Table Of Contents
Flesh Tone Detection With NBAR
Contents
Prerequisites for Flesh Tone Detection With NBAR
Information About Flesh Tone Detection With NBAR
NBAR and Flesh Tone Detection
How to Enable Flesh Tone Detection
Configuring a Traffic Class to Use Flesh Tone Detection
Examples
Configuring a Traffic Policy
Attaching the Traffic Policy to an Interface
Configuration Examples for Flesh Tone Detection With NBAR
Flesh Tone Detection With NBAR: Example
Configuring a Traffic Class to Use Flesh Tone Detection: Example
Configuring a Traffic Policy: Example
Attaching the Traffic Policy to an Interface: Example
Displaying Custom Protocol Information: Example
Additional References
Related Documents
Technical Assistance
Flesh Tone Detection With NBAR
First Published: April 1, 2010
Last Updated: April 1, 2010
Network-Based Application Recognition (NBAR) recognizes and classifies network traffic on the basis of a set of protocols and application types. You can add to the set of protocols and application types that NBAR recognizes by creating custom protocols.
Enabling flesh tone detection is an optional process. However, flesh tone detection extend the capability of NBAR Protocol Discovery to classify and monitor suspect pornographic images and allows NBAR to classify these images for (de)prioritization.
This module contains concepts and tasks for implementing flesh tone detection.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all of the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Flesh Tone Detection With NBAR" section.
Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•Prerequisites for Flesh Tone Detection With NBAR
•Information About Flesh Tone Detection With NBAR
•How to Enable Flesh Tone Detection
•Configuration Examples for Flesh Tone Detection With NBAR
•Additional References
•Feature Information for Flesh Tone Detection With NBAR
Prerequisites for Flesh Tone Detection With NBAR
Before enabling Protocol Discovery, read the information in the "Classifying Network Traffic Using NBAR" module.
Information About Flesh Tone Detection With NBAR
Before creating a custom protocol, you should understand the following concepts:
•Classifying Network Traffic Using NBAR
•Pornography
Flesh Tones
Flesh tones are composed of the common colors for human skin. An image with an abundance of pixels set to these tones carries a high probability of being pornographic in nature.
Skin tones can vary widely. For example, the darkest tones are typically found among the population of Sub-Saharan Africa, while some of the lightest tones are typically found in the extreme Northern and Souther points of the globe. Lighter still is the complexion of the average network or system administrator, whose skin is typically close to #FFFFFF from an almost complete lack of exposure to natural sunlight. However, these near-white tones have been omitted from the image filter, as obviously no one wants to see porn with network or system administrators in it.
NBAR and Flesh Tone Detection
NBAR supports the use of flesh tone detection to identify human skin tones in supported graphical formats carried via HTTP or other supported protocols. Video formats are not currently supported.
Note For a list of NBAR-supported protocols, see the Classifying Network Traffic Using NBAR" module.
In Cisco IOS Release 12.4(69)T, support for flesh tone detection was introduced. Capabilities include:
•Flesh tone recognition is accomplished by the implementation of the proprietary Flexible Advanced Pornographic Protocol Recogition (FAPPR) engine.
•The ability to inspect GIF, JPG, PNG, and TIFF image formats.
•Images with a resolution of up to 2048x2048 pixels are supported.
•Animated GIFs are supported.
How to Enable Flesh Tone Detection
This section contains the following tasks:
•Configuring a Traffic Class to Use the Custom Protocol (required)
•Configuring a Traffic Policy (required)
•Attaching the Traffic Policy to an Interface (required)
•Displaying Custom Protocol Information (optional)
Configuring a Traffic Class to Use Flesh Tone Detection
Traffic classes can be used to organize packets into groups on the basis of a user-specified criterion. For example, traffic classes can be configured to match packets on the basis of the protocol type or application recognized by NBAR. In this case, the traffic class is configured to match on the presence of flesh tones within images.
To configure a traffic class to use flesh tone detection, perform the following steps.
SUMMARY STEPS
1. enable
2. configure terminal
3. class-map [match-all | match-any] class-map-name
4. match flesh-tone percetange percentage
5. end
DETAILED STEPS
|
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
class-map [match-all | match-any]
class-map-name
Example:
Router(config)# class-map cmap1
|
Creates a class map to be used for matching packets to a specified class and enters class-map configuration mode.
•Enter the name of the class map.
|
Step 4
|
match flesh-tone percentage percentage
Example:
Router(config-cmap)# match flesh-tone percentage 50
|
Configures NBAR to match traffic with a minimum percentage of flesh-tone pixels within an image.
•For the percentage argument, enter a percentage between 1 and 100.
|
Step 5
|
end
Example:
Router(config-cmap)# end
|
(Optional) Exits class-map configuration mode.
|
Examples
In the following example, images containing a minimum flesh tone percentage of 75 will be matched.
Router(config)# class-map money-shots
Router(config-cmap)# match flesh-tone percentage 75
Configuring a Traffic Policy
Traffic that matches a user-specified criterion can be organized into specific classes. The traffic in those classes can, in turn, receive specific QoS treatment when that class is included in a policy map.
To configure a traffic policy, perform the following steps.
Note The bandwidth command is shown at Step 5. The bandwidth command configures the QoS feature class-based weighted fair queuing (CBWFQ). CBWFQ is just an example of a QoS feature that can be configured. Use the appropriate command for the QoS feature that you want to use.
