The Study Of Linux IPv6 Firewall Based On HiCuts Algorithm

With the rocketing development of the internet epoch,people are,while enjoying the comfort and convenience of the internet,facing with the emerging challenges from the internet attack.Therefore,how to make improvement and perfection of the firewall system has become a main focus within the internet academic circle.Among the researches of internet safety protection,the update of IPv6 has been carved with great significance both in the internet technical progress and in the contribution to the internet safety development.Within the various investigations of IPv6 safety,IPv6 firewall has been brought forward as one of its major research achievements.The firewall is a specially programmed router.The IPv6 firewall in Linux is a typical packet filter firewall,which acquires the sequential lookup algorithm and adopts the Netfilter as its firewall framework.Linux IPv6 could be very efficient when dealing with small sets of rules.However,facing with large sets,the rapidity is quickly declined. According to the careful analysis of the IPv6 protocol stack and tests of the performance of Firewall in large set of rules,the author found that the sequential lookup algorithm is the efficiency choke point of Linux IPv6 firewall performance.Based on the analysis above,data extraction method,a brand new algorithm which is based on the HiCuts algorithm has been brought forward in this investigation.This algorithm,though is conducted as an effective settlement for problems in sequential lookup algorithm of large sets of rules,is still short for its improvement of capacity. Thus this thesis mainly draws its focus on the improvement of Hicuts IPv6 algorithm, and brings forward a totally new algorithm method,that is data extraction method, which will help enhance the performance of the firewall system as well as the solving the problems in the large sets of rules.This investigation is of both theoretical and practical significance in that it not only makes a further improvement of Hicuts IPv6 algorithm and gives a new bit extraction method,but also programs a new design of IPv6 packet filtering firewall system which is actualized in the Linux 2.4 kernel.This investigation has been verified as a more effective,stable and economical design and it will hopefully be of contribution to the internet safety protection.