How To Set Up A Linux Layer 7 Packet Classifier On CentOS 5.1

Want to support HowtoForge? Become a subscriber!

Submitted by poustchi (Contact Author) (Forums) on Thu, 2008-07-31 16:36. :: CentOS | Kernel

How To Set Up A Linux Layer 7 Packet Classifier On CentOS 5.1

Introduction

This tutorial will walk you through setting up a Linux layer 7 packet classifier on CentOS 5.1, this can easily be adapted to any other Linux distribution out there.

L7-filter is a classifier for the Linux Netfilter that identifies packets based on patterns in application layer data. This allows correct classification of P2P traffics.
It can classify packets such as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., that uses unpredictable ports as well as standard protocols running on non-standard ports. It complements existing classifiers that match on IP address, port numbers and so on. http://l7-filter.sourceforge.net/

1) Download required packages

1.1) Download L7-filter kernel

wget http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.19.tar.gz

1.2) Download L7-filter userspace

wget http://downloads.sourceforge.net/l7-filter/l7-filter-userspace-0.7.tar.gz

1.3) Download L7-filter Protocol definitions

wget http://downloads.sourceforge.net/l7-filter/l7-protocols-2008-04-23.tar.gz

Important Note: Always download the latest version of L7-filter from http://sourceforge.net/project/showfiles.php?group_id=80085

1.4) Download Linux Iptables 1.4.0

wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.0.tar.bz2

1.5) Download Linux Kernel 2.6.26

wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.tar.bz2

2) Install L7-filter

Open a terminal and do

tar -xvf linux-2.6.26.tar.bz2

tar -xvf netfilter-layer7-v2.19.tar.gz

2.1) Apply patch to Linux kernel source

cd linux-2.6.26
patch -p1 < ../netfilter-layer7-v2.19/kernel-2.6.25-layer7-2.19.patch

2.2) Apply patch & install iptables 1.4.0

tar -xvf iptables-1.4.0.tar.bz2
cd iptables-1.4.0
patch -p1 < ../netfilter-layer7-v2.19/iptables-1.4-for-kernel-2.6.20forward-layer7-2.19.patch
chmod +x extensions/.layer7-test
make KERNEL_DIR=~/linux-2.6.26
make install KERNEL_DIR=~/linux-2.6.26

3) Installing protocol definitions

tar -xvf l7-protocols-2008-04-23.tar.gz
cd l7-protocols-2008-04-23
mkdir /etc/l7-protocols
cp protocols/* /etc/l7-protocols

4) Compiling & installing new linux kernel

cd linux-2.6.26
make menuconfig
make all
make modules_install
make install

Important Note:- You must enable the following options (these are correct for Linux 2.6.26, but they tend to move around a lot, so you may have to go hunting if you have a different kernel version):

* "Network packet filtering framework(Netfilter)" (Networking → Networking option)
* "Netfilter connection tracking support" (... → Network packet filtering framework(Netfilter) → Core Netfilter Configuration)
* "Connection tracking flow accounting" (on the same screen)
* Finally, "Layer 7 match support"
* Optional but highly recommended: Lots of other Netfilter options, notably "FTP support" and other matches. If you don't know what you're doing, go ahead and enable all of them.

5) Check GRUB setting

vim /etc/grub.conf

It must look like this:

default=0
timeout=3
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.26)
        root (hd0,0)
        kernel /vmlinuz-2.6.26 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.26.img
title CentOS (2.6.18-53.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.18-53.el5.img

6) Finally

Well we are done, restart the system and enjoy.

restart

7) Test l7-filter

iptables -m layer7 --help

Have fun!

add comment |

view as pdf |

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.

help me please config on centos 5.4

Submitted by Arnat (not registered) on Sun, 2010-03-21 05:55.

My steps are not successful, then I want to do the correct way.
Thank you.

reply |

view as pdf

help me please

Submitted by Arnat (not registered) on Sun, 2010-03-21 05:54.

