IP Packet Content Filtering and Pattern Discovery in Linux
Senior Project: 2003-2004
Jennifer Gerull, Elizabeth Grogan, Justin Hart, Wesley Hofmann and Elizabeth Zerwick
APconnections has developed a
Linux Bandwidth Arbitrator.
This device sits between a network and the outside world and monitors traffic
in and out of the network. Its main purpose is to identify internet packets
from specific applications and delay them according to user settings. It also
implements content filtering by matching packets for "bad" content and dropping
them.
The problem is that there is no way for the client to know a page has been
blocked for content. The client's browser will then simply hang. The purpose of
this project was to find a way to send a customizable response to the user.
Also, identifying applications involves the use of regular expressions to match
patterns present in packets from that application, e.g.
Kazaa packets.
Finding these patterns and regular expressions is a difficult process to do
manually. The second purpose of the project was to automate this pattern
discovery process.
The first problem was solved by replacing bad content in a packet with a custom
message, modifying the header information to allow the browser to accept the
modified packet, and sending the packet on to the user as if nothing had ever
happened. This was implemented inside the bridge module of the Linux kernel.
The second problem was solved by creating a file filled with packets dumped
from inside the bridge module and running a pattern finding algorithm over the
file. The kernel modifications were all implemented in C, while the pattern
finding system was implemented in C++. A web-based user interface for
controlling the system was implemented in PHP.
 User Interface
Rule Discovery
Access Denied!
|
