1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-12-25 22:36:46 +02:00
openwrt-xburst/package/iptables/files/l7/bittorrent.pat
pavlov 3b8c7ad8bb update stripped subset of l7 patterns to 11-03-2007 patterns
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9582 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-11-19 23:07:00 +00:00

28 lines
1.2 KiB
Plaintext

# Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com
# Pattern attributes: good slow notsofast undermatch
# Protocol groups: p2p open_source
# Wiki: http://www.protocolinfo.org/wiki/Bittorrent
#
# This pattern has been tested and is believed to work well.
# It will, however, not work on bittorrent streams that are encrypted, since
# it's impossible to match encrypted data (unless the encryption is extremely
# weak, like rot13 or something...).
bittorrent
# Does not attempt to match the HTTP download of the tracker
# 0x13 is the length of "bittorrent protocol"
# Second two bits match UDP wierdness
# Next bit matches something Azureus does
# Ditto on the next bit. Could also match on "user-agent: azureus", but that's in the next
# packet and perhaps this will match multiple clients.
# Recently the ^ was removed from before \x13. I think this was an accident,
# so I have restored it.
# This is not a valid GNU basic regular expression (but that's ok).
^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)|d1:ad2:id20:|\x08'7P\)[RP]
# This pattern is "fast", but won't catch as much
#^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)