From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 10:16:00 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 24D3C1065670 for ; Fri, 1 Aug 2008 10:16:00 +0000 (UTC) (envelope-from mtm@wubethiopia.com) Received: from dire.wubethiopia.com (j071.v.rootbsd.net [208.79.82.223]) by mx1.freebsd.org (Postfix) with ESMTP id F31758FC1D for ; Fri, 1 Aug 2008 10:15:59 +0000 (UTC) (envelope-from mtm@wubethiopia.com) Received: from rogue.mike.lan (unknown [213.55.82.136]) by dire.wubethiopia.com (Postfix) with ESMTPSA id 0ACE24FDA772; Fri, 1 Aug 2008 10:15:55 +0000 (UTC) Message-ID: <4892E3BE.2030900@wubethiopia.com> Date: Fri, 01 Aug 2008 13:21:50 +0300 From: Mike Makonnen User-Agent: Thunderbird 2.0.0.12 (X11/20080323) MIME-Version: 1.0 To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= References: <9a542da30807311344u34422adauade5c2b62b71804a@mail.gmail.com> In-Reply-To: <9a542da30807311344u34422adauade5c2b62b71804a@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: Application layer classifier for ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2008 10:16:00 -0000 Ermal Luçi wrote: >> Hi, >> >> An Internet Cafe I do some work for was recently having problems with >> very slow internet access. It turns out customers were running P2P file >> sharing applications which were hogging all the bandwidth. I looked for >> programs that would allow me to shape traffic according to the >> application layer protocol, but couldn't find any for FreeBSD. I found a >> couple: l7-filter and ipp2p, but these are Linux specific. So, I decided >> to write one. The result is ipfw-classifyd : >> http://people.freebsd.org/~mtm/ipfw-classifyd.tar.bz2 >> >> As the name implies it uses ipfw(4) to implement a userland daemon that >> classifies TCP and UDP packets according to regular expression patterns >> for various protocols. It's intended to be used with divert(4) sockets >> and dummynet(4) so you can do traffic shaping depending on the >> application level protocol. The protocol patterns are from the l7-filter >> project. >> >> Basically, you use ipfw(8) to divert tcp/udp packets to the damon. It >> reads its configuration file for a list of protocols and ipfw(8) rules. >> Then, when it detects a matching session it re-injects the packet back >> at the specified rule number. The tarball has a sample configuration >> file and firewall script to get you started. >> >> While I have not done extensive testing, preliminary tests are >> encouraging and it seems to work, so I thought I'd announce it to the >> rest of the world in case anyone else is interested in this kind of >> application. >> >> Comments and suggestions highly appreciated. >> > > Thanks for this. > I have a question, you remove a flow from if you see a FIN for the TCP > case and only on overlapping flow for either TCP/UDP how do the other > flows expire i am missing that part? > > No, you're not missing anything. It's on my TODO list. I wanted to get this out and get feedback as early as possible, so I released it as soon as I had it basically working. I'm thinking of storing some session information for the flow (like a timestamp for the last packet seen) and implementing a garbage collector thread that removes sessions that have been idle for some period of time. Cheers. -- Mike Makonnen | GPG-KEY: http://people.freebsd.org/~mtm/mtm.asc mtm @ FreeBSD.Org | AC7B 5672 2D11 F4D0 EBF8 5279 5359 2B82 7CD4 1F55 FreeBSD | http://www.freebsd.org