RB600 3.10
❗️Toto je původní verze internetového fóra ISPforum.cz do února 2020 bez možnosti registrace nových uživatelů. Aktivní verzi fóra naleznete na adrese https://telekomunikace.cz
priorizovanie VOIP L7filter
Re: priorizovanie VOIP L7filter
Taky bych chtel pozadat o radu, jak poznat SIP pakety podle obsahu, ne podle IP adresy (pokud je VOIP za NATem). Zde uvadene L7 filtry nefunguji, neodchyti zadne pakety
RB600 3.10
RB600 3.10
0 x
-
radocicala
- Příspěvky: 142
- Registrován: 18 years ago
ste si isty? mne to skype pekne odchytava, i ked aj nieco navyse(ale moc toho zas nebude).
Tie pravidla je najlepsie kopirovat z originalnej stranky kde mas priamo viac na vyber:
http://l7-filter.sourceforge.net/protocols
treba tam vybrat viacero protokolov, konkretne na skype sa mi osvedcili skypeout, skypetoskype
PS: cin este ti tam chyba jedno pravidlo v mangle, omarkovat packety patriace voip, neviem ci si to zabudol tu poslat, alebo si to zabudol nastavit u seba.
Tie pravidla je najlepsie kopirovat z originalnej stranky kde mas priamo viac na vyber:
http://l7-filter.sourceforge.net/protocols
treba tam vybrat viacero protokolov, konkretne na skype sa mi osvedcili skypeout, skypetoskype
PS: cin este ti tam chyba jedno pravidlo v mangle, omarkovat packety patriace voip, neviem ci si to zabudol tu poslat, alebo si to zabudol nastavit u seba.
0 x
L7 filtry jsem si nahazoval timhle skriptem jsou ty paterny atd funkcni kdo to pouziva? Jaky je rozdil v zatizeni CPU pri normalnim manglu + Qtree a pri pouzivani L7 na stejne masine ?
:put "These strings are taken from the L7 filter project and are licensed under GPL See: http://www.gnu.org/copyleft/gpl.html"
/ip firewall layer7-protocol
:if ([:len [find name=edonkey]] > 0) do={ :put "already have edonkey" } else={ add name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\15\16\18\19\1A\1B\1C\20\21\32\33\34\35\36\38\40\41\42\43\46\47\48\49\4A\4B\4C\4D\4E\4F\50\51\52\53\54\55\56\57\58[\60\81\82\90\91\93\96\97\98\99\9A\9B\9C\9E\A0\A1\A2\A3\A4]|\59................\?[ -~]|\96....\$)" }
:if ([:len [find name=goboogy]] > 0) do={ :put "already have goboogy" } else={ add name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^get /queue_register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?" }
:if ([:len [find name=soribada]] > 0) do={ :put "already have soribada" } else={ add name=soribada regexp="^GETMP3\0D\0AFilename|^\01.\?.\?.\?(\51\3A\\+|\51\32\3A)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\$" }
:if ([:len [find name=rdp]] > 0) do={ :put "already have rdp" } else={ add name=rdp regexp="rdpdr.*cliprdr.*rdpsnd" }
:if ([:len [find name=gnutella]] > 0) do={ :put "already have gnutella" } else={ add name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect/[012]\\.[0-9]\0D\0A|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|...................\?lime)" }
:if ([:len [find name=cvs]] > 0) do={ :put "already have cvs" } else={ add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\0A" }
:if ([:len [find name=nbns]] > 0) do={ :put "already have nbns" } else={ add name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01" }
:if ([:len [find name=shoutcast]] > 0) do={ :put "already have shoutcast" } else={ add name=shoutcast regexp="icy [1-5][0-9][0-9] [\09-\0D -~]*(content-type:audio|icy-)" }
:if ([:len [find name=dns]] > 0) do={ :put "already have dns" } else={ add name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?][a-z0-9][\01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01-\10\1C][\01\03\04\FF]" }
:if ([:len [find name=quake-halflife]] > 0) do={ :put "already have quake-halflife" } else={ add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)" }
:if ([:len [find name=poco]] > 0) do={ :put "already have poco" } else={ add name=poco regexp="^\80\94\0A\01....\1F\9E" }
:if ([:len [find name=ciscovpn]] > 0) do={ :put "already have ciscovpn" } else={ add name=ciscovpn regexp="^\01\F4\01\F4" }
:if ([:len [find name=x11]] > 0) do={ :put "already have x11" } else={ add name=x11 regexp="^[lb].\?\0B" }
:if ([:len [find name=xboxlive]] > 0) do={ :put "already have xboxlive" } else={ add name=xboxlive regexp="^\58\80........\F3|^\06\58\4E" }
:if ([:len [find name=applejuice]] > 0) do={ :put "already have applejuice" } else={ add name=applejuice regexp="^ajprot\0D\0A" }
:if ([:len [find name=zmaap]] > 0) do={ :put "already have zmaap" } else={ add name=zmaap regexp="^\1B\D7\3B\48[\01\02]\01\?\01" }
:if ([:len [find name=live365]] > 0) do={ :put "already have live365" } else={ add name=live365 regexp="membername.*session.*player" }
:if ([:len [find name=rlogin]] > 0) do={ :put "already have rlogin" } else={ add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00" }
:if ([:len [find name=http]] > 0) do={ :put "already have http" } else={ add name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*(connection:|content-type:|content-length:|date:)|post [\09-\0D -~]* http/[01]\\.[019]" }
:if ([:len [find name=sip]] > 0) do={ :put "already have sip" } else={ add name=sip regexp="^(invite|register|cancel) sip[\09-\0D -~]*sip/[0-2]\\.[0-9]" }
:if ([:len [find name=pop3]] > 0) do={ :put "already have pop3" } else={ add name=pop3 regexp="^(\\+ok |-err )" }
:if ([:len [find name=smb]] > 0) do={ :put "already have smb" } else={ add name=smb regexp="\FFsmb[\72\25]" }
:if ([:len [find name=quake1]] > 0) do={ :put "already have quake1" } else={ add name=quake1 regexp="^\80\0C\01quake\03" }
:if ([:len [find name=lpd]] > 0) do={ :put "already have lpd" } else={ add name=lpd regexp="^(\01[!-~]+|\02[!-~]+\0A.[\01\02\03][\01-\0A -~]*|[\03\04][!-~]+[\09-\0D]+[a-z][\09-\0D -~]*|\05[!-~]+[\09-\0D]+([a-z][!-~]*[\09-\0D]+[1-9][0-9]\?[0-9]\?|root[\09-\0D]+[!-~]+).*)\0A\$" }
