A Set-based Approach to Packet Classification

V.P. Ranganath and D. Andresen (USA)


TCP/IP, firewalls, Linux, iptables, packet filtering


Firewalls, and packet classification in general, are be coming more and more significant as data rates soar and hackers become increasingly sophisticated and more forceful. In this paper, we present a new packet classification approach that uses set theory to classify packets. This approach has significant theoretical ad vantages over current approaches. We demonstrate its practicality by implementing a firewall subsystem in Linux which approaches the performance of today's naive packet-filtering implementations.

Important Links:

Go Back