基于NDIS的网络流量高速检测和分析系统的研究与实现
|
摘要
Internet的飞速发展迫切需要提高它的性能,人们需要良好的服务质量(Quality of Service,QoS)和充分的安全保证。掌握IP网路的运行规律,对网络设备和协议的研究开发具有重要意义,从而也促使了网络测量的研究。本文的目标是给出一种能够较好的对网络进行检测和分析的软件系统。
本文首先从网络测量的现状、网络测量的意义、测量方法分类、测量参数和关键技术等多个方面对网络测量进行了介绍。较为深入的讨论了被动模式测量及相关关键技术,包括:高性能包捕获技术、高速流分类技术和高速流跟踪技术,并给出了部分指标的被动模式测量方法和数掘统计方法。结合NDIS编程体系中协议驱动的开发,展示了被动模式测量系统RPPM(Real-time Passive Performance Measurement)的初步模型,详细说明了其结构,介绍了RPPM初步模型的具体实现。最后总结全文并提出有待改进的问题。
With the fast evolution of Internet, improvement of performance is required. People also need high QoS (Quality of Service) and sufficient security guarantee. And it is important to master the behavior of IP network for reaserch and development of network device and protocols, thus, the research on network measurement is paid more attention. The final object of this paper is to give a better software system to inspect and analyse network.
At first, it presents network measurement from several aspects, such as the actuality, the significance and key technologies of network measurement. Then the passive measurement and related key technologies are discussed in-depthly, including high performance packet capture technology, high speed flow classification technology and high speed flow track technology. The measurement and statistic ways of some parameters in passive mode are also gived by this thesis. With packet driver in NDIS programming, this paper reflects an original model of passive measurement system RPPM (Real-time Passive Performance Measurement), explains the structure in detail and describes the concrete implement. At last, it raises the problems which need to be improved in the future.
本文首先从网络测量的现状、网络测量的意义、测量方法分类、测量参数和关键技术等多个方面对网络测量进行了介绍。较为深入的讨论了被动模式测量及相关关键技术,包括:高性能包捕获技术、高速流分类技术和高速流跟踪技术,并给出了部分指标的被动模式测量方法和数掘统计方法。结合NDIS编程体系中协议驱动的开发,展示了被动模式测量系统RPPM(Real-time Passive Performance Measurement)的初步模型,详细说明了其结构,介绍了RPPM初步模型的具体实现。最后总结全文并提出有待改进的问题。
With the fast evolution of Internet, improvement of performance is required. People also need high QoS (Quality of Service) and sufficient security guarantee. And it is important to master the behavior of IP network for reaserch and development of network device and protocols, thus, the research on network measurement is paid more attention. The final object of this paper is to give a better software system to inspect and analyse network.
At first, it presents network measurement from several aspects, such as the actuality, the significance and key technologies of network measurement. Then the passive measurement and related key technologies are discussed in-depthly, including high performance packet capture technology, high speed flow classification technology and high speed flow track technology. The measurement and statistic ways of some parameters in passive mode are also gived by this thesis. With packet driver in NDIS programming, this paper reflects an original model of passive measurement system RPPM (Real-time Passive Performance Measurement), explains the structure in detail and describes the concrete implement. At last, it raises the problems which need to be improved in the future.
引文
[1] 武汉傲网科技.中国互联网现状喜忧并存.http://www.ao-w.com.2006-8-14
[2] Hai Jiang, Weihua Zhuang. Quality-of-service provisioning in future 4G CDMAcelluar networks. IEEE Wireless Communications, Volume: 11, 2004.4. p48~64
[3] 朱畅华.IP网路测量和业务性研究.中国优秀博硕士学位论文全文数据库2004
[4] Deborah Caswell, Srinivas. Using Service Models for Management of Internet Services. IEEE Journal on Selected Areas in Communications, Volume 18. No. 5.2000
[5] P. Bhoj, S. Singhai, S. Chutani. SLA management in federated environments. Computer Networks, Volume. 35. No. 35. 2001
[6] Tony McGregor, Mans-werner Braun, Jeff Brown. TheNLANR Network Analysis Infrastructure. IEEE Communication Magazine. 2000. 5. 38 (5) . p122~128
[7] Andrew Adams, Jamshid Mahdavi, Matthew Mathis. Creating a Scalable Architecture for Internet Measurement. Proceeding of INET' 98. Switzerland. 1998
[8] Warren Matthews, Les Cottrell. PingER Project: Active Internet Performance Monitoring for the MENP Community. IEEE Communication Magazine. 2000-5
[9] IEPM. Internet End-to-End Performance Monitoring http://www.iepm.slac.stanford.edu.
