From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arik Raffael Funke Date: Wed, 19 Apr 2006 18:14:18 +0000 Subject: [LARTC] Re: Matching with Layer7 vs. IPP2P Message-Id: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org L7 compiled fine on Fedora Core 4 with kernel 2.6.12.6 with following procedure: 1. patched kernel sources with ipp2p using patch-o-matic-ng 2. patched kernel with the patch file from l7 3. patched iptables-1.3.5 with l7 4. make/install iptables 5. make/install kernel I had to adjust the destination directories for iptables to fit Fedora's convention. Best regards, Arik Jandre Olivier wrote: > I was just about to post the same post, > > I currently use ipp2p and it works pretty well, It just doesnt seem to > track morpheous(fasttrack) protocols, otherwise it works pretty well. I > have quite alot of connections and havent seen any performance issues. > My next step is to add L7 as well with ipp2p to completely block/shape p2p. > > However I find L7 bit more tricky than ipp2p to compile > Cannot comment on L7 > > J > > > Arik Raffael Funke wrote: >> Hi, >> >> can anybody comment on the cost of matching with IPP2P vs. Layer7. >> >> Also, does a iptables rule with more complicated matching mechanism >> also slow down processing if all the packets are matched before they >> reach the rule. I.e. is the mere existence of a potentially costly >> rule already slowing down processing or only if packets are actually >> processed by it? >> >> Thanks very much in advance. >> >> Best regards, >> Arik _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc