English  |  正體中文  |  简体中文  |  Items with full text/Total items : 27221/39064
Visitors : 2403924      Online Users : 74
RC Version 4.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Adv. Search
LoginUploadHelpAboutAdminister

Please use this identifier to cite or link to this item: http://ntour.ntou.edu.tw:8080/ir/handle/987654321/30629

Title: Linux Netfilter 網路封包攔截及檢測界面軟體加速方法與實作
Software-Based Performance Enhancement for Linux Netfilter Packet Interception Interface
Authors: 黃俊穎
Contributors: NTOU:Department of Computer Science and Engineering
國立臺灣海洋大學:資訊工程學系
Keywords: 深層封包檢測;Linux Netfilter;效能提升;使用者層
Deep packet inspection;Linux Netfilter;performance improvement;user-space level
Date: 2011-08
Issue Date: 2012-04-13T01:13:37Z
Publisher: 行政院國家科學委員會
Abstract: 摘要:Netfilter是目前Linux作業系統裡最常用的防火牆系統。它最吸引使用者的特色之一,就是它可以將網路上傳送的封包攔截下來,並交由使用者層的應用程式對封包進行檢測。這也就是俗稱的Netfilter佇列(queue)界面。透過使用Netfilter佇列,複雜的封包檢測演算法可以在不需要修改作業系統樆核心的情況下就實作出來。然而,這個封包攔截界面最大的問題就是它低落的效能。根據我們量測的結果,和一般封包轉送的效能比較起來,一但使用者層的程式開始進行封包攔截的動作,即使不對封包做任何處理,它整體的系統效能也減少了30%。 在這個計畫裡,我們嘗試找出目前Netfilter佇列封包處理架構的效能瓶頸。依據我們的觀察,我們將提出一個新的軟體架構,以消除原本造成Netfilter佇列的效能瓶頸。除此之外,我們計畫將這個新的架構將套用在開放源碼的Snort入侵偵測系統上,以證明我們所提出的架構可以輕易地和現有Netfilter佇列的應用程式進行整合並提升效能。我們預計在使用相同的硬體架構下,和原本的效能比較起來,新的系統架構可以將整體的系統提升1.3倍至1.6倍的效能。
abstract:Netfilter is the most popular firewall system used in the Linux operating system. One of its fascinating features, which is named Netfilter queue, is the ability to intercept network packets and feed them for a user space program to make further inspection. With Netfilter queue, a complicated packet inspection algorithm can be easily implemented without touching the operating system kernel. However, the problem of packet interception interface is its slow performance. Based on our measurement, compare with the packet forwarding performance, the performance drops at least 30% even if the user space program does nothing to an intercepted packet. In this work, we identify the performance bottleneck of Netfilter queue first. Based on the observation, a new software-based architecture is developed to effectively eliminate the identified bottleneck. To show that the improvement works well, we plan to integrate the new architecture into the Snort intrusion detection software, which uses Netfilter queue to intercept and process packets. We estimated that the new architecture is able to accelerate the overall system throughput in a factor ranging from 1.3x to 1.6x using the same hardware.
Relation: NSC100-2221-E019-045
URI: http://ntour.ntou.edu.tw/handle/987654321/30629
Appears in Collections:[資訊工程學系] 研究計畫

Files in This Item:

There are no files associated with this item.



All items in NTOUR are protected by copyright, with all rights reserved.

 


著作權政策宣告: 本網站之內容為國立臺灣海洋大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,請合理使用本網站之內容,以尊重著作權人之權益。
網站維護: 海大圖資處 圖書系統組
DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback