SPAF: Stateless FSA-based Packet Filters


We propose a stateless packet filtering technique based on Finite-State Automata (FSA). FSAs provide a comprehensive framework with well-defined composition operations that enable the generation of stateless filters from high-level specifications and their compilation into efficient executable code without resorting to various opportunistic optimization algorithms.

In contrast with most traditional approaches, memory safety and termination can be enforced with minimal run-time overhead even in cyclic filters, thus enabling full parsing of complex protocols and supporting recursive encapsulation relationships. PACKET filters are a class of packet manipulation programs used to classify network traffic in accordance to a set of user-provided rules; they are a basic component of many networking applications such as shapers, sniffers, demultiplexers, firewalls and more.

A stateless packet filter can be expressed as a set of predicates on packet fields, joined by boolean operators; often these predicates are not completely independent from one another and the evaluation of the whole set can be short-circuited. One of the most important questions in designing generators for high-performance filters is therefore how to efficiently organize the predicate set to reduce the amount of processing required to come to a match/mismatch decision.

By considering packet filtering as a regular language recognition problem and exploiting the related mathematical framework to express and organize predicates as finite-state automata, SPAF achieves by construction a reduction of the amount of redundancy along any execution path in the resulting program: any packet field is examined at most once. This property emerges from the model and it always holds even in cases that are hard to treat with conventional techniques, such as large-scale boolean composition. Moreover, thanks to their simple and regular structure, finite automata also double as an internal representation directly translatable into an optimized executable form without requiring a full-blown compiler. Finally, safety (both in terms of termination and memory access integrity) can be enforced with very low runtime overhead.


BPF ( Berkeley Packet Filter) Approach

CFG-based approach


Hardware Requirements:

  • •  Minimum 1.1 GHz PROCESSOR should be on the computer .

    •  128 MB RAM.

    •  20 GB HDD.

    •  1.44 MB FDD.

    •  52x CD-ROM Drive .

    •  MONITORS at 800x600 minimum resolution at 256 colors minimum.

    •  I/O, One or two button mouse and standard 101-key keyboard.

S/W System Configuration:-


  • •  Operating System : Windows 95/98/2000/NT4.0.

    •  Technology : JAVA, JFC(Swing)

    Development IDE : Eclipse 3.x



<< back

Related Projects : Online Real Estate Property Management ,Online Recruitment System ,Online Rental House Web Portal ,Online University ,Optimal Channel Access Management with QoS Support for Cognitive Vehicular Networks ,Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks ,Orkut Using Java ,Personal Authentication Based On Iris Recognition ,Planning of Wireless Sensor Networks ,Predicting Missing Items in Shopping Carts ,Project Controller ,Project Scheduler ,Project Tracking ,Promotional Portal ,Random Cast ,Real-Time Detection Of Clone Attacks ,Reality Shows Organization ,Record Tracker ,Remote Administration using Mobile ,Remote PC Administration Using J2ME ,Resilient Online Coverage For Surveillance Applications , Resource Allocation in OFDMA Wireless Communications Systems Supporting Multimedia Services ,RITAS: Services For Randomized Intrusion Tolerance ,Route Stability in MANETs under the Random Direction Mobility Model ,Script Identification Through Temporal Sequence Of The Strokes ,Secret Key Establishment Using Temporally and Spatially Correlated Wireless Channel Coefficients ,Secure and Policy-Compliant Source Routing ,Secure Data Transmission , Ship Store System ,Smart Network Profile Manager



Copyright © V2computers 2006 through 2017