Design and implementation of a fast dynamic packet filter

  • Authors:

  • Zhenyu Wu;Mengjun Xie;Haining Wang

  • Affiliations:

  • Department of Computer Science, College of William and Mary, Williamsburg, VA;Department of Computer Science, University of Arkansas at Little Rock, Little Rock, AR;Department of Computer Science, College of William and Mary, Williamsburg, VA

  • Venue:
  • IEEE/ACM Transactions on Networking (TON)
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper presents Swift, a packet filter for high-performance packet capture on commercial off-the-shelf hardware. The key features of the Swift include: 1) extremely lowfilter update latency for dynamic packet filtering, and 2) gigabits-per-second high-speed packet processing. Based on complex instruction set computer (CISC) instruction set architecture (ISA), Swift achieves the former with an instruction set design that avoids the need for compilation and security checking, and the latter by mainly utilizing single instruction, multiple data (SIMD). We implement Swift in the Linux 2.6 kernel for both i386 and ×86-64 architectures and extensively evaluate its dynamic and static filtering performance on multiple machines with different hardware setups. We compare Swift to BPF (the BSD packet filter)--the de facto standard for packet filtering in modern operating systems--and hand-coded optimized C filters that are used for demonstrating possible performance gains. For dynamic filtering tasks, Swift is at least three orders of magnitude faster than BPF in terms of filter update latency. For static filtering tasks, Swift outperforms BPF up to three times in terms of packet processing speed and achieves much closer performance to the optimized C filters. We also show that Swift can harness the processing power of hardware SIMD instructions by virtue of its SIMD-capable instruction set.