:if ([:len [find name=mute]] > 0) do={ :put "already have mute" } else={ add name=mute regexp="^(Public|AES)Key: [0-9a-f]*\0AEnd(Public|AES)Key\0A\$" }
:if ([:len [find name=ssh]] > 0) do={ :put "already have ssh" } else={ add name=ssh regexp="^ssh-[12]\\.[0-9]" }
:if ([:len [find name=jabber]] > 0) do={ :put "already have jabber" } else={ add name=jabber regexp="<stream:stream[\09-\0D ][ -~]*[\09-\0D ]xmlns=['\"]jabber" }
:if ([:len [find name=bittorrent]] > 0) do={ :put "already have bittorrent" } else={ add name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get /scrape\\\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]" }
:if ([:len [find name=ncp]] > 0) do={ :put "already have ncp" } else={ add name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)" }
:if ([:len [find name=tls]] > 0) do={ :put "already have tls" } else={ add name=tls regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)" }
:if ([:len [find name=directconnect]] > 0) do={ :put "already have directconnect" } else={ add name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )" }
:if ([:len [find name=netbios]] > 0) do={ :put "already have netbios" } else={ add name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]" }
:if ([:len [find name=tftp]] > 0) do={ :put "already have tftp" } else={ add name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)" }
:if ([:len [find name=subspace]] > 0) do={ :put "already have subspace" } else={ add name=subspace regexp="^\01....\11\10........\01\$" }
:if ([:len [find name=hotline]] > 0) do={ :put "already have hotline" } else={ add name=hotline regexp="^....................TRTPHOTL\01\02" }
:if ([:len [find name=doom3]] > 0) do={ :put "already have doom3" } else={ add name=doom3 regexp="^\FF\FFchallenge" }
:if ([:len [find name=ftp]] > 0) do={ :put "already have ftp" } else={ add name=ftp regexp="^220[\09-\0D -~]*ftp" }
:if ([:len [find name=kugoo]] > 0) do={ :put "already have kugoo" } else={ add name=kugoo regexp="^\31..\8E" }
:if ([:len [find name=tsp]] > 0) do={ :put "already have tsp" } else={ add name=tsp regexp="^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+" }
:if ([:len [find name=battlefield1942]] > 0) do={ :put "already have battlefield1942" } else={ add name=battlefield1942 regexp="^\01\11\10\\|\F8\02\10\40\06" }
:if ([:len [find name=ssdp]] > 0) do={ :put "already have ssdp" } else={ add name=ssdp regexp="^notify[\09-\0D ]\\*[\09-\0D ]http/1\\.1[\09-\0D -~]*ssdp:(alive|byebye)|^m-search[\09-\0D ]\\*[\09-\0D ]http/1\\.1[\09-\0D -~]*ssdp:discover" }
:if ([:len [find name=imap]] > 0) do={ :put "already have imap" } else={ add name=imap regexp="^(\\* ok|a[0-9]+ noop)" }
:if ([:len [find name=ares]] > 0) do={ :put "already have ares" } else={ add name=ares regexp="^\03[]Z].\?.\?\05\$" }
:if ([:len [find name=fasttrack]] > 0) do={ :put "already have fasttrack" } else={ add name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?" }
:if ([:len [find name=qq]] > 0) do={ :put "already have qq" } else={ add name=qq regexp="^.\?\02.+\03\$" }
:if ([:len [find name=100bao]] > 0) do={ :put "already have 100bao" } else={ add name=100bao regexp="^\01\01\05\0A" }
:if ([:len [find name=aim]] > 0) do={ :put "already have aim" } else={ add name=aim regexp="^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x" }
:if ([:len [find name=unknown]] > 0) do={ :put "already have unknown" } else={ add name=unknown regexp="." }
:if ([:len [find name=msn-filetransfer]] > 0) do={ :put "already have msn-filetransfer" } else={ add name=msn-filetransfer regexp="^(ver [ -~]*msnftp\0D\0Aver msnftp\0D\0Ausr|method msnmsgr:)" }
:if ([:len [find name=yahoo]] > 0) do={ :put "already have yahoo" } else={ add name=yahoo regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80" }
:if ([:len [find name=validcertssl]] > 0) do={ :put "already have validcertssl" } else={ add name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\\.net limited)" }
:if ([:len [find name=ntp]] > 0) do={ :put "already have ntp" } else={ add name=ntp regexp="^([\13\1B\23\D3\DB\E3]|[\14\1C\$].......\?.\?.\?.\?.\?.\?.\?.\?.\?[\C6-\FF])" }
:if ([:len [find name=gnucleuslan]] > 0) do={ :put "already have gnucleuslan" } else={ add name=gnucleuslan regexp="gnuclear connect/[\09-\0D -~]*user-agent: gnucleus [\09-\0D -~]*lan:" }
:if ([:len [find name=vnc]] > 0) do={ :put "already have vnc" } else={ add name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\0A\$" }
:if ([:len [find name=bgp]] > 0) do={ :put "already have bgp" } else={ add name=bgp regexp="^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]" }
:if ([:len [find name=tesla]] > 0) do={ :put "already have tesla" } else={ add name=tesla regexp="\03\9A\89\22\31\31\31\\.\30\30\20\42\65\74\61\20|\E2\3C\69\1E\1C\E9" }
:if ([:len [find name=openft]] > 0) do={ :put "already have openft" } else={ add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]" }
:if ([:len [find name=h323]] > 0) do={ :put "already have h323" } else={ add name=h323 regexp="^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05" }
:if ([:len [find name=finger]] > 0) do={ :put "already have finger" } else={ add name=finger regexp="^[a-z][a-z0-9\\-_]+|login: [\09-\0D -~]* name: [\09-\0D -~]* Directory:" }
:if ([:len [find name=ident]] > 0) do={ :put "already have ident" } else={ add name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\09-\0D]*,[\09-\0D]*[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?(\0D\0A|[\0D\0A])\?\$" }
