Linux Layer 7 Filter

29
Aug
0
lin

the L7-Filter is different from the L7-Switch

過濾器不是交換器?

這個 netfilter 延伸模組可以新增 pattern 根據 URL 來貼標籤。但是貼了之後要做 redirect 不是很容易,主要是來不及改的問題,引述自 Linux Layer 7 FAQ :

L7-filter can't possibly identifiy what protocol a connection is using 
until it sees a packet with data in it.

要拆來看要爬到第四層以上,redirect 牽涉到第三層的問題,到了第四層要改第三層已經遲了,除非是 UDP 比較適用。

For TCP, this is the third packet, far too late to start redirecting anything. 
For UDP, it could work, providing that l7-filter gets enough data in the 
first packet to make a decision.

參考 Http Pattern 可以看到語法。

links

l7-filter

Jamyy weblog

LVS-HOWTO

打造 Linux 具有 L7-Filter Function?

【教學】Linux Layer 7 Netfilter QOS 實作成功紀錄

Coyote Linux 頻寬管制 (QoS) 設定教學

探討Qos頻寬管理器-解決塞車,搶頻寬,取代IP分享器

Comments

Leave a response

RSS feed for this post trackback uri

(leave url/email »)

   Preview comment