BPF+: exploiting global data-flow optimization in a generalized packet filter architecture

A packet filter is a programmable selection criterion for classifying or selecting packets from a packet stream in a generic, reusable fashion. Previous work on packet filters falls roughly into two categories, namely those efforts that investigate flexible and extensible filter abstractions but sacrifice performance, and those that focus on low-level, optimized filtering representations but sacrifice flexibility. Applications like network monitoring and intrusion detection, however, require both high-level expressiveness and raw performance. In this paper, we propose a fully general packet filter framework that affords both a high degree of flexibility and good performance. In our framework, a packet filter is expressed in a high-level language that is compiled into a highly efficient native implementation. The optimization phase of the compiler uses a flowgraph set relation called edge dominators and the novel application of an optimization technique that we call "redundant predicate elimination," in which we interleave partial redundancy elimination, predicate assertion propagation, and flowgraph edge elimination to carry out the filter predicate optimization. Our resulting packet-filtering framework, which we call BPF+, derives from the BSD packet filter (BPF), and includes a filter program translator, a byte code optimizer, a byte code safety verifier to allow code to migrate across protection boundaries, and a just-in-time assembler to convert byte codes to efficient native code. Despite the high degree of flexibility afforded by our generalized framework, our performance measurements show that our system achieves performance comparable to state-of-the-art packet filter architectures and better than hand-coded filters written in C.

[1]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[2]  Bernard M. E. Moret,et al.  The Activity of a Variable and Its Relation to Decision Trees , 1980, TOPL.

[3]  Larry L. Peterson,et al.  PathFinder: A Pattern-Based Packet Classifier , 1994, OSDI.

[4]  Dawson R. Engler,et al.  DPF: fast, flexible message demultiplexing using dynamic code generation , 1996, SIGCOMM 1996.

[5]  Jeffrey C. Mogul,et al.  The packer filter: an efficient mechanism for user-level network code , 1987, SOSP '87.

[6]  Ryszard S. Michalski Designing Extended Entry Decision Tables and Optimal Decision Trees Using Decision Diagrams , 1978 .

[7]  Gregory J. Chaitin,et al.  Register allocation and spilling via graph coloring , 2004, SIGP.

[8]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[9]  Mark N. Wegman,et al.  Constant propagation with conditional branches , 1985, POPL.

[10]  David B. Whalley,et al.  Coalescing Conditional Branches into Efficient Indirect Jumps , 1997, SAS.

[11]  Mark N. Wegman,et al.  An efficient method of computing static single assignment form , 1989, POPL '89.

[12]  J. Robin B. Cockett,et al.  Decision tree reduction , 1990, JACM.

[13]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[14]  Ronald L. Rivest,et al.  Constructing Optimal Binary Decision Trees is NP-Complete , 1976, Inf. Process. Lett..

[15]  John Cocke,et al.  Programming languages and their compilers: Preliminary notes , 1969 .

[16]  George Varghese,et al.  Fast and scalable layer four switching , 1998, SIGCOMM '98.

[17]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[18]  Ron K. Cytron,et al.  Efficient Demultiplexing of Network Packets by Automatic Parsing , 1995 .

[19]  Brian N. Bershad,et al.  Efficient Packet Demultiplexing for Multiple Endpoints and Large Messages , 1994, USENIX Winter.

[20]  David B. Whalley,et al.  Avoiding unconditional jumps by code replication , 1992, PLDI '92.

[21]  T. V. Lakshman,et al.  High-speed policy-based packet forwarding using efficient multi-dimensional range matching , 1998, SIGCOMM '98.

[22]  David B. Whalley,et al.  Improving performance by branch reordering , 1998, PLDI '98.

[23]  Mark N. Wegman,et al.  A Fast and Usually Linear Algorithm for Global Flow Analysis , 1976, J. ACM.

[24]  John Cocke,et al.  Programming languages and their compilers , 1969 .

[25]  Larry L. Peterson,et al.  The x-Kernel: An Architecture for Implementing Network Protocols , 1991, IEEE Trans. Software Eng..