Layer-7 Packet Classifier for Linux Userspace 0.11

A classifier for Linux's Netfilter that identifies packets
Layer-7 Packet Classifier for Linux is a classifier for Linux's Netfilter that identifies packets based on application layer data. It can classify packets as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., regardless of port. It complements existing classifiers that match on IP address, port numbers and so on.

Our intent is for l7-filter to be used in conjunction with Linux QoS to do bandwith arbitration ("packet shaping") or traffic accounting.

Main features:

  • Patches for Linux 2.4 and 2.6
  • Support for TCP, UDP and ICMP over IPv4
  • Uses Netfilter's connection tracking of FTP, IRC, etc
  • Examines data across multiple packets
  • Number of packets examined tunable on the fly through /proc
  • Number of bytes examined tunable at module load time
  • Distinguishes between new connections (those still being tested) and old unidentified connections
  • Gives access to both Netfilter and QoS (rate limiting) features
  • With the Netfilter "helper" match, you can distinguish between parent and child connections (e.g. ftp command/data)

last updated on:
May 30th, 2009, 14:17 GMT
developed by:
Ethan J. Sommer
license type:
GPL (GNU General Public License) 
ROOT \ System \ Networking


In a hurry? Add it to your Download Basket!

user rating 16



Rate it!
What's New in This Release:
  • Fixed compilation problem by moving include of < linux/netfilter.h > after < linux/types.h > and < netinet/in.h >.
read full changelog

Add your review!