On Tue, Oct 12, 2004 at 03:38:49PM -0700, Jon Simola wrote: > I've searched a fair bit and started some research into the pf code > looking for a way to identify packets at the application layer. > I believe that the functionality (just some simple text searching > inside the packet payload) would have to be inserted inside > pf_test_tcp() using a functional block similar to pf_osfp_match(). > > What I'm trying to do, exactly, is identify and tag P2P streams based > on signatures so that they can be sent to a lower-priority queue or > blocked. Given that the newer P2P protocols are no longer using static > ports and I have a requirement to constrain undesirable bandwidth > usage by my users, I've started looking at this as a possibility. > > Has there been any other work done in this direction with PF, or am I > forging my own trail, so to speak?
i think daniel summarizes the view on this quite well in: http://marc.theaimsgroup.com/?l=openbsd-pf&m=108846519101164&w=2 -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Booze is the answer. I don't remember the question. =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~