eMule kad & fragmented UDP packets

Discussion in 'LnS English Forum' started by Enig123, Nov 17, 2006.

Thread Status:
Not open for further replies.
  1. Enig123

    Enig123 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    11
    As a p2p lover, I encountered problems tweaking Look'n'Stop to work well with emule (kad open). The problem is that emule kad generated a lot of fragmented UDP packets in both directions (in and out), which are taken as threaten and are blocked by Look'n'Stop (phant0m's rule set, and normal emule's rull of course). In emule forum this has been discussed, one of amule developers, Kry, said it's bad to block those fragmented UDP packets because it's how kad works.

    I'm quite confused about security and getting full function of emule kad. I've written my own rule to let fragmented UDP packets go through when emule is running (hope I'm not doing stupid thing). I wonder if there's better rules sets that can do the same without degrade the security. For example, take UDP fragments packets if it's from the ip whose first packets is send to the port of emule UDP listening port. Is it possible?

    Thanks for your help.
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  3. Enig123

    Enig123 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    11
    Thank you. But that's not what I wanna to get. Actually I'm quite familiar with writing rules by myself. The question is, using that rule set (together with Fant0m's rule) still stops UDP fragmented packets from eMule kademlia.
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    one thing u could try is placing the kad rules above the rule for blocking udp fragmented packets. otherwise i think your method is the only way.

    that said, i havent had problems with my rules + phant0m's ruleset.
     
  5. Enig123

    Enig123 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    11
    As I experienced, Look'n'Stop checks packets one by one, which means fragmented packets (with no specific destination port) will not match those emule rules. I doubte that your rule can give full functionality of kad.
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    well i hope u find a solution to your problem.
     
  7. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    For fragmented packets, you should try the 2.05p3, and enable the following flag in the registry:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lnsfw1]
    "IPFragActive"=dword:00000001

    With this flag, Look 'n' Stop applies to fragmented packets the same rule that did apply to the first packet.

    Regards,

    Frederic
     
  8. Enig123

    Enig123 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    11
    Thanks a lot, Frederic, that's what I want.

    Hope this feature be kept with the newcoming 2.06 version.
     
  9. Enig123

    Enig123 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    11
    I have tried the solution with success.

    Just one more question, do I have to put the rule for emule UDP on top of the +UDP fragments rule of phant0m's ruleset?
     
  10. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes, it will be kept, and probably it will be enabled by default.
    It is better to keep the +UDP fragments rule first in the list.

    Frederic
     
Thread Status:
Not open for further replies.