Date: Thu, 31 Jul 2008 17:47:46 -0300 From: =?ISO-8859-1?Q?Daniel_Dias_Gon=E7alves?= <ddg@yan.com.br> To: freebsd-net@freebsd.org Subject: Re: Application layer classifier for ipfw Message-ID: <489224F2.3050508@yan.com.br> In-Reply-To: <48918DB5.7020201@wubethiopia.com> References: <48918DB5.7020201@wubethiopia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You will go to develop a version to work with PF ? Mike Makonnen escreveu: > Hi, > > An Internet Cafe I do some work for was recently having problems with > very slow internet access. It turns out customers were running P2P > file sharing applications which were hogging all the bandwidth. I > looked for programs that would allow me to shape traffic according to > the application layer protocol, but couldn't find any for FreeBSD. I > found a couple: l7-filter and ipp2p, but these are Linux specific. So, > I decided to write one. The result is ipfw-classifyd : > http://people.freebsd.org/~mtm/ipfw-classifyd.tar.bz2 > > As the name implies it uses ipfw(4) to implement a userland daemon > that classifies TCP and UDP packets according to regular expression > patterns for various protocols. It's intended to be used with > divert(4) sockets and dummynet(4) so you can do traffic shaping > depending on the application level protocol. The protocol patterns are > from the l7-filter project. > > Basically, you use ipfw(8) to divert tcp/udp packets to the damon. It > reads its configuration file for a list of protocols and ipfw(8) > rules. Then, when it detects a matching session it re-injects the > packet back at the specified rule number. The tarball has a sample > configuration file and firewall script to get you started. > > While I have not done extensive testing, preliminary tests are > encouraging and it seems to work, so I thought I'd announce it to the > rest of the world in case anyone else is interested in this kind of > application. > > Comments and suggestions highly appreciated. > > Cheers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?489224F2.3050508>