Andraz Sraka wrote: > re > > On Thu, 2006-03-23 at 19:20 -0500, Jason Boxman wrote: > >> I like L7, but be sure you're ready to write some pattern matches. I've >> been >> using ipp2p[1] and it matches all my p2p traffic. ymmv of course. >> >> [1] http://www.ipp2p.org/ > > can newer 2.6 (2.6.15.x) kernels be patched with ipp2p ? As far as I've > compared the two them, the only difference (that I've noticed) is that > L7 uses patterns from userspace (written somewhere on file system); Sure. jasonb@rebecca:~$ uname -a Linux rebecca 2.6.15.5-20060312 #1 Sun Mar 12 21:39:12 EST 2006 i686 GNU/Linu I'm running the latest ipp2p beta on that without incident. The major difference I've found is that you can (and must) write your own patterns for L7. The stock patterns, at least for edonkey p2p, doesn't work. ipp2p works out-of-the-box with what it supports, but you have to hack C to make any changes. I can't code C anyway, so I won't be making any changes. Nor do I have time to perform package analysis on edonkey/Overnet/Kademila so L7 can match those packets for me as ipp2p does by default. So, ymmv as I said. Also, ipp2p must be used in conjunction with CONNMARK whereas you can simply -j CLASSIFY L7 and you're done. You probably want a CONNMARK paired up with ipp2p as it generally matches handshake packets only. The mark handles the rest. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
