Professional Documents
Culture Documents
Blablaron
Blablaron
I. I NTRODUCTION
To meet the throughput gain requirement
II. E XISTING W ORK
III. P ROBLEM S TATEMENT
In this section, we at first define the PACKET C LASSIFICATION
P ROBLEM and the extended version of it, before introducing the main idea behind our approach. This enables us
to subsequentlyin the next sectionget across an abstract
description of our idea in formal terms, as well as the concrete
way of implementation.
A. The Packet Classification Problem
Implemented in packet classifiers, packet classification is
the process of classifying a network packet based on predetermined rule set and the packet header values. A list of rules
R = hR0 , . . . , Rn ialso called a rule setis an ordered
list, in which each rule Ri consists of match part Ci also
called a check, a corresponding action ai that is executed
upon selecting the rule, and a unique priority: its index in the
rule set. Each packet p has a header H = (H1 , . . . , HF )
D1 DF , where Hi is the ith header value in the
ith domain Di , and F the header dimension. In practice,
domains are often integer values, representing for example
IP-addresses, or transport layer protocol numbers. The match
part Ci of a rule Ri in the rule set R consists of F checks
Cij : Dj {true, false} with
Ci = Ci1 CiF .
For a packet to satisfy a specific rule, all of the header
values must be checked with a positive resultthat is, j
j
{1, ..., F } : Cm
(Hj ) = true. Typically, checks are often
range or equality teststhink of routers determining the path
based on belonging to a particular subnet.
Based on the above-mentioned definitions, the PACKET
C LASSIFICATION P ROBLEM can be stated as follows: given a
packet p and a rule set R, find the rule Rm with the highest
priority in R matching ps header H; i.e.,
j
min{m | j {1, ..., F } : Cm
(Hj ) = true}
For example, a firewall operating on the edge of a network, could be set up to drop TCP packets with destination
IP-address 141.158.44.12 and port 8080. A corresponding
iptables-rule for this specification would be the following:
--src 141.158.44.12 -p tcp --dport 8080 -j DROP
linearcomplex (R, H)
classif y(R, H) = linear(classif y(SR,A0 , H), H)
(0) how do we solve the problem (informal) (1) it is important to maintain the correctness of (*) (2) abstract algorithm (3)
2 categories of advanced algorithm: story of Bitvector, story
of HyperSplit (maybe refer to cutting-class)
R EFERENCES
[1] Ipfw firewall. https://www.freebsd.org/doc/handbook/firewalls-ipfw.html.
Last accessed: July 3, 2016.
[2] The netfilter.org project. www.netfilter.org. Last accessed: July 1, 2016.