diff options
author | Tim Yardley <lst@openwrt.org> | 2007-11-19 23:07:00 +0000 |
---|---|---|
committer | Tim Yardley <lst@openwrt.org> | 2007-11-19 23:07:00 +0000 |
commit | 85b17a4e9e515a74095ecc691e60fd62e4819a9d (patch) | |
tree | b3336ad58be12cce16152ac9809852b8a02ef7bf /package/iptables/files/l7/edonkey.pat | |
parent | c439768c9af677c22fb2893c467e9fec89dfff21 (diff) | |
download | mtk-20170518-85b17a4e9e515a74095ecc691e60fd62e4819a9d.zip mtk-20170518-85b17a4e9e515a74095ecc691e60fd62e4819a9d.tar.gz mtk-20170518-85b17a4e9e515a74095ecc691e60fd62e4819a9d.tar.bz2 |
update stripped subset of l7 patterns to 11-03-2007 patterns
SVN-Revision: 9582
Diffstat (limited to 'package/iptables/files/l7/edonkey.pat')
-rw-r--r-- | package/iptables/files/l7/edonkey.pat | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/package/iptables/files/l7/edonkey.pat b/package/iptables/files/l7/edonkey.pat index efbc3f3..50a072c 100644 --- a/package/iptables/files/l7/edonkey.pat +++ b/package/iptables/files/l7/edonkey.pat @@ -1,10 +1,14 @@ -# eDonkey2000 - P2P filesharing - http://edonkey2000.com -# Pattern quality: good veryfast overmatch +# eDonkey2000 - P2P filesharing - http://edonkey2000.com and others +# Pattern attributes: good veryfast fast overmatch +# Protocol groups: p2p +# Wiki: http://www.protocolinfo.org/wiki/EDonkey # -# Please post to l7-filter-developers@lists.sf.net as to whether this pattern -# works for you or not. If you believe it could be improved please post your -# suggestions to that list as well. You may subscribe to this list at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers +# Tested recently (April/May 2006) with eMule 0.47a and eDonkey2000 1.4 +# and a long time ago with something else. +# +# In addition to matching what you might expect, this matches much of +# what eMule does when you tell it to only connect to the KAD network. +# I don't quite know what to make of this. # Thanks to Matt Skidmore <fox AT woozle.org> @@ -12,12 +16,15 @@ edonkey # http://gd.tuwien.ac.at/opsys/linux/sf/p/pdonkey/eDonkey-protocol-0.6 # -# In addition to \xe3, \xc5 and \xd4, I see a lot of \xe5 +# In addition to \xe3, \xc5 and \xd4, I see a lot of \xe5. +# As of April 2006, I also see some \xe4. # # God this is a mess. What an irritating protocol. -# This will match about 1% of streams with random data in them! +# This will match about 2% of streams with random data in them! +# (But fortunately much fewer than 2% of streams that are other protocols. +# You can test this with the data in ../testing/) -^[\xe3\xc5\xe5\xd4](....)?([\x01\x02\x05\x14\x15\x16\x18\x19\x1a\x1b\x1c\x20\x21\x32\x33\x34\x35\x36\x38\x40\x41\x42\x43\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x5b\x5c\x60\x81\x82\x90\x91\x93\x96\x97\x98\x99\x9a\x9b\x9c\x9e\xa0\xa1\xa2\xa3\xa4]|\x59................?[ -~]|\x96....$) +^[\xc5\xd4\xe3-\xe5].?.?.?.?([\x01\x02\x05\x14\x15\x16\x18\x19\x1a\x1b\x1c\x20\x21\x32\x33\x34\x35\x36\x38\x40\x41\x42\x43\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58[\x60\x81\x82\x90\x91\x93\x96\x97\x98\x99\x9a\x9b\x9c\x9e\xa0\xa1\xa2\xa3\xa4]|\x59................?[ -~]|\x96....$) # matches everything and too much # ^(\xe3|\xc5|\xd4) |