1. l7detect是一个基于流的应用协议识别的框架;
2. l7detect实现了四个常用的协议识别引擎,基于port的pde,基于字符和位置的规则sde, 基于lua的lde,基于lua的协议解析引擎cdde(可针对特定协议解析,并加入ip+port作为快速表协议识别特征,可用于ftp,sip等协议)这些引擎都是以插件方式存在,你也可以做出自己的引擎,将她放入l7detect中;
3. 你现在可以用lua来扩展你希望识别的其他协议,现在的lde是比较简陋的,只能基于包的字节,包的长度等一些常用特征进行匹配,但她已经具备了一定的可扩展性,如:跨包的匹配,状态机的切换等等;
4. 希望有兴趣的朋友可以一起开发和完善l7detect框架以及协议识别引擎,有想法的话可以互相交流,我的邮箱是windslinux@gmail.com;
5. l7detect以解决中国国内的协议为主要问题,因此对于国外协议可能会出现不能很好支持的情况,希望有兴趣的人可以完善协议特征库,协议特征库在test/app.proto中;
6. l7detect会长期发展下去,但我只能利用有限的工作之余的时间来完成,如果bug不能及时修复,请大家见谅;
7. 非常感谢各种开源软件和技术,emacs,gcc, Makefile, git,lua,wireshark,没有你们我无法完成任何事情;
8. 该软件在federal core 5上测试通过,编译使用的是gcc和Gnu make,编译前请先安装好libpcap的开发库,如果你在别的类unix平台上不能编译通过或运行,请致信;
English:
1. l7detect is a flow-based architecture of network application analysis;
2. Two simple engine was provied by l7detect, port base pde engine and lua based lde engine. All engines was designed as a plugin, so it is allowed to develop a new engine by yourself to add to l7detect;
3. lua config can be extended to support protocols you need. Although lde is a simple engine, she owns extensible characteristic, such as: multiple packet match, state machine. You are encouraged to enhance all protocol engines;
4. It's welcomed to develop l7detect framework and protocol detect engines, my email address is windslinux@gmail.com;
5. l7detect will slove most popular application protocols in China, other protocol is supported by someone who interested in it. Protocol signature is stored in test/app.proto file;
6. l7detect is a long-term project;
7. Thanks to a lot of open source project such as emacs,gcc, Makefile, git,lua,wireshark. Without the help of these project, I can do nothing;
8. l7detect was compiled and run in Fedore core 5, with gcc and Gnu make. If you have any problems, contact me with Email:windslinux@gmail.com;
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