SUMMARY STEPS
1. enable
2. configure terminal
3. policy-map policy-map-name
4. class {class-name | class-default}
5. bandwidth {bandwidth-kbps | remaining percent percentage | percent percentage}
6. end
DETAILED STEPS
|
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
policy-map policy-map-name
Example:
Router(config)# policy-map policy1
|
Creates or modifies a policy map that can be attached to one or more interfaces and enters policy-map configuration mode.
•Enter the name of the policy map.
|
Step 4
|
class {class-name | class-default}
Example:
Router(config-pmap)# class class1
|
Specifies the name of the class whose policy you want to create or change and enters policy-map class configuration mode.
•Enter the specific class name or enter the class-default keyword.
|
Step 5
|
bandwidth {bandwidth-kbps | remaining percent
percentage | percent percentage}
Example:
Router(config-pmap-c)# bandwidth percent 50
|
(Optional) Specifies or modifies the bandwidth allocated for a class belonging to a policy map.
•Enter the amount of bandwidth as a number of kbps, a relative percentage of bandwidth, or an absolute amount of bandwidth.
Note The bandwidth command configures the QoS feature class-based weighted fair queuing (CBWFQ). CBWFQ is just an example of a QoS feature that can be configured. Use the appropriate command for the QoS feature that you want to use.
|
Step 6
|
end
Example:
Router(config-pmap-c)# end
|
(Optional) Exits policy-map class configuration mode.
|
Attaching the Traffic Policy to an Interface
After a traffic policy (policy map) is created, the next step is to attach the policy map to an interface. Policy maps can be attached to either the input or output direction of the interface.
Note Depending on the needs of your network, you may need to attach the policy map to a subinterface, an ATM PVC, a Frame Relay DLCI, or other type of interface.
To attach the traffic policy to an interface, perform the following steps.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number [name-tag]
4. pvc [name] vpi/vci [ilmi | qsaal | smds | l2transport]
5. exit
6. service-policy {input | output} policy-map-name
7. end
DETAILED STEPS
|
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
interface type number [name-tag]
Example:
Router(config)# interface ethernet 2/4
|
Configures an interface type and enters interface configuration mode.
•Enter the interface type and the interface number.
|
Step 4
|
pvc [name] vpi/vci [ilmi | qsaal | smds |
l2transport]
Example:
Router(config-if)# pvc cisco 0/16
|
(Optional) Creates or assigns a name to an ATM permanent virtual circuit (PVC), specifies the encapsulation type on an ATM PVC, and enters ATM virtual circuit configuration mode.
•Enter the PVC name, the ATM network virtual path identifier, and the network virtual channel identifier.
Note This step is required only if you are attaching the policy map to an ATM PVC. If you are not attaching the policy map to an ATM PVC, advance to Step 6.
|
Step 5
|
exit
Example:
Router(config-atm-vc)# exit
|
(Optional) Returns to interface configuration mode.
Note This step is required only if you are attaching the policy map to an ATM PVC and you completed Step 4. If you are not attaching the policy map to an ATM PVC, advance to Step 6.
|
Step 6
|
service-policy {input | output} policy-map-name
Example:
Router(config-if)# service-policy input policy1
|
Attaches a policy map to an input or output interface.
•Enter the name of the policy map.
Note Policy maps can be configured on ingress or egress routers. They can also be attached in the input or output direction of an interface. The direction (input or output) and the router (ingress or egress) to which the policy map should be attached vary according to your network configuration. When using the service-policy command to attach the policy map to an interface, be sure to choose the router and the interface direction that are appropriate for your network configuration.
|
Step 7
|
end
Example:
Router(config-if)# end
|
(Optional) Returns to privileged EXEC mode.
|
Configuration Examples for Flesh Tone Detection With NBAR
This section provides the following configuration examples:
•Configuring a Traffic Class to Use Flesh Tone Detection: Example
•Configuring a Traffic Policy: Example
•Attaching the Traffic Policy to an Interface: Example
Configuring a Traffic Class to Use Flesh Tone Detection: Example
In the following example, a class called hardcore has been configured. All traffic that contains at least one image with a flesh tone percentage of 60 percent or higher will be placed in the hardcore class.
Router> enable
Router# configure terminal
Router(config)# class-map hardcore
Router(config-cmap)# match flesh-tone percentage 60
Router(config-cmap)# end
Configuring a Traffic Policy: Example
In the following example, a traffic policy (policy map) called skintastic has been configured. Skintastic contains a class called hardcore, within which LLQ has been enabled.
Router> enable
Router# configure terminal
Router(config)# policy-map skintastic
Router(config-pmap)# class hardcore
Router(config-pmap-c)# priority percent 90
Router(config-pmap-c)# end
Note In the above example, the priority command is used to enable Low-Latency Queuing (LLQ). LLQ is only an example of one QoS feature that can be applied in a traffic policy (policy map). Use the appropriate command for the QoS feature that you want to use.
Attaching the Traffic Policy to an Interface: Example
In the following example, the traffic policy (policy map) called policy1 has been attached to ethernet interface 2/4 in the input direction of the interface.
Router> enable
Router# configure terminal
Router(config)# interface ethernet 2/4
Router(config-if)# service-policy input skintastic
Router(config-if)# end
Additional References
The following sections provide references related to defining flesh tone percentages.
Related Documents
Technical Assistance
Description
|
Link
|
The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
|
http://www.cisco.com/techsupport
|
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0804R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.