The pattern name is what you must use when issuing l7-filterĬommands.
Invite you to make the groups more complete by sendingĬorrections/additions to our mailing list. Group does not mean that it is specifically excluded from that group.įor instance, not every protocol without "secure" is insecure. Also, just because a protocol is not listed as being in a Not all groups that exist in the pattern files have icons shown on The nature of the changes may be a closely kept secret. Proprietary protocols can change at any time without
YAHOO MESSENGER 10 DOWNLOADING CODE
To change abruptly, but changes are likely to be publically documentedĪnd, of course, the source code can be read to learn about them as a Happen.) Open source non-standardized protocols are somewhat more likely (Although if programs misimplement them, anything can Highly unlikely to change behavior and break l7-filter's patterns How volatile these protocols are likely to be. Among other things, this is supposed to give some idea of Other groups indicate whether a protocol is documented in an IETF RFC, whether it is standardized by any officialīody, a non-standard but used primarily by open source programs, or For instance, anĪpplication could have a checkbox for "VoIP" rather than one for Skype, To select (or know about) each individual protocol. To treat a set of protocols in the same way without requiring the user Refer to what sort of purpose each protocol has. Protocols are marked as being in one or more "groups".
Subset: This pattern matches traffic which is a subset of the traffic matched by some other. See the pattern file for which other patterns are If it is ahead of one of these patterns in your iptables rules, the other patterns will never match. Superset: This pattern matches traffic which is a superset of the traffic that some other. (However, P2P protocol patterns are not considered to undermatch as long as they match downloads.) See the comments in the pattern file and/or wiki for For example, in a P2P protocol, it may only be able to match search requests, but not file Undermatching pattern: It is either hard or impossible to write a pattern for this. See the comments in the pattern file and/or wiki for specifics. With other matches, such as port or IP number. In other words, use of this pattern is likely to yield false positives, so you should probably only use it in conjunction That reliably matches only the intended protocol. Overmatching pattern: It is either hard or impossible to write a pattern for this protocol. Slow: >100 seconds (worst as of this writing was 1750s for the kernel library That is, its slowest patterns are faster and itsįastest patterns are slower than the kernel version. Note that the userspace version has a smaller Used in userspace (with the modern GNU library). When used in the kernel (with the old V8 regular expression library). The first speed shown for a pattern in the tables below is the speed It tests them against 122 samples of actual network data (as of the The protocol package includes a tool for testing pattern performance. What variety of situations the pattern has been tested and (4) whatįraction of identifiable traffic is identified correctly.įor details, read the pattern file or the protocol's wiki entry. Protocol is understood (2) how much the pattern has been tested (3) in Is a conglomerate measure of several things, including (1) how well the The "quality" gives a rough idea of how well the pattern works. To help add support for more protocols, see the Pattern Writing HOWTO. The easiest way to do this is to follow the Protocols are listed as needing more testing. These pages are out of date, but willīack to l7-filter main page L7-filter Supported Protocolsīelow is the list of supported protocols.
0 kommentar(er)
