Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Layer 7 - adding regex

    Scheduled Pinned Locked Moved Traffic Shaping
    9 Posts 3 Posters 9.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      roymayr
      last edited by

      About a year ago,here (http://forum.pfsense.org/index.php/topic,33198.0.html) was suggested to add regex to be used in Layer 7 shaping…. (last comment).
      After reading and searching here and there, I have no idea how to do it.  Any help?

      1 Reply Last reply Reply Quote 0
      • R
        roymayr
        last edited by

        Since my bandwidth is being eaten by youtube fans, I was testing Layer 7 to shape it, using "httpvideo"… and probably it will help with other sites too.
        I wanted to do the same with FB and other sites.  That is why I'm trying to add regular expressions to the list, if possible, as suggested in the other topic.  But I don't know how to do it...

        thanks for any feedback on this.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Look in /usr/local/share/protocols at the .pat files there. You can copy one of those, change the name of the file (and the name inside the file) and put your regex there.

          Or if you have a file already, make sure it matches the format, and upload it in the L7 GUI.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • D
            demoso
            last edited by

            I would love a detailed explanation on how to do this also if someone would be so kind!  I currently have a bridged pfsense setup.  Firewall wide open and am only shaping traffic using the L7 protocols.  It works shaping traffic on youtube and other sites but not all video sites.  www.wwe.com is one of the sites that don't seem to be shaped.  So I would love to know how to create a regex file and place it in the proper directory to do this.

            Thanks!

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              As I said above, grab one of the existing pattern files, edit it to do what you want, then upload it in the L7 part of the GUI.

              It's really not all that hard, though you need to take care that the regex in the pattern is valid.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • D
                demoso
                last edited by

                Thanks for you help.  Okay I know where to put the file I just don't know how to edit it.  I know everything after # is a comment and the rest is the actual code I need to edit but I'm not sure what to put?  I put the exe.pat file below.  If you want tell me what I should change to shape www.wwe.com I would appreciate it!  Sorry complete noob!

                Executable - Microsoft PE file format.

                Pattern attributes: good notsofast notsofast subset

                Protocol groups: file

                Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE

                Thanks to Brandon Enright [bmenrighATucsd.edu]

                This pattern doesn't techincally match the PE file format but rather the

                MZ stub program Microsoft uses for backwards compatibility with DOS.

                That means this will correctly match DOS executables too.

                exe

                There are two different stubs used depending on the compiler/packer.

                Numerous NULL bytes have been stripped from this pattern.

                This pattern may be more efficient:

                \x4d\x5a\x90\x03\x04|\x4d\x5a\x50\x02\x04

                This is easier to understand:

                \x4d\x5a(\x90\x03|\x50\x02)\x04

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  If you need that much help to form a regex, I'm afraid I can't help you, and it's beyond the scope of this thread.

                  There are many files there so there are plenty of examples.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • R
                    roymayr
                    last edited by

                    @jimp:

                    Look in /usr/local/share/protocols at the .pat files there. You can copy one of those, change the name of the file (and the name inside the file) and put your regex there.

                    Or if you have a file already, make sure it matches the format, and upload it in the L7 GUI.

                    Thanks jimp!! This is exactly what I was looking/asking for.  Great.  Thanks a lot!

                    1 Reply Last reply Reply Quote 0
                    • R
                      roymayr
                      last edited by

                      Here is a link that was quite informative to me about Layer 7 and protocols: http://l7-filter.sourceforge.net/protocols
                      Of course, a reading about regular expressions is a must.  Thanks Google!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.