Hi Kim, There are two reasons why I want to detect this sort of traffic. 1. I want to prioritize traffic 2. I want to push low quality traffic via cheaper links. To explain them, I need to say something about my architecture. In general, my network architecture is divided into two layers. The first client-routers and the second border-routers. The client-routers (I have many them) realize connection between my backbone with my clients. The border-routers are connection between my backbone and the rest of the world. I have couple them. Obviously, clients kill my peering connection, by sending low level quality traffic, generated by p2p applications like KaZaA, DC, e-mule etc. I would like at the client-routers level to detect the particular packets generated by p2p soft and mark them in someway. These marked packets are sent to one of the border-router which checks if the packet is marked. If it is, the packets have low-priority. (This is the first problem - prioritizing traffic). However, I have expensive high quality internet links, and I want to avoid wasting them for that traffic. In this case if packet is marked, then it is sent to the other border-router, which operates on cheaper link. Such traffic is NATed into cheaper link IP address (to avoid returning via better link - BGP is working) and is sent with the lowest priority. (the second problem - selection cheaper link) This is my problem. Actually, I realized everything without one exception, marking all packets p2p software. I can easy mark packets using iptables by detecting dst-port 1214 (for instance) but p2p software are smart. So I need something at higher level, which analysis content of packets and take the decision not only on the port but basing on characteristics of sent data inside packets. Sorry, for so long text. Best regards, Luman >-----Original Message----- >From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] On >Behalf Of Kim Jensen >Sent: Tuesday, March 25, 2003 11:22 AM >To: Luman; lartc@xxxxxxxxxxxxxxx >Subject: Re: [LARTC] Intelligent P2P detection > >Hi Luman, > >Sorry, I have a stupid question - why do you wish to mark the traffic, is >it >because you wish to allow it internally or is it because you wish to >completely drop it? > >If you wish to mark it, then I can recommend that you take a look at the >patch-o-matic module connmark. All packets destined for your internal >services or external services where the destination port is above 1024 can >then easily be marked and tracked (at least in theory, I haven't played >with >the connmark module yet). > >/Kim > >On Tuesday 25 March 2003 09:08, Luman wrote: >> Probably, I'm not the first one who needs solve problem with p2p. >> Because, large part of my traffic is eaten by p2p software like KazAA, >> e-mule, Direct Connect etc, I'm looking for the way of detection of such >> traffic and marking it. However simple way with for instance 1214 port >> for KazAA doesn't work because this software uses floating port >> technology. This traffic can be send via different ports and these ports >> can change in the fly. This is rather well known. >> So I'm looking for the stuff working at higher level and analyzing >> traffic inside to determine the content and the real protocol. It could >> be a patch to the kernel or whatever. It should only be able to mark >> packet by a special marker. >> >> I need this solution not only to prioritizing the traffic (prioritizing >> can be achieve in other way) but also to selection the Internet link. I >> want to NAT this low quality data for some specific address in order to >> send it over cheaper link. >> >> What do you think is there any solution to do it? Or maybe there is >> ongoing project trying to tackle with this global problem with detection >> p2p traffic. >> >> Best regards, >> Luman >> >> >> >> >> _______________________________________________ >> LARTC mailing list / LARTC@xxxxxxxxxxxxxxx >> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >_______________________________________________ >LARTC mailing list / LARTC@xxxxxxxxxxxxxxx >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/