Date Thesis Awarded
Bachelors of Science (BS)
Rex K. Kincaid
Dimitris S. Nikolopoulos
Traditional packet-filtering firewalls control network traffic based on pre-defined rules. These rules operate on packet envelope information, such as the IP or Ethernet headers. Some new firewall applications use "deep filtering," operating on packet payloads. This requires quick access to the full contents of network packets, as well as the ability to modify those contents while the packet is in transit. The Linux kernel includes tools or performing both "shallow" header-based filtering and deep filtering. However, the current deep filtering implementation is too slow for some applications. We present a modified implementation of the Netfilter Project's I"-QUEU module with the goal of higher performance. Our prototype yields a modest but substantial speed improvement. We discuss this prototype and present suggestions for further improvements.,The license granted by the author do not apply to the contents of Appendix A: Selected code from original implementation and Appendix B: Selected code for new implementation.
Cline, William Watson, "A Prototype for In Situ Packet Filtering" (2006). Undergraduate Honors Theses. Paper 591.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.