diff options
Diffstat (limited to 'usr/local/share/protocols/x11.pat')
-rw-r--r-- | usr/local/share/protocols/x11.pat | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/usr/local/share/protocols/x11.pat b/usr/local/share/protocols/x11.pat new file mode 100644 index 0000000..f42b98f --- /dev/null +++ b/usr/local/share/protocols/x11.pat @@ -0,0 +1,22 @@ +# X Windows Version 11 - Networked GUI system used in most Unices +# Pattern attributes: good notsofast fast +# Protocol groups: remote_access x_consortium_standard +# Wiki: http://www.protocolinfo.org/wiki/X11 +# +# It is common for X to be tunneled through SSH. Then obviously this pattern +# will not catch it. +# +# Specification: http://www.msu.edu/~huntharo/xwin/docs/xwindows/PROTO.pdf +# Usually runs on port 6000 (6001 for the second server on a host, etc) +# +# This pattern has been tested. + +x11 +# 'l' = little-endian. 'B' = big endian +# ".?" is for the unused byte that comes next. If it's a null, it won't appear. +# \x0b = protocol-major-version 11. +# For some reason, protocol-minor-version is 0, not 6, so can't match it. +# This pattern is too general. +^[lb].?\x0b +userspace pattern=^[lB].?\x0b +userspace flags=REG_NOSUB |