Re: [LARTC] Layer-7 don't work

Re: [LARTC] Layer-7 don't work

[Nikolay Nikolaev]

Szymon Mroofka пишет:
> Hi,
> 
> I have simple question about Skype. What are the methods of selecting packets 
> which belongs to Skype??
> I know about 7layer but I don't belive that is only way.
> Is 7layer realy good and stable solution for routers which must handle more 
> than 1000 users ? 
> 
Hi everybody!
I use Layer-7 filter for hook packets like this :

$ipt -t mangle -N SKYPE
$ipt -t mangle -A SKYPE -j MARK --set-mark 41
$ipt -t mangle -A SKYPE -j LOG --log-prefix "IPT. SKYPE: " --log-ip-options
$ipt -t mangle -A SKYPE -j IMQ
....
....
....
$ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols 
--l7proto dns -j DNS
...
$ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols 
--l7proto skypetoskype -j SKYPE
...
$ipt -t mangle -A PREROUTING -j OTHER

the iptables -t mangle -L PREROUTING -n -v show it's correct,
but I see in LOG and see this:
Aug 23 10:57:16 gate kernel: IPT. SKYPE: IN=eth0 OUT= MAC=xx:xx:...xx 
SRC\x10.10.0.114 DST\x10.10.0.1 LEN\x140 TOS=0x04 PREC=0x00 TTLd ID=0 
PROTO=UDP SPT\x162 DPT\x162 LEN\x120
etc...

grep 162 /etc/services
snmp-trap       162/tcp         snmptrap        # Traps for SNMP
snmp-trap       162/udp         snmptrap        # Traps for SNMP

it's not SKYPE, i think .... it is normal?

my kernel 2.6.15, iptables v 1.3.5 all pathced, all modules is load.
thx.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Layer-7 don't work

[Jason Boxman]

Nikolay Nikolaev wrote:
<snip>
> it's not SKYPE, i think .... it is normal?

Yes.  L7 relies on packet heuristics, so it may not always match the packets
you're looking for.  Some patterns are easier to discover and match than
others.



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc