Hi, Andraz Sraka wrote: > re > > On Thu, 2006-03-23 at 19:20 -0500, Jason Boxman wrote: > > >>I like L7, but be sure you're ready to write some pattern matches. I've been >>using ipp2p[1] and it matches all my p2p traffic. ymmv of course. >> >>[1] http://www.ipp2p.org/ > > > can newer 2.6 (2.6.15.x) kernels be patched with ipp2p ? As far as I've > compared the two them, the only difference (that I've noticed) is that > L7 uses patterns from userspace (written somewhere on file system); Yes and no, l7filter uses regular expressions as pattern matches, which is slower and in some situations inaccurate. For exapmle you cannot compare one or two bytes with the packet length. example: http://l7-filter.sourceforge.net/layer7-protocols/protocols/edonkey.pat <snip> # God this is a mess. What an irritating protocol. # This will match about 1% of streams with random data in them! </snip> This means 1 % packets will be matched by l7filter as edonkey. So almost all longer connections will get matched as edonkey, which might make this filter unusable. ipp2p is specialized to match p2p traffic by high optimized worst case stable layer 7 matches. It also tries to avoid missdetections as good as possible. I think if you would like to do a complete traffic shaping for http,ftp,.., try l7filter. But for p2p, I would recommend ipp2p ! regards, Klaus, maintainer of ipp2p > > regards, > Andraz > > > ------------------------------------------------------------------------ > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
