On 09/29/2011 03:40, Jesper Dangaard Brouer wrote:
Thanks Dave, I have always had the dream of implementing a behavioural based traffic classification Netfilter module. But I have been unable to find some good research in this area, this might be the answer :-) If anybody else on the list have links/articles relating to behavioral traffic classification, I'm interested! :-)
If by "behavior" you're referring to the statistical patterns within flows (packet length variations, inter arrival times, etc) you might be interested in our DIFFUSE (http://caia.swin.edu.au/urp/diffuse) work. We've extended FreeBSD's ipfw firewall code so that it can recognise traffic based on statistical characteristics, and use this (rather than direct packet inspection) to trigger e.g. rate shaping, etc. Although our prototype code was initially developed for FreeBSD, we've got a preliminary Linux port too. The website contains an overview description, docs and patch files against FreeBSD and Linux source. cheers, gja _______________________________________________ Bloat mailing list [email protected] https://lists.bufferbloat.net/listinfo/bloat
