èŠ‚ç‚¹æ–‡çŒ®

ç½‘ç»œæµé‡æŽ§åˆ¶ç³»ç»Ÿçš„è®¾è®¡ä¸Žå®žçŽ°

Design and Implementation of Network Traffic Control System

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ æ®µç£Šï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ åŒ—äº¬é‚®ç”µå¤§å¦ ï¼Œ ä¿¡æ¯å®‰å…¨ï¼Œ 2011ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ ç½‘ç»œæµé‡æŽ§åˆ¶ç³»ç»Ÿçš„ä½œç”¨æ˜¯æ ¹æ®ç”¨æˆ·éœ€æ±‚å¯¹ç½‘ç»œä¸ŠæŒ‡å®šçš„åº”ç”¨æµé‡è¿›è¡Œç²¾ç¡®çš„æŽ§åˆ¶ã€‚å½“ä»Šç½‘ç»œä¸Šçš„å„ç§åº”ç”¨æ—¥ç›Šç¹å¤šå¤æ‚,ç”¨æˆ·å¯¹èµ„æºçš„èŽ·å–ä¹Ÿæ›´åŠ çš„ä¾¿æ·,æ‹¿ç½‘ç»œåº”ç”¨å¸¸è§çš„P2Pä¸‹è½½æ¥è¯´,åœ¨è¿™å‡ å¹´ä¸,ä¾é ç‹¬æœ‰çš„æŠ€æœ¯ä¼˜åŠ¿å’Œä¸‹è½½è´¨é‡P2På¾—åˆ°äº†è¿…é€Ÿçš„å‘å±•,ç”¨æˆ·è¶Šæ¥è¶Šå¤š,ç›®å‰P2Påº”ç”¨å·²ç»å åˆ°æ™®é€šç½‘ç»œæµé‡çš„60%ä»¥ä¸Š,è¶…è¿‡äº†HTTPåº”ç”¨æˆä¸ºç½‘ç»œå¸¦å®½æœ€å¤§çš„æ¶ˆè€—è€…,P2Pç½‘ç»œåœ¨æ–‡ä»¶èµ„æºå…±äº«ä»¥åŠåˆ†å¸ƒå¼è®¡ç®—ç‰å¾ˆå¤šæ–¹é¢å·²ç»å……åˆ†æ˜¾ç¤ºå‡ºäº†å…¶ä¾¿æ·ä¹‹å¤„å’Œå¼ºå¤§çš„æŠ€æœ¯ä¼˜åŠ¿ã€‚ä¸Žæ¤åŒæ—¶P2Pä¹Ÿç»™äººä»¬å¸¦æ¥äº†è¯¸å¤šè´Ÿé¢çš„é—®é¢˜ã€‚P2Pçš„ç”¨æˆ·å¤§éƒ½ä»¥å¾ˆé«˜çš„é€Ÿåº¦ä¸‹è½½å„ç§èµ„æºæ–‡ä»¶,ç”±æ¤å¯¼è‡´ç½‘ç»œå¸¦å®½è¢«æ€¥å‰§ç¼©å‡,å¾ˆå®¹æ˜“é€ æˆå„ç½‘ç»œé“¾è·¯çš„å µå¡ž,å…¶ä»–ç”¨æˆ·çš„å…³é”®åº”ç”¨å°±å¾—ä¸åˆ°å¾ˆå¥½çš„ä¿éšœã€‚å¦ä¸€æ–¹é¢,P2Påº”ç”¨çš„ç‰¹æ®Šæ€§è¿˜åœ¨äºŽè¿™ç§åè®®ä¸Šä¸‹è¡Œçš„æµé‡æ˜¯åŸºæœ¬å¯¹ç§°çš„,è¿™å°±å®¹æ˜“é€ æˆä¼ ç»Ÿçš„éžå¯¹ç§°ç½‘ç»œ(ä¸‹è¡Œå¸¦å®½è¿œè¿œå¤§äºŽä¸Šè¡Œå¸¦å®½)äº§ç”Ÿä¸Šè¡Œæ–¹å‘æµé‡çš„å µå¡žã€‚ä¸ºäº†æœ‰æ•ˆçš„ç›‘æŽ§å’Œåˆ†æžç½‘ç»œå¸¦å®½çš„ä½¿ç”¨æƒ…å†µ,é˜²æ¢BTä¸‹è½½ã€ç½‘ç»œç”µè§†ç‰å ç”¨ç½‘ç»œå¸¦å®½åº”ç”¨çš„è¿‡åº¦ä½¿ç”¨,åŒæ—¶å®žçŽ°å¯¹è¢«ç›‘æŽ§è®¾å¤‡çš„ä¸šåŠ¡è¿›è¡Œç²¾ç»†çš„æŽ§åˆ¶,åœ¨æœ¬æ–‡ä¸æå‡ºå¹¶å®žçŽ°äº†é€‚ç”¨äºŽå±€åŸŸç½‘ç‰å°åž‹ç½‘ç»œçŽ¯å¢ƒçš„ç½‘ç»œæµé‡æŽ§åˆ¶ç³»ç»Ÿçš„å®žçŽ°æ–¹æ¡ˆã€‚æœ¬æ–‡é‡ç‚¹ç ”ç©¶äº†ç½‘ç»œæµé‡æŽ§åˆ¶çš„å…³é”®æŠ€æœ¯æ–¹æ¡ˆ,å…¶ä¸ç€é‡ç ”ç©¶äº†P2PåŠ å¯†æµé‡çš„è¯†åˆ«æŠ€æœ¯å’Œä¾æ‰˜Linuxç³»ç»ŸNetfilteræž¶æž„çš„æµé‡æŽ§åˆ¶æ–¹æ¡ˆ,å¹¶åœ¨æ¤åŸºç¡€ä¸Šå®žçŽ°äº†ä¸€ä¸ªæ–°çš„ç½‘ç»œæµé‡æŽ§åˆ¶ç³»ç»Ÿã€‚è¯¥ç³»ç»Ÿæ”¯æŒå¸¸ç”¨çš„æ·±åº¦è´Ÿè½½å±‚æ£€æµ‹æŠ€æœ¯å’Œè¡Œä¸ºè¯†åˆ«æŠ€æœ¯,å¯ä»¥åŸºæœ¬æ»¡è¶³å¯¹ç½‘ç»œå„ç±»æµé‡çš„è¯†åˆ«å’ŒæŽ§åˆ¶ã€‚å…·ä½“æœ¬æ–‡ä¸»è¦å®Œæˆäº†ä»¥ä¸‹å‡ æ–¹é¢çš„å·¥ä½œï¼š1ã€ç ”ç©¶äº†å„ç§çŽ°æœ‰çš„ç½‘ç»œæµé‡è¯†åˆ«æŠ€æœ¯å’ŒæŽ§åˆ¶æŠ€æœ¯,å¹¶è¯¦ç»†åˆ†æžäº†å„ç§æŠ€æœ¯çš„å®žçŽ°æ–¹æ¡ˆå’Œå„è‡ªçš„ä¼˜ç¼ºç‚¹ã€‚2ã€ç ”ç©¶åˆ†æžäº†P2Pæµé‡çš„ç‰¹ç‚¹,å¯¹çŽ°æœ‰æŠ€æœ¯è¯†åˆ«æƒ…å†µä¸å¥½çš„P2Pæµé‡æå‡ºäº†ä¸¤ç§è¡Œä¸ºè¯†åˆ«æ–¹æ¡ˆã€‚3ã€ç ”ç©¶å¹¶æå‡ºäº†ä¸€ç§æ–°çš„å®šä½äºŽå±€åŸŸç½‘çš„æµé‡æŽ§åˆ¶ç³»ç»Ÿçš„ç³»ç»Ÿæž¶æž„å’Œç½‘ç»œéƒ¨ç½²æ–¹æ¡ˆã€‚æœ¬ç³»ç»Ÿèƒ½å¤Ÿå®žçŽ°å¯¹ç½‘ç»œæµé‡çš„å‡†ç¡®è¯†åˆ«,å¹¶å¯ä»¥æ ¹æ®ç”¨æˆ·è‡ªå®šä¹‰çš„æµé‡ç®¡ç†ç–ç•¥å¯¹ç›®æ ‡æµé‡è¿›è¡Œæœ‰æ•ˆçš„æŽ§åˆ¶,åŒæ—¶æä¾›å®žæ—¶æµé‡å’ŒåŽ†å²æµé‡æŸ¥è¯¢åŠŸèƒ½ã€‚4ã€è®¾è®¡å¹¶å®žçŽ°ç½‘ç»œæµé‡æŽ§åˆ¶ç³»ç»Ÿçš„åŽå°æµé‡å¤„ç†æ¨¡å—,å¯¹Linuxç³»ç»Ÿçš„Netfilteræ¡†æž¶è¿›è¡Œäº†æ·±å…¥çš„ç ”ç©¶,å¯¹ç½‘ç»œæŠ¥æ–‡åœ¨å†…æ ¸ä¸å˜å‚¨è½¬å‘è¿‡ç¨‹è¿›è¡Œäº†è¯¦å°½çš„åˆ†æž,ç»“åˆæµé‡è¯†åˆ«æŠ€æœ¯å¯¹ä»Žå†…æ ¸æ€è½¬å‘åˆ°ç”¨æˆ·æ€çš„ç½‘ç»œæŠ¥æ–‡ä¾æ®æµé‡ç®¡ç†ç–ç•¥è¿›è¡Œæœ‰æ•ˆçš„æŽ§åˆ¶ã€‚æå‡ºäº†é’ˆå¯¹æµé‡æŽ§åˆ¶çš„é™æµç®—æ³•,ä¿è¯äº†æµé‡æŽ§åˆ¶æ•ˆæžœçš„å‡†ç¡®æ€§ã€‚5ã€è®¾è®¡å¹¶å®žçŽ°ç½‘ç»œæµé‡æŽ§åˆ¶ç³»ç»Ÿçš„å‰å°æ¨¡å—,å¯¹å‰å°æ‰€å®žçŽ°çš„åŠŸèƒ½è¿›è¡Œäº†è¯¦å°½çš„é˜è¿°ã€‚6ã€å¯¹ç³»ç»Ÿçš„æ€§èƒ½å’ŒåŠŸèƒ½è¿›è¡Œäº†å…·ä½“åˆ†æž,å¾ˆå¥½çš„è¾¾åˆ°äº†å„é¡¹è®¾è®¡éœ€æ±‚,å¯¹ç½‘ç»œæµé‡çš„æŽ§åˆ¶æ•ˆæžœè¾ƒå¥½ã€‚è¾¾åˆ°äº†è‰¯å¥½çš„æ‰©å±•æ€§å’Œç§»æ¤æ€§çš„è®¾è®¡ç›®æ ‡ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ The role of network traffic control system is the accurately control of the network traffic based on the needs of users. Applications on the network today keep on growing at a high speed, user access to resources more and more convenient. Take the P2P download traffic for example, in the past few years, P2P technology with more and more users is developing rapidly for its unique advantage and high speed, and according to statistics, P2P applications occupied 60% of normal network traffic, which exceed HTTP traffic and become the biggest consumer of network bandwidth, P2P has been already show a strong advantage in distributed computing and file sharing. At the same time P2P has brought us a lot of negative issues. Most P2P users download various resources with a high speed, which led to a sharp reduction in network bandwidth, so it could easily lead to block the network bandwidth; the other applications are not well protected. On the other hand, P2P applications is still particularity in the symmetric of upload traffic and download traffic, which easily lead to the block of traditional non-symmetric network (download traffic bandwidth much larger than the upload traffic bandwidth,). In order to monitor and analyze network bandwidth usage effectively, to control the BT download, online TV network from excessive using, and achieving an accurate control of the different applications, the network control system which targeted on local networks is proposed in this