I've searched a fair bit and started some research into the pf code looking for a way to identify packets at the application layer. I believe that the functionality (just some simple text searching inside the packet payload) would have to be inserted inside pf_test_tcp() using a functional block similar to pf_osfp_match().
What I'm trying to do, exactly, is identify and tag P2P streams based on signatures so that they can be sent to a lower-priority queue or blocked. Given that the newer P2P protocols are no longer using static ports and I have a requirement to constrain undesirable bandwidth usage by my users, I've started looking at this as a possibility. Has there been any other work done in this direction with PF, or am I forging my own trail, so to speak? Jon Simola <[EMAIL PROTECTED]>
