I have an idea for using IPSET together with NETLINK (nf_queue) based for userspace processing of bittorrent detection and connection marking.
Bitorrent now can use enctyption ... And with encryption, it now hard to detect and throtting those traffic.
I have study bittorrent blocking for long time and I have bitorrent throttling and blocking system using iptables + IPSET + L7-filter + IPP2P setup and working in production environment, but it cannot detect encrypted bittorrent traffic.
After that I comes up with more effective way to block bittorrent, That is tracker communicaton detection with works easily by pattern matching on HTTP query (annouce.+?info_hash=.+) in L7-filter. This way I can throttle specific IP by insert IP to IPSET but this way can only throttle all traffic not bittorrent only.
I comes up with new idea after notice that client send ip/port pair to tracker for other peers to connect, and tracker send back all ip/port peer also. I can grab this information and insert IP+Port to IPSET to throtte all traffice match ip/port without effect all other traffic. But this way need some processing that IPP2P and L7-Filter cannot do this.
So I need to implement this in userspace with NF_QUEUE. But ... it still hard to program and need quite much time to complete this.
0 Trackbacks