diff options
| author | Tim Yardley <lst@openwrt.org> | 2007-11-19 23:07:00 +0000 |
|---|---|---|
| committer | Tim Yardley <lst@openwrt.org> | 2007-11-19 23:07:00 +0000 |
| commit | 85b17a4e9e515a74095ecc691e60fd62e4819a9d (patch) | |
| tree | b3336ad58be12cce16152ac9809852b8a02ef7bf /package/iptables/files/l7/bittorrent.pat | |
| parent | c439768c9af677c22fb2893c467e9fec89dfff21 (diff) | |
| download | upstream-85b17a4e9e515a74095ecc691e60fd62e4819a9d.tar.gz upstream-85b17a4e9e515a74095ecc691e60fd62e4819a9d.tar.bz2 upstream-85b17a4e9e515a74095ecc691e60fd62e4819a9d.zip | |
update stripped subset of l7 patterns to 11-03-2007 patterns
SVN-Revision: 9582
Diffstat (limited to 'package/iptables/files/l7/bittorrent.pat')
| -rw-r--r-- | package/iptables/files/l7/bittorrent.pat | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/package/iptables/files/l7/bittorrent.pat b/package/iptables/files/l7/bittorrent.pat index c1804ee4ba..e5aa5bc13d 100644 --- a/package/iptables/files/l7/bittorrent.pat +++ b/package/iptables/files/l7/bittorrent.pat @@ -1,14 +1,27 @@ # Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com -# Pattern quality: great veryfast +# Pattern attributes: good slow notsofast undermatch +# Protocol groups: p2p open_source +# Wiki: http://www.protocolinfo.org/wiki/Bittorrent # -# This pattern has been tested and is believed to work well. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers +# This pattern has been tested and is believed to work well. +# It will, however, not work on bittorrent streams that are encrypted, since +# it's impossible to match encrypted data (unless the encryption is extremely +# weak, like rot13 or something...). + bittorrent # Does not attempt to match the HTTP download of the tracker # 0x13 is the length of "bittorrent protocol" -# Second two bits match UDP wierdness, commented out until it's tested -#^(\x13bittorrent protocol|d1:ad2:id20:|\x08'7P\)[RP]) -^\x13bittorrent protocol +# Second two bits match UDP wierdness +# Next bit matches something Azureus does +# Ditto on the next bit. Could also match on "user-agent: azureus", but that's in the next +# packet and perhaps this will match multiple clients. + +# Recently the ^ was removed from before \x13. I think this was an accident, +# so I have restored it. + +# This is not a valid GNU basic regular expression (but that's ok). +^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)|d1:ad2:id20:|\x08'7P\)[RP] + +# This pattern is "fast", but won't catch as much +#^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=) |