[Bloat] Dealing with P2P traffic in modern networks - measurement, identification, and control
grenville armitage
garmitage at swin.edu.au
Wed Sep 28 16:51:58 EDT 2011
On 09/29/2011 03:40, Jesper Dangaard Brouer wrote:
>
> Thanks Dave,
>
> I have always had the dream of implementing a behavioural based traffic
> classification Netfilter module. But I have been unable to find some
> good research in this area, this might be the answer :-)
>
> If anybody else on the list have links/articles relating to behavioral
> traffic classification, I'm interested! :-)
If by "behavior" you're referring to the statistical patterns within flows
(packet length variations, inter arrival times, etc) you might be interested
in our DIFFUSE (http://caia.swin.edu.au/urp/diffuse) work. We've extended
FreeBSD's ipfw firewall code so that it can recognise traffic based on statistical
characteristics, and use this (rather than direct packet inspection) to trigger
e.g. rate shaping, etc. Although our prototype code was initially developed
for FreeBSD, we've got a preliminary Linux port too. The website contains an
overview description, docs and patch files against FreeBSD and Linux source.
cheers,
gja
More information about the Bloat
mailing list