【摘要】：隨著軟件技術(shù)的飛速發(fā)展,網(wǎng)絡(luò)應(yīng)用和系統(tǒng)結(jié)構(gòu)更加復(fù)雜、功能更加強大,因此系統(tǒng)必須以模塊化,采用集群技術(shù)來處理海量的網(wǎng)絡(luò)流量,面對龐大的流量沖擊,系統(tǒng)必須保持高度的穩(wěn)定性,因此首先得保證自身的網(wǎng)絡(luò)安全。防火墻技術(shù)是基于對流量的識別和分析,它是解決網(wǎng)絡(luò)安全的一個重要技術(shù)手段。 KV檢索系統(tǒng)作為國內(nèi)某互聯(lián)網(wǎng)公司的核心檢索系統(tǒng),每天要響應(yīng)全球數(shù)億次查詢請求,系統(tǒng)依然能夠疾速、智能的響應(yīng)查詢,讓人們最平等、便捷地獲取信息,找到所求。檢索系統(tǒng)對性能要求極高,其內(nèi)部每個模塊必須經(jīng)過嚴格的測試才能上線；線下有一套相對線上規(guī)模較小,但完整的檢索系統(tǒng)用于線下的模塊測試,系統(tǒng)受限于規(guī)模瓶頸,必須對系統(tǒng)進行流量控制,以保證系統(tǒng)能夠正常運行。因此,本文基于Django Web框架技術(shù)和Netfilter防火墻技術(shù)設(shè)計開發(fā)了一套流量監(jiān)控系統(tǒng)。 本文主要研究了Django Web框架的內(nèi)部結(jié)構(gòu)和實現(xiàn)機制,包括框架結(jié)構(gòu)、請求處理機制、model機制和模板系統(tǒng)等,同時分析了MVC軟件設(shè)計模式的特點。然后研究了linux2.6Netfilter防火墻技術(shù),深入討論分析Netfilter的理論基礎(chǔ)和內(nèi)核實現(xiàn)機制。本文以linux內(nèi)核IP協(xié)議棧為入口,研究Netfilter框架對IP數(shù)據(jù)報的處理流程,選中其中一個HOOK點對為切入口,對數(shù)據(jù)報進行篩選。接著研究iptables數(shù)據(jù)報高級管理系統(tǒng),從用戶態(tài)的角度分析iptables的內(nèi)部結(jié)構(gòu)特點,并對iptables的命令結(jié)構(gòu)進行了剖析。最后利用Django框架,采用MVC的Web設(shè)計模式,設(shè)計開發(fā)完成流量監(jiān)控系統(tǒng),實現(xiàn)了對線下KV檢索系統(tǒng)的流量監(jiān)控。本系統(tǒng)包括用戶管理模塊、流量申請模塊、任務(wù)執(zhí)行模塊和流量控制模塊等,測試人員只需提交流量申請,系統(tǒng)便可實現(xiàn)流量的自動化監(jiān)控。該系統(tǒng)經(jīng)過嚴格的測試,符合預(yù)期,現(xiàn)已在公司內(nèi)部提供服務(wù),效果很好。
[Abstract]:With the rapid development of software technology, the network application and system structure are more complex and powerful, so the system must be modularized, cluster technology must be used to deal with massive network traffic, facing the huge traffic impact. The system must maintain a high degree of stability, so first of all to ensure its own network security. Firewall technology is based on the identification and analysis of traffic, it is an important technical means to solve the network security. KV retrieval system is the core retrieval system of a domestic Internet company. To respond to hundreds of millions of query requests every day, the system can still respond to queries quickly and intelligently, so that people can obtain information and find what they are asking for in the most equal and convenient way. The retrieval system requires very high performance, and each module in the retrieval system has to go through strict tests before it can go online; there is a set of relatively small scale offline, but the complete retrieval system is used for offline module testing, so the system is limited by the bottleneck of scale. The flow control of the system must be carried out to ensure the normal operation of the system. Therefore, based on Django Web framework technology and Netfilter firewall technology, a set of traffic monitoring system is designed and developed. This paper mainly studies the internal structure and implementation mechanism of Django Web framework, including the framework structure, request processing mechanism and template system, etc. At the same time, the characteristics of MVC software design pattern are analyzed. Then, the linux2.6Netfilter firewall technology is studied, and the theoretical basis and kernel implementation mechanism of Netfilter are discussed. In this paper, the IP stack of linux kernel is taken as the entry, and the processing flow of IP Datagram in Netfilter framework is studied. One of the HOOK points is selected as the entry to filter the Datagram. Then the advanced management system of iptables Datagram is studied, and the internal structure of iptables is analyzed from the point of view of user, and the command structure of iptables is analyzed. Finally, using Django framework and Web design pattern of MVC, the flow monitoring system is designed and developed, and the flow monitoring of offline KV retrieval system is realized. The system includes user management module, flow request module, task execution module and flow control module. The system has been tested strictly, meets expectations, and has been serving within the company with good results.
【學(xué)位授予單位】：昆明理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.06

【參考文獻】

相關(guān)期刊論文 前10條

1 馮運波,夏光升,楊義先;防火墻技術(shù)及發(fā)展趨勢預(yù)測[J];計算機安全;2003年05期

2 田大新,劉衍珩,李永麗,唐怡;數(shù)據(jù)包過濾規(guī)則的快速匹配算法和沖突檢測[J];計算機研究與發(fā)展;2005年07期

3 安金萍,張景,李軍懷;狀態(tài)檢測包過濾技術(shù)在Linux下的實現(xiàn)[J];計算機工程;2005年02期

4 楊建華;謝高崗;李忠誠;;基于Linux內(nèi)核的流量分析方法[J];計算機工程;2006年08期

5 馮慶煜;防火墻與入侵檢測系統(tǒng)的聯(lián)動[J];計算機應(yīng)用;2005年12期

6 曹成;周健;黃方劍;錢田芬;;Netfilter框架下防火墻模型總體結(jié)構(gòu)設(shè)計[J];計算機應(yīng)用;2007年S1期

7 羅霄,任勇,山秀明;基于Python的混合語言編程及其實現(xiàn)[J];計算機應(yīng)用與軟件;2004年12期

8 程勝利,黃鵬;入侵檢測系統(tǒng)研究及其展望[J];武漢理工大學(xué)學(xué)報(信息與管理工程版);2005年02期

9 王桂娟;防火墻技術(shù)及其改進[J];現(xiàn)代計算機(專業(yè)版);2003年10期

10 張五生;鄭靈翔;;基于Linux的流量控制系統(tǒng)研究[J];廈門大學(xué)學(xué)報(自然科學(xué)版);2010年01期

，

本文編號：2191357