On 28/10/2012 08:20, Andrew Beverley wrote:
On Wed, 2012-10-24 at 23:53 +0100, Ed W wrote:
Hi all. There is an interesting project that was called opendpi
(originally by ipoque GmbH) and recently been forked and maintained by
the ntop guys under the nDPI label. It offers a new and currently
maintained layer 7 (L7) packet identification library.
That's great news.
I had a play with l7-filter some time ago, which I assume is similar to
nDPI. How do the 2 projects compare?
Actually, just to augment my last answer.
The biggest thing I pick out as "interesting" in nDPI is that it has a
go at inspecting SSL traffic and odd sub protocols of http (eg Skype,
Windows Update). Given that we are rapidly seeing everything start to
look like an HTTP protocol and then there is SSL on top, it's tricky to
classify stuff like Skype or Facebook traffic. nDPI can do this
(although would benefit from more work in this area). So if your SSL
certificate says mail.google.com, then you can guess the "protocol" in
use...
So if you want a one trick reason to try nDPI, right now you can use it
to block/prioritise/time-restrict Skype... (or Windows Update, etc)
I have a load of users on expensive satellite connections and I need to
help protect them from themselves so being able to prevent Windows
Update from banging 10MB down a $30/MB connection is very helpful. I
also use your squid patches to do sticky per user conntrack labelling of
traffic and hence enabling users to choose a traffic profile (so they
can choose to do the above if they really want to...)
Cheers
Ed W
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
