| With the fast development of Internet, the security of network has become a crucial issue that people focus on. In order to overcome the disadvantages of IPv4, especially the lack of IP address and the over-expansion of Route tables in the backbone Routers, IETF has established IPng Organization. The next generation IP protocol — IPv6, thus has come into being.As we all know, IPv6 will lead take the dominant position in the development of Internet. Meanwhile, the security of the next generation network has become the problem demanding prompt solution. Firewall, as a powerful tool in the security of Network, has been widely used in IPv4 Network. However, this powerful tool is seldom used in IPv6 Network.As an open source Operation System, Linux has been widely used on all kinds of platforms. Netfilter framework, which is the middle level of Linux Operation System and Firewall applications, has been integrated into Linux kernel 2.4 and kernel 2.6. Both kernel 2.4 and 2.6 support IPv6 protocol stack. Linux firewall is a kind of Packet Filter Firewall of stability and reliability. However, the efficiency of filtering is not so satisfactory, especially in IPv6 packets filtering.The algorithm of firewall in Linux kernel 2.4 and 2.6 is a kind of algorithm called sequential lookup, which is inefficient, especially when dealing with large set of rules. After analyzing the IPv6 protocol stack carefully and testing the performance of firewall in large set of rules, we can draw a conclusion that the sequential lookup algorithm is a performance bottleneck for firewall as well as IPv6 protocol stack.Based on these analyses, a new algorithm based on the algorithm of... |
PDF Full Text Request