Thumbnail Image
Item

A Prototype for In Situ Packet Filtering

Cline, William Watson
Abstract
Traditional packet-filtering firewalls control network traffic based on pre-defined rules. These rules operate on packet envelope information, such as the IP or Ethernet headers. Some new firewall applications use "deep filtering," operating on packet payloads. This requires quick access to the full contents of network packets, as well as the ability to modify those contents while the packet is in transit. The Linux kernel includes tools or performing both "shallow" header-based filtering and deep filtering. However, the current deep filtering implementation is too slow for some applications. We present a modified implementation of the Netfilter Project's I"-QUEU module with the goal of higher performance. Our prototype yields a modest but substantial speed improvement. We discuss this prototype and present suggestions for further improvements.,The license granted by the author do not apply to the contents of Appendix A: Selected code from original implementation and Appendix B: Selected code for new implementation.
Description
Migrated from Dspace in 2016.
Date
2006-05-03
Journal Title
Journal ISSN
Volume Title
Publisher
Collections
Undergraduate Honors Theses
Show all metadata
Download Dataset
Files
ClineWilliam2006.pdf
Adobe PDF162.91 KB
Rights Holder
Usage License
Embargo
Research Projects
Organizational Units
Journal Issue
Keywords
Citation
Advisor
Kearns, Phil
Kincaid, Rex K.
Nikolopoulos, Dimitris S.
Department
Computer Science
DOI
URI
https://scholarworks.wm.edu/handle/internal/12316
Embedded videos