Linux Kernel compilation and Application Layer Detection

Linux Kernel compilation and Application Layer Detection-general Linux technology-Linux programming and kernel information. The following is a detailed description. 1. Download
Kernel source code (used by myself: fedora Core6, 2.6.18)
Netfilter l7-protocols
2,
Tar-zxvf linux-2.6.18.1.tar.gz
(Extract the kernel source code to the linux-2.6.18.1 under the/usr/src directory)
Tar-zxvf netfilter-layer7-v2.13.tar.gz
Tar-zxvf l7-protocols-2006-06-03.tar.gz
(I will decompress it to the root directory)
3. patch the system (for different system kernels, install netfilter and l7-protocols, and describe readme in two installation paths)
Cd/usr/src/linux-2.6.18.1
Patch-p1 </root/netfilter-layer7-v2.13/for_oler_kernel/kernel-2.6.18-2.6.19-layer7-2.9.patch
Cd/usr/src/iptables-1.3.8
Patch-p1 </root/netfilter-layer7-v2.13/iptables-for-kernel-2.6.20forward-layer7-2.13.patch
4. Configuration
(Graphic Interface)
Make xconfig
(Command line)
Make config
Take the graphical interface as an example, mainly for the configuration of netfilter and iptables
The specific path is:
Networking --> networking options --> networking packet filtering (replaces ipchains) --> IP: Netfilter Configuration --> Connection tracking (required for masq/NAT) --> select all options under this label, including connection tracking... and IP table support
Save and exit
// The patch version may vary depending on the kernel version of your linux system. Use uname-a to view the kernel version of your system.
5. Compile and install the system kernel
After configuring the above part, compile the Code as follows:
Make bzImage // start to compile the core code
This step is mainly used to generate bootable kernel files. The compiled kernel files are stored in the following directory:
/Usr/src/linux _ (version)/arch/i386/boot/bzImage
In addition, an uncompressed kernel is placed under/usr/src/linux _ (version), but this file is not used.
Make modules // start compiling the module code
Make modules_install // install module data in/lib/modules/'uname-R'
Make install

//////////////////////////////////////// /////////
An error occurs during this process. When making install, the system prompts:
FATAL: cocould not open/lib/modules/2.6.18.1: No such file or directory
No modules available for kernel 2.6.18.1
Error cause:
The corresponding kernel module folder is not found in the/lib/modules directory. A simple method is to copy the original folder and change it to the desired folder name.
For example, in the/lib/modules directory, you can copy and paste a folder/2.6.18.1-2483. fc6 and rename it/2.6.18.1.
Recompile.
//////////////////////////////////////// /////////

After the compilation is successful, restart and the initialization fails. A prompt is displayed.
Insmod: error inserting '/lib/jdb. ko:-1 Invalid module format
ERROR:/bin/insmod exited abnormally!
Insmod: error inserting '/lib/ext3.ko':-l Invalid module format
ERROR:/bin/insmod exited abnormally!
Insmod: error inserting '/lib/dm-mirror.ko:-1 Invalid module format
ERROR:/bin/insmod exited abnormally!
Insmod: error inserting '/lib/dm-zero.ko:-1 Invalid module format
ERROR:/bin/insmod exited abnormally!
Insmod: error inserting '/lib/dm-snapshot.ko:-1 Invalid module format
ERROR:/bin/insmod exited abnormally!
Unable to find device_mapper major/minor
Found volume group "VolGroup00" using metadata type lvm2
/Dev/mapper/control: open failed: No such file or directory
Is device_mapper driver missing from kernel?
0 logical volum (s) in volume group "VolGroup00" now active
/Dev/mapper/control: open failed
ERROR:/bin/lvm exited abnormally!
Mount: error 6 mounting ext3
Mount: error 2 mounting ext2
Switchroot: mount failed: 22
Umount/initrd/dev failed: 2
Kernel panic-no syncing: Attempted to kill init!
Problem Analysis:
It may be caused by the ext3 file system or LVM configuration. You need to configure it as kernel compilation rather than module compilation (very important ).
Reconfigure and compile.

6. Compile iptables after the kernel is compiled successfully.
First, after you have installed the iptables patch, run the following command:
Chmod + x extensions/. layer7-test
Then, compile iptables normally.
Make KERNEL_DIR =/usr/src/linux2.6.18.1
Make install KERNEL_DIR =/usr/src/linux2.6.18.1
7. After compilation is successful, you can select iptables to apply layer7-protos
Specific Method:
Decompress "Protocol Definitions" and create the target directory/etc/l7-protocols
Use the following command line to match application-layer data:
Iptables-t mangle-a postrouting-m layer7 -- l7proto http-j MARK -- send-mark 1
You can also install a layer7-protos template to a custom directory, but you just need to specify the directory before applying protocol Detection:
Iptables [...]-m layer7 -- l7dir/home/fangsy/paterns -- l7proto http [...]

8. define your own pat File
Iptables searches for the pat file in the specified directory or/etc/ls.
It will find/etc/l7-protocols/http. pat and/etc/l7-protocols/protocols/http. pat. But the/etc/l7-protocols/foo/bar/http. pat is not found

9. Application layer7-filter
First, block a specified protocol.
Second, control bandwidth usage
In fact, blocking is very simple. Use "-j DROP" or "-j REJECT" at the end of the command line"

Bandwidth limit
To control the bandwidth usage of the protocol, you can use Netfilter to "mark" packets and then use QoS to filter tagged packets.
Tag packets:
Iptables-t mangle-a postrouting-m layer7 -- l7proto imap-j MARK -- set-mark 3
Number 3 is a 32-bit integer input at will. Next you can use the "tc" command ("traffic control", a user-state linux QoS tool, is part of the iproute2 package) to filter the marked packets.
Tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 3 fw flowid
You can try to read the "the linux advanced routing and traffic control howto (Linux advanced routing and communication control HOWTO)" document, which may better understand what you are doing, unfortunately, the tc command is very vague.