[LARTC] GNUTELLA on port 80

[LARTC] GNUTELLA on port 80

[David DeLauro]

I've just recently setup a linux bridge that is doing some traffic
shaping/policing using HTB/SFQ for a small college network.  Everything
is working great!!! but I've recently discovered something that seems to
break my filter/shaping scheme.

I have 4 classes one for unrestricted bandwidth usage (web/ssh/ftp/etc..),
slightly restricted (mail/internet games/etc...), a class for the NNTP,
and a class for "all the rest."  Most of the classifiers are based
on tcp/udp ports and/or on a specific machine or local subnet...

For some of my machines Kazaa or the GNUTELLA protocol is running itself
on port 80.  Is there any way to filter the GNUTELLA traffic into my bulk
traffic class ("all the rest") even if GNUTELLA is running on port 80?

From reading the archives... it seems there is a iptables type solution (I
built the iptables/nat+bridging patch into the kernel) but I haven't had
any luck in finding it let alone another solution using tc/match filters.

-- 
David DeLauro
Computer Systems Analyst
Saint Joseph's College
Rensselaer, IN 47978

Education is the progressive realization of our ignorance. - Dot, Animaniacs

When secrecy becomes a certain protection in whose shadow embryonic ideas are born and nurtured then it becomes indeed a sacred silence. For every form of life, from flower to very man himself, requires this fostering period of protected germination. - Rollin Malbone Pease

There is no greater tyranny, than that which is perpetrated under the shield of law and in the name of justice. - Montesquieu

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] GNUTELLA on port 80

[Robert Penz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 25 January 2003 00:23, David DeLauro wrote:


> For some of my machines Kazaa or the GNUTELLA protocol is running itself
> on port 80.  Is there any way to filter the GNUTELLA traffic into my bulk
> traffic class ("all the rest") even if GNUTELLA is running on port 80?
may the TOS field is different between an http and a gnutella connection, just 
use tcpdump to find that out, if so filter according it.

ps: is gnutella tcp, I thought most of that networks use udp.



- -- 
Regards,
Robert
- ----------------
Robert Penz
robert.penz AT outertech.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+MdCA8tTsQqJDUBMRAlMSAJ44mIfa0En4aSuD3IbGR5Bz8awYmgCeIsdC
6a+IqHdgLYOvFU251nqIIjQ=WxpR
-----END PGP SIGNATURE-----

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] GNUTELLA on port 80

[Lars Gaarden]

David DeLauro wrote:

[Filtering Gnutella/Kazaa on port 80]

From reading the archives... it seems there is a iptables type solution (I
> built the iptables/nat+bridging patch into the kernel) but I haven't had
> any luck in finding it let alone another solution using tc/match filters.

You need a rule matching packet content. Do a packet dump of
kazaa/gnutella traffic and see if there is anything unique in the
packets that you can filter on (the hard part is not to get any false
positives/negatives).

One option could perhaps be to set up a transparent squid proxy and see
if it is possible for squid to do bandwidth limiting on requests
containing certain headers.

-- 
LarsG
Fight the EUCD! Find your local organization at
http://eucd.info/who.fr.php

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/