Decreasing time latency during criteria matching in the packetfilteringof iptables firewall

Publish Year: 1394
نوع سند: مقاله کنفرانسی
زبان: English
View: 589

This Paper With 8 Page And PDF Format Ready To Download

  • Certificate
  • من نویسنده این مقاله هستم

استخراج به نرم افزارهای پژوهشی:

لینک ثابت به این Paper:

شناسه ملی سند علمی:

CITCONF03_148

تاریخ نمایه سازی: 12 تیر 1395

Abstract:

The booming expansion of the Internet during the recent past has resulted in an enormous increase in Internettraffic. This has resulted in increased requirement of more efficient firewalls. This is an attempt to decrease the timelatency present in the iptables (which is the firewalling subsystems of Linux 2.6 series) thus increasing its efficiency.In the current iptables packet matching algorithms, the matching rules are called in the order in which they arespecified in the command line. This order is static as long as the rule is in effect. We have observed that this static orderbrings in latency during the matching process of a packet with the rule. The fate of a packet is decided either when allthe matching rules pass, or when the first mismatch is encountered. We reorder the sequence of matching, so that thefate of the packet is decided with least time latency, i.e. Calling those matching functions, which have a higherprobability of mismatch, before those which do not. This effectively reduces the average No. Of matches/packet , thusreducing the time latency

Authors

Moezedin Hojatoleslam

malekashtar university of technology

Alireza BaratiFar

malekashtar university of technology

مراجع و منابع این Paper:

لیست زیر مراجع و منابع استفاده شده در این Paper را نمایش می دهد. این مراجع به صورت کاملا ماشینی و بر اساس هوش مصنوعی استخراج شده اند و لذا ممکن است دارای اشکالاتی باشند که به مرور زمان دقت استخراج این محتوا افزایش می یابد. مراجعی که مقالات مربوط به آنها در سیویلیکا نمایه شده و پیدا شده اند، به خود Paper لینک شده اند :
  • Chalpin, "Net filter Tutorial, " Http : //www _ _ ...
  • Paul Rusty Russell, "Netfilter Hacking HOWTO" http : //netfilter. org/proj ...
  • Oskar Andreasson, " Iptables Tutorial 1.2.2, Chapter 10. Iptables matches ...
  • Jonathan Corbet, Greg Kro ah-Hartman , Alessandro Rubini, "Linux Device ...
  • نمایش کامل مراجع