I'm sending the divert version of my program; use like this: ./p2p -b 65000 -k 65000 -e 65000 -g 65000 -i 65000
ipfw add 100 divert 10000 tcp from 1024-65535 to any 1024-65535 via xl0 ipfw add 60000 ip from any to any ipfw add 65000 pipe 1 ip from any to any via xl0 out ipfw add 65001 pipe 2 ip from any to any via xl0 in My idea is to use a stateful filter, to minimize the use of CPU (this program runs on userland). Now, I'm looking at the PF code, to see where can I change. 2005/11/24, Alexandre DELAY <[EMAIL PROTECTED]>: > Well, If you want an idea, I found this: > http://freebsd.rogness.net/snort_inline/ in the freebsd-ipfw archive. > > The thing is that it works with snort which is not as able as ethereal (and > need to be subscribed) to detect application protocols. > > Ethereal already includes performant filters which only wait to be used. > > If you need help to develop around dummynet, maybe you can try to contact > luigi who developped dummynet (http://info.iet.unipi.it/~luigi). He might be > interrested by this program. > > Maybe you can tell us more about your project? > > Cheers > > Alex > > -----Message d'origine----- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] la part de Thiago Damas > Envoyé : jeudi 24 novembre 2005 14:47 > À : [email protected] > Objet : Re: Protocol filter capabilities > > > I have a program that implements this, via divert socket with ipfw. > I think the better way to do this is with a program that listens > with bfp/pcap, and inserts/deletes rules using ioctls in /dev/pf > For now, I'm trying to alter a queue, given a state, using /dev/pf, > but it doesnt seen easy. Altering the queue I can limit the bandwidth > of a protocol; if I want to block the protocol, I can just delete the > state of the firewall. > Have you some ideas? > > > 2005/11/23, Alexandre DELAY <[EMAIL PROTECTED]>: > > hi guys, > > > > I am looking for an efficient way to filter different protocols, such as > > edonkey or BEEP. > > For the moment, I think that pf doesn't support it. > > > > Don't you think that it would be a nice thing to be able to include such > > "filters" from, for example, ethereal? > > Ethereal support more than 34k different protocols. It woul be nice to be > > able to choose from those filters and to apply some rules according to > those > > filters. > > > > Do you know a way to do this? > > > > Cheers > > > > Alex > > > > _______________________________________________ > > [email protected] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > >
p2p.c
Description: Binary data
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
