Options
Design and Implementation of Script Language, Compiler, and Engine for Stateful Content-Based Packet Classification
Date Issued
2004
Date
2004
Author(s)
Huang, Chung-Chun
DOI
zh-TW
Abstract
In this thesis, the architecture of stateful content-based packet classification is proposed. Compared to the traditional packet classifier, this architecture is capable to inspect the packet application content, maintain and track the protocol state transition dynamically, and handle both IPv4 and IPv6 packets.
At first, we study the specification of numerous protocols and applications in wide-spread use. We generalize their features which are commonly utilized when inspecting the packet header and application content, and then Script Language is designed. Script Lan-guage has to cover sufficient types of matches to satisfy the requirements for convenience and flexibility. Next, Script Language Compiler compiles Script Language into codes which store the rule specifications into the rule table. Along with the rule table, Stateful Con-tent-based Classification Engine therefore can perform the procedure of packet classification. Classification Engine comprises several functional components. Separating the filtering pro-cedure into multiple stages is one of the features of Classification Engine. Each stage is im-plemented as different building blocks consistent with the characteristics of the matches. In addition, classification engine maintains and tracks the state transition of protocols in order to understand the evolution of connections.
The architecture we proposed not only meets the requirements of current packet classi-fication (stateful and content inspection), but also brings up some original ideas and design.
At first, we study the specification of numerous protocols and applications in wide-spread use. We generalize their features which are commonly utilized when inspecting the packet header and application content, and then Script Language is designed. Script Lan-guage has to cover sufficient types of matches to satisfy the requirements for convenience and flexibility. Next, Script Language Compiler compiles Script Language into codes which store the rule specifications into the rule table. Along with the rule table, Stateful Con-tent-based Classification Engine therefore can perform the procedure of packet classification. Classification Engine comprises several functional components. Separating the filtering pro-cedure into multiple stages is one of the features of Classification Engine. Each stage is im-plemented as different building blocks consistent with the characteristics of the matches. In addition, classification engine maintains and tracks the state transition of protocols in order to understand the evolution of connections.
The architecture we proposed not only meets the requirements of current packet classi-fication (stateful and content inspection), but also brings up some original ideas and design.
Subjects
內容檢視
狀態
封包分類
Stateful
Packet Classifier
Packet Classification
Content Inspection
Type
other
File(s)
No Thumbnail Available
Name
ntu-93-R91725009-1.pdf
Size
23.31 KB
Format
Adobe PDF
Checksum
(MD5):a35849cae170be0476bd8c44393882e1