:if ([:len [find name=gkrellm]] > 0) do={ :put "already have gkrellm" } else={ add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\0A\$" }
:if ([:len [find name=hddtemp]] > 0) do={ :put "already have hddtemp" } else={ add name=hddtemp regexp="^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|" }
:if ([:len [find name=socks]] > 0) do={ :put "already have socks" } else={ add name=socks regexp="\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\01\03].*\05[\01-\08]\?[\01\03]" }
:if ([:len [find name=biff]] > 0) do={ :put "already have biff" } else={ add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$" }
:if ([:len [find name=dhcp]] > 0) do={ :put "already have dhcp" } else={ add name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc" }
:if ([:len [find name=smtp]] > 0) do={ :put "already have smtp" } else={ add name=smtp regexp="^220[\09-\0D -~]* (e\?smtp|simple mail)" }
:if ([:len [find name=ipp]] > 0) do={ :put "already have ipp" } else={ add name=ipp regexp="ipp://" }
:if ([:len [find name=msnmessenger]] > 0) do={ :put "already have msnmessenger" } else={ add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\09-\0D -~]*cvr0\0D\0A\$|usr 1 [!-~]+ [0-9. ]+\0D\0A\$|ans 1 [!-~]+ [0-9. ]+\0D\0A\$" }
:if ([:len [find name=irc]] > 0) do={ :put "already have irc" } else={ add name=irc regexp="^(nick[\09-\0D -~]*user[\09-\0D -~]*:|user[\09-\0D -~]*:[\02-\0D -~]*nick[\09-\0D -~]*\0D\0A)" }
:if ([:len [find name=gopher]] > 0) do={ :put "already have gopher" } else={ add name=gopher regexp="^[\09-\0D]*[1-9,+tgi][\09-\0D -~]*\09[\09-\0D -~]*\09[a-z0-9.]*\\.[a-z][a-z].\?.\?\09[1-9]" }
:if ([:len [find name=telnet]] > 0) do={ :put "already have telnet" } else={ add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]" }
:if ([:len [find name=snmp]] > 0) do={ :put "already have snmp" } else={ add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\?\02\01.\?\02\01.\?\30|\A4\06.+\40\04.\?.\?.\?.\?\02\01.\?\02\01.\?\43)" }
:if ([:len [find name=nntp]] > 0) do={ :put "already have nntp" } else={ add name=nntp regexp="^(20[01][\09-\0D -~]*AUTHINFO USER|20[01][\09-\0D -~]*news)" }
:if ([:len [find name=aimwebcontent]] > 0) do={ :put "already have aimwebcontent" } else={ add name=aimwebcontent regexp="user-agent:aim/" }
:if ([:len [find name=rtsp]] > 0) do={ :put "already have rtsp" } else={ add name=rtsp regexp="rtsp/1.0 200 ok" }
:if ([:len [find name=skypeout]] > 0) do={ :put "already have skypeout" } else={ add name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?.\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\09.\?.\?.\?.\?.\?.\?.\?.\?\09|\0A.\?.\?.\?.\?.\?.\?.\?.\?\0A|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\0D.\?.\?.\?.\?.\?.\?.\?.\?\0D|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12.\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F|\20.\?.\?.\?.\?.\?.\?.\?.\?\20|\21.\?.\?.\?.\?.\?.\?.\?.\?\21|\22.\?.\?.\?.\?.\?.\?.\?.\?\22|\23.\?.\?.\?.\?.\?.\?.\?.\?\23|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|\25.\?.\?.\?.\?.\?.\?.\?.\?\25|\26.\?.\?.\?.\?.\?.\?.\?.\?\26|\27.\?.\?.\?.\?.\?.\?.\?.\?\27|\\(.\?.\?.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|\2C.\?.\?.\?.\?.\?.\?.\?.\?\2C|\2D.\?.\?.\?.\?.\?.\?.\?.\?\2D|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|\2F.\?.\?.\?.\?.\?.\?.\?.\?\2F|\30.\?.\?.\?.\?.\?.\?.\?.\?\30|\31.\?.\?.\?.\?.\?.\?.\?.\?\31|\32.\?.\?.\?.\?.\?.\?.\?.\?\32|\33.\?.\?.\?.\?.\?.\?.\?.\?\33|\34.\?.\?.\?.\?.\?.\?.\?.\?\34|\35.\?.\?.\?.\?.\?.\?.\?.\?\35|\36.\?.\?.\?.\?.\?.\?.\?.\?\36|\37.\?.\?.\?.\?.\?.\?.\?.\?\37|\38.\?.\?.\?.\?.\?.\?.\?.\?\38|\39.\?.\?.\?.\?.\?.\?.\?.\?\39|\3A.\?.\?.\?.\?.\?.\?.\?.\?\3A|\3B.\?.\?.\?.\?.\?.\?.\?.\?\3B|\3C.\?.\?.\?.\?.\?.\?.\?.\?\3C|\3D.\?.\?.\?.\?.\?.\?.\?.\?\3D|\3E.\?.\?.\?.\?.\?.\?.\?.\?\3E|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\?|\40.\?.\?.\?.\?.\?.\?.\?.\?\40|\41.\?.\?.\?.\?.\?.\?.\?.\?\41|\42.\?.\?.\?.\?.\?.\?.\?.\?\42|\43.\?.\?.\?.\?.\?.\?.\?.\?\43|\44.\?.\?.\?.\?.\?.\?.\?.\?\44|\45.\?.\?.\?.\?.\?.\?.\?.\?\45|\46.\?.\?.\?.\?.\?.\?.\?.\?\46|\47.\?.\?.\?.\?.\?.\?.\?.\?\47|\48.\?.\?.\?.\?.\?.\?.\?.\?\48|\49.\?.\?.\?.\?.\?.\?.\?.\?\49|\4A.\?.\?.\?.\?.\?.\?.\?.\?\4A|\4B.\?.\?.\?.\?.\?.\?.\?.\?\4B|\4C.\?.\?.\?.\?.\?.\?.\?.\?\4C|\4D.\?.\?.\?.\?.\?.\?.\?.\?\4D|\4E.\?.\?.\?.\?.\?.\?.\?.\?\4E|\4F.\?.\?.\?.\?.\?.\?.\?.\?\4F|\50.\?.\?.\?.\?.\?.\?.\?.\?\50|\51.\?.\?.\?.\?.\?.\?.\?.\?\51|\52.\?.\?.\?.\?.\?.\?.\?.\?\52|\53.\?.\?.\?.\?.\?.\?.\?.\?\53|\54.\?.\?.\?.\?.\?.\?.\?.\?\54|\55.\?.\?.\?.\?.\?.\?.\?.\?\55|\56.\?.\?.\?.\?.\?.\?.\?.\?\56|\57.\?.\?.\?.\?.\?.\?.\?.\?\57|\58.\?.\?.\?.\?.\?.\?.\?.\?\58|\59.\?.\?.\?.\?.\?.\?.\?.\?\59|\5A.\?.\?.\?.\?.\?.\?.\?.\?\5A|\\[.\?.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|\5F.\?.\?.\?.\?.\?.\?.\?.\?\5F|\60.\?.\?.\?.\?.\?.\?.\?.\?\60|\61.\?.\?.\?.\?.\?.\?.\?.\?\61|\62.\?.\?.\?.\?.\?.\?.\?.\?\62|\63.\?.\?.\?.\?.\?.\?.\?.\?\63|\64.\?.\?.\?.\?.\?.\?.\?.\?\64|\65.\?.\?.\?.\?.\?.\?.\?.\?\65|\66.\?.\?.\?.\?.\?.\?.\?.\?\66|\67.\?.\?.\?.\?.\?.\?.\?.\?\67|\68.\?.\?.\?.\?.\?.\?.\?.\?\68|\69.\?.\?.\?.\?.\?.\?.\?.\?\69|\6A.\?.\?.\?.\?.\?.\?.\?.\?\6A|\6B.\?.\?.\?.\?.\?.\?.\?.\?\6B|\6C.\?.\?.\?.\?.\?.\?.\?.\?\6C|\6D.\?.\?.\?.\?.\?.\?.\?.\?\6D|\6E.\?.\?.\?.\?.\?.\?.\?.\?\6E|\6F.\?.\?.\?.\?.\?.\?.\?.\?\6F|\70.\?.\?.\?.\?.\?.\?.\?.\?\70|\71.\?.\?.\?.\?.\?.\?.\?.\?\71|\72.\?.\?.\?.\?.\?.\?.\?.\?\72|\73.\?.\?.\?.\?.\?.\?.\?.\?\73|\74.\?.\?.\?.\?.\?.\?.\?.\?\74|\75.\?.\?.\?.\?.\?.\?.\?.\?\75|\76.\?.\?.\?.\?.\?.\?.\?.\?\76|\77.\?.\?.\?.\?.\?.\?.\?.\?\77|\78.\?.\?.\?.\?.\?.\?.\?.\?\78|\79.\?.\?.\?.\?.\?.\?.\?.\?\79|\7A.\?.\?.\?.\?.\?.\?.\?.\?\7A|\\{.\?.\?.\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\?.\?\\}|\7E.\?.\?.\?.\?.\?.\?.\?.\?\7E|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?.\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?.\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?.\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?.\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?.\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?.\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?.\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)" }
