Layer 7 - adding regex
-
About a year ago,here (http://forum.pfsense.org/index.php/topic,33198.0.html) was suggested to add regex to be used in Layer 7 shaping…. (last comment).
After reading and searching here and there, I have no idea how to do it. Any help? -
Since my bandwidth is being eaten by youtube fans, I was testing Layer 7 to shape it, using "httpvideo"… and probably it will help with other sites too.
I wanted to do the same with FB and other sites. That is why I'm trying to add regular expressions to the list, if possible, as suggested in the other topic. But I don't know how to do it...thanks for any feedback on this.
-
Look in /usr/local/share/protocols at the .pat files there. You can copy one of those, change the name of the file (and the name inside the file) and put your regex there.
Or if you have a file already, make sure it matches the format, and upload it in the L7 GUI.
-
I would love a detailed explanation on how to do this also if someone would be so kind! I currently have a bridged pfsense setup. Firewall wide open and am only shaping traffic using the L7 protocols. It works shaping traffic on youtube and other sites but not all video sites. www.wwe.com is one of the sites that don't seem to be shaped. So I would love to know how to create a regex file and place it in the proper directory to do this.
Thanks!
-
As I said above, grab one of the existing pattern files, edit it to do what you want, then upload it in the L7 part of the GUI.
It's really not all that hard, though you need to take care that the regex in the pattern is valid.
-
Thanks for you help. Okay I know where to put the file I just don't know how to edit it. I know everything after # is a comment and the rest is the actual code I need to edit but I'm not sure what to put? I put the exe.pat file below. If you want tell me what I should change to shape www.wwe.com I would appreciate it! Sorry complete noob!
Executable - Microsoft PE file format.
Pattern attributes: good notsofast notsofast subset
Protocol groups: file
Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
Thanks to Brandon Enright [bmenrighATucsd.edu]
This pattern doesn't techincally match the PE file format but rather the
MZ stub program Microsoft uses for backwards compatibility with DOS.
That means this will correctly match DOS executables too.
exe
There are two different stubs used depending on the compiler/packer.
Numerous NULL bytes have been stripped from this pattern.
This pattern may be more efficient:
\x4d\x5a\x90\x03\x04|\x4d\x5a\x50\x02\x04
This is easier to understand:
\x4d\x5a(\x90\x03|\x50\x02)\x04
-
If you need that much help to form a regex, I'm afraid I can't help you, and it's beyond the scope of this thread.
There are many files there so there are plenty of examples.
-
Look in /usr/local/share/protocols at the .pat files there. You can copy one of those, change the name of the file (and the name inside the file) and put your regex there.
Or if you have a file already, make sure it matches the format, and upload it in the L7 GUI.
Thanks jimp!! This is exactly what I was looking/asking for. Great. Thanks a lot!
-
Here is a link that was quite informative to me about Layer 7 and protocols: http://l7-filter.sourceforge.net/protocols
Of course, a reading about regular expressions is a must. Thanks Google!
