The Design and Implement of the Kenel in Network Behavior Management Gateway System Based on Linux
|School||PLA Information Engineering University|
|Keywords||Traffic statistics Protocol identification Netlink Netfilter|
With the popularity and widespread use of the Internet , more and more started using the Internet, but because of the special nature of the network , people identify capacity constraints , the control of the people are behaving more and more dependent on all kinds of computer software , hardware. \The network behavior management gateway system focus on the internal the Internet network application management needs , does not affect the efficiency of the network and change the conditions of the existing network configuration , the internal use of the Internet for effective management and control . The kernel module is divided into four parts: traffic statistics subsystem P2P protocol identification and control subsystem , streaming media protocols to identify and control subsystem , WEB , black and white list management and control subsystems . Traffic statistics subsystem take full advantage of the Netfilter framework of network functions , the Linux operating system - based network traffic statistics function . P2P protocol identification and control subsystem P2P protocol under the Linux operating system to identify and use MySQL user roles data sheet , used to control the flow of P2P protocols . Streaming media protocols to identify and control subsystem the streaming protocol under the Linux operating system to identify and control functions, including IP packet capture , the identification of the agreement , protocol control , storage module four modules . WEB black and white list management control subsystem for the behavior of people browsing the web , the corresponding control on people's network browsing behavior through the black and white list system . The integrated use of network security technology means the internal host to connect to the Internet using the monitoring, control , audit and other security mechanisms for centralized monitoring and management , network connection , the user access to the Internet , network communication content , personal resource . Taken prior to fortification, monitoring , and post audit of the management model, financial policy management, resource monitoring , behavior control , content review , audit and other functions into one, to achieve real - time management and control of the entire network and terminal , improve network resource use efficiency .