Szymon Mroofka пишет:> Hi,
>
> I have simple question about Skype. What are the methods of selecting
packets
> which belongs to Skype??
> I know about 7layer but I don''t belive that is only way.
> Is 7layer realy good and stable solution for routers which must handle more
> than 1000 users ?
>
Hi everybody!
I use Layer-7 filter for hook packets like this :
$ipt -t mangle -N SKYPE
$ipt -t mangle -A SKYPE -j MARK --set-mark 41
$ipt -t mangle -A SKYPE -j LOG --log-prefix "IPT. SKYPE: "
--log-ip-options
$ipt -t mangle -A SKYPE -j IMQ
....
....
....
$ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols
--l7proto dns -j DNS
...
$ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols
--l7proto skypetoskype -j SKYPE
...
$ipt -t mangle -A PREROUTING -j OTHER
the iptables -t mangle -L PREROUTING -n -v show it''s correct,
but I see in LOG and see this:
Aug 23 10:57:16 gate kernel: IPT. SKYPE: IN=eth0 OUT= MAC=xx:xx:...xx
SRC=10.10.0.114 DST=10.10.0.1 LEN=140 TOS=0x04 PREC=0x00 TTL=64 ID=0
PROTO=UDP SPT=162 DPT=162 LEN=120
etc...
grep 162 /etc/services
snmp-trap 162/tcp snmptrap # Traps for SNMP
snmp-trap 162/udp snmptrap # Traps for SNMP
it''s not SKYPE, i think .... it is normal?
my kernel 2.6.15, iptables v 1.3.5 all pathced, all modules is load.
thx.