DD-WRT QoS过滤器定义

2013-02-03 18:45:41 +0800


This is a dump of /etc/l7-protocols/* in DD-WRT, automatically formatted using a PHP script, so pardon its somewhat crude layout.

These are the definitions that DD-WRT uses to classify packets using the QoS filter. As you can see, it’s far more than just port numbers…

extra

audiogalaxy

^(\x45\x5f\xd0\xd5|\x45\x5f.*0.60(6|8)W)

gtalk

^<stream:stream to="gmail\.com"

http-dap

User-Agent: DA [678]\.[0-9]

http-freshdownload

User-Agent: FreshDownload/[456](\.[0-9][0-9]?)?

http-itunes

http/(0\.9|1\.0|1\.1).*(user-agent: itunes)

httpaudio

http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: audio)

httpcachehit

http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(x-cache: hit)

httpcachemiss

http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(x-cache: miss)

httpvideo

http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)

pressplay

user-agent: nsplayer

quicktime

user-agent: quicktime \(qtver=[0-9].[0-9].[0-9];os=[\x09-\x0d -~]+\)\x0d\x0a

snmp-mon

^\x02\x01\x04.+[\xa0-\xa3]\x02[\x01-\x04].?.?.?.?\x02\x01.?\x02\x01.?\x30

snmp-trap

^\x02\x01\x04.+\xa4\x06.+\x40\x04.?.?.?.?\x02\x01.?\x02\x01.?\x43

file_types

exe

\x4d\x5a(\x90\x03|\x50\x02)\x04

flash

[FC]WS[\x01-\x09]|FLV\x01\x05\x09

gif

GIF8(7|9)a

html

<html.*><head>

jpeg

\xff\xd8

mp3

\x49\x44\x33\x03

ogg

oggs.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?\x01vorbis

pdf

%PDF-1\.[0123456]

perl

\#! ?/(usr/(local/)?)?bin/perl

png

\x89PNG\x0d\x0a\x1a\x0a

postscript

%!ps

rar

rar\x21\x1a\x07

rpm

\xed\xab\xee\xdb.?.?.?.?[1-7]

rtf

\{\\rtf[12]

tar

ustar

zip

pk\x03\x04\x14

malware

code_red

/default\.ida\?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN­NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN­NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%­u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9­090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

nimda

GET (/scripts/root\.exe\?/c\+dir|/MSADC/root\.exe\?/c\+dir|/c/winnt/sys­tem32/cmd\.exe\?/c\+dir|/d/winnt/sys­tem32/cmd\.exe\?/c\+dir|/scripts/\.\.%5c\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir|/_vti_bin/\.\.%5c\.\./\.\.%5c\.\./\.\.%5c\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir|/_mem_bin/\.\.%5c\.\./\.\.%5c\.\./\.\.%5c\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir|/msadc/\.\.%5c\.\./\.\.%5c\.\./\.\.%5c/\.\.\xc1\x1c\.\./\.\.\xc1\x1c\.\./\.\.\xc1\x1c\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir|/scripts/\.\.\xc1\x1c\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir|/scripts/\.\.\xc0/\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir|/scripts/\.\.\xc0\xaf\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir|/scripts/\.\.\xc1\x9c\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir|/scripts/\.\.%35c\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir|/scripts/\.\.%35c\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir|/scripts/\.\.%5c\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir|/scripts/\.\.%2f\.\./winnt/sys­tem32/cmd\.exe\?/c\+dir)

protocols

100bao

^\x01\x01\x05\x0a

aim

^(\*[\x01\x02].*\x03\x0b|\*\x01.?.?.?.?\x01)|flapon|toc_signon.*0x

aimwebcontent

user-agent:aim/

applejuice

^ajprot\x0d\x0a

ares

^\x03[]Z].?.?\x05$

armagetron

YCLC_E|CYEL

battlefield1942

^\x01\x11\x10\|\xf8\x02\x10\x40\x06

battlefield2

^(\x11\x20\x01...?\x11|\xfe\xfd.?.?.?.?.?.?(\x14\x01\x06|\xff\xff\xff))|[]\x01].­?battlefield2

