Re: [LARTC] Intelligent P2P detection

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Szymon Miotk wrote:

Luman wrote:

Probably, I'm not the first one who needs solve problem with p2p.
Because, large part of my traffic is eaten by p2p software like KazAA,
e-mule, Direct Connect etc, I'm looking for the way of detection of such
traffic and marking it. However simple way with for instance 1214 port
for KazAA doesn't work because this software uses floating port
technology. This traffic can be send via different ports and these ports
can change in the fly. This is rather well known. So I'm looking for the stuff working at higher level and analyzing
traffic inside to determine the content and the real protocol. It could
be a patch to the kernel or whatever. It should only be able to mark
packet by a special marker.
I need this solution not only to prioritizing the traffic (prioritizing
can be achieve in other way) but also to selection the Internet link. I
want to NAT this low quality data for some specific address in order to
send it over cheaper link.
What do you think is there any solution to do it? Or maybe there is
ongoing project trying to tackle with this global problem with detection
p2p traffic.


Snort has set of rules to detect P2P traffic. AFAIK snort is quite fast, at least fast enough to cope with 10Mbits on average PC.
Maybe the solution is detecting snort alerts about P2P and automagically cutting bandwidth of host playnig with P2P?


Szymon Miotk


snort signatures are quite poor in some manner. f.e. the X signature will not
detect X from big-endian hosts (at least last time i checked). they seem to be
extracted from sniffed sessions instead of protocol specifications. there is an
interesting projekt called hank (sourceforge), it is missing signatures but it is
equipped with almost everything you need for content-based classification,
it can receive packets through netfilter ipq mechanism, with simple modifications
you should be able to set skb->priority or skb->nfmark from userspace.
unfortunately there seems to be no active development, but from what
i can judge it looks useable.


Patrick





[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux