[Bloat] Dealing with P2P traffic in modern networks - measurement, identification, and control

[grenville armitage]

On 09/30/2011 07:58, Jesper Dangaard Brouer wrote:
> On Thu, 2011-09-29 at 06:51 +1000, grenville armitage wrote:
>>
>> On 09/29/2011 03:40, Jesper Dangaard Brouer wrote:
>>>
>>> Thanks Dave,
>>>
>>> I have always had the dream of implementing a behavioural based traffic
>>> classification Netfilter module.  But I have been unable to find some
>>> good research in this area, this might be the answer :-)
>>>
>>> If anybody else on the list have links/articles relating to behavioral
>>> traffic classification, I'm interested! :-)
>>
>> If by "behavior" you're referring to the statistical patterns within flows
>> (packet length variations, inter arrival times, etc) you might be interested
>> in our DIFFUSE (http://caia.swin.edu.au/urp/diffuse) work. We've extended
>> FreeBSD's ipfw firewall code so that it can recognise traffic based on statistical
>> characteristics, and use this (rather than direct packet inspection) to trigger
>> e.g. rate shaping, etc. Although our prototype code was initially developed
>> for FreeBSD, we've got a preliminary Linux port too. The website contains an
>> overview description, docs and patch files against FreeBSD and Linux source.
>
> Thanks, it looks really interesting and it seem to be what I have been
> looking for :-)

Cool :)

>
> I have only skimmed the code, but it looks like you have
> implemented/ported ipfw to Linux in-order to run your module on top of
> that. An interesting approach.

To give credit where it is due, ipfw & dummynet were ported to Linux by
others (Luigi Rizzo, I believe, http://info.iet.unipi.it/~luigi/dummynet/)
and we've just tweaked our DIFFUSE patches to ipfw so they work in the
Linux context as well. For prototype-level definitions of "work", naturally ;)

cheers,
gja