L7 error

xbipin · Jul 10, 2010, 3:33 PM

im trying to use L7 inspector to block torrents, below is what i get in my systemlog as soon as the rule is made active

Jul 10 19:30:04 php: : Sending HUP signal to 41910
Jul 10 19:30:04 ipfw-classifyd: Something went wrong waiting on kqueue.

xbipin · Jul 16, 2010, 11:06 AM

is any1 using L7 to block torrents, that is if its actually working in pfsense nanobsd at all

mxx · Jul 16, 2010, 11:17 AM

Hi,

until about 3 weeks ago I often tried it after a new snapshot was released. It never worked for me blocking torrents though. It also didn't block emule at that time back. When I tried it the last time I got 100% cpu load on classifyd. That's when I stopped to continue trying it out with newer snapshots.. wanted to wait until this is 100% done http://redmine.pfsense.org/issues/635

xbipin · Jul 16, 2010, 11:23 AM

mayb Ermal can tell us when it would be completed or mayb if every1 requiring this feature could pitch in some $$ to start a bounty to get it completed asap.

Supermule · Jul 16, 2010, 11:34 AM

I could be talked into doing that, but then we would have to be very specific to what L7 really is. And what the objectives are….

mxx · Jul 16, 2010, 11:38 AM

Sorry, but I think blocking torrent and emule, as nice as it is, shouldn't be a very high priority, what you think? ;)

Supermule · Jul 16, 2010, 11:58 AM

The thing is, that a working L7 could do that easily…Mayby thats why...?

xbipin · Jul 16, 2010, 12:11 PM

specific as in my understanding of L7 packet inspector being something that my ISP uses in this part of the world to block certain protocols and packet patterns used for VoIP and having the ability of mainly blocking p2p applications such as torrents etc that drain all the bandwidth

Supermule · Jul 16, 2010, 12:16 PM

Read more here

http://www.webopedia.com/quick_ref/OSI_Layers.asp

mxx · Jul 16, 2010, 12:41 PM

The current Layer7 implementation/functionality pfsense offers -though only useable to block certain protocols- is a really nice feature already .
I'm very excited to try it out once it's working properly to block black sheep in the lan from using p2p ;) though I guess it's quite difficult to completely block this kind of traffic.

xbipin · Jul 16, 2010, 12:44 PM

im aware of the model but personally the only good use i can make of it is to block p2p currently, mayb it can do a lot more but using nanobsd on the alix board, wouldnt it be a bit more heavy duty for hardware muscle this small reducing the throughput?

y dont each of use mention what they would want in L7, provided its capable of it, this way the objectives can be more clear.