How To Set Up A Linux Layer 7 Packet Classifier On CentOS 5.1

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Submitted by poustchi (Contact Author) (Forums) on Thu, 2008-07-31 16:36. :: CentOS | Kernel

How To Set Up A Linux Layer 7 Packet Classifier On CentOS 5.1

Introduction

This tutorial will walk you through setting up a Linux layer 7 packet classifier on CentOS 5.1, this can easily be adapted to any other Linux distribution out there.

L7-filter is a classifier for the Linux Netfilter that identifies packets based on patterns in application layer data. This allows correct classification of P2P traffics.
It can classify packets such as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., that uses unpredictable ports as well as standard protocols running on non-standard ports. It complements existing classifiers that match on IP address, port numbers and so on. http://l7-filter.sourceforge.net/

 

1) Download required packages

1.1) Download L7-filter kernel

wget http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.19.tar.gz

 

1.2) Download L7-filter userspace

wget http://downloads.sourceforge.net/l7-filter/l7-filter-userspace-0.7.tar.gz

 

1.3) Download L7-filter Protocol definitions

wget http://downloads.sourceforge.net/l7-filter/l7-protocols-2008-04-23.tar.gz

Important Note: Always download the latest version of L7-filter from http://sourceforge.net/project/showfiles.php?group_id=80085

 

1.4) Download Linux Iptables 1.4.0

wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.0.tar.bz2

 

1.5) Download Linux Kernel 2.6.26

wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.tar.bz2

 

2) Install L7-filter

Open a terminal and do

tar -xvf linux-2.6.26.tar.bz2

tar -xvf netfilter-layer7-v2.19.tar.gz

 

2.1) Apply patch to Linux kernel source

cd linux-2.6.26
patch -p1 < ../netfilter-layer7-v2.19/kernel-2.6.25-layer7-2.19.patch

 

2.2) Apply patch & install iptables 1.4.0

tar -xvf iptables-1.4.0.tar.bz2
cd iptables-1.4.0
patch -p1 < ../netfilter-layer7-v2.19/iptables-1.4-for-kernel-2.6.20forward-layer7-2.19.patch
chmod +x extensions/.layer7-test
make KERNEL_DIR=~/linux-2.6.26
make install KERNEL_DIR=~/linux-2.6.26

 

3) Installing protocol definitions

tar -xvf l7-protocols-2008-04-23.tar.gz
cd l7-protocols-2008-04-23
mkdir /etc/l7-protocols
cp protocols/* /etc/l7-protocols

 

4) Compiling & installing new linux kernel

cd linux-2.6.26
make menuconfig
make all
make modules_install
make install

Important Note:- You must enable the following options (these are correct for Linux 2.6.26, but they tend to move around a lot, so you may have to go hunting if you have a different kernel version):

* "Network packet filtering framework(Netfilter)" (Networking → Networking option)
* "Netfilter connection tracking support" (... → Network packet filtering framework(Netfilter) → Core Netfilter Configuration)
* "Connection tracking flow accounting" (on the same screen)
* Finally, "Layer 7 match support"
* Optional but highly recommended: Lots of other Netfilter options, notably "FTP support" and other matches. If you don't know what you're doing, go ahead and enable all of them.

 

5) Check GRUB setting

vim /etc/grub.conf

It must look like this:

default=0
timeout=3
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.26)
        root (hd0,0)
        kernel /vmlinuz-2.6.26 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.26.img
title CentOS (2.6.18-53.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.18-53.el5.img

 

6) Finally

Well we are done, restart the system and enjoy.

restart

 

7) Test l7-filter

iptables -m layer7 --help

Have fun!


Copyright © 2008 Sayyed Mehdi Poustchi Amin
All Rights Reserved.
add comment | view as pdf view as pdf | Display a printer-friendly version of this page. print |
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
libipt_layer7.c:386:
Submitted by roka (not registered) on Wed, 2009-05-27 14:30.

