A prefix-based approach for managing hybrid specifications in complex packet filtering

Authors:
Nizar Ben Neji;Adel Bouhoula
Affiliations:
Higher School of Communications of Tunis (Sup'Com), University of Carthage, City of Communications Technologies, Elghazala 2083, Ariana, Tunisia;Higher School of Communications of Tunis (Sup'Com), University of Carthage, City of Communications Technologies, Elghazala 2083, Ariana, Tunisia
Venue:
Computer Networks: The International Journal of Computer and Telecommunications Networking
Year:
2012

Citing 14
Cited 2

Scalable high speed IP routing lookups

SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Packet classification on multiple fields

Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Routing Table Compaction in Ternary CAM

IEEE Micro
Optimal routing in Chord

SODA '04 Proceedings of the fifteenth annual ACM-SIAM symposium on Discrete algorithms
A 2-Level TCAM Architecture for Ranges

IEEE Transactions on Computers
New left-to-right minimal weight signed-digit radix-r representation

Computers and Electrical Engineering
A high-speed range-matching TCAM for storage-efficient packet classification

IEEE Transactions on Circuits and Systems Part I: Regular Papers
Computing the minimum DNF representation of Boolean functions defined by intervals

Discrete Applied Mathematics - Special issue: Boolean and pseudo-boolean funtions
Worst-case TCAM rule expansion

INFOCOM'10 Proceedings of the 29th conference on Information communications
Simple efficient TCAM based range classification

INFOCOM'10 Proceedings of the 29th conference on Information communications
Tree-based minimization of TCAM entries for packet classification

CCNC'10 Proceedings of the 7th IEEE conference on Consumer communications and networking conference
Toward Advocacy-Free Evaluation of Packet Classification Algorithms

IEEE Transactions on Computers
Algorithms for packet classification

IEEE Network: The Magazine of Global Internetworking
Efficient Modulo $2^{n}+1$ Multipliers

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Editorial: Special issue on "Challenges in high-performance switching and routing in the Future Internet"

Computer Networks: The International Journal of Computer and Telecommunications Networking
Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

The coexistence of range-based and prefix-based fields within the filtering policy is one of the most important causes that make the packet filtering problem difficult to solve and the proposed hybrid solutions hard to implement. In general, a packet filter must support rule sets involving any conditions and it must be able to scale the number of rules, the number of fields, and the field sizes that it supports in order to avoid being outdated by future Internet developments. Since the prefix-based solutions are the most efficient in practice, we try to efficiently incorporate ranges in such data structures using the new concept of signed prefixes that helps to guarantee homogeneity when matching on multiple packet header fields of distinct types. The proposed two-staged prefix-based model is able to achieve good performance in a practical environment and it scales well as the filtering list size increases and contains a large variety of range specifications. The proposed packet filtering model gives a worst case time complexity of O((log"2(w))^2) and a worst case space complexity of O(Nwlog"2(w)) in the case of performing a binary search on each stage with N the size of the filtering table and w the size of packet header field to be inspected.