From: Stef Coene <stef.coene@docum.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] help on Layer 7 with TC
Date: Mon, 28 Jul 2003 17:45:59 +0000 [thread overview]
Message-ID: <marc-lartc-105941454913720@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105937711108129@msgid-missing>
On Monday 28 July 2003 17:16, S Mohan wrote:
> I found some time ago that the u32 classifier can read any part of a
> packet - header and/or data section using the byte offset facility and
> action on match. If I understand correct, the Layer 7 filter patch does the
> same as P2P applications use the same ports as many other services but the
> payload is different. The filter has payload patterns that it searches for
> to identify the application. Maybe the Layer 7 filter patch searches
> without byte offset - meaning a substring kind of search and uses the
> boolean outcome for action trigger. Can this be then done using the u32
> filter itself?
Yes and no. It can maybe be done, but the l7 fitlering has a /proc interface
to update the patterns.
You can also use iptables to search for patterns and mark the packets.
But the l7 filter is smart. It only examines the first 7 packets of a
connection to find out the type. The other packets are considered as data.
This can be done because it can get the conntrack information from the
kernel, so it knows which packets belongs to which connection.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-07-28 17:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-28 7:37 [LARTC] help on Layer 7 with TC hare ram
2003-07-28 15:28 ` S Mohan
2003-07-28 17:45 ` Stef Coene [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105941454913720@msgid-missing \
--to=stef.coene@docum.org \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.