pom-ng include question

pom-ng include question

[Eicke Friedrich]

Dear list,

I've developed an iptables/netfilter extension to detect P2P traffic
called IPP2P.  It can be used to prohibit P2P traffic (by dropping
matches) or combined with connection tracking, CONNMARK and a packet
scheduler for traffic shaping of P2P traffic. I did a lot of testing
and also got much positive feedback of users. So it can be considered
as stable. The official homepage is located at:
http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html

As an example for traffic shaping look at the following picture. I
used an eDonkey client and gave it as much upload bandwidth as
possible. After a while I used IPP2P on a bridge for traffic shaping
to 2MBits/sec without changing the client setting. The result looked
like this:
http://rnvs.informatik.uni-leipzig.de/ipp2p/delay/color_tp_60e_5p_p2p_src-1.png

So if you believe there could be a benefit of such an extension I'll
create a patch for pom-ng.

Best regards,
Eicke.

Re: pom-ng include question

[Jozsef Kadlecsik]

On Fri, 25 Jun 2004, Eicke Friedrich wrote:

> I've developed an iptables/netfilter extension to detect P2P traffic
> called IPP2P.  It can be used to prohibit P2P traffic (by dropping
> matches) or combined with connection tracking, CONNMARK and a packet
> scheduler for traffic shaping of P2P traffic. I did a lot of testing
> and also got much positive feedback of users. So it can be considered
> as stable. The official homepage is located at:
> http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html
>
> So if you believe there could be a benefit of such an extension I'll
> create a patch for pom-ng.

Yes, do it and we'll add the extension to pom-ng.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Kernel 2.6 conntrack defragment of IP packets

[Scott MacKay]

Hiyas,
   I was wondering, for the 2.6 kernel is there any
different in how conntrack defragments non TCP/non UDP
IP packets?
    I have a userspace QUEUE app which works fine
using 2.4.18 but has some issues with the 2.6.5 and
2.6.7 kernels.  When the packet goes above ~2360
bytes, the end of the packet is bad.  It is weird
because the data (as seen from a hexdump in the
userspace app) is fine, right up to that mark and
works ok under 2.4.x.  The only other change I made
was capturing the packet in PREROUTING mangle instead
of INPUT, but that looks to be after conntrack is done
with the data.  If the traffic is UDP, it seems to
work fine...

-Scott


		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

Altering destination ethernet device

[Scott MacKay]

Hello,
   Sorry if this was asked before by someone, but is
it possible to alter the destination interface for a
packet?  In example, if I have a packet coming in eth0
which could go out either eth1 or eth2, is there any
way to force it to eth2?   I would be looking for a
programming solution because the actual interface
selected will be based on some critea which is
programmed.  If it is possible, I would likely select
the new interface in mangle/POSTROUTING unless it
needed to be elsewhere.

-Scott


		
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail

Re: Altering destination ethernet device

[John A. Sullivan III]

On Fri, 2004-06-25 at 09:01, Scott MacKay wrote:
> Hello,
>    Sorry if this was asked before by someone, but is
> it possible to alter the destination interface for a
> packet?  In example, if I have a packet coming in eth0
> which could go out either eth1 or eth2, is there any
> way to force it to eth2?   I would be looking for a
> programming solution because the actual interface
> selected will be based on some critea which is
> programmed.  If it is possible, I would likely select
> the new interface in mangle/POSTROUTING unless it
> needed to be elsewhere.
<snip>
This may be better suited to iproute2.  To read the documentation, look
for a file named ip-cref.ps in your distribution.  There is a brief
slide show on using it in the training section at
http://iscs.sourceforge.net but it is directed towards using it with
FreeS/WAN.  I do not know what APIs are available. - John
-- 
Open Source Development Corporation
Financially sustainable open source development
http://www.opensourcedevelopmentcorp.com

Re: Altering destination ethernet device

[Scott MacKay]

Cool.  I will look at that.  I did see some routing
type info at http://lartc.org/ (Linux Advanced Routing
& Traffic Control), but nothing to the degree of
control I wanted.  I figured since I am already
grabbing packets in netfilter I would see about
altering them while I had em :)

-Scott


--- "John A. Sullivan III"
<jsullivan@opensourcedevelopmentcorp.com> wrote:
> On Fri, 2004-06-25 at 09:01, Scott MacKay wrote:
> > Hello,
> >    Sorry if this was asked before by someone, but
> is
> > it possible to alter the destination interface for
> a
> > packet?  In example, if I have a packet coming in
> eth0
> > which could go out either eth1 or eth2, is there
> any
> > way to force it to eth2?   I would be looking for
> a
> > programming solution because the actual interface
> > selected will be based on some critea which is
> > programmed.  If it is possible, I would likely
> select
> > the new interface in mangle/POSTROUTING unless it
> > needed to be elsewhere.
> <snip>
> This may be better suited to iproute2.  To read the
> documentation, look
> for a file named ip-cref.ps in your distribution. 
> There is a brief
> slide show on using it in the training section at
> http://iscs.sourceforge.net but it is directed
> towards using it with
> FreeS/WAN.  I do not know what APIs are available. -
> John
> -- 
> Open Source Development Corporation
> Financially sustainable open source development
> http://www.opensourcedevelopmentcorp.com
> 
> 



		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

Re: Altering destination ethernet device

[Henrik Nordstrom]

On Fri, 25 Jun 2004, Scott MacKay wrote:

> Cool.  I will look at that.  I did see some routing
> type info at http://lartc.org/ (Linux Advanced Routing
> & Traffic Control), but nothing to the degree of
> control I wanted.  I figured since I am already
> grabbing packets in netfilter I would see about
> altering them while I had em :)

See the ROUTE target in iptables for some hints. Does all your need in
terms or (re)programmed routing and much more...

Regards
Henrik