【作者】 李轩；

【导师】 胡正名；

【作者基本信息】 北京邮电大学 ， 信息安全， 2013， 硕士

【摘要】 随着互联网的网络应用和网络优质服务的迅速的发展,人们的互相交流和资源共享变得日益快捷方便,也因此网络带宽管理和网络信息管理已经成为网络管理中必须要面对的问题。在过去的几年中,P2P以其独有的技术优势和下载质量得到了迅速的发展,用户越来越多,P2P下载正在成为大量网民日常网络生活的一部分。基于P2P协议的网络应用产生的流量占据了普通网络流量的大部分。如果网络中有人不限流下载大量P2P或者使用诸如迅雷,快车之类的占很大流量的下载软件,占用网络的宝贵的带宽,就会导致其他网民上网速度受到很大的影响。口前业界基本上是通过大型网络设备来实现流量监控,对于小型网络并没有一个很好的解决方案,本文基于linux环境下的iptables防火墙,扩展防火墙的功能以实现流量监控。这种方案充分的利用了linux的轻便性,对于小型网络能有效的实现P2P流量控制功能。本文结合P2P协议特点及流量控制相关技术背景,并考虑到P2P技术发展产生的问题,着重对P2P技术,P2P流量监控技术等进行了分析,并设计实现了P2P流量控制系统的方案,具体的说,本文主要完成了以下的工作内容：1、设计并实现了登录模块和策略配置模块。登录模块主要功能是保证控制系统的安全性。通过设置账户以保证不被其他人员恶意利用。同时也防止一些低等级的用户进行一些高等级的操作。策略配置模块主要是为了记录系统所下策略同时完善操作人员与系统交互功能。策略配置模块主要是依赖系统数据库存在,通过记录操作人员在前台所下的策略。2、实现了流量统计模块。流量统计模块是为了将系统过去一段时间内的状态直观的展现出来而设置的。通过该模块能直观的了解到过去一段时间内某协议的流量变化或者是某台主机上的流量变化。通过流量的变化能观察出策略的有效性和网络环境是否正常。3、设计并实现了特征库模块和流量控制模块。特征库模块分为两个部分：著名端口库和协议库,流量进入该模块时先进行著名端口库预匹配,然后将预匹配结果传入协议库进行匹配,这么设计的目的是提高系统的性能。流量控制模块架构在iptables框架下,通过该框架的防火墙功能来实现接受服务,拒绝服务等功能。更多还原

【Abstract】 With the rapid development of the Internet network applications and network quality services, people interact with each other and the sharing of resources becomes increasingly fast and convenient.Therefore the network bandwidth management and network information management has become a problem that we must face. In the past few years, P2P has been rapid development with its unique technology advantage and download quality.More and more users choose to P2P.To a large number of Internet users,P2P downloads has became a part of daily network life. Traffic generated by P2P protocol-based network applications occupy most of the normal network traffic. If it was not limited to a large number ofP2P streaming download or use, such as Thunder Express like accounting for a large traffic download software, take up valuable network bandwidth, network will lead to other Internet users speed to be greatly affected. The industry is basically a large network equipment to implement traffic monitoring, and it is not a good solution for small networks. In this paper, based on the the iptables firewall in linux environment, extendingthe firewall functionality to traffic monitoring. This program takes full advantage of the portability of the linux for small networks of P2P traffic control functions.In this paper, with the P2P protocol characteristics and flow control relevant technical background, and taking into account the development of P2P technology, focused on the P2P technology, P2P traffic monitoring technology and designed and implemented a P2P traffic control system, To be specific,this paper completed the following work content:1. Designed and implemented a login module and policy configuration module. The login module is to ensure that the safety of the control system. In order to ensure that no malicious use by other staff,we setting up an account.Policy configuration module is order to improve operator interacts with the system at the same timerecording to the system strategies. Policy configuration module is mainly dependent on the presence of a system database, under the strategy by the record operating personnel at the front desk.2.Designed and implemented traffic statistics module. We can visually see the state of the system over a period of time through te traffic statistics module. Through the module we can intuitively understand the change of traffic to anprotocol on a host or all the protocol on a host over a period of time.The effectiveness of the strategy and the network environment can be observed through the changes in the flow.3. Designed and implemented feature library module and flow control module. The feature library module is divided into two parts:the famous port library and protocol library, the flow into the module first come through the famous port library and get the pre-match result, then the results is given to protocol library.Flow control module architecture iptables framework, through the framework of the firewall function to receive services, denial of service function.更多还原