summaryrefslogtreecommitdiffstats
path: root/usr/local/share/protocols/x11.pat
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local/share/protocols/x11.pat')
-rw-r--r--usr/local/share/protocols/x11.pat22
1 files changed, 22 insertions, 0 deletions
diff --git a/usr/local/share/protocols/x11.pat b/usr/local/share/protocols/x11.pat
new file mode 100644
index 0000000..f42b98f
--- /dev/null
+++ b/usr/local/share/protocols/x11.pat
@@ -0,0 +1,22 @@
+# X Windows Version 11 - Networked GUI system used in most Unices
+# Pattern attributes: good notsofast fast
+# Protocol groups: remote_access x_consortium_standard
+# Wiki: http://www.protocolinfo.org/wiki/X11
+#
+# It is common for X to be tunneled through SSH. Then obviously this pattern
+# will not catch it.
+#
+# Specification: http://www.msu.edu/~huntharo/xwin/docs/xwindows/PROTO.pdf
+# Usually runs on port 6000 (6001 for the second server on a host, etc)
+#
+# This pattern has been tested.
+
+x11
+# 'l' = little-endian. 'B' = big endian
+# ".?" is for the unused byte that comes next. If it's a null, it won't appear.
+# \x0b = protocol-major-version 11.
+# For some reason, protocol-minor-version is 0, not 6, so can't match it.
+# This pattern is too general.
+^[lb].?\x0b
+userspace pattern=^[lB].?\x0b
+userspace flags=REG_NOSUB
OpenPOWER on IntegriCloud