The Research Of The Efficient Packet Filtering Technology Based On Linux

Along with the rapid development and widespread application of computer network technology, while enjoying the convenience of high speed network, we are also under the threat of viruses from the network. Therefore, a lot of network security equipments and software are used for protecting the LAN and computer. The packet filtering technology, as the key technology of the network security products, is more and more important in the network security research domain nowadays.How to improve the ability of packet processing under the high speed network has already become the hot spot and difficulty in the research filed of the network security. The application of new techniques such as fiber communications brings great increase to transmission speed of the Internet, the rapid accelerating of network transmission speed sets higher requirements for the capability of network security system. And improving the ability of packet filtering is the key to promote the capability of network security system. Therefore, under the high speed network environment, it is very meaningful to research how to improve the efficiency of packet filtering.This thesis introduced and analyzed the technologies of packet capture, packet analyzing, rule matching and the communications between the kernel and user space firstly, and on this basis, according to the insufficiency of current packet filtering system under the high speed network, referenced the research results of related fields, then put forward a high efficiency packet filtering system based on Linux, researched some key technologies of this system such as the high capability packet capture and the efficiency keywords matching, and realized the special-purpose high speed TCP/IP protocol stack in Linux and the high effective packet filtering system.The main works of this thesis been done as follows: first, improved the TCP/IP stack, realized the packet rapid transmission in the stack; And then modified the network card driver, using the equipment polling mechanism and the ring buffer, enhanced the packet capture capability of the network card; In the communications between the kernel and user space, using the NETLINK socket that is efficient and easy to use, accelerated the communications between the kernel and user space; In the pattern matching, improved the original KMP algorithm, proposed the improved KMP algorithm based on the neighbor bit comparison, thereby promoting the performance of the rule matching. After testing, the realization of these techniques has enhanced the packet filtering efficiency obviously.