Application layer classifier for ipfw
ermal.luci at gmail.com
Thu Jul 31 21:09:27 UTC 2008
> An Internet Cafe I do some work for was recently having problems with
> very slow internet access. It turns out customers were running P2P file
> sharing applications which were hogging all the bandwidth. I looked for
> programs that would allow me to shape traffic according to the
> application layer protocol, but couldn't find any for FreeBSD. I found a
> couple: l7-filter and ipp2p, but these are Linux specific. So, I decided
> to write one. The result is ipfw-classifyd :
> As the name implies it uses ipfw(4) to implement a userland daemon that
> classifies TCP and UDP packets according to regular expression patterns
> for various protocols. It's intended to be used with divert(4) sockets
> and dummynet(4) so you can do traffic shaping depending on the
> application level protocol. The protocol patterns are from the l7-filter
> Basically, you use ipfw(8) to divert tcp/udp packets to the damon. It
> reads its configuration file for a list of protocols and ipfw(8) rules.
> Then, when it detects a matching session it re-injects the packet back
> at the specified rule number. The tarball has a sample configuration
> file and firewall script to get you started.
> While I have not done extensive testing, preliminary tests are
> encouraging and it seems to work, so I thought I'd announce it to the
> rest of the world in case anyone else is interested in this kind of
> Comments and suggestions highly appreciated.
Thanks for this.
I have a question, you remove a flow from if you see a FIN for the TCP
case and only on overlapping flow for either TCP/UDP how do the other
flows expire i am missing that part?
> Mike Makonnen | GPG-KEY: http://people.freebsd.org/~mtm/mtm.asc
> mtm @ FreeBSD.Org | AC7B 5672 2D11 F4D0 EBF8 5279 5359 2B82 7CD4 1F55
> FreeBSD | http://www.freebsd.org
> freebsd-net at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net