From b03c1401f616809522ac22b28e052dd3bee6f1a4 Mon Sep 17 00:00:00 2001
From: Tim Yardley <lst@openwrt.org>
Date: Mon, 19 Nov 2007 23:07:00 +0000
Subject: update stripped subset of l7 patterns to 11-03-2007 patterns

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9582 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/iptables/files/l7/bittorrent.pat | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

(limited to 'package/iptables/files/l7/bittorrent.pat')

diff --git a/package/iptables/files/l7/bittorrent.pat b/package/iptables/files/l7/bittorrent.pat
index c1804ee4ba..e5aa5bc13d 100644
--- a/package/iptables/files/l7/bittorrent.pat
+++ b/package/iptables/files/l7/bittorrent.pat
@@ -1,14 +1,27 @@
 # Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com
-# Pattern quality: great veryfast
+# Pattern attributes: good slow notsofast undermatch
+# Protocol groups: p2p open_source
+# Wiki: http://www.protocolinfo.org/wiki/Bittorrent
 #
-# This pattern has been tested and is believed to work well.  If it does not
-# work for you, or you believe it could be improved, please post to 
-# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
+# This pattern has been tested and is believed to work well.
+# It will, however, not work on bittorrent streams that are encrypted, since
+# it's impossible to match encrypted data (unless the encryption is extremely 
+# weak, like rot13 or something...).
+
 bittorrent
 
 # Does not attempt to match the HTTP download of the tracker
 # 0x13 is the length of "bittorrent protocol"
-# Second two bits match UDP wierdness, commented out until it's tested
-#^(\x13bittorrent protocol|d1:ad2:id20:|\x08'7P\)[RP])
-^\x13bittorrent protocol
+# Second two bits match UDP wierdness
+# Next bit matches something Azureus does
+# Ditto on the next bit.  Could also match on "user-agent: azureus", but that's in the next
+# packet and perhaps this will match multiple clients.
+
+# Recently the ^ was removed from before \x13.  I think this was an accident,
+# so I have restored it.
+
+# This is not a valid GNU basic regular expression (but that's ok).
+^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)|d1:ad2:id20:|\x08'7P\)[RP]
+
+# This pattern is "fast", but won't catch as much
+#^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)
-- 
cgit v1.2.3