[10] Thomas Schuppel. Internet measurementa. http://user.cs.tu-berlin.de/~stain/DILEMMA/paper.html
[11] http://www.ripe.net/
[12] http://www.caida.org/analysis/performance/measinfra/
[13] MAWI-Measurement and Analysis on the WIDE Internet.http://tracer.csl.sony.co.jp/mawi/
[14] 朱畅华,李建东,金旗.网络测量及其关键技术.西安电子科技大学学报.2002-29(6):p813~818
[15] 李晟,甘勇.网络流量测量与分析研究现状及发展趋势.郑州轻工业学院学报.2005-20(2):p77~81
[16] 杨雅辉,李小东.IP网络性能指标体系的研究.通信学报.2002.11(23).p1~7
[17] 高传善,代春阳.网络测量综述.上海计量测试.2004-3:p8~14
[18] Lai K, Baker M. Nettimer: a Tool for Measuring Bottleneck Link Bandwidth. Proceeding of the USENIX Symposium on Internet Technologies and Systems. http//mosquitonet.stanford.edu/laik.2001
[19] Breitbart Y, Chan C Y. Efficiently Monitoring Bandwidth and Latency in IP Network. IEEE INFOCOM. 2001. http://24.237.160.4/files/networking.2001209220
[20] Caceres R. Measurement and Analysis of IP Network Usage and Behavior. IEEE Commun Magazine. 2000.38 (5): 1442151
[21] Paxon V, Floyd S. Wide Area Traffic: the Failure of Possion Modeling. IEEE ACM Trans on networking. 1995.3 (3): 2262244
[22] Abry P, Veitch D. Wavelet Analysis of Long-Range-Dependent Traffic. IEEE Trans on Inform Theory. 1998.44 (1): 2215
[23] S.B. Moon, P. Skelly, D. Towsley. Estimation and removal of clock skew from network delay measurements. Proceedings of 1999 IEEE INFOCOM. 1999. p227~234
[24] 朱畅华,李建东,肖海云.基于线形规划的Internet端到端时延的估计.电子与信息学报.2004.24(3).p445~451
[25] 王艳平,张越.Windows网络与通信程序设计.北京.人民邮电出版社.2006.p165~167
[26] 谢希人.计算机网络(第四版).北京.电子工业出版社.2003-7.p248-276
[27] Ton Plooy.Windows Network Data and Packet Filtering. http://www.ndis.ccm/papers/winpktfilter.htm.2006-4
[28] 朱雁辉.Windows防火墙与网络封包截取技术.北京.电子工业出版社.2002-7.
[29] 黄鹂声,汪文勇.被动模式的网络性能测量研究.通信学报.2006.27(1):p1~3
[30] 陈鹏.Linux下Libpcap源码分析和包过滤机制.http://blog.csdn.net/feifei1018/archive/2006/03/16/.2006-3-16
[31] 陶智勇,王全一等.基于多采集器网络流量测量系统的设计与实现.计算机工程与应用.2006-2
[32] Pankaj Gupta, Nick Mckeown. "Packet Classification using Hierarchical Intelligent Cuttings". IEEE Micro, 2000. p34~41.
[33] 喻钢,分组分类算法研究,武汉大学学位论文,2003年,p20~53
[34] P. Gupta, and N. McKeown, "Algorithms for packet classification" , IEEE Network , 2001, v15, n2, March/April. p24~32.
[35] Pankaj Gupta, "Hierarchical Intelligent Cuttings: A Dynamic Multi-dimensional Packet Classification Algorithm" , Algorithms For Routing Lookups and Packet Classification, 2000, p161~176.
[36] I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications. Annual Conference of the Special Interest Group on Data Communication (SIGCOMM 2001). August 2001.
[37] Decasper D , Dittia Z, Parulkar G. Router plugins : asoftware architecture for next generation routers. IEEE/ACM Transactions on Networking. 2000-8(1) : p2~15.
[38] Rusty R, Harald W. Linux Netfilter Hacking HOWTO. http://www.netfilter. org. 2003-03-09.
[39] Gill S. Maximizing firewall availability : techniques on improving resilience to session table DoS sttacks, http://www.gorbit.net.2003-02-23.
