The stronger ability of data processing of network devices such as firewall and security gateway is required by the rapid development of Internet and its new pattern of network services. Flow classification which is able to support omnifaceted network service and improve the performance of network devices is one of the most important techonolgy for broadband network.In this thesis, the research background, development and current research status of flow classification are written first, followed by the related technology of firewall as well as UTM gateway. After that, typical flow classification algorithms are described and analyzed. To improve the shortage of flow classification algorithms, a 5-dimensional algorithm based on group mapping, which is named GMFC, is proposed here. This algorithm divides rules in the set into several groups, and sets up two tables, the Address-prefix Table and the Port-combined Table. When the data flow comes, it will be mapped into the Address-prefix Table and the Port-combined Table according to the information of the five dementions, then looks up the best matching rule in the Port-combined Table. GMFC reduces the number of looking-up rules, cuts down matching frequency, therefore improves the performance of flow classification. Furthermore, GMFC is able to support dynamic update of rules.When the rule sets is under updating, there is no need to alter data structure but modify the Address-prefix Table and the Port-combined Table.Linux firewall and Netfilter frame is also inverstigated here. On this basis, the module of flow classification in the UTM gateway, which is based on GMFC, is designed. Finally, a network testing platform is built up to test and compare the performance of flow classification algorithms. The results indicate that GMFC is provided with preferable efficiency on space and time. It is capable for application to large scale rule sets. |