:if ([:len [find name=skypetoskype]] > 0) do={ :put "already have skypetoskype" } else={ add name=skypetoskype regexp="^..\02............." }
:if ([:len [find name=counterstrike-source]] > 0) do={ :put "already have counterstrike-source" } else={ add name=counterstrike-source regexp="^\FF\FF\FF\FF.*cstrikeCounter-Strike" }
:if ([:len [find name=halflife2-deathmatch]] > 0) do={ :put "already have halflife2-deathmatch" } else={ add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.*hl2mpDeathmatch" }
:if ([:len [find name=freenet]] > 0) do={ :put "already have freenet" } else={ add name=freenet regexp="^\01[\08\09][\03\04]" }
:if ([:len [find name=battlefield2]] > 0) do={ :put "already have battlefield2" } else={ add name=battlefield2 regexp="^(\11\20\01...\?\11|\FE\FD.\?.\?.\?.\?.\?.\?(\14\01\06|\FF\FF\FF))|[]\01].\?battlefield2" }
:if ([:len [find name=napster]] > 0) do={ :put "already have napster" } else={ add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\?[0-9]\? \"[\09-\0D -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\09-\0D -~]+\")" }
:if ([:len [find name=soulseek]] > 0) do={ :put "already have soulseek" } else={ add name=soulseek regexp="^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$" }
:if ([:len [find name=xunlei]] > 0) do={ :put "already have xunlei" } else={ add name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)" }
:if ([:len [find name=ssl]] > 0) do={ :put "already have ssl" } else={ add name=ssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)" }
:if ([:len [find name=citrix]] > 0) do={ :put "already have citrix" } else={ add name=citrix regexp="\32\26\85\92\58" }
:if ([:len [find name=whois]] > 0) do={ :put "already have whois" } else={ add name=whois regexp="^[ !-~]+\0D\0A\$" }
:if ([:len [find name=dayofdefeat-source]] > 0) do={ :put "already have dayofdefeat-source" } else={ add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.*dodDay of Defeat" }
:if ([:len [find name=teamspeak]] > 0) do={ :put "already have teamspeak" } else={ add name=teamspeak regexp="^\F4\BE\03.*teamspeak" }
:if ([:len [find name=worldofwarcraft]] > 0) do={ :put "already have worldofwarcraft" } else={ add name=worldofwarcraft regexp="^\06\EC\01" }
:if ([:len [find name=ventrilo]] > 0) do={ :put "already have ventrilo" } else={ add name=ventrilo regexp="^..\?v\\\$\CF" }
:if ([:len [find name=http-rtsp]] > 0) do={ :put "already have http-rtsp" } else={ add name=http-rtsp regexp="^(get[\09-\0D -~]* Accept: application/x-rtsp-tunnelled|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*a=control:rtsp://)" }
:if ([:len [find name=thecircle]] > 0) do={ :put "already have thecircle" } else={ add name=thecircle regexp="^t\03ni.\?[\01-\06]\?t[\01-\05]s[\0A\0B](glob|who are you\$|query data)" }
:if ([:len [find name=uucp]] > 0) do={ :put "already have uucp" } else={ add name=uucp regexp="^\10here=" }
:if ([:len [find name=pcanywhere]] > 0) do={ :put "already have pcanywhere" } else={ add name=pcanywhere regexp="^(nq|st)\$" }
:if ([:len [find name=subversion]] > 0) do={ :put "already have subversion" } else={ add name=subversion regexp="^\\( success \\( 1 2 \\(" }
:if ([:len [find name=imesh]] > 0) do={ :put "already have imesh" } else={ add name=imesh regexp="^(post[\09-\0D -~]*<PasswordHash>................................</PasswordHash><ClientVer>|\34\80\?\0D\?\FC\FF\04|get[\09-\0D -~]*Host: imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\02(\01|\02)\83)" }
:if ([:len [find name=cimd]] > 0) do={ :put "already have cimd" } else={ add name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$" }
:if ([:len [find name=mohaa]] > 0) do={ :put "already have mohaa" } else={ add name=mohaa regexp="^\FF\FF\FF\FFgetstatus\0A" }
:if ([:len [find name=stun]] > 0) do={ :put "already have stun" } else={ add name=stun regexp="^[\01\02]................\?\$" }
:if ([:len [find name=tor]] > 0) do={ :put "already have tor" } else={ add name=tor regexp="TOR1.*<identity>" }
:if ([:len [find name=radmin]] > 0) do={ :put "already have radmin" } else={ add name=radmin regexp="^\01\01(\08\08|\1B\1B)\$" }
:if ([:len [find name=unset]] > 0) do={ :put "already have unset" } else={ add name=unset regexp="." }
:if ([:len [find name=chikka]] > 0) do={ :put "already have chikka" } else={ add name=chikka regexp="^CTPv1.[123] Kamusta.*\0D\0A\$" }
:if ([:len [find name=replaytv-ivs]] > 0) do={ :put "already have replaytv-ivs" } else={ add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*\23\23\23\23\23REPLAY_CHUNK_START\23\23\23\23\23)" }
:if ([:len [find name=armagetron]] > 0) do={ :put "already have armagetron" } else={ add name=armagetron regexp="YCLC_E|CYEL" }
:put "These strings are taken from the L7 filter project and are licensed under GPL See: http://www.gnu.org/copyleft/gpl.html"
/ip firewall layer7-protocol
:if ([:len [find name=edonkey]] > 0) do={ :put "already have edonkey" } else={ add name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\15\16\18\19\1A\1B\1C\20\21\32\33\34\35\36\38\40\41\42\43\46\47\48\49\4A\4B\4C\4D\4E\4F\50\51\52\53\54\55\56\57\58[\60\81\82\90\91\93\96\97\98\99\9A\9B\9C\9E\A0\A1\A2\A3\A4]|\59................\?[ -~]|\96....\$)" }