[40] Xu J, Singhal M, Degroat J. Novel cache architecture to support layer four packet classification at memory access speeds. Proceedings INFOCOM 2000 [C].Piscataway, USA: IEEE, 2000. p1445~454.
[41] 严蔚敏,吴伟民.数据结构(c语言版).北京.清华大学出版社.2002.
[42] Brownlee N.RIFM: Applicability statement, http://www.itef.org/rfc/rfc2721.txt, 1999-10-21
[43] Brownlee N , Mills C , Ruth G. Traffic flow measurement : architecture. http://www.itef.org/rfc/rfc2722.txt, 1999-10-21
[44] Brownlee N. Traffic flow measurement : experiences with NeTraMet. http://www.itef.org/rfc/rfc2723.txt, 1997-03-23
[45] 李志春,张辉,有悦等.高速主干王测量系统的设计与实现.计算机工程.2003-1
[46] Addylee.基于PassThru的NDIS中间层驱动程序扩展.http://www.xfocus.net/articles/200605/865.html, 2006-05-05
[47] F. Baboescu and G. Yarghese. Scalable packet classification. Proc of ACM Sigcomm'01. September 2001.16
[48] 黄鹂声,汪文勇,孙维勇.一种高速网络流量系统开发包.电子科技大学学报.2005-12(34).p1014~1016
[49] 吴甘沙,高传善,张丽萍.让网络变得更畅通网络状态参数测量方法及常用工具.上海微型计算机.1999-12
[50] w.PICHARD ST.TCP/IP详解卷1:协议.范建华,胥光辉等.北京.机械工业出版社.2005.p174~197
[51] 陈庆章,郑河荣.一种基于网络的测量示范:网络拓扑结构和延迟的测量.电子测量与仪器学报.2002增刊
[2] Hai Jiang, Weihua Zhuang. Quality-of-service provisioning in future 4G CDMAcelluar networks. IEEE Wireless Communications, Volume: 11, 2004.4. p48~64
[3] 朱畅华.IP网路测量和业务性研究.中国优秀博硕士学位论文全文数据库2004
[4] Deborah Caswell, Srinivas. Using Service Models for Management of Internet Services. IEEE Journal on Selected Areas in Communications, Volume 18. No. 5.2000
[5] P. Bhoj, S. Singhai, S. Chutani. SLA management in federated environments. Computer Networks, Volume. 35. No. 35. 2001
[6] Tony McGregor, Mans-werner Braun, Jeff Brown. TheNLANR Network Analysis Infrastructure. IEEE Communication Magazine. 2000. 5. 38 (5) . p122~128
[7] Andrew Adams, Jamshid Mahdavi, Matthew Mathis. Creating a Scalable Architecture for Internet Measurement. Proceeding of INET' 98. Switzerland. 1998
[8] Warren Matthews, Les Cottrell. PingER Project: Active Internet Performance Monitoring for the MENP Community. IEEE Communication Magazine. 2000-5
[9] IEPM. Internet End-to-End Performance Monitoring http://www.iepm.slac.stanford.edu.
[10] Thomas Schuppel. Internet measurementa. http://user.cs.tu-berlin.de/~stain/DILEMMA/paper.html
[11] http://www.ripe.net/
[12] http://www.caida.org/analysis/performance/measinfra/
[13] MAWI-Measurement and Analysis on the WIDE Internet.http://tracer.csl.sony.co.jp/mawi/
[14] 朱畅华,李建东,金旗.网络测量及其关键技术.西安电子科技大学学报.2002-29(6):p813~818
[15] 李晟,甘勇.网络流量测量与分析研究现状及发展趋势.郑州轻工业学院学报.2005-20(2):p77~81
[16] 杨雅辉,李小东.IP网络性能指标体系的研究.通信学报.2002.11(23).p1~7
[17] 高传善,代春阳.网络测量综述.上海计量测试.2004-3:p8~14
[18] Lai K, Baker M. Nettimer: a Tool for Measuring Bottleneck Link Bandwidth. Proceeding of the USENIX Symposium on Internet Technologies and Systems. http//mosquitonet.stanford.edu/laik.2001
[19] Breitbart Y, Chan C Y. Efficiently Monitoring Bandwidth and Latency in IP Network. IEEE INFOCOM. 2001. http://24.237.160.4/files/networking.2001209220
[20] Caceres R. Measurement and Analysis of IP Network Usage and Behavior. IEEE Commun Magazine. 2000.38 (5): 1442151
[21] Paxon V, Floyd S. Wide Area Traffic: the Failure of Possion Modeling. IEEE ACM Trans on networking. 1995.3 (3): 2262244
[22] Abry P, Veitch D. Wavelet Analysis of Long-Range-Dependent Traffic. IEEE Trans on Inform Theory. 1998.44 (1): 2215
[23] S.B. Moon, P. Skelly, D. Towsley. Estimation and removal of clock skew from network delay measurements. Proceedings of 1999 IEEE INFOCOM. 1999. p227~234
[24] 朱畅华,李建东,肖海云.基于线形规划的Internet端到端时延的估计.电子与信息学报.2004.24(3).p445~451
[25] 王艳平,张越.Windows网络与通信程序设计.北京.人民邮电出版社.2006.p165~167
[26] 谢希人.计算机网络(第四版).北京.电子工业出版社.2003-7.p248-276
[27] Ton Plooy.Windows Network Data and Packet Filtering. http://www.ndis.ccm/papers/winpktfilter.htm.2006-4
[28] 朱雁辉.Windows防火墙与网络封包截取技术.北京.电子工业出版社.2002-7.
