Efficient Packet Classification Algorithm Based on Linux Kernel

The iptables' core packet classification algorithm has lower capability.Focusing on this issue,this paper presents an efficient packet classification algorithm according to the limits of the Linux kernel,as well as sufficient usage of the mechanisms in the kernel.It provides the characteristics,such as multi-dimensional packet classification,dynamic operations and quick matching,which are required by the mainstream.Experimental results show that the algorithm greatly improves the performance,especially in the condition of big rule sets.