From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <garmitage@swin.edu.au>
Received: from gpo3.cc.swin.edu.au (gpo3.cc.swin.edu.au [136.186.1.32])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 7B1F820069D
	for <bloat@lists.bufferbloat.net>; Wed, 28 Sep 2011 13:52:01 -0700 (PDT)
Received: from [136.186.229.44] (garmitage3.caia.swin.edu.au [136.186.229.44])
	by gpo3.cc.swin.edu.au (8.14.3/8.14.3) with ESMTP id p8SKpwIJ027969
	(version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO);
	Thu, 29 Sep 2011 06:51:59 +1000
Message-ID: <4E8388EE.7000106@swin.edu.au>
Date: Thu, 29 Sep 2011 06:51:58 +1000
From: grenville armitage <garmitage@swin.edu.au>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.2.13) Gecko/20101211 Thunderbird/3.1.7
MIME-Version: 1.0
To: bloat@lists.bufferbloat.net
References: <CAA93jw6YRdVnKL=KnNS1PStbgHmd58MJCieVmaHJOFekBJN1Jg@mail.gmail.com>
	<1317231659.4324.14.camel@probook>
In-Reply-To: <1317231659.4324.14.camel@probook>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Bloat] Dealing with P2P traffic in modern networks -
 measurement, identification, and control
X-BeenThere: bloat@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: General list for discussing Bufferbloat <bloat.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/bloat>,
	<mailto:bloat-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/bloat>
List-Post: <mailto:bloat@lists.bufferbloat.net>
List-Help: <mailto:bloat-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/bloat>,
	<mailto:bloat-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2011 20:52:02 -0000



On 09/29/2011 03:40, Jesper Dangaard Brouer wrote:
>
> Thanks Dave,
>
> I have always had the dream of implementing a behavioural based traffic
> classification Netfilter module.  But I have been unable to find some
> good research in this area, this might be the answer :-)
>
> If anybody else on the list have links/articles relating to behavioral
> traffic classification, I'm interested! :-)

If by "behavior" you're referring to the statistical patterns within flows
(packet length variations, inter arrival times, etc) you might be interested
in our DIFFUSE (http://caia.swin.edu.au/urp/diffuse) work. We've extended
FreeBSD's ipfw firewall code so that it can recognise traffic based on statistical
characteristics, and use this (rather than direct packet inspection) to trigger
e.g. rate shaping, etc. Although our prototype code was initially developed
for FreeBSD, we've got a preliminary Linux port too. The website contains an
overview description, docs and patch files against FreeBSD and Linux source.

cheers,
gja