battlefield2142

^(\x11\x20\x01\x90\x50\x64\x10|\xfe\xfd.?.?.?\x18|[\x01\\].?battlefield2)

bgp

^\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff..?\x01[\x03\x0­4]

biff

^[a-z][a-z0-9]+@[1-9][0-9]+$

bittorrent

^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data\?fid=)|d1:ad2:id20:|\x08'7P\)[RP]

bt

^\x13bittorrent protocol|d1:ad2:id20:|\x08'7P\)[RP]|^\x04\x17\x27\x10\x19\x80|^get (.*)User-Agent: bittorrent|^azver\x01$|^get /(scrape|announce)\?info_hash=|^.?.?.?.?.?.?[0-9]_BitTorrent

bt1

^get (/task/bt/.*|/task_recommend.*|/issupported )http/*[\x09-\x0d -~]

bt2

^get (/announce.php\?info_hash=.*|/announce\?info_hash=.*|/announce.php\?passkey=.*|/announce\?passkey=.*|/\?info_hash=.*|/data\?fid=.*)http/*[\x09-\x0d -~]

bt3

^\x01

chikka

^CTPv1\.[123] Kamusta.*\x0d\x0a$

cimd

\x02[0-4][0-9]:[0-9]+.*\x03$

ciscovpn

^\x01\xf4\x01\xf4

citrix

\x32\x26\x85\x92\x58

clubbox

^get .*host: .*\.clubbox\.co\.kr

counterstrike-source

^\xff\xff\xff\xff.*cstrikeCounter-Strike

cvs

^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\x0a

dayofdefeat-source

^\xff\xff\xff\xff.*dodDay of Defeat

dazhihui

^(longaccoun|qsver2auth|\x35[57]\x30|\+\x10\*)

dhcp

^[\x01\x02][\x01- ]\x06.*c\x82sc

directconnect

^(\$mynick |\$lock |\$key )

dns

^.?.?.?.?[\x01\x02].?.?.?.?.?.?[\x01-?][a-z0-9][\x01-?a-z]*[\x02-\x06][a-z][a-z]­[fglmoprstuvz]?[aeop]?(um)?[\x01-\x10\x1c][\x01\x03\x04\xFF]

doom3

^\xff\xffchallenge

edonkey

^[\xc5\xd4\xe3-\xe5].?.?.?.?([\x01\x02\x05\x14\x15\x16\x18\x19\x1a\x1b\x1c\x20\x­21\x32\x33\x34\x35\x36\x38\x40\x41\x42\x43\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x­4f\x50\x51\x52\x53\x54\x55\x56\x57\x58[\x60\x81\x82\x90\x91\x93\x96\x97\x98\x99\­x9a\x9b\x9c\x9e\xa0\xa1\xa2\xa3\xa4]|\x59................?[ -~]|\x96....$)

fasttrack

^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]?[0-9]?[0-9]?

finger

^[a-z][a-z0-9\-_]+|login: [\x09-\x0d -~]* name: [\x09-\x0d -~]* Directory:

freegate_dns

\x05\x61\x7a\x78\x64\x66\x03\x63\x6f\x6d

freegate_http

^(get$|get $|get /$|get /g$|get /gw$|get /gwt$|get /gwt/.*gapvm\.dontexist)

freenet

^\x01[\x08\x09][\x03\x04]

ftp

^220[\x09-\x0d -~]*\x0d\x0aUSER[\x09-\x0d -~]*\x0d\x0a331

gkrellm

^gkrellm [23].[0-9].[0-9]\x0a$

gnucleuslan

gnuclear connect/[\x09-\x0d -~]*user-agent: gnucleus [\x09-\x0d -~]*lan:

gnutella

^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh|foxy|mxie)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella.*content-type: application/x-gnutella|...................?lime)

goboogy

<peerplat>|^get /getfilebyhash\.cgi\?|^get /queue_register\.cgi\?|^get /getupdowninfo\.cgi\?