My steps are not successful, then I want to do the correct way.
Thank you.

reply |

view as pdf

libipt_layer7.c:386:

Submitted by roka (not registered) on Wed, 2009-05-27 14:30.

i get this error when i try to following this toturial after i patch the iptables and write "mak"

plz any one can help me for this problem

libipt_layer7.c: In function قhelpق:
libipt_layer7.c:41: error: قIPTABLES_VERSIONق undeclared (first use in this function)
libipt_layer7.c:41: error: (Each undeclared identifier is reported only once
libipt_layer7.c:41: error: for each function it appears in.)
libipt_layer7.c: At top level:
libipt_layer7.c:53: warning: no previous prototype for قparse_protocol_fileق
libipt_layer7.c: In function قparse_protocol_fileق:
libipt_layer7.c:55: warning: declaration of قlineق shadows a global declaration
../include/iptables.h:15: warning: shadowed declaration is here
libipt_layer7.c: In function قpre_processق:
libipt_layer7.c:152: warning: declaration of قrindexق shadows a global declaration
/usr/include/string.h:308: warning: shadowed declaration is here
libipt_layer7.c: At top level:
libipt_layer7.c:206: warning: no previous prototype for قreadl7dirق
libipt_layer7.c:377: error: variable قlayer7ق has initializer but incomplete type
libipt_layer7.c:378: error: unknown field قnameق specified in initializer
libipt_layer7.c:378: warning: excess elements in struct initializer
libipt_layer7.c:378: warning: (near initialization for قlayer7ق)
libipt_layer7.c:379: error: unknown field قversionق specified in initializer
libipt_layer7.c:379: error: قIPTABLES_VERSIONق undeclared here (not in a function)
libipt_layer7.c:379: warning: excess elements in struct initializer
libipt_layer7.c:379: warning: (near initialization for قlayer7ق)
libipt_layer7.c:380: error: unknown field قsizeق specified in initializer
libipt_layer7.c:380: warning: excess elements in struct initializer
libipt_layer7.c:380: warning: (near initialization for قlayer7ق)
libipt_layer7.c:381: error: unknown field قuserspacesizeق specified in initializer
libipt_layer7.c:381: warning: excess elements in struct initializer
libipt_layer7.c:381: warning: (near initialization for قlayer7ق)
libipt_layer7.c:382: error: unknown field قhelpق specified in initializer
libipt_layer7.c:382: warning: excess elements in struct initializer
libipt_layer7.c:382: warning: (near initialization for قlayer7ق)
libipt_layer7.c:383: error: unknown field قparseق specified in initializer
libipt_layer7.c:383: warning: excess elements in struct initializer
libipt_layer7.c:383: warning: (near initialization for قlayer7ق)
libipt_layer7.c:384: error: unknown field قfinal_checkق specified in initializer
libipt_layer7.c:384: warning: excess elements in struct initializer
libipt_layer7.c:384: warning: (near initialization for قlayer7ق)
libipt_layer7.c:385: error: unknown field قprintق specified in initializer
libipt_layer7.c:385: warning: excess elements in struct initializer
libipt_layer7.c:385: warning: (near initialization for قlayer7ق)
libipt_layer7.c:386: error: unknown field قsaveق specified in initializer
libipt_layer7.c:386: warning: excess elements in struct initializer
libipt_layer7.c:386: warning: (near initialization for قlayer7ق)
libipt_layer7.c:387: error: unknown field قextra_optsق specified in initializer
libipt_layer7.c:388: warning: excess elements in struct initializer
libipt_layer7.c:388: warning: (near initialization for قlayer7ق)
libipt_layer7.c: In function قlibipt_layer7_initق:
libipt_layer7.c:392: warning: implicit declaration of function قregister_matchق
make[2]: *** [libipt_layer7.oo] Error 1
make[2]: Leaving directory `/usr/src/iptables-1.4.1.1/extensions'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/iptables-1.4.1.1'
make: *** [all] Error 2