From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gpo3.cc.swin.edu.au (gpo3.cc.swin.edu.au [136.186.1.32]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 058E5200974 for ; Fri, 30 Sep 2011 18:03:09 -0700 (PDT) Received: from [136.186.229.44] (garmitage3.caia.swin.edu.au [136.186.229.44]) by gpo3.cc.swin.edu.au (8.14.3/8.14.3) with ESMTP id p9112rcT016836 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Sat, 1 Oct 2011 11:02:55 +1000 Message-ID: <4E8666BD.30500@swin.edu.au> Date: Sat, 01 Oct 2011 11:02:53 +1000 From: grenville armitage User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.13) Gecko/20101211 Thunderbird/3.1.7 MIME-Version: 1.0 To: jdb@comx.dk References: <1317231659.4324.14.camel@probook> <4E8388EE.7000106@swin.edu.au> <1317333515.12658.35.camel@probook> In-Reply-To: <1317333515.12658.35.camel@probook> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: bloat@lists.bufferbloat.net Subject: Re: [Bloat] Dealing with P2P traffic in modern networks - measurement, identification, and control X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Oct 2011 01:03:10 -0000 On 09/30/2011 07:58, Jesper Dangaard Brouer wrote: > On Thu, 2011-09-29 at 06:51 +1000, grenville armitage wrote: >> >> On 09/29/2011 03:40, Jesper Dangaard Brouer wrote: >>> >>> Thanks Dave, >>> >>> I have always had the dream of implementing a behavioural based traffic >>> classification Netfilter module. But I have been unable to find some >>> good research in this area, this might be the answer :-) >>> >>> If anybody else on the list have links/articles relating to behavioral >>> traffic classification, I'm interested! :-) >> >> If by "behavior" you're referring to the statistical patterns within flows >> (packet length variations, inter arrival times, etc) you might be interested >> in our DIFFUSE (http://caia.swin.edu.au/urp/diffuse) work. We've extended >> FreeBSD's ipfw firewall code so that it can recognise traffic based on statistical >> characteristics, and use this (rather than direct packet inspection) to trigger >> e.g. rate shaping, etc. Although our prototype code was initially developed >> for FreeBSD, we've got a preliminary Linux port too. The website contains an >> overview description, docs and patch files against FreeBSD and Linux source. > > Thanks, it looks really interesting and it seem to be what I have been > looking for :-) Cool :) > > I have only skimmed the code, but it looks like you have > implemented/ported ipfw to Linux in-order to run your module on top of > that. An interesting approach. To give credit where it is due, ipfw & dummynet were ported to Linux by others (Luigi Rizzo, I believe, http://info.iet.unipi.it/~luigi/dummynet/) and we've just tweaked our DIFFUSE patches to ipfw so they work in the Linux context as well. For prototype-level definitions of "work", naturally ;) cheers, gja