diff options
Diffstat (limited to 'usr/local/share/protocols/xunlei.pat')
-rw-r--r-- | usr/local/share/protocols/xunlei.pat | 83 |
1 files changed, 0 insertions, 83 deletions
diff --git a/usr/local/share/protocols/xunlei.pat b/usr/local/share/protocols/xunlei.pat deleted file mode 100644 index f7814c7..0000000 --- a/usr/local/share/protocols/xunlei.pat +++ /dev/null @@ -1,83 +0,0 @@ -# Xunlei - Chinese P2P filesharing - http://xunlei.com -# Pattern attributes: good slow notsofast -# Protocol groups: p2p -# Wiki: http://www.protocolinfo.org/wiki/Xunlei -# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE -# -# This has been tested by a number of people. -# -# Written by wsgtrsys of www.routerclub.com. Improved by VeNoMouS. -# Improved more by wsgtrsys and platinum of bbs.chinaunix.net. -# -# Further additions of HTTP-like content by liangjunATdcuxD.Tcom, who -# says: "i find old pattern is not working . so i write a new pattern of -# xunlei,it's working with all of xunlei 5 version!" Matthew Strait notes -# in response: -# -# I've looked around and I'm fairly sure that Internet Explorer 5.0 -# never identifies itself as "Mozilla/4.0 (compatible; MSIE 5.00; -# Windows 98)" and that Internet Explorer 6.0 never identifies itself as -# either "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; )" or -# "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)". - -# The keep-alive part needs some examination too. These might validly -# occur in an HTTP/1.0 connection, although I think in practical cases -# they don't since there's general only one \x0d\x0a after it and/or the -# next line starts with a letter (especially because it's the client -# sending it). It wouldn't be crazy, though, if another protocol -# (besides Xunlei) used keep-alive in a way that did match this. But -# since I can't think of any examples, I'll assume it's ok for now. - -xunlei -^([()]|get)(...?.?.?(reg|get|query)|.+User-Agent: (Mozilla/4\.0 \(compatible; (MSIE 6\.0; Windows NT 5\.1;? ?\)|MSIE 5\.00; Windows 98\))))|Keep-Alive\x0d\x0a\x0d\x0a[26] - - -# This was the pattern until 2008 11 08. It is safer than the above against -# overmatching ordinary HTTP connections -#^[()]...?.?.?(reg|get|query) - -# More detail: -# From http://sourceforge.net/tracker/index.php?func=detail&aid=1885209&group_id=80085&atid=558668 -# -############################################################################## -# Date: 2008-02-03 -# Sender: hydr0g3n -# -# Xunlei (Chinese P2P) traffic is not matched anymore by layer7 xunlei -# pattern. It used to work in the past but not anymore. Maybe Xunlei was -# updated and pattern should be adapted? -# -# Apparently ipp2p was edited by Chinese people to detect pplive and xunlei. -# It is interesting and very recent: -# http://www.chinaunix.net/jh/4/914377.html -############################################################################## -# Date: 2008-02-03 -# Sender: quadong -# -# Ok. Only some of the ipp2p function can be translated into an l7-filter -# regular expression. The first part of search_xunlei can't be, since it -# works by checking whether the length of the packet matches a byte in the -# packet. The second part of search_xunlei becomes: -# -# \x20.?\x01?.?[\x01\x77]............?.?.?.?\x38 -# -# Or possibly: -# -# ^\x20.?\x01?.?[\x01\x77]............?.?.?.?\x38 -# -# I'm not sure whether IPP2P looks at every packet or only the first of each -# connection. -# -# udp_search_xunlei says: -# \x01\x01\x01\xfe\xff\xfe\xff|\x01\x11\xa0\xfe\xff\xfe\xff -# -# Again, putting a ^ at the beginning might work: -# -# ^(\x01\x01\x01\xfe\xff\xfe\xff|\x01\x11\xa0\xfe\xff\xfe\xff) -# -# So this *might* work: -# -# ^(\x20.?\x01?.?[\x01\x77]............?.?.?.?\x38|\x01\x01\x01\xfe\xff\xfe\xff|\x01\x11\xa0\xfe\xff\xfe\xff) -# -# but the ^ might be wrong and it will not match the HTTP part of Xunlei. -############################################################################## |