A few of us have been wondering what might make a good pattern for L7 packet filtering and have come up with a bit of data that we could use a bit of enlighting concerning the findings. I've got an L7 pattern right now that appears to be working just fine, but I'm afraid it could be just general enough to also match some other traffic by chance. http://l7-filter.sourceforge.net/ is their homepage, btw. Anyways, the pattern I'm using right now is:
cstrikeCounter-Strike and it appears to be working, but it could stand to be a bit more specific in hopes of not accidentally triggering for some packets that just happen to contain that text. Someone captured some Source and v1.6 packets and this is where we got that initial pattern from. Those packets both appear to begin with the same bytes, but I'm not sure if this is just coincidence because it was captured on the same machine, or if this is some data that could be used to make our L7 pattern more specific. The bytes in question are: 00 11 09 2a a8 79 00 13 10 2c 3f d7 08 00 45 20 and as I say, were the same for both Source and v1.6 packets. Not too particularly interested in what the bytes mean, as much as if those bytes are always going to be the same for anyone/everyone. If so, that could give us a fairly specific pattern for L7 to use to classify the game packets. In case you're wondering, L7 packet classifying can be used to give certain packets priority over others, so that if your brother/roommate/etc were downloading a bunch of stuff from some P2P network, for instance, you could give the P2P traffic extremely low priority and give your game packets high priority and your gaming is much less likely to be adversely impacted by their floods of data. I just got through testing this with bittorrent and gnutella2 (shareaza) downloads which were pretty much maxing out my ADSL connection. I fired up CSS and played for a bit and I barely noticed that anything was even being downloaded. My ping to my server is usually 30-35 and gameplay's always butter-smooth. With this scheme in effect and those downloads going my ping did rise a bit to 55-60, but it was still very much playable. Without this scheme in place and the same kind of download traffic happening my ping skyrockets to about 500 or so and it's just warp-city, entirely unplayable. I've got this in place via Sveasoft's Alchemy replacement firmware for my Linksys WRT54GS wireless router. At the moment I've got to add these custom patterns manually, but they seem keen on replacing their current patterns with ones that are currently working properly in their next release, so any help would certainly be appreciated by many! Thanks for any insight... -- Clayton Macleod _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
