Menu
▾
▴
Re: [Devil-Linux-discuss] P2p traffic filtering
|
From: Serge L. <fi...@in...> - 2007-07-31 10:34:47
|
Hi, Mgr. Motycka Jiri wrote: ... > but my syslog started to fill up with some strange errors and packet > lists like this: > > Jul 30 14:19:27 aaa@Devil kernel: layer7: regexec positive: http! > Jul 30 14:19:27 aaa@Devil kernel: > Jul 30 14:19:27 aaa@Devil kernel: l7-filter gave up after 625 bytes (11 > packets): .... > Isn't here (in layer7 kernel module) swithed on some debuging? Yes, obviously layer7 kernel module is compiled with debug. I guess we have to disable this. > What does the message "l7-filter gave up after XXX bytes (YY packets)" > means? > Does anybody knows ? It means that filter was able to classify traffic only after 11 packets ( 625 bytes) had been captured. Since l7-filter functionality is based on traffic inspection it's unable to classify one immediately - only after some preprocessing. So exactly this kernel module writes to log. -- Serge Leschinsky |
