take a look at http://l7-filter.sourceforge.net/
We've implemented a layer7 filter which takes regular expressions as patterns and integrates fully into the Linux QoS structure. (it uses tc, etc..) In our tests it seems to perform quite well. (although there are still a few bugs to run down, but I hope we'll have them nailed down by Friday or so...)
Here's the general structure of how we hope to release the code, just as a sneak peak: (from our web page)
Our goal is go create a filter to classify packets based on application (or "layer 7") data. This means that will will be able to classify packets as HTTP, FTP, Gnucleus, etc, regardless of what port the services are run on. Our filter will complement existing filters that classify based on route, port numbers and so on.
Our project has three subparts:
1. A patch to the Linux kernel. This code does the actual classification.
2. A patch to the "tc" (traffic control) program. This program tells
the kernel how to filter.
3. A file with protocol definitions which tells the kernel what we
mean when we say "HTTP". This file is fed to the kernel via /proc.The hope is that for the third part, we can get a lot of comminuty help. The initial release will come with some protocol definitions as examples (HTTP, POP, FTP etc...) but, since anyone with tcpdump (or who turns on a flag in our code) can observe a protocol stream, and I'm sure many of you understand basic regular expressions, I hope that we can quickly build up a protocol definition library which rivals some of the commercial packet-shaping options.
I'll keep you all posted as we release our first code (almost certainly later in the week)
In linux, I wonder if Layer-7 filtering is possible.
so the answer is... yes, and you can do it too in about a week.
Ethan Sommer
