Implement Of High Performance Policy Routing Under Linux Kernel

In computer network, The traditional routing selected on the basis of the destination address of IP packet. In practice, sometimes we hope that routing is not merely based on the destination address of the IP packet, but also based on the source address of the IP packet or other information. Usually we call this kind of routing the Policy Routing.As an open source Operation System, Linux can act as a router. The Policy Routing mechanism Under the Linux can select routing according to the destination address, the source address, the characteristic of application layer data port and so on. Moreover with the assistance of the traffic control tool TC, the function is powerful. But for the compatibility, the kernel uses the linear algorithm when it searches the routing rules in RPDB. This brings a serious influence on the performance of routing forward. And in practice, the network administrators sometimes hope that Linux can provide some other functions, including the expense policy and filtering the attacking packets intelligently. Due to the expense policy is to provide service through the high speed way in certain period of time when source IP accesses some certain target IP, the present policy routing mechanism of Linux appears insufficient.In view of the above question, this topic project is trying to provide the solutions to analyze the Linux kernel network stack. On the basis of analyzing many kinds of routing search algorithm and the Linux route mechanism, a highly effective algorithm fitting experimental conditions is selected, and two kinds of routing policies are designed and implemented: the expense policy and non-routing policy based on the attack detection. The policy based on the expense is implemented by using the multi-branches tree search algorithm, and non-routing policy through has been implemented by self-definition detection attack algorithm. Through modification of the packets flow in the Linux kernel and reasonable selection of the routing search algorithm, we can achieve high performance of forwarding packets.The policy routing system has passed the testing and reached the expected result. The network administrators can establish the route rule according to actual demands themselves. The rule parameters include time, source address, destination address and so on. And we can also monitor the attacking behaviors that possibly exist.