[29] 黄鹂声,汪文勇.被动模式的网络性能测量研究.通信学报.2006.27(1):p1~3
[30] 陈鹏.Linux下Libpcap源码分析和包过滤机制.http://blog.csdn.net/feifei1018/archive/2006/03/16/.2006-3-16
[31] 陶智勇,王全一等.基于多采集器网络流量测量系统的设计与实现.计算机工程与应用.2006-2
[32] Pankaj Gupta, Nick Mckeown. "Packet Classification using Hierarchical Intelligent Cuttings". IEEE Micro, 2000. p34~41.
[33] 喻钢,分组分类算法研究,武汉大学学位论文,2003年,p20~53
[34] P. Gupta, and N. McKeown, "Algorithms for packet classification" , IEEE Network , 2001, v15, n2, March/April. p24~32.
[35] Pankaj Gupta, "Hierarchical Intelligent Cuttings: A Dynamic Multi-dimensional Packet Classification Algorithm" , Algorithms For Routing Lookups and Packet Classification, 2000, p161~176.
[36] I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications. Annual Conference of the Special Interest Group on Data Communication (SIGCOMM 2001). August 2001.
[37] Decasper D , Dittia Z, Parulkar G. Router plugins : asoftware architecture for next generation routers. IEEE/ACM Transactions on Networking. 2000-8(1) : p2~15.
[38] Rusty R, Harald W. Linux Netfilter Hacking HOWTO. http://www.netfilter. org. 2003-03-09.
[39] Gill S. Maximizing firewall availability : techniques on improving resilience to session table DoS sttacks, http://www.gorbit.net.2003-02-23.
[40] Xu J, Singhal M, Degroat J. Novel cache architecture to support layer four packet classification at memory access speeds. Proceedings INFOCOM 2000 [C].Piscataway, USA: IEEE, 2000. p1445~454.
[41] 严蔚敏,吴伟民.数据结构(c语言版).北京.清华大学出版社.2002.
[42] Brownlee N.RIFM: Applicability statement, http://www.itef.org/rfc/rfc2721.txt, 1999-10-21
[43] Brownlee N , Mills C , Ruth G. Traffic flow measurement : architecture. http://www.itef.org/rfc/rfc2722.txt, 1999-10-21
[44] Brownlee N. Traffic flow measurement : experiences with NeTraMet. http://www.itef.org/rfc/rfc2723.txt, 1997-03-23
[45] 李志春,张辉,有悦等.高速主干王测量系统的设计与实现.计算机工程.2003-1
[46] Addylee.基于PassThru的NDIS中间层驱动程序扩展.http://www.xfocus.net/articles/200605/865.html, 2006-05-05
[47] F. Baboescu and G. Yarghese. Scalable packet classification. Proc of ACM Sigcomm'01. September 2001.16
[48] 黄鹂声,汪文勇,孙维勇.一种高速网络流量系统开发包.电子科技大学学报.2005-12(34).p1014~1016
[49] 吴甘沙,高传善,张丽萍.让网络变得更畅通网络状态参数测量方法及常用工具.上海微型计算机.1999-12
[50] w.PICHARD ST.TCP/IP详解卷1:协议.范建华,胥光辉等.北京.机械工业出版社.2005.p174~197
[51] 陈庆章,郑河荣.一种基于网络的测量示范:网络拓扑结构和延迟的测量.电子测量与仪器学报.2002增刊