gogobox

^get .*host: .*.gogobox.com.tw

gopher

^[\x09-\x0d]*[1-9,+tgi][\x09-\x0d -~]*\x09[\x09-\x0d -~]*\x09[a-z0-9.]*\.[a-z][a-z].?.?\x09[1-9]

gtalk1

^\x80\x4c\x01\x03\x01\x33\x10\x04\x05\x0a\x01\x80\x07.\x03\x80\x09\x06\x40\x64\x­62\x03\x06\x02\x80\x04\x80\x13\x12\x63

gtalk2

^(get|post) (/mail/channel/bind\?|/talkgadget/popout?.*host: talkgadget.google.com)

gtalk_file

^\x02\xf0

gtalk_file_1

^get /create_session .*x-google-relay-auth.*x-session-type .*/session/share

gtalk_vista

^<stream:.*gmail.com.*jabber:client

guildwars

^[\x04\x05]\x0c.i\x01

h323

^\x03..?\x08...?.?.?.?.?.?.?.?.?.?.?.?.?.?.?\x05

halflife2-deathmatch

^\xff\xff\xff\xff.*hl2mpDeathmatch

hamachi1

^..\x01\x12

hddtemp

^\|/dev/[a-z][a-z][a-z]\|[0-9a-z]*\|[0-9][0-9]\|[cfk]\|

hotline

^....................TRTPHOTL\x01\x02

hotspot-shield

^.?\x20.*@metrofreefivpn\.com

http-rtsp

^(get[\x09-\x0d -~]* Accept: application/x-rtsp-tunnelled|http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d -~]*a=control:rtsp://)

http

http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\x09-\x0d -~]* http/[01]\.[019]

icq_file

\x82\x22\x44\x45\x53\x54

icq_file_1

^post /data\?.*filexfer

icq_file_2

filexfer

icq_login

^(\*\x01.?.?.?.?\x01$)|^get /hello http/(0\.9|1\.0|1\.1)[\x09-\x0d\ -~].*host: http\.proxy\.icq\.com|^get /hello(.*)host: .*\.icq\.com[\x09-\x0d\ -~]

ident

^[1-9][0-9]?[0-9]?[0-9]?[0-9]?[\x09-\x0d]*,[\x09-\x0d]*[1-9][0-9]?[0-9]?[0-9]?[0­-9]?(\x0d\x0a|[\x0d\x0a])?$

imap

^(\* ok|a[0-9]+ noop)

imesh

^(post[\x09-\x0d -~]*<PasswordHash>................................</PasswordHash><ClientVer>|\x34\x80?\x0d?\xfc\xff\x04|get[\x09-\x0d -~]*Host: imsh\.download-prod\.musicnet\.com|\x02[\x01\x02]\x83.*\x02[\x01\x02]\x83)

ipp

ipp://

irc

^(nick[\x09-\x0d -~]*user[\x09-\x0d -~]*:|user[\x09-\x0d -~]*:[\x02-\x0d -~]*nick[\x09-\x0d -~]*\x0d\x0a)

jabber

<stream:stream[\x09-\x0d ][ -~]*[\x09-\x0d ]xmlns=['"]jabber

kugoo

^(\x64.....\x70....\x50\x37|\x65.+)

live365

membername.*session.*player

liveforspeed

^..\x05\x58\x0a\x1d\x03

lpd

^(\x01[!-~]+|\x02[!-~]+\x0a.[\x01\x02\x03][\x01-\x0a -~]*|[\x03\x04][!-~]+[\x09-\x0d]+[a-z][\x09-\x0d -~]*|\x05[!-~]+[\x09-\x0d]+([a-z][!-~]*[\x09-\x0d]+[1-9][0-9]?[0-9]?|root[\x09-\x0d]+[!-~]+).*)\x0a$

