[LARTC] How to recognize P2P

[LARTC] How to recognize P2P

[Jacek Bilski]

[-- Attachment #1: Type: text/plain, Size: 838 bytes --]

Hello!

I've read this list for almost one month, learnt a lot, solved some of
my problems, time to ask.

I've set up traffic control using iptables with CONNMARK extension, IMQ
and HTB. Works quite well for now, but doesn't recognize P2P. I tried to
base selecting this traffic on src/dst ports to no effect. Is there any
simple way to detect such traffic? I thought of stringmatch extension
for iptables, but I don't know what to look for. Any suggestions? I'd
prefer to have those connections marked for future `tc filter ... handle
54 fw classid 1:154`.

And off-topic, but I know some of you can help. I have two 3c905 card in
my Linux box. How can I tell 3c59x module, that card on IRQ9 should be
eth0 ant that on IRQ11 eth1? Now I have it the other way.

Greetings

-- 
Jacek Bilski <dino@camelot.homedns.org>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [LARTC] How to recognize P2P

[Derek]

This sounds quite a bit like what I've been trying to do regarding IM 
clients. The solution, if you're trying to shape P2P traffic anyway, would 
probably best be solved by the layer7 filter and some appropriate tc rules. 

http://l7-filter.sourceforge.net

But if you're trying to block them altogether, then you've just opted 
yourself into the 'Find a way to block layer 7 packets with tc' club. We 
don't have many members, and we haven't even come close to attaining the 
goal, but the picnics are fun. 

The card problem is definately a fun one, although in my experience linux 
assigns iface names in the following fashion: PCI (from top (closest to 
AGP/CPU) to bottom), then Onboard. so usually I just play around with the 
order of the cards, although I'm sure theres a better way to do it. The 
networking HOWTO and appropriate mailing lists located here:

https://secure.linuxports.com/

will probably help a bit, too. 

Hope it helps,
Derek


On Friday 26 September 2003 04:01 pm, Jacek Bilski wrote:
> Hello!
>
> I've read this list for almost one month, learnt a lot, solved some of
> my problems, time to ask.
>
> I've set up traffic control using iptables with CONNMARK extension, IMQ
> and HTB. Works quite well for now, but doesn't recognize P2P. I tried to
> base selecting this traffic on src/dst ports to no effect. Is there any
> simple way to detect such traffic? I thought of stringmatch extension
> for iptables, but I don't know what to look for. Any suggestions? I'd
> prefer to have those connections marked for future `tc filter ... handle
> 54 fw classid 1:154`.
>
> And off-topic, but I know some of you can help. I have two 3c905 card in
> my Linux box. How can I tell 3c59x module, that card on IRQ9 should be
> eth0 ant that on IRQ11 eth1? Now I have it the other way.
>
> Greetings
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] How to recognize P2P

[Jacek Bilski]

[-- Attachment #1: Type: text/plain, Size: 1218 bytes --]

Hello!

On sob, 2003-09-27 at 01:16, Derek wrote:
> This sounds quite a bit like what I've been trying to do regarding IM 
> clients. The solution, if you're trying to shape P2P traffic anyway, would 
> probably best be solved by the layer7 filter and some appropriate tc rules. 
> 
> http://l7-filter.sourceforge.net

I found that in one of previous posts, yet it doesn't recognize
eDoneky/Overnet which I need.

> But if you're trying to block them altogether, then you've just opted 
> yourself into the 'Find a way to block layer 7 packets with tc' club. We 
> don't have many members, and we haven't even come close to attaining the 
> goal, but the picnics are fun.

Unfortunately I'm no programmer, so I'll be of no use. But if those
picnics are found to be succesfull I'll be very interested.

> The card problem is definately a fun one, although in my experience linux 
> assigns iface names in the following fashion: PCI (from top (closest to 
> AGP/CPU) to bottom), then Onboard. so usually I just play around with the 
> order of the cards, although I'm sure theres a better way to do it.

Thanks, I didn't know that.

Greetings!

-- 
Jacek Bilski <dino@camelot.homedns.org>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [LARTC] How to recognize P2P

[Derek]

On Friday 26 September 2003 04:31 pm, Jacek Bilski wrote:
> Hello!

Hi!

> > (snip)

> I found that in one of previous posts, yet it doesn't recognize
> eDoneky/Overnet which I need.

Well, I suppose I could try to find a pattern.. I use Overnet at home and 
could probably throw a regex together pretty easily (if the protocol is 
generic enough).

> > (snip)

> Unfortunately I'm no programmer, so I'll be of no use. But if those
> picnics are found to be succesfull I'll be very interested.
>

Heh, It doesn't matter if you're a programmer or not,  just let the list know 
if you've found some other way of blocking or restricting layer7 stuff. Since 
this is the LARTC list, preferrably with iproute2. That's all I ask :)

> > (snip)
>
> Thanks, I didn't know that.
>

No Problem :)

> Greetings!

