[Bloat] Dealing with P2P traffic in modern networks - measurement, identification, and control

[Jesper Dangaard Brouer]

On Thu, 2011-09-29 at 06:51 +1000, grenville armitage wrote:
> 
> On 09/29/2011 03:40, Jesper Dangaard Brouer wrote:
> >
> > Thanks Dave,
> >
> > I have always had the dream of implementing a behavioural based traffic
> > classification Netfilter module.  But I have been unable to find some
> > good research in this area, this might be the answer :-)
> >
> > If anybody else on the list have links/articles relating to behavioral
> > traffic classification, I'm interested! :-)
> 
> If by "behavior" you're referring to the statistical patterns within flows
> (packet length variations, inter arrival times, etc) you might be interested
> in our DIFFUSE (http://caia.swin.edu.au/urp/diffuse) work. We've extended
> FreeBSD's ipfw firewall code so that it can recognise traffic based on statistical
> characteristics, and use this (rather than direct packet inspection) to trigger
> e.g. rate shaping, etc. Although our prototype code was initially developed
> for FreeBSD, we've got a preliminary Linux port too. The website contains an
> overview description, docs and patch files against FreeBSD and Linux source.

Thanks, it looks really interesting and it seem to be what I have been
looking for :-)

I have only skimmed the code, but it looks like you have
implemented/ported ipfw to Linux in-order to run your module on top of
that. An interesting approach.

-- 
Best regards,
  Jesper Dangaard Brouer
  ComX Networks A/S
  Linux Network Kernel Developer
  Cand. Scient Datalog / MSc.CS
  Author of http://www.iptv-analyzer.org
  LinkedIn: http://www.linkedin.com/in/brouer