| Summary: | 碩士 === 元智大學 === 資訊工程學系 === 92 === As communication technology advances, network capacity grows exponentially in recent years. The performance of network monitoring tools is getting more critical as they must process much lager number of packets in a unit of time than ever before. A common core component in any network monitoring tools is a packet filter which processes every packet header and passes those packets matching some filter rules to user spaces for further processing. Previous work on packet filters make an effort to investigate flexible and extensible filter abstractions but sacrifice performance, or focus on low-level, optimized filtering representations but sacrifice flexibility. In this paper, a packet filter architecture called Packet Filter Cache (PFC) is proposed to improve the performance of existing packet filters. The PFC architecture adds a filter rule cache before an existing packet filter. Instead of caching instruction set as in Warm cache, the filter rule cache stores the hash value of a filter rule as a hash table entry that can be searched in one memory access. By taking advantage of the hash lookup speed, PFC can boost filtering performance by using only small cache size. Moreover, PFC also caches unmatched packet flows to achieve high hit rate. Since PFC is only a cache mechanism added before a traditional packet filter, it does not need to re-engineer existing filter module and hence can be applied on most packet filters. Simulation shows PFC can improve the processing time about four times at cache hit rate of 70%.
|
|---|
