Re: Detecting p2p traffic

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm using the 2 modules at the same, and the problems I encounter are:
   1) l7-filter need to patch kernel (you can't skip this), and for this
reason in my recent scripts I'm putting "module detection procedures"
to allow me disable this module when no exists.
   2) With a little manual changes into .h files and .c headers includes
section, you can compile kernel module and iptables extensions for
ipp2p, with this sources, you can upgrade you kernel and put a
detection script into init scripts to detect, compile and install ipp2p
without problems.
   3) I use p2p detection modules in this way:
       a) Marking p2p traffic in mangle table.
       b) Limiting bandwidth with tc.
       c) Using connlimit iptables extension in filter table to drop tcp
"new p2p connections" when they reaches a limit.

Perhaps this help a bit.

Regards

-- 
Samuel Díaz García
ArcosCom Wireless, S.L.L.

CIF: B11828068
c/ Romero Gago, 19
Arcos de la Frontera
11630 - Cadiz

http://www.arcoscom.com

mailto:samueldg@xxxxxxxxxxxx
msn: samueldg@xxxxxxxxxxxx

Tlfn.: 956 70 13 15
Fax:   956 70 34 83


El Lun, 22 de Mayo de 2006, 8:26, Andrew Beverley escribió:
> Jason Boxman wrote:
>> On Sunday 07 May 2006 19:43, Andrew Beverley wrote:
>>> After varying degrees of success with p2p detection modules, I would
>>> like
>>> to write the following rules using iptables to reliably identify p2p
>>> traffic:
>>>
>> <snip>
>>> On my network all p2p traffic falls into these categories, and I don't
>>> mind
>>> overmatching with other traffic.
>>
>> If you can, you could look into compiling and using ipp2p against your
>> kernel.
>> I find it works extremely well with my p2p traffic from edonkey
>> protocol(s).
>> You may have success with L7-Filter, too.  You can probably use both at
>> the
>> same time, but I've never tried as ipp2p works for me.
>
> Thanks - I tried both ipp2p and l7-filter. I found that on the whole
> they worked well, but on the network of 50 clients there was always a
> couple that it didn't detect. I also wanted to put something in place
> that didn't need upgrading - if and when I move on someone will have to
> keep updating ipp2p and l7-filter on the server.
>
> Andy
>
>
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux