Ermal Luçi wrote:
Hi,
An Internet Cafe I do some work for was recently having problems with
very slow internet access. It turns out customers were running P2P file
sharing applications which were hogging all the bandwidth. I looked for
programs that would allow me to shape traffic according to the
application layer protocol, but couldn't find any for FreeBSD. I found a
couple: l7-filter and ipp2p, but these are Linux specific. So, I decided
to write one. The result is ipfw-classifyd :
http://people.freebsd.org/~mtm/ipfw-classifyd.tar.bz2
As the name implies it uses ipfw(4) to implement a userland daemon that
classifies TCP and UDP packets according to regular expression patterns
for various protocols. It's intended to be used with divert(4) sockets
and dummynet(4) so you can do traffic shaping depending on the
application level protocol. The protocol patterns are from the l7-filter
project.
Basically, you use ipfw(8) to divert tcp/udp packets to the damon. It
reads its configuration file for a list of protocols and ipfw(8) rules.
Then, when it detects a matching session it re-injects the packet back
at the specified rule number. The tarball has a sample configuration
file and firewall script to get you started.
While I have not done extensive testing, preliminary tests are
encouraging and it seems to work, so I thought I'd announce it to the
rest of the world in case anyone else is interested in this kind of
application.
Comments and suggestions highly appreciated.
Thanks for this.
I have a question, you remove a flow from if you see a FIN for the TCP
case and only on overlapping flow for either TCP/UDP how do the other
flows expire i am missing that part?
No, you're not missing anything. It's on my TODO list. I wanted to get
this out and get feedback as early as possible, so I released it as soon as
I had it basically working. I'm thinking of storing some session
information
for the flow (like a timestamp for the last packet seen) and implementing
a garbage collector thread that removes sessions that have been idle for
some period of time.
Cheers.
--
Mike Makonnen | GPG-KEY: http://people.freebsd.org/~mtm/mtm.asc
mtm @ FreeBSD.Org | AC7B 5672 2D11 F4D0 EBF8 5279 5359 2B82 7CD4 1F55
FreeBSD | http://www.freebsd.org
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