paper.This paper focuses on the key technologies of network traffic control system, especially on the encrypted P2P traffic identification proposal and the Linux Netfilter structure, and put forward a new network traffic control system on this basis. The system supports the commonly used DPI detection techniques and behavior detection technologies, which can basically meet the need of all kinds of network traffic identification and control. In this paper, the primary work includes:1. The paper researched and analyzed technology of network flow identification and network flow control, then contrasts their advantages and disadvantages.2. The paper studied and analyzed the development and features of P2P streams, then proposed two proposals in order to identify encrypted traffic of P2P traffic which are not well identified.3. The paper proposed a new traffic control system targeted on the local network. The system can achieve an accurate identification of network traffic, and can effective control the flows based on traffic management strategies, and it can also provide real-time and historical traffic queries.4. The paper designed and achieved the flow handle module, and also studied Netfilter structure of the Linux system, then had a detailed analysis of the packet storage and forwarding process, achieved an effective control combined with flow identification technology. The paper proposed the traffic limit algorithm to ensure the accuracy of the traffic control.5. The paper designed and achieved the web module, and have an detailed description of its functions.6. The paper analyzed the system in performance and function, the design achieved well in the demand. It also achieved good scalability and portability.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ æµé‡æŽ§åˆ¶ï¼› DPIï¼› è¡Œä¸ºè¯†åˆ«ï¼› P2Pï¼› Netfilteræ‰©å±•ï¼›
ã€Key wordsã€‘ Traffic controlï¼› DPIï¼› Behavior identificationï¼› P2Pï¼› Netfilter Extensionï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ åŒ—äº¬é‚®ç”µå¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.06
ã€è¢«å¼•é¢‘æ¬¡ã€‘9
ã€ä¸‹è½½é¢‘æ¬¡ã€‘526
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

ç½‘ç»œæµé‡æŽ§åˆ¶ç³»ç»Ÿçš„è®¾è®¡ä¸Žå®žçŽ°

Design and Implementation of Network Traffic Control System

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

ç½‘ç»œæµé‡æŽ§åˆ¶ç³»ç»Ÿçš„è®¾è®¡ä¸Žå®žçŽ°