From: Ethan Sommer <sommere@mathcs.carleton.edu>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] layer-7 filtering is possible in linux ?
Date: Mon, 05 May 2003 03:49:02 +0000 [thread overview]
Message-ID: <marc-lartc-105210665706733@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105189230406660@msgid-missing>
I had actually hoped to wait about a week before announcing this, since
we aren't _quite_ ready to post the code yet, but since you asked....
take a look at http://l7-filter.sourceforge.net/
We've implemented a layer7 filter which takes regular expressions as
patterns and integrates fully into the Linux QoS structure. (it uses tc,
etc..) In our tests it seems to perform quite well. (although there are
still a few bugs to run down, but I hope we'll have them nailed down by
Friday or so...)
Here's the general structure of how we hope to release the code, just as
a sneak peak: (from our web page)
Our goal is go create a filter to classify packets based on application
(or "layer 7") data. This means that will will be able to classify
packets as HTTP, FTP, Gnucleus, etc, regardless of what port the
services are run on. Our filter will complement existing filters that
classify based on route, port numbers and so on.
Our project has three subparts:
1. A patch to the Linux kernel. This code does the actual classification.
2. A patch to the "tc" (traffic control) program. This program tells
the kernel how to filter.
3. A file with protocol definitions which tells the kernel what we
mean when we say "HTTP". This file is fed to the kernel via /proc.
The hope is that for the third part, we can get a lot of comminuty help.
The initial release will come with some protocol definitions as examples
(HTTP, POP, FTP etc...) but, since anyone with tcpdump (or who turns on
a flag in our code) can observe a protocol stream, and I'm sure many of
you understand basic regular expressions, I hope that we can quickly
build up a protocol definition library which rivals some of the
commercial packet-shaping options.
I'll keep you all posted as we release our first code (almost certainly
later in the week)
>In linux, I wonder if Layer-7 filtering is possible.
>
>
>
so the answer is... yes, and you can do it too in about a week.
Ethan Sommer
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-05-05 3:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-02 15:58 [LARTC] layer-7 filtering is possible in linux ? openings
2003-05-02 17:05 ` Stef Coene
2003-05-02 17:41 ` Craig Kelley
2003-05-02 17:54 ` Logu
2003-05-05 3:49 ` Ethan Sommer [this message]
2003-05-05 5:40 ` james jones
2003-05-22 19:33 ` N N Ashok
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105210665706733@msgid-missing \
--to=sommere@mathcs.carleton.edu \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.