summaryrefslogtreecommitdiff
path: root/package/iptables/files/l7/bittorrent.pat
diff options
context:
space:
mode:
Diffstat (limited to 'package/iptables/files/l7/bittorrent.pat')
-rw-r--r--package/iptables/files/l7/bittorrent.pat29
1 files changed, 21 insertions, 8 deletions
diff --git a/package/iptables/files/l7/bittorrent.pat b/package/iptables/files/l7/bittorrent.pat
index c1804ee4ba..e5aa5bc13d 100644
--- a/package/iptables/files/l7/bittorrent.pat
+++ b/package/iptables/files/l7/bittorrent.pat
@@ -1,14 +1,27 @@
# Bittorrent - P2P filesharing / publishing tool - http://www.bittorrent.com
-# Pattern quality: great veryfast
+# Pattern attributes: good slow notsofast undermatch
+# Protocol groups: p2p open_source
+# Wiki: http://www.protocolinfo.org/wiki/Bittorrent
#
-# This pattern has been tested and is believed to work well. If it does not
-# work for you, or you believe it could be improved, please post to
-# l7-filter-developers@lists.sf.net . This list may be subscribed to at
-# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
+# This pattern has been tested and is believed to work well.
+# It will, however, not work on bittorrent streams that are encrypted, since
+# it's impossible to match encrypted data (unless the encryption is extremely
+# weak, like rot13 or something...).
+
bittorrent
# Does not attempt to match the HTTP download of the tracker
# 0x13 is the length of "bittorrent protocol"
-# Second two bits match UDP wierdness, commented out until it's tested
-#^(\x13bittorrent protocol|d1:ad2:id20:|\x08'7P\)[RP])
-^\x13bittorrent protocol
+# Second two bits match UDP wierdness
+# Next bit matches something Azureus does
+# Ditto on the next bit. Could also match on "user-agent: azureus", but that's in the next
+# packet and perhaps this will match multiple clients.
+
+# Recently the ^ was removed from before \x13. I think this was an accident,
+# so I have restored it.
+
+# This is not a valid GNU basic regular expression (but that's ok).
+^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)|d1:ad2:id20:|\x08'7P\)[RP]
+
+# This pattern is "fast", but won't catch as much
+#^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)