root/src/router/l7/CHANGELOG

2009 05 28
Improved sip. Removed incorrect comment from unset.  Made standard 
number of iterations in test suite 100000 instead of 10000. Reran 
benchmarks on my new hardware, adjusted boundaries and recategorized 
patterns accordingly: 23 patterns were bumped one category slower for 
the kernel version and 3 (non-overlapping) patterns were bumped one 
category faster for the userspace version.

2009 05 10
Added runesofmagic, gtalk (in extra), dazhihui, tonghuashun.

2008 12 18
Improved/fixed rtp.

2008 11 23
Updated xunlei.  Added pplive, guildwars.

2008 11 08
Updates to xunlei, kugoo, bittorrent.  Added copyright lines to all 
pattern files.

2008 10 04
Fixed minor bug in chikka. Added possible new pattern for xunlei in 
comments.

2008 04 23
Testing for random matches with test_match.sh and the kernel library was 
completely broken.  It now actually works.  Added includes to testing 
programs for gcc 4.3 compatibility.  Updated qq.

2008 02 20
Added png.

2008 02 10
Added rtp (see comments in rtp.pat).

2008 01 16
Fixed and updated flash.  Added mp3.  Added possibly useful comments to kugoo.

2008 01 09
Fixed typo in skypeout.  This should slightly improve detection and prevent
a warning message.

2007 11 22
Added battlefield2142.

2007 11 03
Simplified imesh pattern in an attempt to avoid the kernel crash that 
some people have reported (but that I have not been able to duplicate).

Improved shoutcast pattern.  Now should actually work.

Reclassified imap, pop3, vnc, and irc to great.  (These haven't changed 
in a long time, I think I understand them quite well, and I've heard no 
complaints.)  Downgraded freenet to poor, since it almost certainly 
doesn't work (but I haven't retested it).

2007 10 10
Added liveforspeed.

2007 10 03
Added teamfortress2.  Fixed name of http-freshdownload.  Removed symlink 
tls.pat --> ssl.pat because it will be rejected when it checks the name.
Updated some comments.  Re-benchmarked all patterns and updated meta-info
in files.  Set boundaries for my 450MHz PIII at:

* Very fast: 0–2 seconds.
* Fast: 2–8 seconds.
* Not so fast: 8–100 seconds.
* Slow: >100 seconds

2007 07 27
Added documentation to ftp.  Added armagetron.

2007 06 22
Added replaytv-ivs.

2007 05 09
Fixed smtp pattern for userspace.

2007 01 14
Added cimd and chikka.  Added chikka data to testing suite.  Tweaks to testing
suite.

2007 01 13
Updated test suite for new pattern format.

Marked skypeout as an overmatch.

2007 01 08
Slightly improved performance of bittorrent pattern.  Fixed comment in 
msn-filetransfer.  Added userspace pattern format lines to smtp and x11.
The testing suite does NOT yet understand this format.

2007 01 04
Renamed testing to unset.

2007 01 03
Added radmin.

2006 12 12
Fixed some bugs in the testing programs.  Made rtf and skypeout valid 
for both henry and gnu.

2006 12 11
Reduced equifax part of validcertssl to just "equifax secure" and made 
sure it could match all of ssl if followed by a known certificate 
authority. Upgraded socks quality to "good". Improved battlefield2 by 
making it more liberal.

Extended test suite to include use of the GNU library which is used in the
new userspace version. Fixed a long-standing quoting bug which made it 
impossible to see matches if the regex got mangled by bash.  Updated all
speeds (included both libraries' speeds).  Noted several cases where the
existing pattern is not valid for GNU regexps.

2006 10 18
Added tor. Added more standard/proprietary/open_source groups, but moved
all such groups to the ends of the lines because they are less relevant
than others.

2006 09 24
Added stun.  Updated comments in msn-filetransfer and added an example to 
back them up.  Added ares and stun to testing/data/.

2006 09 10
Added some protocol categories.  Added skypeout data.  Added mohaa (Medal of
Honor Allied Assault).

