From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nikolay Nikolaev Date: Thu, 24 Aug 2006 06:03:12 +0000 Subject: Re: [LARTC] Layer-7 don't work Message-Id: <44ED4120.3040404@vsu.by> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit To: lartc@vger.kernel.org Szymon Mroofka пишет: > Hi, > > I have simple question about Skype. What are the methods of selecting packets > which belongs to Skype?? > I know about 7layer but I don't belive that is only way. > Is 7layer realy good and stable solution for routers which must handle more > than 1000 users ? > Hi everybody! I use Layer-7 filter for hook packets like this : $ipt -t mangle -N SKYPE $ipt -t mangle -A SKYPE -j MARK --set-mark 41 $ipt -t mangle -A SKYPE -j LOG --log-prefix "IPT. SKYPE: " --log-ip-options $ipt -t mangle -A SKYPE -j IMQ .... .... .... $ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols --l7proto dns -j DNS ... $ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j SKYPE ... $ipt -t mangle -A PREROUTING -j OTHER the iptables -t mangle -L PREROUTING -n -v show it's correct, but I see in LOG and see this: Aug 23 10:57:16 gate kernel: IPT. SKYPE: IN=eth0 OUT= MAC=xx:xx:...xx SRC.10.0.114 DST.10.0.1 LEN0 TOS=0x04 PREC=0x00 TTLd ID=0 PROTO=UDP SPT2 DPT2 LEN0 etc... grep 162 /etc/services snmp-trap 162/tcp snmptrap # Traps for SNMP snmp-trap 162/udp snmptrap # Traps for SNMP it's not SKYPE, i think .... it is normal? my kernel 2.6.15, iptables v 1.3.5 all pathced, all modules is load. thx. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc