Traffic Throttler for Linux

The project was made for a company specializing in providing comprehensive spam and malware protection solutions. The customer’s product is a multi-platform SDK which provides means to protect servers, routers and workstations from spam senders and hackers. Traffic throttler became a part of this SDK serving as a tool for protecting mail servers from spammers. The goal of the project is to prioritize connection bandwidth for servers with good reputation and to limit bandwidth for servers with bad or unknown reputation.

Solution

The proposed solution is a traffic throttler for Linux operating systems family. The tool provides means to reduce connection bandwidth for servers depending on server reputation. Server reputation can be received from external sources (including but not limited to greylisitng server) and also can be adjusted dynamically.

The throttler can be integrated into any application: all that is requires is to initialize its library and add a rule to iptables redirecting all packets to –j queue. Once this is done an application can control bandwidth of incoming connections.

Connection bandwidth limitation is achieved by adding delays in sending TCP ACK packets (confirmation of received data) since sender should not send any new portions of data before receipt confirmation.

Architecture

Linux traffic throttler handles kernel packets queue using libipq. It receives all ACK packets, extracts sender IP addresses from them and determines sender reputation. Delay in response is calculated depending on the reputation of the sender. Response packets are placed to the buffer which is used to store them until sending after the calculated delay. The throttler is implemented in a form of SDK which can be used by any application. The application needs to create an instance of the throttler and initialize it with appropriate data such as packet delay interval and greyserver address (if used). The SDK provides API which can be used to set reputation for individual IP addresses.

Tools and Technologies

  • ANSI C programming language;
  • Greylisting;
  • Linux kernel queue;
  • Iptables;
  • GCC compiler.

Benefits

Bandwidth throttling has significant advantages compared to simple traffic blocking since sometimes it’s hard, even close to impossible, to tell an ordinary user from a malicious one (spammer, hacker or computer infected by malware) and simple traffic blocking can result in undesired denial of service while traffic throttling keeps all services available – users still can send and receive emails, but at much lower speed which makes spam sending significantly less cost effective.