Date Thesis Awarded


Access Type

Honors Thesis -- Access Restricted On-Campus Only

Degree Name

Bachelors of Science (BS)


Computer Science


Phil Kearns

Committee Members

Rex K. Kincaid

Dimitris S. Nikolopoulos


Traditional packet-filtering firewalls control network traffic based on pre-defined rules. These rules operate on packet envelope information, such as the IP or Ethernet headers. Some new firewall applications use "deep filtering," operating on packet payloads. This requires quick access to the full contents of network packets, as well as the ability to modify those contents while the packet is in transit. The Linux kernel includes tools or performing both "shallow" header-based filtering and deep filtering. However, the current deep filtering implementation is too slow for some applications. We present a modified implementation of the Netfilter Project's I"-QUEU module with the goal of higher performance. Our prototype yields a modest but substantial speed improvement. We discuss this prototype and present suggestions for further improvements.,The license granted by the author do not apply to the contents of Appendix A: Selected code from original implementation and Appendix B: Selected code for new implementation.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.


Migrated from Dspace in 2016.

On-Campus Access Only