mohaa

^\xff\xff\xff\xffgetstatus\x0a

msn-filetransfer

^(ver [ -~]*msnftp\x0d\x0aver msnftp\x0d\x0ausr|method msnmsgr:)

msnmessenger

ver [0-9]+ msnp[1-9][0-9]? [\x09-\x0d -~]*cvr0\x0d\x0a$|usr 1 [!-~]+ [0-9. ]+\x0d\x0a$|ans 1 [!-~]+ [0-9. ]+\x0d\x0a$

mute

^(Public|AES)Key: [0-9a-f]*\x0aEnd(Public|AES)Key\x0a$

napster

^(.[\x02\x06][!-~]+ [!-~]+ [0-9][0-9]?[0-9]?[0-9]?[0-9]? "[\x09-\x0d -~]+" ([0-9]|10)|1(send|get)[!-~]+ "[\x09-\x0d -~]+")

nbns

\x01\x10\x01|\)\x10\x01\x01|0\x10\x01

ncp

^(dmdt.*\x01.*(""|\x11\x11|uu)|tncp.*33)

netbios

\x81.?.?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][­A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][­A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]

nntp

^(20[01][\x09-\x0d -~]*AUTHINFO USER|20[01][\x09-\x0d -~]*news)

ntp

^([\x13\x1b\x23\xd3\xdb\xe3]|[\x14\x1c$].......?.?.?.?.?.?.?.?.?[\xc6-\xff])

openft

x-openftalias: [-)(0-9a-z ~.]

pcanywhere

^(nq|st)$

poco

^\x80\x94\x0a\x01....\x1f\x9e

pop3

^(\+ok |-err )

pplive

\x01...\xd3.+\x0c.$

pre_icq_login

^(\*|get)

pre_msn_login

^(ver|get|post)

pre_urlblock

^get

pre_yahoo_login

^(ymsg|ypns|yhoo|post)

qianlong

^\x24\x1c

qq

^.?.?\x02.+\x03$

qqdownload_1

^\x02.*\x38.\x87\x58\xea.\x82\x08.*\x03$

qqdownload_2

^\xfe

qqdownload_3

^(get|post) /.*http/*[\x09-\x0d -~].*host: (.*\.soso.com|121.14.74.41)[\x09-\x0d -~]

qqfile

^(post|get) /\?ver=.*user-agent: qqclient\x0d\x0a

qqgame

\x31\x32\x33\x34\x35\x36\x37\x38

qqlive

^\x02

qqlive2

^get /.*\.video\.qq\.com/flv

qq_login

^(.?\x02.+\x03$|(\x01|\x03).+\x02.+\x03$)

qq_login_1

^.?.?\x02.*\x03$

qq_tcp_file

^\x04.*\x03$

qq_udp_file

^\x03\x01\x65

quake-halflife

^\xff\xff\xff\xffget(info|challenge)

quake1

^\x80\x0c\x01quake\x03

radmin

^\x01\x01(\x08\x08|\x1b\x1b)$

rdp

rdpdr.*cliprdr.*rdpsnd

replaytv-ivs

^(get /ivs-IVSGetFileChunk|http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d -~]*\x23\x23\x23\x23\x23REPLAY_CHUNK_START\x23\x23\x23\x23\x23)

rlogin

^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]?[0-9]?[0-9]?00

rtp

^\x80[\x01-"-\x7f\x80-\xa2\xe0-\xff]?……….*\x80`

rtsp

rtsp/1.0 200 ok

runesofmagic

^\x10\x03...........\x0a\x02.....\x0e

shoutcast

^get /.*icy-metadata:1|icy [1-5][0-9][0-9] [\x09-\x0d -~]*(content-type:audio|icy-)

sip

^(invite|register|cancel|message|subscribe|notify) sip[\x09-\x0d -~]*sip/[0-2]\.[0-9]

