L7-filter is a classifier for Linux's Netfilter that identifies packets based on application layer data. It can classify packets as Kazaa, HTTP, Jabber, Citrix, BitTorrent, FTP, Gnucleus, eDonkey2000, etc., regardless of port. It complements existing classifiers that match on IP address, port numbers and so on.
Our intent is for l7-filter to be used in conjunction with Linux QoS to do bandwidth arbitration (“packet shaping”) or traffic accounting.
The 2.23 version of netfilter-layer7 has been released.
- Applied patch for kernel 2.6.35+ from Huascar Tejeda details
Download information: netfilter-layer7-v2.23.tar.gz MD5Sum: 10910b6173d18e426cb56ae7e1300eeb
The 0.12-beta1 of l7-filter userspace has been released.
- l7_connections map access locking patch from James King details
- getopt patch from Gavin Pryke details
- Memory leak plug patch from Florian Westphal details
Download information: l7-filter-userspace-0.12-beta1.tar.gz MD5Sum: 54e7e9efb031ff34bef1a452feceb175
A couple of protocol filter updates have been sent our way and are available via SVN.
We know that there might be some other updates floating around, so we invite you to send them to the developer list or firstname.lastname@example.org.
Phew… ClearOS Enterprise 5.2 has been released and we can spend more time taking care of l7-filter. In the next week or so, we'll post a proposal for how we can move the project forward over the months and years to come. Oh, and we'll also get that SVN server back up and running.
Though there are still a number of documents that need to be updated, the following tools are now active on clearfoundation.com:
- SVN server including a Web Viewer
- Mailing lists are ready if desired
- Includes patches for Linux 2.4 and 2.6
- Supports TCP, UDP and ICMP over IPv4
- Includes connection tracking of FTP, IRC, etc
- Examines data across multiple packets
- Provides run time tuning of the number of packets examined via /proc
- Provides module load time tuning of the number of bytes examined
- Distinguishes between new connections and old unidentified connections
- Provides access to both Netfilter and QoS (rate limiting) features
- Distinguishes between parent and child connections (e.g. ftp command/data) with Netfilter “helper” match
To download, visit the downloads page.
You can find links to all the relevant documentation on this web site, including:
You do not need to be a software developer to help the l7-filter project!
- Found a bug, typo or something out of date? Report and/or fix them.
- Write new patterns.
- Do performance testing and send us your results.
Submissions, complaints, criticism, praise, comments? l7-filter-developersATlists.sourceforge.net (you must subscribe first). Need help? l7-filter-users(a)lists.sf.net. You can also e-mail Darryl Sokoloski directly at email@example.com. Alternatively, bug reports, requests for features, and patches may be submitted through our bug tracker.
The original coders were Justin Levandoski, Ethan Sommer, and Matthew Strait, with support from Sebastian Celis, Andy Exley and Lillie Kittredge. The primary maintainer is now Darryl Sokoloski from ClearFoundation. l7-filter would not have been possible without the help from the community. Here is the full list of thank yous.
Front-ends that use l7-filter or portions.
Similar (open source/partially open source) projects
Computer code associated with l7-filter (including, but not limited to, programs, patches, the protocol definitions and the website code) is licensed under the GNU GPLv2.
Content associated with l7-filter that is not computer code (including, but not limited to, the human readable content of the l7-filter section of the web site, the offline documentation and the logo) is licensed under Creative Commons Attribution-ShareAlike 1.0.
Except where otherwise noted, content on this wiki is licensed under Creative Commons Attribution-ShareAlike 1.0