:if ([:len [find name=goboogy]] > 0) do={ :put "already have goboogy" } else={ add name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^get /queue_register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?" }
:if ([:len [find name=soribada]] > 0) do={ :put "already have soribada" } else={ add name=soribada regexp="^GETMP3\0D\0AFilename|^\01.\?.\?.\?(\51\3A\\+|\51\32\3A)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\$" }
:if ([:len [find name=rdp]] > 0) do={ :put "already have rdp" } else={ add name=rdp regexp="rdpdr.*cliprdr.*rdpsnd" }
:if ([:len [find name=gnutella]] > 0) do={ :put "already have gnutella" } else={ add name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect/[012]\\.[0-9]\0D\0A|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|...................\?lime)" }
:if ([:len [find name=cvs]] > 0) do={ :put "already have cvs" } else={ add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\0A" }
:if ([:len [find name=nbns]] > 0) do={ :put "already have nbns" } else={ add name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01" }
:if ([:len [find name=shoutcast]] > 0) do={ :put "already have shoutcast" } else={ add name=shoutcast regexp="icy [1-5][0-9][0-9] [\09-\0D -~]*(content-type:audio|icy-)" }
:if ([:len [find name=dns]] > 0) do={ :put "already have dns" } else={ add name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?][a-z0-9][\01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01-\10\1C][\01\03\04\FF]" }
:if ([:len [find name=quake-halflife]] > 0) do={ :put "already have quake-halflife" } else={ add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)" }
:if ([:len [find name=poco]] > 0) do={ :put "already have poco" } else={ add name=poco regexp="^\80\94\0A\01....\1F\9E" }
:if ([:len [find name=ciscovpn]] > 0) do={ :put "already have ciscovpn" } else={ add name=ciscovpn regexp="^\01\F4\01\F4" }
:if ([:len [find name=x11]] > 0) do={ :put "already have x11" } else={ add name=x11 regexp="^[lb].\?\0B" }
:if ([:len [find name=xboxlive]] > 0) do={ :put "already have xboxlive" } else={ add name=xboxlive regexp="^\58\80........\F3|^\06\58\4E" }
:if ([:len [find name=applejuice]] > 0) do={ :put "already have applejuice" } else={ add name=applejuice regexp="^ajprot\0D\0A" }
:if ([:len [find name=zmaap]] > 0) do={ :put "already have zmaap" } else={ add name=zmaap regexp="^\1B\D7\3B\48[\01\02]\01\?\01" }
:if ([:len [find name=live365]] > 0) do={ :put "already have live365" } else={ add name=live365 regexp="membername.*session.*player" }
:if ([:len [find name=rlogin]] > 0) do={ :put "already have rlogin" } else={ add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00" }
:if ([:len [find name=http]] > 0) do={ :put "already have http" } else={ add name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*(connection:|content-type:|content-length:|date:)|post [\09-\0D -~]* http/[01]\\.[019]" }
:if ([:len [find name=sip]] > 0) do={ :put "already have sip" } else={ add name=sip regexp="^(invite|register|cancel) sip[\09-\0D -~]*sip/[0-2]\\.[0-9]" }
:if ([:len [find name=pop3]] > 0) do={ :put "already have pop3" } else={ add name=pop3 regexp="^(\\+ok |-err )" }
:if ([:len [find name=smb]] > 0) do={ :put "already have smb" } else={ add name=smb regexp="\FFsmb[\72\25]" }
:if ([:len [find name=quake1]] > 0) do={ :put "already have quake1" } else={ add name=quake1 regexp="^\80\0C\01quake\03" }
:if ([:len [find name=lpd]] > 0) do={ :put "already have lpd" } else={ add name=lpd regexp="^(\01[!-~]+|\02[!-~]+\0A.[\01\02\03][\01-\0A -~]*|[\03\04][!-~]+[\09-\0D]+[a-z][\09-\0D -~]*|\05[!-~]+[\09-\0D]+([a-z][!-~]*[\09-\0D]+[1-9][0-9]\?[0-9]\?|root[\09-\0D]+[!-~]+).*)\0A\$" }
:if ([:len [find name=mute]] > 0) do={ :put "already have mute" } else={ add name=mute regexp="^(Public|AES)Key: [0-9a-f]*\0AEnd(Public|AES)Key\0A\$" }
:if ([:len [find name=ssh]] > 0) do={ :put "already have ssh" } else={ add name=ssh regexp="^ssh-[12]\\.[0-9]" }
:if ([:len [find name=jabber]] > 0) do={ :put "already have jabber" } else={ add name=jabber regexp="<stream:stream[\09-\0D ][ -~]*[\09-\0D ]xmlns=['\"]jabber" }
:if ([:len [find name=bittorrent]] > 0) do={ :put "already have bittorrent" } else={ add name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get /scrape\\\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]" }
:if ([:len [find name=ncp]] > 0) do={ :put "already have ncp" } else={ add name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)" }
:if ([:len [find name=tls]] > 0) do={ :put "already have tls" } else={ add name=tls regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)" }
:if ([:len [find name=directconnect]] > 0) do={ :put "already have directconnect" } else={ add name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )" }
:if ([:len [find name=netbios]] > 0) do={ :put "already have netbios" } else={ add name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]" }
:if ([:len [find name=tftp]] > 0) do={ :put "already have tftp" } else={ add name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)" }
:if ([:len [find name=subspace]] > 0) do={ :put "already have subspace" } else={ add name=subspace regexp="^\01....\11\10........\01\$" }
:if ([:len [find name=hotline]] > 0) do={ :put "already have hotline" } else={ add name=hotline regexp="^....................TRTPHOTL\01\02" }
:if ([:len [find name=doom3]] > 0) do={ :put "already have doom3" } else={ add name=doom3 regexp="^\FF\FFchallenge" }
:if ([:len [find name=ftp]] > 0) do={ :put "already have ftp" } else={ add name=ftp regexp="^220[\09-\0D -~]*ftp" }
:if ([:len [find name=kugoo]] > 0) do={ :put "already have kugoo" } else={ add name=kugoo regexp="^\31..\8E" }
:if ([:len [find name=tsp]] > 0) do={ :put "already have tsp" } else={ add name=tsp regexp="^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+" }
:if ([:len [find name=battlefield1942]] > 0) do={ :put "already have battlefield1942" } else={ add name=battlefield1942 regexp="^\01\11\10\\|\F8\02\10\40\06" }
:if ([:len [find name=ssdp]] > 0) do={ :put "already have ssdp" } else={ add name=ssdp regexp="^notify[\09-\0D ]\\*[\09-\0D ]http/1\\.1[\09-\0D -~]*ssdp:(alive|byebye)|^m-search[\09-\0D ]\\*[\09-\0D ]http/1\\.1[\09-\0D -~]*ssdp:discover" }
:if ([:len [find name=imap]] > 0) do={ :put "already have imap" } else={ add name=imap regexp="^(\\* ok|a[0-9]+ noop)" }
:if ([:len [find name=ares]] > 0) do={ :put "already have ares" } else={ add name=ares regexp="^\03[]Z].\?.\?\05\$" }
:if ([:len [find name=fasttrack]] > 0) do={ :put "already have fasttrack" } else={ add name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?" }
:if ([:len [find name=qq]] > 0) do={ :put "already have qq" } else={ add name=qq regexp="^.\?\02.+\03\$" }
:if ([:len [find name=100bao]] > 0) do={ :put "already have 100bao" } else={ add name=100bao regexp="^\01\01\05\0A" }
:if ([:len [find name=aim]] > 0) do={ :put "already have aim" } else={ add name=aim regexp="^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x" }
:if ([:len [find name=unknown]] > 0) do={ :put "already have unknown" } else={ add name=unknown regexp="." }
:if ([:len [find name=msn-filetransfer]] > 0) do={ :put "already have msn-filetransfer" } else={ add name=msn-filetransfer regexp="^(ver [ -~]*msnftp\0D\0Aver msnftp\0D\0Ausr|method msnmsgr:)" }
:if ([:len [find name=yahoo]] > 0) do={ :put "already have yahoo" } else={ add name=yahoo regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80" }
:if ([:len [find name=validcertssl]] > 0) do={ :put "already have validcertssl" } else={ add name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\\.net limited)" }
:if ([:len [find name=ntp]] > 0) do={ :put "already have ntp" } else={ add name=ntp regexp="^([\13\1B\23\D3\DB\E3]|[\14\1C\$].......\?.\?.\?.\?.\?.\?.\?.\?.\?[\C6-\FF])" }
:if ([:len [find name=gnucleuslan]] > 0) do={ :put "already have gnucleuslan" } else={ add name=gnucleuslan regexp="gnuclear connect/[\09-\0D -~]*user-agent: gnucleus [\09-\0D -~]*lan:" }
:if ([:len [find name=vnc]] > 0) do={ :put "already have vnc" } else={ add name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\0A\$" }
:if ([:len [find name=bgp]] > 0) do={ :put "already have bgp" } else={ add name=bgp regexp="^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]" }
:if ([:len [find name=tesla]] > 0) do={ :put "already have tesla" } else={ add name=tesla regexp="\03\9A\89\22\31\31\31\\.\30\30\20\42\65\74\61\20|\E2\3C\69\1E\1C\E9" }
:if ([:len [find name=openft]] > 0) do={ :put "already have openft" } else={ add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]" }
:if ([:len [find name=h323]] > 0) do={ :put "already have h323" } else={ add name=h323 regexp="^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05" }
:if ([:len [find name=finger]] > 0) do={ :put "already have finger" } else={ add name=finger regexp="^[a-z][a-z0-9\\-_]+|login: [\09-\0D -~]* name: [\09-\0D -~]* Directory:" }
:if ([:len [find name=ident]] > 0) do={ :put "already have ident" } else={ add name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\09-\0D]*,[\09-\0D]*[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?(\0D\0A|[\0D\0A])\?\$" }
:if ([:len [find name=gkrellm]] > 0) do={ :put "already have gkrellm" } else={ add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\0A\$" }
:if ([:len [find name=hddtemp]] > 0) do={ :put "already have hddtemp" } else={ add name=hddtemp regexp="^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|" }
:if ([:len [find name=socks]] > 0) do={ :put "already have socks" } else={ add name=socks regexp="\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\01\03].*\05[\01-\08]\?[\01\03]" }
:if ([:len [find name=biff]] > 0) do={ :put "already have biff" } else={ add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$" }
:if ([:len [find name=dhcp]] > 0) do={ :put "already have dhcp" } else={ add name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc" }
:if ([:len [find name=smtp]] > 0) do={ :put "already have smtp" } else={ add name=smtp regexp="^220[\09-\0D -~]* (e\?smtp|simple mail)" }
:if ([:len [find name=ipp]] > 0) do={ :put "already have ipp" } else={ add name=ipp regexp="ipp://" }
:if ([:len [find name=msnmessenger]] > 0) do={ :put "already have msnmessenger" } else={ add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\09-\0D -~]*cvr0\0D\0A\$|usr 1 [!-~]+ [0-9. ]+\0D\0A\$|ans 1 [!-~]+ [0-9. ]+\0D\0A\$" }
:if ([:len [find name=irc]] > 0) do={ :put "already have irc" } else={ add name=irc regexp="^(nick[\09-\0D -~]*user[\09-\0D -~]*:|user[\09-\0D -~]*:[\02-\0D -~]*nick[\09-\0D -~]*\0D\0A)" }
:if ([:len [find name=gopher]] > 0) do={ :put "already have gopher" } else={ add name=gopher regexp="^[\09-\0D]*[1-9,+tgi][\09-\0D -~]*\09[\09-\0D -~]*\09[a-z0-9.]*\\.[a-z][a-z].\?.\?\09[1-9]" }
:if ([:len [find name=telnet]] > 0) do={ :put "already have telnet" } else={ add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]" }
:if ([:len [find name=snmp]] > 0) do={ :put "already have snmp" } else={ add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\?\02\01.\?\02\01.\?\30|\A4\06.+\40\04.\?.\?.\?.\?\02\01.\?\02\01.\?\43)" }
