Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Jun 2006 12:12:32 +0900
From:      Ganbold <ganbold@micom.mng.net>
To:        Vadim Goncharov <vadimnuclight@tpu.ru>
Cc:        "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>
Subject:   Re: [PATCH] ng_tag - new netgraph node,	please test (L7 filtering possibility)
Message-ID:  <448CDBA0.2010203@micom.mng.net>
In-Reply-To: <optax2g7jq4fjv08@nuclight.avtf.net>
References:  <optax2g7jq4fjv08@nuclight.avtf.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Vadim Goncharov wrote:
> Hello All!
>
> I wrote new netgraph(4) node, called ng_tag, able to match packets by
> their mbuf_tags(9) and assign new tags to mbufs. This can be used for
> many things in the kernel network subsystem, but particularly useful
> with recently added ipfw(8) tag/tagged functionality (will be MFCed to
> RELENG_6 after Jun 24).
>
> With this node, in conjunction with ng_bpf(4), I was able to match and 
> block (perhaps shaping is also possible, but this relies solely on 
> ipfw) DirectConnect P2P data connections traffic - you know, they're 
> using random ports, so you can't match them with usual firewall rules 
> and must check data payload contents of the packets. See man page for 
> example of how to do this.
>
> Download files from here: http://antigreen.org/vadim/freebsd/ng_tag/
> Then do:
>
>   make
>   kldload ./ng_tag.ko
>
> Man page can be viewed as:
>
>   cat ng_tag.4 | /usr/bin/tbl | /usr/bin/groff -S -Wall -mtty-char -man \
>     -Tascii | /usr/bin/col | more -s
>
> Please especially test tags with non-zero tag_len, if you can (though 
> it's
> not needed for ipfw).
>
> P.S. BTW, what is correct subject prefix for new contributions? I think
> [PATCH] is not correct as these are new files, not patch :)
You mentioned about L7 filtering possibility, is it possible to filter 
skype, msn, yahoo messenger traffics using ng_tag?
If you can put some additional examples how to block above that would be 
great. This is just my thought.

thanks,

Ganbold

>
> --WBR, Vadim Goncharov
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?448CDBA0.2010203>