i get this error when i try to following this toturial after i patch the iptables and write "mak"

plz any one can help me for this problem

 

libipt_layer7.c: In function قhelpق:
libipt_layer7.c:41: error: قIPTABLES_VERSIONق undeclared (first use in this function)
libipt_layer7.c:41: error: (Each undeclared identifier is reported only once
libipt_layer7.c:41: error: for each function it appears in.)
libipt_layer7.c: At top level:
libipt_layer7.c:53: warning: no previous prototype for قparse_protocol_fileق
libipt_layer7.c: In function قparse_protocol_fileق:
libipt_layer7.c:55: warning: declaration of قlineق shadows a global declaration
../include/iptables.h:15: warning: shadowed declaration is here
libipt_layer7.c: In function قpre_processق:
libipt_layer7.c:152: warning: declaration of قrindexق shadows a global declaration
/usr/include/string.h:308: warning: shadowed declaration is here
libipt_layer7.c: At top level:
libipt_layer7.c:206: warning: no previous prototype for قreadl7dirق
libipt_layer7.c:377: error: variable قlayer7ق has initializer but incomplete type
libipt_layer7.c:378: error: unknown field قnameق specified in initializer
libipt_layer7.c:378: warning: excess elements in struct initializer
libipt_layer7.c:378: warning: (near initialization for قlayer7ق)
libipt_layer7.c:379: error: unknown field قversionق specified in initializer
libipt_layer7.c:379: error: قIPTABLES_VERSIONق undeclared here (not in a function)
libipt_layer7.c:379: warning: excess elements in struct initializer
libipt_layer7.c:379: warning: (near initialization for قlayer7ق)
libipt_layer7.c:380: error: unknown field قsizeق specified in initializer
libipt_layer7.c:380: warning: excess elements in struct initializer
libipt_layer7.c:380: warning: (near initialization for قlayer7ق)
libipt_layer7.c:381: error: unknown field قuserspacesizeق specified in initializer
libipt_layer7.c:381: warning: excess elements in struct initializer
libipt_layer7.c:381: warning: (near initialization for قlayer7ق)
libipt_layer7.c:382: error: unknown field قhelpق specified in initializer
libipt_layer7.c:382: warning: excess elements in struct initializer
libipt_layer7.c:382: warning: (near initialization for قlayer7ق)
libipt_layer7.c:383: error: unknown field قparseق specified in initializer
libipt_layer7.c:383: warning: excess elements in struct initializer
libipt_layer7.c:383: warning: (near initialization for قlayer7ق)
libipt_layer7.c:384: error: unknown field قfinal_checkق specified in initializer
libipt_layer7.c:384: warning: excess elements in struct initializer
libipt_layer7.c:384: warning: (near initialization for قlayer7ق)
libipt_layer7.c:385: error: unknown field قprintق specified in initializer
libipt_layer7.c:385: warning: excess elements in struct initializer
libipt_layer7.c:385: warning: (near initialization for قlayer7ق)
libipt_layer7.c:386: error: unknown field قsaveق specified in initializer
libipt_layer7.c:386: warning: excess elements in struct initializer
libipt_layer7.c:386: warning: (near initialization for قlayer7ق)
libipt_layer7.c:387: error: unknown field قextra_optsق specified in initializer
libipt_layer7.c:388: warning: excess elements in struct initializer
libipt_layer7.c:388: warning: (near initialization for قlayer7ق)
libipt_layer7.c: In function قlibipt_layer7_initق:
libipt_layer7.c:392: warning: implicit declaration of function قregister_matchق
make[2]: *** [libipt_layer7.oo] Error 1
make[2]: Leaving directory `/usr/src/iptables-1.4.1.1/extensions'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/iptables-1.4.1.1'
make: *** [all] Error 2

reply | view as pdf view as pdf
Re: libipt_layer7.c:386:
Submitted by CamiloJaraba (not registered) on Wed, 2009-08-12 23:42.

try to follow my tutorial here in HowtoForge.

CentOS 5.3 + kernel 2.6.28.10 + iptables 1.4.4 + Netfilter 2.22

 Blessings

reply | view as pdf view as pdf
Sponsored Links: Turn your desk phone and mobile phone into one with Sprint Mobile Integration.
www.seamlessenterprise.com

One number. One voicemail. Seize the lead. Sprint Mobile Integration.
www.seamlessenterprise.com

One Number. One Voicemail.
Make it easier for clients to reach you. Turn your desk phone and mobile phone into one with Sprint Mobile Integration.
www.seamlessenterprise.com

One number. One voicemail. Sprint Mobile Integration.
www.seamlessenterprise.com

AT&T Synaptic Compute as a Service. Boost your power on demand.

Trial: IBM Cognos Express Reporting, Analysis & Planning