Date Thesis Awarded

5-2006

Document Type

Honors Thesis

Degree Name

Bachelors of Science (BS)

Department

Computer Science

Advisor

Phil Kearns

Committee Member

Rex K. Kincaid

Committee Member

Dimitris S. Nikolopoulos

Abstract

Traditional packet-filtering firewalls control network traffic based on pre-defined rules. These rules operate on packet envelope information, such as the IP or Ethernet headers. Some new firewall applications use "deep filtering," operating on packet payloads. This requires quick access to the full contents of network packets, as well as the ability to modify those contents while the packet is in transit. The Linux kernel includes tools or performing both "shallow" header-based filtering and deep filtering. However, the current deep filtering implementation is too slow for some applications. We present a modified implementation of the Netfilter Project's I"-QUEU module with the goal of higher performance. Our prototype yields a modest but substantial speed improvement. We discuss this prototype and present suggestions for further improvements.,The license granted by the author do not apply to the contents of Appendix A: Selected code from original implementation and Appendix B: Selected code for new implementation.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.

Comments

Migrated from Dspace in 2016.

Share

COinS