:if ([:len [find name=nntp]] > 0) do={ :put "already have nntp" } else={ add name=nntp regexp="^(20[01][\09-\0D -~]*AUTHINFO USER|20[01][\09-\0D -~]*news)" }
:if ([:len [find name=aimwebcontent]] > 0) do={ :put "already have aimwebcontent" } else={ add name=aimwebcontent regexp="user-agent:aim/" }
:if ([:len [find name=rtsp]] > 0) do={ :put "already have rtsp" } else={ add name=rtsp regexp="rtsp/1.0 200 ok" }
:if ([:len [find name=skypeout]] > 0) do={ :put "already have skypeout" } else={ add name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?.\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\09.\?.\?.\?.\?.\?.\?.\?.\?\09|\0A.\?.\?.\?.\?.\?.\?.\?.\?\0A|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\0D.\?.\?.\?.\?.\?.\?.\?.\?\0D|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12.\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F|\20.\?.\?.\?.\?.\?.\?.\?.\?\20|\21.\?.\?.\?.\?.\?.\?.\?.\?\21|\22.\?.\?.\?.\?.\?.\?.\?.\?\22|\23.\?.\?.\?.\?.\?.\?.\?.\?\23|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|\25.\?.\?.\?.\?.\?.\?.\?.\?\25|\26.\?.\?.\?.\?.\?.\?.\?.\?\26|\27.\?.\?.\?.\?.\?.\?.\?.\?\27|\\(.\?.\?.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|\2C.\?.\?.\?.\?.\?.\?.\?.\?\2C|\2D.\?.\?.\?.\?.\?.\?.\?.\?\2D|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|\2F.\?.\?.\?.\?.\?.\?.\?.\?\2F|\30.\?.\?.\?.\?.\?.\?.\?.\?\30|\31.\?.\?.\?.\?.\?.\?.\?.\?\31|\32.\?.\?.\?.\?.\?.\?.\?.\?\32|\33.\?.\?.\?.\?.\?.\?.\?.\?\33|\34.\?.\?.\?.\?.\?.\?.\?.\?\34|\35.\?.\?.\?.\?.\?.\?.\?.\?\35|\36.\?.\?.\?.\?.\?.\?.\?.\?\36|\37.\?.\?.\?.\?.\?.\?.\?.\?\37|\38.\?.\?.\?.\?.\?.\?.\?.\?\38|\39.\?.\?.\?.\?.\?.\?.\?.\?\39|\3A.\?.\?.\?.\?.\?.\?.\?.\?\3A|\3B.\?.\?.\?.\?.\?.\?.\?.\?\3B|\3C.\?.\?.\?.\?.\?.\?.\?.\?\3C|\3D.\?.\?.\?.\?.\?.\?.\?.\?\3D|\3E.\?.\?.\?.\?.\?.\?.\?.\?\3E|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\?|\40.\?.\?.\?.\?.\?.\?.\?.\?\40|\41.\?.\?.\?.\?.\?.\?.\?.\?\41|\42.\?.\?.\?.\?.\?.\?.\?.\?\42|\43.\?.\?.\?.\?.\?.\?.\?.\?\43|\44.\?.\?.\?.\?.\?.\?.\?.\?\44|\45.\?.\?.\?.\?.\?.\?.\?.\?\45|\46.\?.\?.\?.\?.\?.\?.\?.\?\46|\47.\?.\?.\?.\?.\?.\?.\?.\?\47|\48.\?.\?.\?.\?.\?.\?.\?.\?\48|\49.\?.\?.\?.\?.\?.\?.\?.\?\49|\4A.\?.\?.\?.\?.\?.\?.\?.\?\4A|\4B.\?.\?.\?.\?.\?.\?.\?.\?\4B|\4C.\?.\?.\?.\?.\?.\?.\?.\?\4C|\4D.\?.\?.\?.\?.\?.\?.\?.\?\4D|\4E.\?.\?.\?.\?.\?.\?.\?.\?\4E|\4F.\?.\?.\?.\?.\?.\?.\?.\?\4F|\50.\?.\?.\?.\?.\?.\?.\?.\?\50|\51.\?.\?.\?.\?.\?.\?.\?.\?\51|\52.\?.\?.\?.\?.\?.\?.\?.\?\52|\53.\?.\?.\?.\?.\?.\?.\?.\?\53|\54.\?.\?.\?.\?.\?.\?.\?.\?\54|\55.\?.\?.\?.\?.\?.\?.\?.\?\55|\56.\?.\?.\?.\?.\?.\?.\?.\?\56|\57.\?.\?.\?.\?.\?.\?.\?.\?\57|\58.\?.\?.\?.\?.\?.\?.\?.\?\58|\59.\?.\?.\?.\?.\?.\?.\?.\?\59|\5A.\?.\?.\?.\?.\?.\?.\?.\?\5A|\\[.\?.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|\5F.\?.\?.\?.\?.\?.\?.\?.\?\5F|\60.\?.\?.\?.\?.\?.\?.\?.\?\60|\61.\?.\?.\?.\?.\?.\?.\?.\?\61|\62.\?.\?.\?.\?.\?.\?.\?.\?\62|\63.\?.\?.\?.\?.\?.\?.\?.\?\63|\64.\?.\?.\?.\?.\?.\?.\?.\?\64|\65.\?.\?.\?.\?.\?.\?.\?.\?\65|\66.\?.\?.\?.\?.\?.\?.\?.\?\66|\67.\?.\?.\?.\?.\?.\?.\?.\?\67|\68.\?.\?.\?.\?.\?.\?.\?.\?\68|\69.\?.\?.\?.\?.\?.\?.\?.\?\69|\6A.\?.\?.\?.\?.\?.\?.\?.\?\6A|\6B.\?.\?.\?.\?.\?.\?.\?.\?\6B|\6C.\?.\?.\?.\?.\?.\?.\?.\?\6C|\6D.\?.\?.\?.\?.\?.\?.\?.\?\6D|\6E.\?.\?.\?.\?.\?.\?.\?.\?\6E|\6F.\?.\?.\?.\?.\?.\?.\?.\?\6F|\70.\?.\?.\?.\?.\?.\?.\?.\?\70|\71.\?.\?.\?.\?.\?.\?.\?.\?\71|\72.\?.\?.\?.\?.\?.\?.\?.\?\72|\73.\?.\?.\?.\?.\?.\?.\?.\?\73|\74.\?.\?.\?.\?.\?.\?.\?.\?\74|\75.\?.\?.\?.\?.\?.\?.\?.\?\75|\76.\?.\?.\?.\?.\?.\?.\?.\?\76|\77.\?.\?.\?.\?.\?.\?.\?.\?\77|\78.\?.\?.\?.\?.\?.\?.\?.\?\78|\79.\?.\?.\?.\?.\?.\?.\?.\?\79|\7A.\?.\?.\?.\?.\?.\?.\?.\?\7A|\\{.\?.\?.\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\?.\?\\}|\7E.\?.\?.\?.\?.\?.\?.\?.\?\7E|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?.\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?.\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?.\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?.\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?.\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?.\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?.\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)" }
:if ([:len [find name=skypetoskype]] > 0) do={ :put "already have skypetoskype" } else={ add name=skypetoskype regexp="^..\02............." }
:if ([:len [find name=counterstrike-source]] > 0) do={ :put "already have counterstrike-source" } else={ add name=counterstrike-source regexp="^\FF\FF\FF\FF.*cstrikeCounter-Strike" }
:if ([:len [find name=halflife2-deathmatch]] > 0) do={ :put "already have halflife2-deathmatch" } else={ add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.*hl2mpDeathmatch" }
:if ([:len [find name=freenet]] > 0) do={ :put "already have freenet" } else={ add name=freenet regexp="^\01[\08\09][\03\04]" }
:if ([:len [find name=battlefield2]] > 0) do={ :put "already have battlefield2" } else={ add name=battlefield2 regexp="^(\11\20\01...\?\11|\FE\FD.\?.\?.\?.\?.\?.\?(\14\01\06|\FF\FF\FF))|[]\01].\?battlefield2" }
:if ([:len [find name=napster]] > 0) do={ :put "already have napster" } else={ add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\?[0-9]\? \"[\09-\0D -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\09-\0D -~]+\")" }
:if ([:len [find name=soulseek]] > 0) do={ :put "already have soulseek" } else={ add name=soulseek regexp="^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$" }
:if ([:len [find name=xunlei]] > 0) do={ :put "already have xunlei" } else={ add name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)" }