skypeout

^(\x01.?.?.?.?.?.?.?.?\x01|\x02.?.?.?.?.?.?.?.?\x02|\x03.?.?.?.?.?.?.?.?\x03|\x0­4.?.?.?.?.?.?.?.?\x04|\x05.?.?.?.?.?.?.?.?\x05|\x06.?.?.?.?.?.?.?.?\x06|\x07.?.?­.?.?.?.?.?.?\x07|\x08.?.?.?.?.?.?.?.?\x08|\x09.?.?.?.?.?.?.?.?\x09|\x0a.?.?.?.?.­?.?.?.?\x0a|\x0b.?.?.?.?.?.?.?.?\x0b|\x0c.?.?.?.?.?.?.?.?\x0c|\x0d.?.?.?.?.?.?.?­.?\x0d|\x0e.?.?.?.?.?.?.?.?\x0e|\x0f.?.?.?.?.?.?.?.?\x0f|\x10.?.?.?.?.?.?.?.?\x1­0|\x11.?.?.?.?.?.?.?.?\x11|\x12.?.?.?.?.?.?.?.?\x12|\x13.?.?.?.?.?.?.?.?\x13|\x1­4.?.?.?.?.?.?.?.?\x14|\x15.?.?.?.?.?.?.?.?\x15|\x16.?.?.?.?.?.?.?.?\x16|\x17.?.?­.?.?.?.?.?.?\x17|\x18.?.?.?.?.?.?.?.?\x18|\x19.?.?.?.?.?.?.?.?\x19|\x1a.?.?.?.?.­?.?.?.?\x1a|\x1b.?.?.?.?.?.?.?.?\x1b|\x1c.?.?.?.?.?.?.?.?\x1c|\x1d.?.?.?.?.?.?.?­.?\x1d|\x1e.?.?.?.?.?.?.?.?\x1e|\x1f.?.?.?.?.?.?.?.?\x1f|\x20.?.?.?.?.?.?.?.?\x2­0|\x21.?.?.?.?.?.?.?.?\x21|\x22.?.?.?.?.?.?.?.?\x22|\x23.?.?.?.?.?.?.?.?\x23|\$.­?.?.?.?.?.?.?.?\$|\x25.?.?.?.?.?.?.?.?\x25|\x26.?.?.?.?.?.?.?.?\x26|\x27.?.?.?.?­.?.?.?.?\x27|\(.?.?.?.?.?.?.?.?\(|\).?.?.?.?.?.?.?.?\)|

skypetoskype

^..\x02.............

smb

\xffsmb[\x72\x25]

smtp

^220[\x09-\x0d -~]* (e?smtp|simple mail)

snmp

^\x02\x01\x04.+([\xa0-\xa3]\x02[\x01-\x04].?.?.?.?\x02\x01.?\x02\x01.?\x30|\xa4\­x06.+\x40\x04.?.?.?.?\x02\x01.?\x02\x01.?\x43)

socks

\x05[\x01-\x08]*\x05[\x01-\x08]?.*\x05[\x01-\x03][\x01\x03].*\x05[\x01-\x08]?[\x­01\x03]

soribada

^GETMP3\x0d\x0aFilename|^\x01.?.?.?(\x51\x3a\+|\x51\x32\x3a)|^\x10[\x14-\x16]\x1­0[\x15-\x17].?.?.?.?$

soulseek

^(\x05..?|.\x01.[ -~]+\x01F..?.?.?.?.?.?.?)$

ssdp

^notify[\x09-\x0d ]\*[\x09-\x0d ]http/1\.1[\x09-\x0d -~]*ssdp:(alive|byebye)|^m-search[\x09-\x0d ]\*[\x09-\x0d ]http/1\.1[\x09-\x0d -~]*ssdp:discover

ssh

^ssh-[12]\.[0-9]

