summaryrefslogtreecommitdiffstats
path: root/src/usr/local/share/protocols/bgp.pat
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr/local/share/protocols/bgp.pat')
-rw-r--r--src/usr/local/share/protocols/bgp.pat19
1 files changed, 19 insertions, 0 deletions
diff --git a/src/usr/local/share/protocols/bgp.pat b/src/usr/local/share/protocols/bgp.pat
new file mode 100644
index 0000000..61e417f
--- /dev/null
+++ b/src/usr/local/share/protocols/bgp.pat
@@ -0,0 +1,19 @@
+# BGP - Border Gateway Protocol - RFC 1771
+# Pattern attributes: ok veryfast fast
+# Protocol groups: networking ietf_draft_standard
+# Wiki: http://www.protocolinfo.org/wiki/BGP
+# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
+#
+# This pattern is UNTESTED.
+
+bgp
+# "After a transport protocol connection is established, the first
+# message sent by each side is an OPEN message."
+# "If the Type of the message is OPEN, or if the Authentication Code used
+# in the OPEN message of the connection is zero, then the Marker must be
+# all ones."
+# Then the 2 byte length field, then the 1 byte type field (1 = OPEN).
+# Then the BGP version: 3 was RFC'd in 1991, 4 was RFC'd in 1995.
+# Could keep going, but that should be sufficient.
+^\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff..?\x01[\x03\x04]
+
OpenPOWER on IntegriCloud