X-Git-Url: http://git.ozo.com/?a=blobdiff_plain;f=package%2Fiptables%2Ffiles%2Fl7%2Fbittorrent.pat;fp=package%2Fiptables%2Ffiles%2Fl7%2Fbittorrent.pat;h=e5aa5bc13def14b060627cda628bd3608e0add5f;hb=3b8c7ad8bbd2eaa1228b6c90de0f0de55acbb3c1;hp=c1804ee4baa55456a0d77222af69b62955a43ce6;hpb=3fa28b55eaa173d2e17ccaf551bacf88e5b30beb;p=openwrt-10.03%2F.git diff --git a/package/iptables/files/l7/bittorrent.pat b/package/iptables/files/l7/bittorrent.pat index c1804ee4b..e5aa5bc13 100644 --- a/package/iptables/files/l7/bittorrent.pat +++ b/package/iptables/files/l7/bittorrent.pat @@ -1,14 +1,27 @@ # Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com -# Pattern quality: great veryfast +# Pattern attributes: good slow notsofast undermatch +# Protocol groups: p2p open_source +# Wiki: http://www.protocolinfo.org/wiki/Bittorrent # -# This pattern has been tested and is believed to work well. If it does not -# work for you, or you believe it could be improved, please post to -# l7-filter-developers@lists.sf.net . This list may be subscribed to at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers +# This pattern has been tested and is believed to work well. +# It will, however, not work on bittorrent streams that are encrypted, since +# it's impossible to match encrypted data (unless the encryption is extremely +# weak, like rot13 or something...). + bittorrent # Does not attempt to match the HTTP download of the tracker # 0x13 is the length of "bittorrent protocol" -# Second two bits match UDP wierdness, commented out until it's tested -#^(\x13bittorrent protocol|d1:ad2:id20:|\x08'7P\)[RP]) -^\x13bittorrent protocol +# Second two bits match UDP wierdness +# Next bit matches something Azureus does +# Ditto on the next bit. Could also match on "user-agent: azureus", but that's in the next +# packet and perhaps this will match multiple clients. + +# Recently the ^ was removed from before \x13. I think this was an accident, +# so I have restored it. + +# This is not a valid GNU basic regular expression (but that's ok). +^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)|d1:ad2:id20:|\x08'7P\)[RP] + +# This pattern is "fast", but won't catch as much +#^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)