From our web site ( http://l7-filter.sourceforge.net/ )
Our goal is go create a filter to classify packets based on application (or "layer 7") data. This means that will will be able to classify packets as HTTP, FTP, Gnucleus, etc, regardless of what port the services are run on. Our filter will complement existing filters that classify based on route, port numbers and so on.
...
Our project has three subparts:
1. A patch to the Linux kernel. This code does the actual classification.
2. A patch to the "tc" (traffic control) program. This program tells
the kernel how to filter.
3. A file with protocol definitions which tells the kernel what we
mean when we say "HTTP". This file is fed to the kernel via /proc.--- end of website quote ---
It currently works with the linux 2.5 kernel (we've done most of our testing on 2.5.58) but it should be easy to backport.
We currently have patterns for HTTP, FTP, POP3, IMAP, and (and I know this is the one you were waiting for) KaZaA!!
Please give it a try, let us know what you think (either through our sourceforge forums or by e-mailing me or this list.) We would also love to have lots of community involvement building up a database of patterns. Anyone who has used tcpdump and regular expressions before should be able to create a new pattern in under 15 minutes.
You can find out more at http://l7-filter.sourceforge.net/
Thanks, and I hope you all find our work useful,
Ethan J. Sommer
Other Developers: * Justin Levandoski * Matt Strait