:if ([:len [find name=ssl]] > 0) do={ :put "already have ssl" } else={ add name=ssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)" }
:if ([:len [find name=citrix]] > 0) do={ :put "already have citrix" } else={ add name=citrix regexp="\32\26\85\92\58" }
:if ([:len [find name=whois]] > 0) do={ :put "already have whois" } else={ add name=whois regexp="^[ !-~]+\0D\0A\$" }
:if ([:len [find name=dayofdefeat-source]] > 0) do={ :put "already have dayofdefeat-source" } else={ add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.*dodDay of Defeat" }
:if ([:len [find name=teamspeak]] > 0) do={ :put "already have teamspeak" } else={ add name=teamspeak regexp="^\F4\BE\03.*teamspeak" }
:if ([:len [find name=worldofwarcraft]] > 0) do={ :put "already have worldofwarcraft" } else={ add name=worldofwarcraft regexp="^\06\EC\01" }
:if ([:len [find name=ventrilo]] > 0) do={ :put "already have ventrilo" } else={ add name=ventrilo regexp="^..\?v\\\$\CF" }
:if ([:len [find name=http-rtsp]] > 0) do={ :put "already have http-rtsp" } else={ add name=http-rtsp regexp="^(get[\09-\0D -~]* Accept: application/x-rtsp-tunnelled|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*a=control:rtsp://)" }
:if ([:len [find name=thecircle]] > 0) do={ :put "already have thecircle" } else={ add name=thecircle regexp="^t\03ni.\?[\01-\06]\?t[\01-\05]s[\0A\0B](glob|who are you\$|query data)" }
:if ([:len [find name=uucp]] > 0) do={ :put "already have uucp" } else={ add name=uucp regexp="^\10here=" }
:if ([:len [find name=pcanywhere]] > 0) do={ :put "already have pcanywhere" } else={ add name=pcanywhere regexp="^(nq|st)\$" }
:if ([:len [find name=subversion]] > 0) do={ :put "already have subversion" } else={ add name=subversion regexp="^\\( success \\( 1 2 \\(" }
:if ([:len [find name=imesh]] > 0) do={ :put "already have imesh" } else={ add name=imesh regexp="^(post[\09-\0D -~]*<PasswordHash>................................</PasswordHash><ClientVer>|\34\80\?\0D\?\FC\FF\04|get[\09-\0D -~]*Host: imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\02(\01|\02)\83)" }
:if ([:len [find name=cimd]] > 0) do={ :put "already have cimd" } else={ add name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$" }
:if ([:len [find name=mohaa]] > 0) do={ :put "already have mohaa" } else={ add name=mohaa regexp="^\FF\FF\FF\FFgetstatus\0A" }
:if ([:len [find name=stun]] > 0) do={ :put "already have stun" } else={ add name=stun regexp="^[\01\02]................\?\$" }
:if ([:len [find name=tor]] > 0) do={ :put "already have tor" } else={ add name=tor regexp="TOR1.*<identity>" }
:if ([:len [find name=radmin]] > 0) do={ :put "already have radmin" } else={ add name=radmin regexp="^\01\01(\08\08|\1B\1B)\$" }
:if ([:len [find name=unset]] > 0) do={ :put "already have unset" } else={ add name=unset regexp="." }
:if ([:len [find name=chikka]] > 0) do={ :put "already have chikka" } else={ add name=chikka regexp="^CTPv1.[123] Kamusta.*\0D\0A\$" }
:if ([:len [find name=replaytv-ivs]] > 0) do={ :put "already have replaytv-ivs" } else={ add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*\23\23\23\23\23REPLAY_CHUNK_START\23\23\23\23\23)" }
:if ([:len [find name=armagetron]] > 0) do={ :put "already have armagetron" } else={ add name=armagetron regexp="YCLC_E|CYEL" }
0 x
radocicala píše:ste si isty? mne to skype pekne odchytava, i ked aj nieco navyse(ale moc toho zas nebude).
Tie pravidla je najlepsie kopirovat z originalnej stranky kde mas priamo viac na vyber:
http://l7-filter.sourceforge.net/protocols
treba tam vybrat viacero protokolov, konkretne na skype sa mi osvedcili skypeout, skypetoskype
PS: cin este ti tam chyba jedno pravidlo v mangle, omarkovat packety patriace voip, neviem ci si to zabudol tu poslat, alebo si to zabudol nastavit u seba.
Me skypeout l7 filtr detekuje vetsinu paketu pri prenosu souboru pres ftp po lokalni siti. Neni divu je tam hodne nejednoznacnych vzorku
A pri volani pres Skype zachyti maloktery paket.
0 x
co to ftp omanglovat drive a poslat do Qtree, pak se ti nemuze stat ze ti ho bude znacit i skypeout ne ? Chce to trochu odladit.
0 x
-
radocicala
- Příspěvky: 142
- Registrován: 18 years ago
Hej tak Maxik ono je dobre dat ako prve pravidla klasicke mangle(porty, all-p2p), potom posledne pravidla l7, treba sa s tym hrat, co je najvhodnejsie.
Tie l7 mas jedno ci to mas vyexportovane pomocou toho skriptu alebo priamo z tej stranky, je to to iste. I ked je dobre sledovat tu original stranku, niekedy tam pribudnu nove pravidla, a je tam viacero na vyber.
Zatazenie stupa v zavislosti od pravidla ake je narocne, kolko je l7 pravidiel a aky connect to markuje.
Tie l7 mas jedno ci to mas vyexportovane pomocou toho skriptu alebo priamo z tej stranky, je to to iste. I ked je dobre sledovat tu original stranku, niekedy tam pribudnu nove pravidla, a je tam viacero na vyber.
Zatazenie stupa v zavislosti od pravidla ake je narocne, kolko je l7 pravidiel a aky connect to markuje.
0 x
Maxik píše:L7 filtry jsem si nahazoval timhle skriptem jsou ty paterny atd funkcni kdo to pouziva? Jaky je rozdil v zatizeni CPU pri normalnim manglu + Qtree a pri pouzivani L7 na stejne masine ?
Co přesně dělá tento script? Potřebuji preferovat skype hovory. Čili aby nedocházelo k výpadkům při hovoru.. myslíš, že mi tento script bude užitečný? btw. na jakou verzi MT je script funkční ?
0 x
SEO, SEM, WISP MarekStejskal.cz
ten skript nahodi filtry L7 s jich paterny, pro priorizaci si udelej Qtree a omangluj si to podle potreby a priorizuj v qtree, viz demo - jen si tam do klasicikace pridej manglovani podle L7 jinak to je skoro stejny.
0 x