ClearFoundation

I would like to know about the issue in this where the protocol of one is encapsulated inside another one. One example is the SFTP: It could be FTP --> http --> SSH --> SFTP. The interesting one is the innermost but this could only be determined in a later packet.

Can anyone tell me how it is detected from the inside packet?? The method of recognizing it... or any other information will be helpful.
Can anyone give me any idea about situations like this and write a list of cases where we will have to look for nested protocols? Additionally: Might it be possible that a nested packet is split that way that the content needed to identify the the inner protocol is split? Would we have to search the RegEx rule over the border of the outer protocol packet? Is there any issue of this around in literature?

The current l7-filter implementation does not support deep protocol analysis including encapsulated and/or encrypted protocols. For encrypted tunnels, l7-filter will never be able to run regex patterns against the original plain-text.

1. I was also wondering about how do i keep track of the report that the L7 filter filters the incoming packets by identifying which protocols has been used/identified.

2. using L7 filter for protocol detection, do we need to face any packet drops at the initial session???

3. Does any protocols changes its behavior at its session. for ex: in the initial session, middle and at the end?? If yes, any names???

4. I was wondering about rsync protocol, i couldn't see any regex rules regarding that.