A Set-based Approach to Packet Classification

V.P. Ranganath and D. Andresen (USA)


TCP/IP, firewalls, Linux, iptables, packet filtering


Firewalls, and packet classification in general, are be coming more and more significant as data rates soar and hackers become increasingly sophisticated - and more forceful. In this paper, we present a new packet classification approach that uses set theory to classify packets. This approach has significant theoretical ad vantages over current approaches. We demonstrate its practicality by implementing a firewall subsystem in Linux which approaches the performance of today's naive packet-filtering implementations.

Important Links:

Go Back