Protocol filter capabilities
Thiago Damas
tdamas at gmail.com
Thu Nov 24 19:04:24 GMT 2005
I'm sending the divert version of my program; use like this:
./p2p -b 65000 -k 65000 -e 65000 -g 65000 -i 65000
ipfw add 100 divert 10000 tcp from 1024-65535 to any 1024-65535 via xl0
ipfw add 60000 ip from any to any
ipfw add 65000 pipe 1 ip from any to any via xl0 out
ipfw add 65001 pipe 2 ip from any to any via xl0 in
My idea is to use a stateful filter, to minimize the use of CPU
(this program runs on userland).
Now, I'm looking at the PF code, to see where can I change.
2005/11/24, Alexandre DELAY <alexandre.delay at free.fr>:
> Well, If you want an idea, I found this:
> http://freebsd.rogness.net/snort_inline/ in the freebsd-ipfw archive.
>
> The thing is that it works with snort which is not as able as ethereal (and
> need to be subscribed) to detect application protocols.
>
> Ethereal already includes performant filters which only wait to be used.
>
> If you need help to develop around dummynet, maybe you can try to contact
> luigi who developped dummynet (http://info.iet.unipi.it/~luigi). He might be
> interrested by this program.
>
> Maybe you can tell us more about your project?
>
> Cheers
>
> Alex
>
> -----Message d'origine-----
> De : owner-freebsd-pf at freebsd.org
> [mailto:owner-freebsd-pf at freebsd.org]De la part de Thiago Damas
> Envoyé : jeudi 24 novembre 2005 14:47
> À : freebsd-pf at freebsd.org
> Objet : Re: Protocol filter capabilities
>
>
> I have a program that implements this, via divert socket with ipfw.
> I think the better way to do this is with a program that listens
> with bfp/pcap, and inserts/deletes rules using ioctls in /dev/pf
> For now, I'm trying to alter a queue, given a state, using /dev/pf,
> but it doesnt seen easy. Altering the queue I can limit the bandwidth
> of a protocol; if I want to block the protocol, I can just delete the
> state of the firewall.
> Have you some ideas?
>
>
> 2005/11/23, Alexandre DELAY <alexandre.delay at free.fr>:
> > hi guys,
> >
> > I am looking for an efficient way to filter different protocols, such as
> > edonkey or BEEP.
> > For the moment, I think that pf doesn't support it.
> >
> > Don't you think that it would be a nice thing to be able to include such
> > "filters" from, for example, ethereal?
> > Ethereal support more than 34k different protocols. It woul be nice to be
> > able to choose from those filters and to apply some rules according to
> those
> > filters.
> >
> > Do you know a way to do this?
> >
> > Cheers
> >
> > Alex
> >
> > _______________________________________________
> > freebsd-pf at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> >
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: p2p.c
Type: application/octet-stream
Size: 9137 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20051124/d5ee501b/p2p.obj
More information about the freebsd-pf
mailing list