2006 06 03
Improved "lime" packet detection in gnutella.  Fixed and/or tested
skypeout and skypetoskype, they now both work, at least with Skype
1.2.0.18_API on Linux, although skypeout is a rather severe overmatch
(but no longer an undermatch).

2006 05 29
Reformatted wiki links for webpage parsing.  Fixed gkrellm.  Moved
pressplay to extra/.  Renamed "pattern quality" "pattern attributes". 
Added the attributes "superset" and "subset".  Added http-freshdownload.
Downgraded skypeout to "marginal".

2006 05 21
Added http-dap and imesh.

2006 05 11
Added subversion.  Removed stray backslash from edonkey.

2006 04 09
Updated edonkey for some (apparently) new packet types.

2006 03 13
Improved bittorrent.  It, of course, does not match the new encrypted
streams, just more of the other stuff.  Edited edonkey, skypeout, tsp,
xunlei, battlefield2 to remove warnings about control characters. 
Mostly, this was just cosmetic, but in a few cases there were actually bugs.

2006 02 12
Updated WANTED.  Added uucp (ha!) and a VERY preliminary version of
pcanywhere.  Improved msnmessenger. It now catches actual conversations
and not just the logins.

2006 01 22
Modified dns and unknown so that they do not generate warnings about having
control characters or nulls in hex.
Improved dns.  Now it matches XXX.XXX.XXX.XXX.in-addr.arpa lookups and IPv6
queries.
Added thecircle.
Updated msnmessenger to handle MSN Messenger 7.5's HTTP encapsulation.

2006 01 17
Improved msnmessenger pattern slightly.  (I don't think it was causing
any problems, but it wasn't set up to catch connections that only
specified one version of MSNP.  This does _not_ address the possible issue
currently under discussion on the mailing list.)
Fixed ares, it had a regexp syntax error.

2006 01 15
ventrilo ok -> good, skypetoskype good -> marginal.
Improved gopher (it actually didn't work at all before, like anyone cared :-)).
Added wiki links to every pattern file.
Added http-rtsp.
Improved msn-filetransfer: now should match MSNSLP.
Updated comments in directconnect.

2006 01 08 17
Fixed stupid error in ventrilo.

2006 01 08
Socks marginal -> ok.  Added ventrilo.

2005 12 16
Tweaked "pattern group" metadata.  Reserved "networking" for protocols
that are really nuts and bolts like DNS, DHCP and BGP.  Clarified "internet
standard" (most actually aren't officially IETF standards).  Improved ares.

2005 12 14
Added teamspeak, worldofwarcraft.  Added preliminary "pattern group"
metadata to all of the patterns.

2005 11 20
Improved xunlei.

2005 11 05
Added dayofdefeat-source.

2005 09 12
Improved xunlei, applejuice, http.

2005 09 05
Added citrix, whois.  Added x11 data for testing.

2005 09 03
irc now allows MIRC color codes. Fixed commented out dns and nntp
patterns. Added a set of real data to speed testing program.
Corrected/updated speed ratings of finger, dns, gopher, ftp, smtp. Made
gnutella faster. Changed tls to ssl; it catches SSLv3 now. Improved
validcertssl: it's faster and catches more. Added speed comments to
napster and soulseek.

2005 08 24
Small improvements to napster (* --> +).
Added UDP junk to bittorent, but commented out until it's confirmed.
Added xunlei.

2005 08 10
Added soulseek. Noted that tsp can overmatch (saw it match soulseek).
Cleaned up pattern file headers.

2005 08 09
Added napster.  Made dhcp faster.

2005 08 06
Added "overmatch" to skypeout.  Improved gnutella (is much faster and no 
longer attempts to match gnutella web cache HTTP connections).

2005 07 28
Skypeout was too long, fixed.  Added checks in tests for this.  Added some
info to HOWTO.  Improved gnutella (picks up limewire wierdness).

2005 07 17
Changed license to dual GPL/CC, since we're using CC on protocolinfo.org.
Changed skypeout pattern to the scary long one, because the old one just
doesn't work.  Added battlefield2.  Added protocolinfo advertisements.

