LOCAL_IN/OUT/FORWARD packet!\n");
- break;
- }
- }
- else {
-- fprintf(logfile,"NFQUEUE: can't get msg packet header.\n");
-+ log_action("NFQUEUE: can't get msg packet header.\n");
- return(1); // from nfqueue source: 0 = ok, >0 = soft error, <0 hard error
- }
-- fflush(logfile);
- return(0);
- }
- #endif
-@@ -492,46 +644,48 @@
- struct nfq_q_handle *qh;
- struct nfnl_handle *nh;
- int fd,rv;
-- char buf[BUFSIZE];
-+ char buf[BUFSIZE], msgbuf[255];
-
- h = nfq_open();
- if (!h) {
-- fprintf(logfile, "Error during nfq_open()\n");
-+ log_action("Error during nfq_open()\n");
- exit(-1);
- }
-
- if (nfq_unbind_pf(h, AF_INET) < 0) {
-- fprintf(logfile, "error during nfq_unbind_pf()\n");
-- exit(-1);
-+ log_action("error during nfq_unbind_pf()\n");
-+ //exit(-1);
- }
-
- if (nfq_bind_pf(h, AF_INET) < 0) {
-- fprintf(logfile, "Error during nfq_bind_pf()\n");
-+ log_action("Error during nfq_bind_pf()\n");
- exit(-1);
- }
-
-- fprintf(logfile,"NFQUEUE: binding to queue '%hd'\n", queuenum);
-+ sprintf(msgbuf,"NFQUEUE: binding to queue '%hd'\n", queuenum);
-+ log_action(msgbuf);
- qh = nfq_create_queue(h, queuenum, &nfqueue_cb, NULL);
- if (!qh) {
-- fprintf(logfile, "error during nfq_create_queue()\n");
-+ log_action("error during nfq_create_queue()\n");
- exit(-1);
- }
-
- if (nfq_set_mode(qh, NFQNL_COPY_PACKET, PAYLOADSIZE) < 0) {
-- fprintf(logfile, "can't set packet_copy mode\n");
-+ log_action("can't set packet_copy mode\n");
- exit(-1);
- }
-
- nh = nfq_nfnlh(h);
- fd = nfnl_fd(nh);
-
-- while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
-+ while ((rv = recv(fd, buf, sizeof(buf), 0)) >= 0) {
- nfq_handle_packet(h, buf, rv);
- }
-
-- printf("NFQUEUE: unbinding from queue 0\n");
-+ log_action("NFQUEUE: unbinding from queue 0\n");
- nfq_destroy_queue(qh);
- nfq_close(h);
-+ nfq_unbind_pf(h, AF_INET);
- return(0);
- #endif
-
-@@ -540,11 +694,16 @@
- void print_options(void)
- {
- printf("\nMoBlock %s by Morpheus",MB_VERSION);
-- printf("\nSyntax: MoBlock -dnp <blocklist> [-b] [-q 0-65535] <logfile>\n\n");
-+ printf("\nSyntax: MoBlock -dnp <blocklist> [-q 0-65535] <logfile>\n\n");
- printf("\t-d\tblocklist is an ipfilter.dat file\n");
- printf("\t-n\tblocklist is a peerguardian 2.x file (.p2b)\n");
- printf("\t-p\tblocklist is a peerguardian file (.p2p)\n");
- printf("\t-q\t0-65535 NFQUEUE number (as specified in --queue-num with iptables)\n");
-+ printf("\t-r MARK\tmark packet with MARK instead of DROP\n");
-+ printf("\t-a MARK\tmark packet with MARK instead of ACCEPT\n");
-+ printf("\t-l\tlog to stdout\n");
-+ printf("\t-s\tlog to syslog\n");
-+ printf("\t-t\tlog timestamping\n\n");
- }
-
- void on_quit()
-@@ -556,6 +715,7 @@
- {
- int ret=0;
- unsigned short int queuenum=0;
-+ char msgbuf[255];
-
- if (argc < 3) {
- print_options();
-@@ -591,10 +751,11 @@
- }
- logfile_name=malloc(strlen(argv[argc-1])+1);
- strcpy(logfile_name,argv[argc-1]);
-+ log2file = 1;
- printf("* Logging to %s\n",logfile_name);
-
- while (1) { //scan command line options
-- ret=getopt(argc, argv, "d:n:p:q:");
-+ ret=getopt(argc, argv, "d:n:p:q:a:r:stl");
