From owner-freebsd-net@FreeBSD.ORG Fri Dec 24 05:22:33 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C004106566B for ; Fri, 24 Dec 2010 05:22:33 +0000 (UTC) (envelope-from egrosbein@rdtc.ru) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [62.231.161.221]) by mx1.freebsd.org (Postfix) with ESMTP id 72B778FC0C for ; Fri, 24 Dec 2010 05:22:31 +0000 (UTC) Received: from eg.sd.rdtc.ru (localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.14.4/8.14.4) with ESMTP id oBO5MRX2051920; Fri, 24 Dec 2010 11:22:28 +0600 (NOVT) (envelope-from egrosbein@rdtc.ru) Message-ID: <4D142E0E.1050506@rdtc.ru> Date: Fri, 24 Dec 2010 11:22:22 +0600 From: Eugene Grosbein User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU; rv:1.9.1.10) Gecko/20100712 Thunderbird/3.0.5 MIME-Version: 1.0 To: Sebastian Zander References: <4D13E6CC.7080503@swin.edu.au> In-Reply-To: <4D13E6CC.7080503@swin.edu.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: IPFW extension for traffic classification based on statistical properties X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Dec 2010 05:22:33 -0000 On 24.12.2010 06:18, Sebastian Zander wrote: > Hi all, > > We believe this may be of some interest to list members, and > apologise in advance for any duplicates you may receive. > > We are pleased to announce DIFFUSE v0.1, our first release of a > system enabling FreeBSD's IPFW firewall subsystem to classify IP > traffic based on statistical traffic properties. > > With DIFFUSE v0.1, IPFW computes statistics (such as packet lengths > or inter-packet time intervals) for observed flows, and uses > ML (machine learning) techniques to assign flows into classes. > In addition to traditional packet inspection rules, IPFW rules > may now also be expressed in terms of traffic statistics > or classes identified by ML classification. This can be helpful > when direct packet inspection is problematic (perhaps for administrative > reasons, or because port numbers do not reliably identify classes of > applications). > > DIFFUSE also enables one instance of IPFW to send flow information > and classes to other IPFW instances, which then can act on such > traffic (e.g. prioritise, accept, deny, etc) according to its class. > This allows for distributed architectures, where classification at > one location in your network is used to control fire-walling or > rate-shaping actions at other locations. > > DIFFUSE v0.1 contains an example classifier model for identifying > real-time first person shooter game traffic. In the next release we > will include a classifier model to detect Skype traffic. > > The project site (http://caia.swin.edu.au/urp/diffuse) contains a more > comprehensive introduction, including application examples, links to > related work and documentation describing the design of our software. > > DIFFUSE v0.1 is a set of patches for FreeBSD-CURRENT, and can be > obtained directly from > http://caia.swin.edu.au/urp/diffuse/downloads.html > > The software was developed as part of the DIFFUSE research project at > Swinburne University's Centre for Advanced Internet Architectures. The > project has been made possible in part by a grant from the Cisco > University Research Program Fund at Community Foundation Silicon Valley. > > We welcome your feedback and hope you enjoy playing with the code and > tools. > > Cheers, > > Sebastian Zander and Grenville Armitage > > http://caia.swin.edu.au It would be nice to provide patches for RELENG_8 to get broader testing. Eugene Grosbein