Layer-7 Packet Classifier for Linux is a classifier for Linux's Netfilter that identifies packets based on application layer data. It can classify packets as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., regardless of port. It complements existing classifiers that match on IP address, port numbers and so on.
Our intent is for l7-filter to be used in conjunction with Linux QoS to do bandwith arbitration ("packet shaping") or traffic accounting.
Here are some key features of "Layer-7 Packet Classifier for Linux Userspace":
· Patches for Linux 2.4 and 2.6
· Support for TCP, UDP and ICMP over IPv4
· Uses Netfilter's connection tracking of FTP, IRC, etc
· Examines data across multiple packets
· Number of packets examined tunable on the fly through /proc
· Number of bytes examined tunable at module load time
· Distinguishes between new connections (those still being tested) and old unidentified connections
· Gives access to both Netfilter and QoS (rate limiting) features
· With the Netfilter "helper" match, you can distinguish between parent and child connections (e.g. ftp command/data)
What's New in This Release: [ read full changelog ]
· Fixed compilation problem by moving include of < linux/netfilter.h > after < linux/types.h > and < netinet/in.h >.