From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gpo1.cc.swin.edu.au (gpo1.cc.swin.edu.au [136.186.1.30]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 3F963201AD6 for ; Mon, 16 Apr 2012 20:23:21 -0700 (PDT) Received: from [136.186.229.44] (garmitage3.caia.swin.edu.au [136.186.229.44]) by gpo1.cc.swin.edu.au (8.14.3/8.14.3) with ESMTP id q3H3NFPM029595 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 17 Apr 2012 13:23:15 +1000 Message-ID: <4F8CE223.6090807@swin.edu.au> Date: Tue, 17 Apr 2012 13:23:15 +1000 From: grenville armitage User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:7.0.1) Gecko/20111003 Thunderbird/7.0.1 MIME-Version: 1.0 To: bloat@lists.bufferbloat.net References: <1317231659.4324.14.camel@probook> <4E8388EE.7000106@swin.edu.au> In-Reply-To: <4E8388EE.7000106@swin.edu.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Bloat] Dealing with P2P traffic in modern networks - measurement, identification, and control X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Apr 2012 03:23:24 -0000 Apologies for re-animating an old thread, but please see below for something possibly of tangential interest to the list. On 09/29/2011 06:51, grenville armitage wrote: > > > On 09/29/2011 03:40, Jesper Dangaard Brouer wrote: >> >> Thanks Dave, >> >> I have always had the dream of implementing a behavioural based traffic >> classification Netfilter module. But I have been unable to find some >> good research in this area, this might be the answer :-) >> >> If anybody else on the list have links/articles relating to behavioral >> traffic classification, I'm interested! :-) > > If by "behavior" you're referring to the statistical patterns within flows > (packet length variations, inter arrival times, etc) you might be interested > in our DIFFUSE (http://caia.swin.edu.au/urp/diffuse) work. We've extended > FreeBSD's ipfw firewall code so that it can recognise traffic based on statistical > characteristics, and use this (rather than direct packet inspection) to trigger > e.g. rate shaping, etc. Although our prototype code was initially developed > for FreeBSD, we've got a preliminary Linux port too. The website contains an > overview description, docs and patch files against FreeBSD and Linux source. After some poking, prodding and hair-pulling over the past few months we've released a prototype implementation of our DIFFUSE system ported to OpenWRT -- http://caia.swin.edu.au/urp/diffuse/openwrt/ We have specifically implemented and tested DIFFUSE running on a TP-Link WR1043ND using OpenWRT, and documented the work in tech report (http://caia.swin.edu.au/reports/120412A/CAIA-TR-120412A.pdf) In particular, we demonstrated the ability of a DIFFUSE-enabled WR1043ND to detect & protect certain online game traffic (without knowing ports and addresses a priori) from queuing delays usually induced by bulk TCP cross traffic, and do so at line rates quite suitable for typical ADSL2+ environments. This is prototype work, not rigorously debugged nor read for prime time. But we hope it is nevertheless of some interest! cheers, gja