论文信息 - A SET-BASED APPROACH TO PACKET CLASSIFICATION

A SET-BASED APPROACH TO PACKET CLASSIFICATION

Firewalls, and packet classification in general, are becoming more and more significant as data rates soar and hackers become increasingly sophisticated and more forceful. In this paper, we present a new packetclassification approach that uses set theory to classify packets. This approach has significant theoretical advantages over current approaches. We demonstrate its practicality by implementing a firewall subsystem in Linux which approaches the performance of today’s naive packet-filtering implementations.

Venkatesh Prasad Ranganath | Daniel Andresen

[1] Nick McKeown,et al. Algorithms for packet classification , 2001, IEEE Netw..

[2] David A. Bandel. Taming the wild netfilter , 2001 .

[3] Bryan Pfaffenberger. Linux Networking Clearly Explained , 2001 .

[4] Duncan Napier. IPTables/NetFilter-Linux''s next-generation stateful packet filter , 2001 .

[5] Mick Bauer. Paranoid penguin: using iptables for local security , 2002 .

[6] Roderick W. Smith. Advanced Linux Networking , 2002 .