From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jdb@comx.dk>
Received: from lanfw001a.cxnet.dk (lanfw001a.cxnet.dk [87.72.215.196])
	by huchra.bufferbloat.net (Postfix) with ESMTP id 2DEFB2007D3
	for <bloat@lists.bufferbloat.net>; Thu, 29 Sep 2011 14:58:40 -0700 (PDT)
Received: from [87.72.44.14] (lanvpn001a.cxnet.dk [87.72.215.222])
	by lanfw001a.cxnet.dk (Postfix) with ESMTP id C0B21163532;
	Thu, 29 Sep 2011 23:58:38 +0200 (CEST)
From: Jesper Dangaard Brouer <jdb@comx.dk>
To: grenville armitage <garmitage@swin.edu.au>
In-Reply-To: <4E8388EE.7000106@swin.edu.au>
References: <CAA93jw6YRdVnKL=KnNS1PStbgHmd58MJCieVmaHJOFekBJN1Jg@mail.gmail.com>
	<1317231659.4324.14.camel@probook>  <4E8388EE.7000106@swin.edu.au>
Content-Type: text/plain; charset="UTF-8"
Organization: ComX Networks A/S
Date: Thu, 29 Sep 2011 23:58:35 +0200
Message-ID: <1317333515.12658.35.camel@probook>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.3 
Content-Transfer-Encoding: 7bit
Cc: bloat@lists.bufferbloat.net
Subject: Re: [Bloat] Dealing with P2P traffic in modern networks -
 measurement, identification, and control
X-BeenThere: bloat@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: jdb@comx.dk
List-Id: General list for discussing Bufferbloat <bloat.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/bloat>,
	<mailto:bloat-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/bloat>
List-Post: <mailto:bloat@lists.bufferbloat.net>
List-Help: <mailto:bloat-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/bloat>,
	<mailto:bloat-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2011 21:58:41 -0000

On Thu, 2011-09-29 at 06:51 +1000, grenville armitage wrote:
> 
> On 09/29/2011 03:40, Jesper Dangaard Brouer wrote:
> >
> > Thanks Dave,
> >
> > I have always had the dream of implementing a behavioural based traffic
> > classification Netfilter module.  But I have been unable to find some
> > good research in this area, this might be the answer :-)
> >
> > If anybody else on the list have links/articles relating to behavioral
> > traffic classification, I'm interested! :-)
> 
> If by "behavior" you're referring to the statistical patterns within flows
> (packet length variations, inter arrival times, etc) you might be interested
> in our DIFFUSE (http://caia.swin.edu.au/urp/diffuse) work. We've extended
> FreeBSD's ipfw firewall code so that it can recognise traffic based on statistical
> characteristics, and use this (rather than direct packet inspection) to trigger
> e.g. rate shaping, etc. Although our prototype code was initially developed
> for FreeBSD, we've got a preliminary Linux port too. The website contains an
> overview description, docs and patch files against FreeBSD and Linux source.

Thanks, it looks really interesting and it seem to be what I have been
looking for :-)

I have only skimmed the code, but it looks like you have
implemented/ported ipfw to Linux in-order to run your module on top of
that. An interesting approach.

-- 
Best regards,
  Jesper Dangaard Brouer
  ComX Networks A/S
  Linux Network Kernel Developer
  Cand. Scient Datalog / MSc.CS
  Author of http://www.iptv-analyzer.org
  LinkedIn: http://www.linkedin.com/in/brouer