From 3b8c7ad8bbd2eaa1228b6c90de0f0de55acbb3c1 Mon Sep 17 00:00:00 2001 From: pavlov Date: Mon, 19 Nov 2007 23:07:00 +0000 Subject: update stripped subset of l7 patterns to 11-03-2007 patterns git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9582 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/iptables/files/l7/gnutella.pat | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) (limited to 'package/iptables/files/l7/gnutella.pat') diff --git a/package/iptables/files/l7/gnutella.pat b/package/iptables/files/l7/gnutella.pat index ebbd5c621..57a76de02 100644 --- a/package/iptables/files/l7/gnutella.pat +++ b/package/iptables/files/l7/gnutella.pat @@ -1,17 +1,14 @@ # Gnutella - P2P filesharing -# Pattern quality: good fast +# Pattern attributes: good notsofast notsofast +# Protocol groups: p2p open_source +# Wiki: http://www.protocolinfo.org/wiki/Gnutella # # This should match both Gnutella and "Gnutella2" ("Mike's protocol") # # Various clients use this protocol including Mactella, Shareaza, -# GTK-gnutella, Gnucleus, Gnotella, LimeWire, BearShare, and iMesh. +# GTK-gnutella, Gnucleus, Gnotella, LimeWire, iMesh and BearShare. # # This is tested with gtk-gnutella and Shareaza. -# -# Please report on how this pattern works for you at -# l7-filter-developers@lists.sf.net . If you can improve on this -# pattern, please also post to that list. You may subscribe at -# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers # http://www.gnutella2.com/tiki-index.php?page=UDP%20Transceiver # http://rfc-gnutella.sf.net/ @@ -28,7 +25,7 @@ gnutella # document based. Assumes version is between 0.0 and 2.9. (usually is # 0.4 or 0.6). I'm guessing at many of the user-agents. # The last bit is emprical and probably only matches Limewire. -^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella.*content-type: application/x-gnutella|..................lime) +^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella.*content-type: application/x-gnutella|...................?lime) # Needlessly precise, at the expense of time #^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /[\x09-\x0d -~]*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /[\x09-\x0d -~]*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella[\x09-\x0d -~]*content-type: application/x-gnutella|..................lime) -- cgit v1.2.3