Title :
A matching algorithm of Netfilter connection tracking based on IP flow
Author :
Zhang, Ke ; Wang, Juan ; Ren, Dasen
Author_Institution :
Comput. & Network Center, Guizhou Univ. for Nat., Guiyang
Abstract :
In order to improve the performance of Netfilter firewall framework of Linux while packets are being matched under the stateful inspection, the thesis, which is based on the analysis of the mechanism of stateful inspection firewall and the data structure of Netfilter connection tracking hash table, puts forward a matching algorithm of connection tracking based on IP flow. The algorithm, through revising the data structure of head node of hash table, adds a pointer pointing to the node of collision list matched successfully last time, to reduce the time which the later packets of related connection uses to traverse collision list. The simulating experiment indicates that the algorithm is able to improve the efficiency of Netfilter firewall stateful inspection.
Keywords :
IP networks; Linux; authorisation; cryptography; data structures; file organisation; IP flow; Linux; Netfilter connection tracking; Netfilter firewall framework; data structure; hash table; matching algorithm; stateful inspection firewall; Algorithm design and analysis; Application software; Computer networks; Data flow computing; Data structures; Electronic mail; Inspection; Kernel; Linux; Performance analysis; IP flow; Netfilter; connection tracking; stateful inspection;
Conference_Titel :
Anti-counterfeiting, Security and Identification, 2008. ASID 2008. 2nd International Conference on
Conference_Location :
Guiyang
Print_ISBN :
978-1-4244-2584-6
Electronic_ISBN :
978-1-4244-2585-3
DOI :
10.1109/IWASID.2008.4688360
