openwrt-xburst/package/iptables/files/l7/bittorrent.pat

# Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com
# Pattern attributes: good slow notsofast undermatch
# Protocol groups: p2p open_source
# Wiki: http://www.protocolinfo.org/wiki/Bittorrent
#
# This pattern has been tested and is believed to work well.
# It will, however, not work on bittorrent streams that are encrypted, since
# it's impossible to match encrypted data (unless the encryption is extremely 
# weak, like rot13 or something...).

bittorrent

# Does not attempt to match the HTTP download of the tracker
# 0x13 is the length of "bittorrent protocol"
# Second two bits match UDP wierdness
# Next bit matches something Azureus does
# Ditto on the next bit.  Could also match on "user-agent: azureus", but that's in the next
# packet and perhaps this will match multiple clients.

# Recently the ^ was removed from before \x13.  I think this was an accident,
# so I have restored it.

# This is not a valid GNU basic regular expression (but that's ok).
^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)|d1:ad2:id20:|\x08'7P\)[RP]

# This pattern is "fast", but won't catch as much
#^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)
add layer7 patterns to iptables-mod-filter git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2519 3c298f89-4303-0410-b956-a3cf2f4a3e73 2005-11-18 18:17:27 +02:00			`# Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com`
update stripped subset of l7 patterns to 11-03-2007 patterns git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9582 3c298f89-4303-0410-b956-a3cf2f4a3e73 2007-11-20 01:07:00 +02:00			`# Pattern attributes: good slow notsofast undermatch`
			`# Protocol groups: p2p open_source`
			`# Wiki: http://www.protocolinfo.org/wiki/Bittorrent`
add layer7 patterns to iptables-mod-filter git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2519 3c298f89-4303-0410-b956-a3cf2f4a3e73 2005-11-18 18:17:27 +02:00			`#`
update stripped subset of l7 patterns to 11-03-2007 patterns git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9582 3c298f89-4303-0410-b956-a3cf2f4a3e73 2007-11-20 01:07:00 +02:00			`# This pattern has been tested and is believed to work well.`
			`# It will, however, not work on bittorrent streams that are encrypted, since`
			`# it's impossible to match encrypted data (unless the encryption is extremely`
			`# weak, like rot13 or something...).`

add layer7 patterns to iptables-mod-filter git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2519 3c298f89-4303-0410-b956-a3cf2f4a3e73 2005-11-18 18:17:27 +02:00			`bittorrent`

			`# Does not attempt to match the HTTP download of the tracker`
			`# 0x13 is the length of "bittorrent protocol"`
update stripped subset of l7 patterns to 11-03-2007 patterns git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9582 3c298f89-4303-0410-b956-a3cf2f4a3e73 2007-11-20 01:07:00 +02:00			`# Second two bits match UDP wierdness`
			`# Next bit matches something Azureus does`
			`# Ditto on the next bit. Could also match on "user-agent: azureus", but that's in the next`
			`# packet and perhaps this will match multiple clients.`

			`# Recently the ^ was removed from before \x13. I think this was an accident,`
			`# so I have restored it.`

			`# This is not a valid GNU basic regular expression (but that's ok).`
			`^(\x13bittorrent protocol\|azver\x01$\|get /scrape\?info_hash=)\|d1:ad2:id20:\|\x08'7P\)[RP]`

			`# This pattern is "fast", but won't catch as much`
			`#^(\x13bittorrent protocol\|azver\x01$\|get /scrape\?info_hash=)`