The packer filter: an efficient mechanism for user-level network code
SOSP '87 Proceedings of the eleventh ACM Symposium on Operating systems principles
DPF: fast, flexible message demultiplexing using dynamic code generation
Conference proceedings on Applications, technologies, architectures, and protocols for computer communications
An extensible probe architecture for network protocol performance measurement
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
BPF+: exploiting global data-flow optimization in a generalized packet filter architecture
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
FIRE: flexible Intra-AS routing environment
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
mmdump: a tool for monitoring internet multimedia traffic
ACM SIGCOMM Computer Communication Review
OC3MON: Flexible, Affordable, High Performance Staistics Collection
LISA '96 Proceedings of the 10th USENIX conference on System administration
Operational experiences with high-volume network intrusion detection
Proceedings of the 11th ACM conference on Computer and communications security
Efficient packet classification for network intrusion detection using FPGA
Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays
Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (The Morgan Kaufmann Series in Networking)
Building a time machine for efficient recording and retrieval of high-volume network traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Measurement and analysis of spywave in a university environment
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
FFPF: fairly fast packet filters
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Efficient packet demultiplexing for multiple endpoints and large messages
WTEC'94 Proceedings of the USENIX Winter 1994 Technical Conference on USENIX Winter 1994 Technical Conference
The BSD packet filter: a new architecture for user-level packet capture
USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings
Proceedings of the 14th ACM conference on Computer and communications security
Hashing round-down prefixes for rapid packet classification
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Parallel packet classification using GPU co-processors
SAICSIT '10 Proceedings of the 2010 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists
SPAF: stateless FSA-based packet filters
IEEE/ACM Transactions on Networking (TON)
Dynamic monitoring of dark IP address space
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Modeling Filtering Predicates Composition with Finite State Automata
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
CaptureFoundry: a GPU accelerated packet capture analysis tool
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
NetSlices: scalable multi-core packet processing in user-space
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
SensorAct: a privacy and security aware federated middleware for building management
BuildSys '12 Proceedings of the Fourth ACM Workshop on Embedded Sensing Systems for Energy-Efficiency in Buildings
Scap: stream-oriented network traffic capture and analysis for high-speed networks
Proceedings of the 2013 conference on Internet measurement conference
Towards a GPU accelerated virtual machine for massively parallel packet classification and filtering
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
| Hi-index | 0.00 |
This paper presents Swift, a packet filter for high performance packet capture on commercial off-the-shelf hard-ware. The key features of Swift include (1) extremely low filter update latency for dynamic packet filtering, and (2) Gbps high-speed packet processing. Based on complex instruction set computer (CISC) instruction set architecture (ISA), Swift achieves the former with an instruction set design that avoids the need for compilation and security checking, and the latter by mainly utilizing SIMD (single instruction, multiple data). We implement Swift in the Linux 2.6 kernel for both i386 and x86_64 architectures. The Swift userspace library supports two sets of application programming interfaces (APIs): a BPF-friendly API for backward compatibility and an object oriented API for simplifying filter coding. We extensively evaluate the dynamic and static filtering performance of Swift on multiple machines with different hardware setups. We compare Swift with BPF (the BSD packet filter)--the de facto standard for packet filtering in modern operating systems--and hand-coded optimized C filters that are used for demonstrating possible performance gains. For dynamic filtering tasks, Swift is at least three orders of magnitude faster than BPF in terms of filter update latency. For static filtering tasks, Swift outperforms BPF up to three times in terms of packet processing speed, and achieves much closer performance to the optimized C filters.