The BSD Packet Filter: A New Architecture for User-level Packet Capture
نویسندگان
چکیده
Many versions of Unix provide facilities for user-level packet capture, making possible the use of general purpose workstations for network monitoring. Because network monitors run as user-level processes, packets must be copied across the kernel/user-space protection boundary. This copying can be minimized by deploying a kernel agent called a packet filter, which discards unwanted packets as early as possible. The original Unix packet filter was designed around a stack-based filter evaluator that performs sub-optimally on current RISC CPUs. The BSD Packet Filter (BPF) uses a new, registerbased filter evaluator that is up to 20 times faster than the original design. BPF also uses a straightforward buffering strategy that makes its overall performance up to 100 times faster than Sun’s NIT running on the same hardware.
منابع مشابه
Swift: A Fast Dynamic Packet Filter
This paper presents Swift, a packet filter for high performance packet capture on commercial off-the-shelf hardware. The key features of Swift include (1) extremely low filter update latency for dynamic packet filtering, and (2) Gbps high-speed packet processing. Based on complex instruction set computer (CISC) instruction set architecture (ISA), Swift achieves the former with an instruction se...
متن کاملCross-layer Packet-dependant OFDM Scheduling Based on Proportional Fairness
This paper assumes each user has more than one queue, derives a new packet-dependant proportional fairness power allocation pattern based on the sum of weight capacity and the packet’s priority in users’ queues, and proposes 4 new cross-layer packet-dependant OFDM scheduling schemes based on proportional fairness for heterogeneous classes of traffic. Scenario 1, scenario 2 and scenario 3 lead r...
متن کاملFlexible Packet Filtering: Providing a Rich Toolbox
The BSD/OS IPFW packet filtering system is a well engineered, flexible kernel framework for filtering (accepting, rejecting, logging, or modifying) IP packets. IPFW uses the well understood, widely available Berkeley Packet Filter (BPF) system as the basis of its packet matching abilities, and extends BPF in several straightforward areas. Since the first implementation of IPFW, the system has b...
متن کاملApplying General Compiler Optimizations to a Packet Filter Generator
This paper describes the architecture of the BSD Packet Filter package, which consists of a code generator, optimizer and virtual machine. The ability to do per-packet statistical sampling was added to the package. In addition, several modifications were made to the optimizer to increase the quality of the code output. While these modifications don’t produce drastic improvements in the resultin...
متن کاملEfficient Packet Demultiplexing for Multiple Endpoints and Large Messages
This paper describes a new packet filter mechanism that efficiently dispatches incoming network packets to one of multiple endpoints, for example address spaces. Earlier packet filter systems iteratively applied each installed filter against every incoming packet, resulting in high processing overhead whenever multiple filters existed. Our new packetfilter provides an associative match function...
متن کامل