On Tue, Oct 12, 2004 at 03:38:49PM -0700, Jon Simola wrote:
I've searched a fair bit and started some research into the pf code
looking for a way to identify packets at the application layer.
I believe that the functionality (just some simple text searching
inside the packet payload) would have to be inserted inside
pf_test_tcp() using a functional block similar to pf_osfp_match().
What I'm trying to do, exactly, is identify and tag P2P streams based
on signatures so that they can be sent to a lower-priority queue or
blocked. Given that the newer P2P protocols are no longer using static
ports and I have a requirement to constrain undesirable bandwidth
usage by my users, I've started looking at this as a possibility.
Has there been any other work done in this direction with PF, or am I
forging my own trail, so to speak?
i think daniel summarizes the view on this quite well in:
http://marc.theaimsgroup.com/?l=openbsd-pfm=108846519101164w=2
--
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Booze is the answer. I don't remember the question.
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~