2005 06 17
Added freenet pattern.  Commented out old pattern in ares.  Fixed minor
typo in edonkey pattern.

2005 06 04
Improved ares.  Added note to ntp.

2005 05 27
Improved ntp.  Tinkered with the documentation.

2005 05 26
Added doom3 and ntp.  \0d --> \x0d in quicktime and msnmessenger.  Updated
commented out version of vnc.  Made irc much faster.

2005 05 25
Improved counterstrike and renamed it counterstrike-source for clarity.

2005 05 23
Realizing that "\x7c" is treated _exactly_ like "|" (and so forth):
\x7c --> \| in battlefield1942
\x2b --> \+ in soribada
\x2e --> \. in tesla
Added halflife2-deathmatch.

2005 05 19
Fixed rar (had the zip pattern by accident).  Fixed what I think was a typo
in finger '$' --> '^'.  Added trivial script, test_all.sh, to testing.

2005 05 18
Updated skype (split into skypeout and skypetoskype), counterstrike and
flash.  gnutella should now match gnutella 2.  Added zip, rar and exe. 
Fixed typo: rstp --> rtsp.  Tinkered with gopher.

2005 04 29
Reorganization.  No functional changes.

2005 04 26
Added soribada, ares.

2005 03 13
Added poco, qq, kugoo, 100bao (all Chinese things I've never heard of...).

2005 02 06
Added sip.  Tweaked "pattern quality" on a number of patterns.

2005 01 29
Improved ssh, it now matches both v1 and v2.

Improved and tested fasttrack.  It was overmatching in some cases, now
it isn't.

Moved audiogalaxy to extra/ as, from what I can tell, no one uses it (the 
program) anymore.

2005 01 20
- gnutella now matches UDP Gnutella packets as well as TCP.  
- Removed bearshare and winmx (just use gnutella).  
- Improved jabber.
- Trivial change to x11.
- Fixed httpaudio, httpvideo, httpcachehit and httpcachemiss, which were
all missing a [\x09-\x0d ].
- Added ssdp.
- Improved shoutcast.  Now matches Icecast too.

2005 01 17
Fixed http-itunes and battlefield1942 (file names didn't match protocol 
names in file...).  Improved yahoo.

2005 01 05
Added tls.

2004 12 29
Added xboxlive (or maybe just halo 2?).

2004 12 21
Obfuscated e-mail addresses and added some credits.

2004 12 08
Added battlefield1942.

2004 11 28
Added ^ to h323.

2004 11 22
Changed a \x18 to a . in h323.

2004 10 29
Removed "range: bytes=" from openft.  This caused false positives.
Added a cert authority to validcertssl and changed a . to a \.

2004 10 17
Added subspace and skype (skype pattern could use work).

2004 09 13
Added http-itunes and shoutcast.

2004 08 19
Added ciscovpn.  Improved irc (it now matches BitchX connections).

2004 07 07
Added bgp.  Added Makefile and spec file.

2004 07 05
Added msn-filetransfer, zmaap, lpd.  Added a program to test for false
matches. Removed mysql because it has too many false matches.

2004 07 01 
Cleaned up http (had an extraneous line).  Added httpaudio, httpvideo,
httpcachehit and httpcachemiss to extras.  Improved quake-halflife,
bittorrent.

2004 06 27
Fixed hddtemp.  Slight improvements to Yahoo, SMB.  Improvements to 
msnmessenger.  Added TSP.  Small bugfix in timeit.sh

2004 06 01
RDP fixed.  Quicktime added.  Added "extra" directory and moved anything that
was a subset of something else in there.

2004 04 22
The performance testing program didn't do \xHH escapes.  Now it does.

2004 03 24
Fixed gopher, openft.
Added goboogy, tesla, hotline.
Added performance testing program.

2004 02 23
Improved the speed of dns, aim, directconnect, gnutella, http, imap,
nntp, ncp, msnmessenger, audiogalaxy, snmp.  Still slow are (starting
with the worst):  ssh, fasttrack, validcertssl, aim, nbns, quake-halflife,
http, openft.  All the rest are at least 30 times faster than the fastest
of these.  (With Henry Spencer's regexp implementation, which is what we
currently use.)