Cheers,
Derek
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] How to recognize P2P

[Jason A. Pattie]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Derek wrote:
| The card problem is definately a fun one, although in my experience linux
| assigns iface names in the following fashion: PCI (from top (closest to
| AGP/CPU) to bottom), then Onboard. so usually I just play around with the
| order of the cards, although I'm sure theres a better way to do it. The
| networking HOWTO and appropriate mailing lists located here:
|
| https://secure.linuxports.com/
|
| will probably help a bit, too.

Actually, there is an effective way around this problem.  Find the MAC
address for each of your network cards.  Pick some names that are
meaningful for your interfaces, like 'internal' and 'external', or 'LAN'
and 'Internet'.  Then reassign those names to your interfaces so that
the name 'eth0' literally becomes 'external' and 'eth1' literally
becomes 'internal'.  You would then simply use your ifconfig or ip addr
commands to assign IP addresses and info just like you normally would.

I.e.,
ifconfig internal 192.168.0.1 netmask 255.255.255.0 ...
ifconfig external <Internet IP address> ...

How to do this, you ask?  nameif

man nameif is your friend.  It comes with the net-tools package under
Debian.  It should be installed by default on most RedHat and other
installs as well.

nameif takes the name you want to assign and the MAC address of the
device.  It will then change the name of the device with the specified
MAC address to the name you provide.  It apparently only works when the
device is available (i.e., loaded as a module or detected by the kernel)
and down.  I.e., it cannot be in an UP state.  With a little
experimentation, you can insert the nameif command into your startup
scripts and all your problems dissappear.  Then it doesn't matter in
what order the kernel detects your devices.

- --
Jason A. Pattie
pattieja@xperienceinc.com
Xperience, Inc. (http://www.xperienceinc.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQE/eZpouYsUrHkpYtARAgHDAJ9kdOFfHaUZ588wvr2EGBjl+XvevwCfbS7T
D1U0o+hsyaQLlF1doUPprWM=cJME
-----END PGP SIGNATURE-----


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Mailscanner thanks transtec Computers for their support.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] How to recognize P2P

[miller69]

Hi,

> I found that in one of previous posts, yet it doesn't recognize
> eDoneky/Overnet which I need.

there is an iptables extension called IPP2P to filter P2P traffic. It
recognizes eDonkey/Overnet and other P2P networks as well. For traffic shaping it
has to be used together with CONMARK. Go to
http://ilabws13.informatik.uni-leipzig.de/~mai97bwf/delay.html there you'll find a setup currently in use and
at the bottom of this page is the download-link for IPP2P.

Hope that helps!
Mike

-- 
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] How to recognize P2P

[Jacek Bilski]

[-- Attachment #1: Type: text/plain, Size: 867 bytes --]

Ehlo!

On wto, 2003-09-30 at 23:45, miller69@gmx.net wrote:
> Hi,
> 
> > I found that in one of previous posts, yet it doesn't recognize
> > eDoneky/Overnet which I need.
> 
> there is an iptables extension called IPP2P to filter P2P traffic. It
> recognizes eDonkey/Overnet and other P2P networks as well. For traffic shaping it
> has to be used together with CONMARK. Go to
> http://ilabws13.informatik.uni-leipzig.de/~mai97bwf/delay.html there you'll find a setup currently in use and
> at the bottom of this page is the download-link for IPP2P.

It's something I'll probably like. Now I use CONNMARK extension and
IPP2P seems to be remedy for my problems. I don't want to drop P2P, but
to limit it to only take bandwidth that was left by other services.

Thanks, I'll look into in.

Greetings!

-- 
Jacek Bilski <dino@camelot.homedns.org>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [LARTC] How to recognize P2P

[Derek]

Wow,


That is an awesome module. I definately may be able to use that in the 
future, thanks :) ... I just wish they had an iptables extension for instant 
messenger clients, and then I'd be all set :)

Thanks again,
Derek



On Tuesday 30 September 2003 02:45 pm, miller69@gmx.net wrote:
> Hi,
>
> > I found that in one of previous posts, yet it doesn't recognize
> > eDoneky/Overnet which I need.
>
> there is an iptables extension called IPP2P to filter P2P traffic. It
> recognizes eDonkey/Overnet and other P2P networks as well. For traffic
> shaping it has to be used together with CONMARK. Go to
> http://ilabws13.informatik.uni-leipzig.de/~mai97bwf/delay.html there you'll
> find a setup currently in use and at the bottom of this page is the
> download-link for IPP2P.
>
> Hope that helps!
> Mike

-- 
-----------------------
Derek Fedel
Network Administrator
Ext. 238
Traffic-Power.com

"Hence the saying:  If you know the enemy 
and know yourself, you need not fear the result of a 
hundred battles.  If you know yourself but not the enemy, 
for every victory gained you will also suffer a defeat.  
If you know neither the enemy nor yourself, you will 
succumb in every battle." - Sun Tzu
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/