From owner-freebsd-net@FreeBSD.ORG Fri Dec 24 01:08:35 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE6DF106566B for ; Fri, 24 Dec 2010 01:08:35 +0000 (UTC) (envelope-from szander@swin.edu.au) Received: from gpo2.cc.swin.edu.au (gpo2.cc.swin.edu.au [136.186.1.31]) by mx1.freebsd.org (Postfix) with ESMTP id 8A4EB8FC0A for ; Fri, 24 Dec 2010 01:08:35 +0000 (UTC) Received: from [136.186.229.101] (szander-laptop.caia.swin.edu.au [136.186.229.101]) by gpo2.cc.swin.edu.au (8.14.3/8.14.3) with ESMTP id oBO0IJwX018072 for ; Fri, 24 Dec 2010 11:18:19 +1100 Message-ID: <4D13E6CC.7080503@swin.edu.au> Date: Fri, 24 Dec 2010 11:18:20 +1100 From: Sebastian Zander User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: IPFW extension for traffic classification based on statistical properties X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Dec 2010 01:08:36 -0000 Hi all, We believe this may be of some interest to list members, and apologise in advance for any duplicates you may receive. We are pleased to announce DIFFUSE v0.1, our first release of a system enabling FreeBSD's IPFW firewall subsystem to classify IP traffic based on statistical traffic properties. With DIFFUSE v0.1, IPFW computes statistics (such as packet lengths or inter-packet time intervals) for observed flows, and uses ML (machine learning) techniques to assign flows into classes. In addition to traditional packet inspection rules, IPFW rules may now also be expressed in terms of traffic statistics or classes identified by ML classification. This can be helpful when direct packet inspection is problematic (perhaps for administrative reasons, or because port numbers do not reliably identify classes of applications). DIFFUSE also enables one instance of IPFW to send flow information and classes to other IPFW instances, which then can act on such traffic (e.g. prioritise, accept, deny, etc) according to its class. This allows for distributed architectures, where classification at one location in your network is used to control fire-walling or rate-shaping actions at other locations. DIFFUSE v0.1 contains an example classifier model for identifying real-time first person shooter game traffic. In the next release we will include a classifier model to detect Skype traffic. The project site (http://caia.swin.edu.au/urp/diffuse) contains a more comprehensive introduction, including application examples, links to related work and documentation describing the design of our software. DIFFUSE v0.1 is a set of patches for FreeBSD-CURRENT, and can be obtained directly from http://caia.swin.edu.au/urp/diffuse/downloads.html The software was developed as part of the DIFFUSE research project at Swinburne University's Centre for Advanced Internet Architectures. The project has been made possible in part by a grant from the Cisco University Research Program Fund at Community Foundation Silicon Valley. We welcome your feedback and hope you enjoy playing with the code and tools. Cheers, Sebastian Zander and Grenville Armitage http://caia.swin.edu.au