2004 02 17
Improved HTTP.  Fixed and improved gnutella.  Added hddtemp.

2004 02 08
Added MUTE and openFT.

2004 01 06
Added audiogalaxy.  Improved gnutella.

2004 01 02
Changed quakeworld.pat to quake-halflife.pat .  Improved it (still untested,
though).

Changed kazaa.pat to fasttrack.pat.  Improved it.

2003 12 16
Added H.323.  Improved NNTP, Ident, DNS.
Added "pattern quality" lines to all patterns.

2003 12 11
Added VNC.

2003 12 09
Added jpg, gif, flash.  Updated file_types/README. 
Made edonkey work and moved it to weakpatterns.

2003 11 29
Added CVS.

2003 11 23
Changed directory structure.  All patterns are now in subdirectories.
Made sure that all filenames matched protocol names.  Noted patterns
that require multipacket support.  General cleanup.

2003 11 12
Updated HOWTO to include Netfilter version, etc.
Added comments regarding what I've learned from ipp2p (thanks to Eicke 
Friedrich)
Added applejuice, quake1, quakeworld.
Improved (fixed?) bittorrent.  

2003 10 24
Reverted to single packet ftp pattern. Minor revisions to malware/*

2003 10 08
Added eDonkey2000 pattern.  Added file_type directory (with html, ogg,
pdf, perl, ps, rpm, tar and rtf).  Added malware directory (with Code Red
and Nimda).

2003 09 26
I need to remember to include http in all the releases!  Sorry about that.
Added jabber.

2003 09 24
Added socks, nntp.

2003 09 22
Releases from here on should only be used with >=0.3.0 of the kernel patch
Some significant speed improvements (gopher is no longer slow enough to bring
down the machine when searching large strings) and some small accuracy 
improvements. 
Moved winmx and gopher to weakpatterns.  
Added snmp, snmp-mon and snmp-trap

2003 09 19
Added Samba, telnet.
Added weakpatterns directory, which now contains mysql, finger, netbios.  

2003 09 18
Added directconnect.

2003 09 15
Added biff.  Fixed pop3 again.  Improved SMTP.

2003 09 14
Added rlogin.

2003 09 12
Fixed pop3.  Improved HTTP.

2003 09 10
Added dns, gopher.

2003 09 05 
Improved x11, yahoo. Added bearshare.  Changed all patterns to use \xHH
notation instead of non-printable characters.  This release, therefore,
MUST be used only with version >= 0.2.0 of the kernel patch.

2003 08 28
Added irc, ident, x11.  Made a number of patterns more specific by adding
a '^' at the beginning of the line.  Could have also added some $s at the end
of lines, but in anticipation of matching across packets, didn't.
Improved HOWTO.  

2003 08 21
Added counterstrike, live365, pressplay, winmx. Fixed gkrellm.
Fixed several patterns that used uppercase letters, which can't ever
match.  Will fix the kernel patch soon so that this doesn't matter.
Got rid of the #s in files like this one.  They were annoying.  
Just use "*.pat" in your scripts instead of "*".
Added pattern writing HOWTO.
 
2003 08 19
Fixed ftp.  Added gkrellm. Simplified tftp.

2003 08 09
Fixed dhcp.  Added tftp.  Improved aim.

2003 08 08
Updated DHCP pattern. Improved pattern comments, including adding status
information (i.e. how well they work) for all the patterns. Added
LICENSE file so it's clear these are released as part of the code of the
l7-filter project.

2003 07 07
Added rdp.

2003 06 01
Added aim, bittorrent, nbns, ncp, dhcp, rstp, ipp, msnmessenger,
aimwebcontent.  Removed mohaa.

2003 05 23
Added gnucleuslan, validcertssl, counterstrike, gnutella, kazaa, smtp, mohaa.

2003 05 09
Cleaned up.

2003 05 07
This is the initial release.  Currently we have primitive detection of
ftp, http, imap, kazaa, pop3, and ssh. Expect future releases to include
both more patterns and better definitions for the above protocols.