L7-filter is a new packet classifier for the Linux kernel. Unlike other
classifiers, it doesn't just look at simple values such as port numbers.
Instead, it does regular expression matching on the application layer data to
determine what protocols are being used.
Since this classifier is much more processor and memory intensive than
others, we recommend that you only use it if you have reason to believe that
matching by port (or IP number, etc.) is insufficient for your purposes.
L7-filter is right for you if:
* You need to match any protocol that uses unpredictable ports
(peer-to-peer filesharing)
* You believe that significant traffic is being done on non-standard
ports (i.e. HTTP on port 1111)
Agree with one of those? Ok, then. There are three components to our project:
A kernel patch, an iptables patch, and protocol definition files. The
following sections explain how you deal with them all.
These directions are written for Linux 2.6.9 and later. They will need to be
adjusted slightly for Linux 2.4 and older versions of 2.6.
Reference
http://l7-filter.sourceforge.net/L7-HOWTO-Netfilter
http://phorum.vbird.idv.tw/viewtopic.php?t=18108
沒有留言:
張貼留言