ssl

^(.?.?\x16\x03.*\x16\x03|.?.?\x01\x03\x01?.*\x0b)

stun

^[\x01\x02]................?$

subspace

^\x01....\x11\x10........\x01$

subversion

^\( success \( 1 2 \(

teamfortress2

^\xff\xff\xff\xff.....*tfTeam Fortress

teamspeak

^\xf4\xbe\x03.*teamspeak

teamviewer

^\x17

teamviewer1

^(post|get) /d(out|in).aspx?.*client=dyngate

telnet

^\xff[\xfb-\xfe].\xff[\xfb-\xfe].\xff[\xfb-\xfe]

tesla

\x03\x9a\x89\x22\x31\x31\x31\.\x30\x30\x20\x42\x65\x74\x61\x20|\xe2\x3c\x69\x1e\­x1c\xe9

tftp

^(\x01|\x02)[ -~]*(netascii|octet|mail)

thecircle

^t\x03ni.?[\x01-\x06]?t[\x01-\x05]s[\x0a\x0b](glob|who are you$|query data)

thunder5_see

^(get|post) /.*http/*[\x09-\x0d -~].*host: .*\.xunlei.com[\x09-\x0d -~]

thunder5_tcp

^((^get .*http/1\.1\x0d\x0aaccept: \*/\*\x0d\x0acache-control: no-cache\x0d\x0aconnection: keep-alive\x0d\x0a.*pragma: no-cache\x0d\x0a.*user-agent: mozilla/4\.0 \(compatible; msie 6\.0; windows nt 5\.1; sv1; \.net clr 1\.1\.4322; \.net clr 2\.0\.50727\)\x0d\x0a\x0d\x0a$)|(post (/.*http/*[\x09-\x0d -~].*host: .*sandai.­net|/ http/1\..\x0d\x0ahost: .*:80\x0d\x0acontent-type: application/octet-stream\x0d\x0a)))

tonghuashun

^(GET /docookie\.php\?uname=|\xfd\xfd\xfd\xfd\x30\x30\x30\x30\x30)

tor

TOR1.*<identity>

tsp

^[\x01-\x13\x16-$]\x01.?.?.?.?.?.?.?.?.?.?[ -~]+

unknown

(Nothing there!)

unset

uucp

^\x10here=

validcertssl

^(.?.?\x16\x03.*\x16\x03|.?.?\x01\x03\x01?.*\x0b).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\.net limited)

ventrilo

^..?v\$\xcf

vnc

^rfb 00[1-9]\.00[0-9]\x0a$

webmail_163

^(get|post) .*host:.*\.mail\.(163\.com|126\.com|yeah\.net)\x0d\x0a

webmail_gmail

get (http://mail.google.com/mail/|/mail/)?.*host: mail\.google\.com\x0d\x0a

webmail_hinet

^post ((http://webmail\.hinet\.net/login\.do|/login\.do).*host: webmail\.|(http://webmail1\.hinet\.net/cgi-bin/login\.cgi|/cgi-bin/login\.cgi).*host: webmail1\.)hinet\.net\x0d\x0a

webmail_hotmail

^get (http://.*mail\.live\.com/mail/|/mail/).*host: .*mail\.live\.com\x0d\x0a

webmail_pchome

^(post|get) .*host: mail.pchome.com.tw\x0d\x0a

webmail_qq

^(get|post) /cgi-bin/login.*host:.*(\.mail\.qq|\.foxmail)\.com\x0d\x0a

webmail_seednet

^(post|get) .*host: webmail.seed.net.tw

webmail_sina

^(post|get) .*host: (mail\.sina\.com\.cn|mp\.sina\.com\.tw)\x0d\x0a

webmail_sohu

^(get|post) .*host: .*mail\.sohu\.com\x0d\x0a

webmail_tom

^(get|post).*host: (login\.mail|pass)\.tom.com\x0d\x0a

webmail_url

^post (http://www\.url\.com\.tw/sgllogon/|/sgllogon/)sgllogon\.asp.*host: www\.url\.com\.tw\x0d\x0a

