On 09/30/2011 07:58, Jesper Dangaard Brouer wrote:
On Thu, 2011-09-29 at 06:51 +1000, grenville armitage wrote:
On 09/29/2011 03:40, Jesper Dangaard Brouer wrote:
Thanks Dave,
I have always had the dream of implementing a behavioural based traffic
classification Netfilter module. But I have been unable to find some
good research in this area, this might be the answer :-)
If anybody else on the list have links/articles relating to behavioral
traffic classification, I'm interested! :-)
If by "behavior" you're referring to the statistical patterns within flows
(packet length variations, inter arrival times, etc) you might be interested
in our DIFFUSE (http://caia.swin.edu.au/urp/diffuse) work. We've extended
FreeBSD's ipfw firewall code so that it can recognise traffic based on
statistical
characteristics, and use this (rather than direct packet inspection) to trigger
e.g. rate shaping, etc. Although our prototype code was initially developed
for FreeBSD, we've got a preliminary Linux port too. The website contains an
overview description, docs and patch files against FreeBSD and Linux source.
Thanks, it looks really interesting and it seem to be what I have been
looking for :-)
Cool :)
I have only skimmed the code, but it looks like you have
implemented/ported ipfw to Linux in-order to run your module on top of
that. An interesting approach.
To give credit where it is due, ipfw & dummynet were ported to Linux by
others (Luigi Rizzo, I believe, http://info.iet.unipi.it/~luigi/dummynet/)
and we've just tweaked our DIFFUSE patches to ipfw so they work in the
Linux context as well. For prototype-level definitions of "work", naturally ;)
cheers,
gja
_______________________________________________
Bloat mailing list
[email protected]
https://lists.bufferbloat.net/listinfo/bloat
