| With the rapid development and extensive use of the internet in the worldwide, Computer network has become the basis of the information society and penetrated into every corner of society.In the early stage, router and firewall——the main equipment of data transmission, forwarded the packet without distinguishing.But this approach was unable to meet the current needs of the community people on the network. Therefore, in order to gratify different users, routers need to classify the transmission's data, which should provide different network services.The packet classification technology became the foundation of differentiated services which includes packet filtering firewall, network intrusion detection, VPN, policy routing and so on.Based on the idea of classifying and then disposing each packet, it has also become a performance bottleneck in the modern high-speed network. So we need a high-speed packet classification algorithm, this is also a difficult problem that must be solved currently.In this paper, the background, the current situation and the applications of the packet classification algorithm have been analyzed. Based on the study of the advantages and disadvantages of the present several classical packet classification algorithms and the main idea, we considered a category faster packet classification algorithm-RFC (Recursive Flow Classification) algorithm as its research target. The research indicates that when the algorithm's rule set increases rapidly, the space which has been occupied of RFC algorithm will also increase rapidly. To solve the problem, this paper puts forward an improved algorithm-CRFC algorithm, and the algorithm's optimization and implementation in the Linux firewall. CRFC algorithm takes space and time performance into account synthetically. According to the original RFC algorithm's each element characteristics in constructing the index cross-product table, it takes a compression method to the index cross-product so as to achieve optimization of the original algorithm in the storage space.In order to achieve efficient performance of CRFC algorithm, the paper also carried out in-depth study to the Linux firewall, as the old Linux firewall adopted the linear matching during the rules search of the data packet, which may become a performance bottleneck. To solve this problem, I adopt CRFC algorithm to find the packets in the netfilter framework of the Linux firewall and write it into the Linux kernel. Through the improvement of the algorithm, the performance of Linux firewall has achieved a certain increase.Finally, by setting up the experimental test environment, I have analyzed both the performance of the CRFC algorithm and its practical application in the Linux firewall. Moreover, I have also made a comparison between the experimental results of the linear algorithm, RFC algorithm and CRFC algorithm, which prove that CRFC algorithm give rise to a certain improvement and enhancement of the performance of Linux firewall. |
PDF Full Text Request