webmail_yahoo

get (http://.*mail\.yahoo\.com/ym/login|/ym/login)?.*host: .*mail\.yahoo\.com\x0d\x0a

webmail_yam

^(get|post).*host: mail.yam.com

whois

^[ !-~]+\x0d\x0a$

worldofwarcraft

^\x06\xec\x01

x11

^[lb].?\x0b

xboxlive

^\x58\x80........\xf3|^\x06\x58\x4e

xunlei

^([()]|get)(...?.?.?(reg|get|query)|.+User-Agent: (Mozilla/4\.0 \(compatible; (MSIE 6\.0; Windows NT 5\.1;? ?\)|MSIE 5\.00; Windows 98\))))|Keep-Alive\x0d\x0a\x0d\x0a[26]

yahoo

^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[lwt].*\xc0\x80

yahoo_camera

^(ymsg(.*)ystatus=1..47..0|ymsg(.*)49..webcaminvite)

yahoo_file

^(get|post) /relay\?(.*domain=\.yahoo\.com|token=.*recver=)

yahoo_login

^(ymsg|ypns|yhoo).?.?.?.?.?.?.?[a-z]+|^post(.*)(ymsg|ypns|yhoo).?.?.?.?.?.?.?[a-­z]+

yahoo_voice

^ymsg.?.?.?.?.?.?.?[j]+

zmaap

^\x1b\xd7\x3b\x48[\x01\x02]\x01?\x01

PHP source code of formatting script

<?php
if (isset($_FILES["zipfile"]["name"])) {
	$zipfile = zip_open($_FILES["zipfile"]["tmp_name"]);
	if (!$zipfile) {
		echo 'Not a ZIP file uploaded. Aborting.';
		break 2;
	}
	while ($file = zip_read($zipfile)) {
		$filepath = zip_entry_name($file);
		$fh = zip_entry_open($zipfile,$file);
		$path = explode('/',$filepath);
		$path = array_map('trim',$path);
		$last = end($path);
		if (!empty($last)) {
			$script = trim(zip_entry_read($file));
			$eval = '$root';
			foreach ($path as $bit) {
				if ($bit == $last) $bit = substr($bit,0,-4);
				$eval .= '[\''.addslashes($bit).'\']';
			}
			// yes, I know, eval is evil, but it's the only easy way to allow for
			//  dynamic array generation based on path level. plus, addslashes. it's ok.
			$eval .= '= $script;';
			eval($eval);
		}
	}
	zip_close($zipfile);
	var_dump($root);
	echo '<hr><pre>';
	$category = array_keys($root);
	foreach ($category as $thiscat) {
		echo "== $thiscat ==\r\n";
		foreach ($root[$thiscat] as $type => $regex) {
			echo "; $type\r\n";
			if (strpos($regex,"\r\n")) $regex = explode("\r\n",$regex);
			else $regex = explode("\n",$regex);
			if (isset($regex[1])) $regex = htmlspecialchars($regex[1]);
			else $regex = '(Nothing there!)';
			echo ': &lt;nowiki&gt;';
			while (strlen($regex) > 0) {
				$chunk = substr($regex,0,80);
				if ((strlen($chunk) == 80) && !strpos($chunk,' ')) $chunk .= '&shy;';
				echo htmlspecialchars($chunk);
				$regex = substr($regex,80);
			}
			echo "&lt;/nowiki&gt;\r\n";
		}
	}
	echo '</pre>';
}
?>
build l7-protocols page from zipped folder structure here...<br>
<form method="POST" enctype="multipart/form-data">
<input type="file" name="zipfile"><br>
<input type="submit">
</form>

原文:http://www.dd-wrt.com/wiki/index.php/QoS_Filter_Definitions


上一篇:[转]刷新第三方版本DD-WRT&TOMATO后大内存激活命令

下一篇:如何实现端口转发