Rearch And Implementation Of Gateway Network Traffic Statistical Tools

With the development of Internet and computer technology, network is entering all aspects of social life and network traffic has increased a lot. At the same time, the spread of the virus and malicious attacks threat to the network security. In order to protect network security and efficient operation, network performance measurement is becoming increasingly important. Network packet traffic monitoring is an important basis for performance measurement. Therefore, the research and development of network traffic monitoring system has great theoretical and practical significance.The network traffic statistical tools discussed in this paper based on the Linux platform. With the in-depth reach of the Netfilter framework on Linux kernel 2.4, this paper demonstrated the design and implementation of the network traffic statistical tools. After analyzing the system data flow diagram, the paper put forward three kinds of possible options, based on different functions. The system should have real-time, high-performance characteristics. Through full comparison of the advantages and disadvantages of various options, the paper proposed a framework and followed by the details of the sub-modules.System was designed under modular thinking. The system is divided into packet inspection, packet capture and the control of the system three parts. The characteristics are equal with the rule set, and the rule set corresponds to the function groups. Based on this, the paper has designed a structure of the matching function. Relying on this structure, it's easy to link the functions in the packet inspection module and the packet capture module. And the user can development through the interface provided. In the packet capture module, we, not only considered the algorithmic complexity, but also take into account the possible impact of the firewall, put forward the corresponding solutions. In order to overcome the bottleneck caused by running on the gateway, the system employed advanced technologies to make up for the shortcoming, such as running in kernel space, multi-process, multi-threads and efficient kernel space and user space data exchange etc.