ClearFoundation

l7-filter

Application Layer Packet Classifier for Linux

l7-filter logo L7-filter is a classifier for Linux's Netfilter that identifies packets based on application layer data. It can classify packets as Kazaa, HTTP, Jabber, Citrix, BitTorrent, FTP, Gnucleus, eDonkey2000, etc., regardless of port. It complements existing classifiers that match on IP address, port numbers and so on.

Our intent is for l7-filter to be used in conjunction with Linux QoS to do bandwidth arbitration (“packet shaping”) or traffic accounting.

Project Status

Welcome to the home of l7-filter! ClearFoundation has been handed the reins and has taken on the maintenance for the open source project. Please let us know if you have any questions or concerns: contact Darryl Sokoloski, a core developer for ClearFoundation and project contact for l7-filter.

October 8, 2013

The 2.23 version of netfilter-layer7 has been released.

  • Applied patch for kernel 2.6.35+ from Huascar Tejeda details

Download information: netfilter-layer7-v2.23.tar.gz MD5Sum: 10910b6173d18e426cb56ae7e1300eeb

January 25, 2011

The 0.12-beta1 of l7-filter userspace has been released.

  • l7_connections map access locking patch from James King details
  • getopt patch from Gavin Pryke details
  • Memory leak plug patch from Florian Westphal details

Download information: l7-filter-userspace-0.12-beta1.tar.gz MD5Sum: 54e7e9efb031ff34bef1a452feceb175

A couple of protocol filter updates have been sent our way and are available via SVN.

  • Improved Quake III Halflife protocol detection details
  • RTMP protocol pattern details

We know that there might be some other updates floating around, so we invite you to send them to the developer list or dsokoloski@clearcenter.com.

July 21, 2010

Phew… ClearOS Enterprise 5.2 has been released and we can spend more time taking care of l7-filter. In the next week or so, we'll post a proposal for how we can move the project forward over the months and years to come. Oh, and we'll also get that SVN server back up and running.

May 3, 2010

Though there are still a number of documents that need to be updated, the following tools are now active on clearfoundation.com:

Technical Features

  • Includes patches for Linux 2.4 and 2.6
  • Supports TCP, UDP and ICMP over IPv4
  • Includes connection tracking of FTP, IRC, etc
  • Examines data across multiple packets
  • Provides run time tuning of the number of packets examined via /proc
  • Provides module load time tuning of the number of bytes examined
  • Distinguishes between new connections and old unidentified connections
  • Provides access to both Netfilter and QoS (rate limiting) features
  • Distinguishes between parent and child connections (e.g. ftp command/data) with Netfilter “helper” match

Downloads

To download, visit the downloads page.

Documentation

You can find links to all the relevant documentation on this web site, including:

Community

You do not need to be a software developer to help the l7-filter project!

Contact Us

Submissions, complaints, criticism, praise, comments? l7-filter-developersATlists.sourceforge.net (you must subscribe first). Need help? l7-filter-users(a)lists.sf.net. You can also e-mail Darryl Sokoloski directly at dsokoloski@clearfoundation.com. Alternatively, bug reports, requests for features, and patches may be submitted through our bug tracker.

Credits

The original coders were Justin Levandoski, Ethan Sommer, and Matthew Strait, with support from Sebastian Celis, Andy Exley and Lillie Kittredge. The primary maintainer is now Darryl Sokoloski from ClearFoundation. l7-filter would not have been possible without the help from the community. Here is the full list of thank yous.

Related Software

Front-ends that use l7-filter or portions.

Similar (open source/partially open source) projects

Licensing

GNU GPL

Computer code associated with l7-filter (including, but not limited to, programs, patches, the protocol definitions and the website code) is licensed under the GNU GPLv2.

Creative Commons License

Content associated with l7-filter that is not computer code (including, but not limited to, the human readable content of the l7-filter section of the web site, the offline documentation and the logo) is licensed under Creative Commons Attribution-ShareAlike 1.0.



Except where otherwise noted, content on this wiki is licensed under Creative Commons Attribution-ShareAlike 1.0