From owner-freebsd-net@FreeBSD.ORG Thu Jul 31 21:14:34 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F06D1065680 for ; Thu, 31 Jul 2008 21:14:34 +0000 (UTC) (envelope-from ddg@yan.com.br) Received: from mail.mastercabo.com.br (mail.mastercabo.com.br [200.179.179.14]) by mx1.freebsd.org (Postfix) with SMTP id 10CE88FC17 for ; Thu, 31 Jul 2008 21:14:32 +0000 (UTC) (envelope-from ddg@yan.com.br) Received: (qmail 46181 invoked by uid 1008); 31 Jul 2008 20:47:51 -0000 Received: from unknown (HELO ?192.168.0.169?) (200.251.26.17) by mail.mastercabo.com.br with SMTP; 31 Jul 2008 20:47:51 -0000 Message-ID: <489224F2.3050508@yan.com.br> Date: Thu, 31 Jul 2008 17:47:46 -0300 From: =?ISO-8859-1?Q?Daniel_Dias_Gon=E7alves?= User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <48918DB5.7020201@wubethiopia.com> In-Reply-To: <48918DB5.7020201@wubethiopia.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Application layer classifier for ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ddg@yan.com.br List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2008 21:14:34 -0000 You will go to develop a version to work with PF ? Mike Makonnen escreveu: > Hi, > > An Internet Cafe I do some work for was recently having problems with > very slow internet access. It turns out customers were running P2P > file sharing applications which were hogging all the bandwidth. I > looked for programs that would allow me to shape traffic according to > the application layer protocol, but couldn't find any for FreeBSD. I > found a couple: l7-filter and ipp2p, but these are Linux specific. So, > I decided to write one. The result is ipfw-classifyd : > http://people.freebsd.org/~mtm/ipfw-classifyd.tar.bz2 > > As the name implies it uses ipfw(4) to implement a userland daemon > that classifies TCP and UDP packets according to regular expression > patterns for various protocols. It's intended to be used with > divert(4) sockets and dummynet(4) so you can do traffic shaping > depending on the application level protocol. The protocol patterns are > from the l7-filter project. > > Basically, you use ipfw(8) to divert tcp/udp packets to the damon. It > reads its configuration file for a list of protocols and ipfw(8) > rules. Then, when it detects a matching session it re-injects the > packet back at the specified rule number. The tarball has a sample > configuration file and firewall script to get you started. > > While I have not done extensive testing, preliminary tests are > encouraging and it seems to work, so I thought I'd announce it to the > rest of the world in case anyone else is interested in this kind of > application. > > Comments and suggestions highly appreciated. > > Cheers.