- if ( ret == -1 ) break;
-
- switch (ret) {
-@@ -619,6 +780,28 @@
- case 'q':
- queuenum=(unsigned short int)atoi(optarg);
- break;
-+ case 'r':
-+ reject_mark=(u_int32_t)atoi(optarg);
-+ printf("* DROP MARK: %d\n", reject_mark);
-+ reject_mark=htonl(reject_mark);
-+ break;
-+ case 'a':
-+ accept_mark=(u_int32_t)atoi(optarg);
-+ printf("* ACCEPT MARK: %d\n", accept_mark);
-+ accept_mark=htonl(accept_mark);
-+ break;
-+ case 's':
-+ log2syslog = 1;
-+ printf("* Logging to syslog\n");
-+ break;
-+ case 't':
-+ timestamp = 1;
-+ printf("* Log timestamp enabled\n");
-+ break;
-+ case 'l':
-+ log2stdout = 1;
-+ printf("* Log to stdout enabled\n");
-+ break;
- case '?': // unknown option
- print_options();
- exit(-1);
-@@ -626,10 +809,14 @@
- }
- }
-
-- printf("* Merged ranges: %d\n", merged_ranges);
-- fprintf(logfile, "Merged ranges: %d\n", merged_ranges);
-- printf("* Skipped useless ranges: %d\n", skipped_ranges);
-- fprintf(logfile,"Skipped useless ranges: %d\n", skipped_ranges);
-+ sprintf(msgbuf, "* Merged ranges: %d\n", merged_ranges);
-+ log_action(msgbuf);
-+ if ( !log2stdout )
-+ printf(msgbuf);
-+ sprintf(msgbuf,"* Skipped useless ranges: %d\n", skipped_ranges);
-+ log_action(msgbuf);
-+ if ( !log2stdout )
-+ printf(msgbuf);
- fflush(NULL);
-
- netlink_loop(queuenum);
-diff -Naur MoBlock-0.8_orig/README MoBlock-0.8/README
---- MoBlock-0.8_orig/README 2006-03-22 12:44:31.000000000 -0500
-+++ MoBlock-0.8/README 2007-11-22 08:10:44.000000000 -0500
-@@ -1,5 +1,5 @@
-
--MoBlock README v0.8
-+MoBlock README v0.9
- http://moblock.berlios.de
-
- .Introduction.
-@@ -47,6 +47,22 @@
- ip_conntrack 40044 1 ipt_state
- iptable_filter 2176 1
- ip_tables 17600 3 ipt_NFQUEUE,ipt_state,iptable_filter
-+
-+ ...and these with kernel 2.6.23 using NFQUEUE interface:
-+
-+ nfnetlink_queue 9344 1
-+ nfnetlink 4568 2 nfnetlink_queue
-+ ipt_REJECT 3520 2
-+ xt_mark 1600 2
-+ nf_conntrack_ipv4 12424 5
-+ iptable_filter 2308 1
-+ ip_tables 10328 1 iptable_filter
-+ xt_state 1984 5
-+ nf_conntrack 48356 2 nf_conntrack_ipv4,xt_state
-+ xt_NFQUEUE 1664 3
-+ x_tables 11396 5 ipt_REJECT,xt_mark,ip_tables,xt_state,xt_NFQUEUE
-+
-+ (notice that ipt_NFQUEUE has changed to xt_NFQUEUE, same thing for other modules too)
-
- 2) A valid guarding.p2p/ipfilter.dat/p2p.p2b host file in /etc ( /etc/guarding.p2p ).
- MoBlock tries to skip malformed or duplicate ranges but
-@@ -140,8 +156,18 @@
- To specify a NFQUEUE queue number:
-
- ./moblock -p /etc/guarding.p2p -q 5 MoBlock.log
-+
-+ From version 0.9 MoBlock supports MARKing packets and RETURN them to
-+ iptables, there's an example start script (MoBlock-nfq-reject.sh) that
-+ uses this feature to REJECT packet instead of dropping them. It can help
-+ in complex firewall configuration where you need more control of packets
-+ flow after MoBlock inspection.
-+ See the mentioned start script for reference, you can set the MARK value
-+ for packets that MoBlock would drop (ip in list) with the "-r" command line
-+ option and for packets that MoBlock would accept (ip not in list) with
-+ the "-a" command line option.
-
-- To stop it:
-+ To stop MoBlock:
-
- kill -TERM <MoBlockPid>
-
-@@ -149,7 +175,7 @@
- To obtain stats about blocked ranges while it's running:
-
- kill -USR1 <MoBlockPid> # write stats to logfile
-- kill -USR2 <MoBlockPid> # write stats to /var/log/MoBlock.stats
-+ kill -USR2 <MoBlockPid> # write stats to /var/log/MoBlock.stats
-
- ** NEW: to reload the blocklist while MoBlock is running send to it the
- HUP signal:
-@@ -168,7 +194,10 @@
- took some code and ideas from his FTwall
- - Andrew de Quincey (adq at lidskialf dot net) for regular expressions
- and command line args patch
--- Maximilian Mehnert (clessing at freenet dot de) for logfile rotation
-+- clessing at freenet dot de for logfile rotation
- patches, pid file creation, start script, fixes/files for debian packaging
-+- David Walluck, patch for proper loading of p2b files
-+- jre, for continuing clessing work on debian packaging and many other
-+ contributions
-
--Last Updated: 20/Mar/2006
-+Last Updated: 15/Oct/2007
-diff -Naur MoBlock-0.8_orig/rbt.c MoBlock-0.8/rbt.c
---- MoBlock-0.8_orig/rbt.c 2006-03-22 12:44:31.000000000 -0500
-+++ MoBlock-0.8/rbt.c 2008-02-10 11:56:08.000000000 -0500
-@@ -19,7 +19,7 @@
- #include <stdarg.h>
- #include <time.h>
-
--#define RBT_VERSION 0.8
-+#define RBT_VERSION 0.9
- #define BNAME_LEN 80
-
- /* implementation dependend declarations */
-@@ -421,7 +421,7 @@
-
- statusEnum insert(keyType key, recType *rec) {
- nodeType *current, *parent, *x;
-- keyType tmpkey;
-+ //keyType tmpkey;
- recType tmprec;
- int ret;
-
-@@ -433,6 +433,23 @@
- current = root;
- parent = 0;
- while (current != NIL) {
-+ if (compEQ2(current->key, key, rec->ipmax)) { // current node key is inside new range to be inserted
-+ strcpy(tmprec.blockname, rec->blockname); // block name from new range
-+ if (compLT(current->rec.ipmax, rec->ipmax))
-+ tmprec.ipmax = rec->ipmax;
-+ else tmprec.ipmax = current->rec.ipmax;
-+ tmprec.hits = 0;
-+ //printf("deleting node :%lu\n", current->key);
-+ ret=delete(current->key);
-+ if ( ret != STATUS_OK )
-+ return(ret);
-+ ret=insert(key, &tmprec);
-+ if ( ret == STATUS_OK ) {
-+ printf("new merge\n");
-+ return(STATUS_MERGED);
-+ }
-+ else return(ret);
-+ }
- if (compEQ(key, current->key)) {
- if ( rec->ipmax > current->rec.ipmax ) {
- current->rec.ipmax=rec->ipmax;
-@@ -458,7 +475,7 @@
- }
- }
- //check if higher ip (ipmax) is already in a range
-- if (compEQ2(rec->ipmax,current->key,current->rec.ipmax)) {
-+ /*if (compEQ2(rec->ipmax,current->key,current->rec.ipmax)) {
- fprintf(logfile,"higher ip in range\n");
- tmpkey=key;
- strcpy(tmprec.blockname,current->rec.blockname);
-@@ -470,7 +487,7 @@
- if ( ret == STATUS_OK )
- return(STATUS_MERGED);
- else return(ret);
-- }
-+ }*/
- parent = current;
- current = compLT(key, current->key) ?
- current->left : current->right;
-@@ -495,7 +512,7 @@
- } else {
- root = x;
- }
--
-+ //printf("new node, key: %lu, parent: %lu\n", x->key, parent ? parent->key : 0);
- insertFixup(x);
- lastFind = NULL;
-
diff --git a/pcr/moblock/moblock_include.patch b/pcr/moblock/moblock_include.patch
deleted file mode 100644
index 644e8240e..000000000
--- a/pcr/moblock/moblock_include.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- MoBlock-0.8/MoBlock.c.orig 2008-08-15 14:41:49.000000000 -0400
-+++ MoBlock-0.8/MoBlock.c 2008-08-15 14:43:45.000000000 -0400
-@@ -32,6 +32,7 @@
- #include <netinet/udp.h>
- #include <sys/socket.h>
- #include <arpa/inet.h>
-+#include <limits.h>
- #include <linux/netfilter_ipv4.h>
- #include <signal.h>
- #include <regex.h>