to start, I just wanted to say Im really happy that someone has started
this. i am a student and employee of the college i am attending.
Currently we have just under 100 dorm students using a single t1 in a NAT
enviroment. There are some bandwidth problems occuring due to the
uncontrolled use of p2p programs.
back in may i begun to search the net for existing linux applications or
developement for layer 7 support and found none. i vowed to start my own
kernel patch. after about a week of organizing my thoughts on paper i ran
accross your group. rather than re-inventing the wheel i abandoned the
idea of starting a patch myself. however, id like to help your group. ive
been looking through the patch and you have implemented many of the same
ideases such as regexing the first few packets and then marking the
connection to cut down on overhead.
one of the ideas i had you have already implemented to a certain extent. i
had also thought about adding a /proc device for users to input their own
regexes. however, in addition i was thinking about allowing the user to
choose what common protocols they wished to compile into the kernel.
looking something like this in the kernel config
[ ] Layer 7 Support
[ ] HTTP Identification
[ ] FTP Identification
[ ] SSH Identification
[ ] SSHv1 Identification
[ ] SSHv2 Identification
[ ] /proc/layer7 regex Interface
allowing the well know and well tested protocols to be statically built
in. if im anal about security I might wish to stop SSHv1 traffic but allow
SSHv2 traffic if all possible. or just identify SSH reguardless of
version.
right now im just looking and try to include some ideas for you. still
working on refreshing my C as i havent used it in a long time.
-fox
|