Linux Firewall-based Embedded Network Traffic Control System

With the development of network technology, men are experiencing an unprecedented technology revolution – information revolution. Internet is no longer used only by research organization and education institution. It has become part of people's everyday life. Although china's network infrastructure is changing rapidly, there is still a long way to run for reaching developed countries. While network capacity is far away from people's demands, to ensure the limited network resources be used fairly and efficiently, network traffic control becomes the definite choice. For this purpose, rlimit system comes out.Rlimit system, a network traffic control system that based on Linux kernel netfilter framework, is an efficient and compact system, embedding the whole system into an embedded hardware platform. The system consists of two parts, hardware and software. The hardware board is built upon Motorola Coldfire processor MCF5272, while using μClinux as the embedded operating system. The implementation of rlimit system is composed of kernel module, virtual device and user configuration tool. The rlimit kernel module observes packets by registering netfilter hook functions into specified hook points. Rlimit virtual device is a virtual net device used to transfer configuration data between kernel space and user space, enabling user to control the behavior of rlimit system. It is a bridge between rlimit kernel module and user configuration tool. User configuration tool is a Linux user space program. It is a command-line tool. Only by user configuration tool can user send host/subnet information into rlimit system. This dissertation is organized as follows. The first section talks about the research background and the necessity of rlimit system. In section two and three, embedded system and firewall technology are separately discussed and μClinux is also reviewed in section two. Section four outlines Linux netfilter framework. The design and implementation of rlimit system is argued in section five. Section six concludes the dissertation and gives the advantages and disadvantages of rlimit system.