孫雅麗2006-07-262018-06-292006-07-262018-06-292005http://ntur.lib.ntu.edu.tw//handle/246246/18848在這一年的計畫當中，我們研究與實 作一個稱為SConPaC 的狀態化網路封包 內容分類器引擎以及其描述語言與編譯 器。SConPaC 的設計目標：不同於傳統 的封包分類器，本系統具有應用層內容檢 視、動態的通訊協定狀態紀錄與維持，以 及能夠同時處理IPv4/IPv6 封包的特點。 本系統a) 根據多種常見的通訊協定 與應用服務之規格開始，歸納出檢視封包 標頭與應用層內容時會使用的比對特徵； 進而設計合適的描述語言(script language)。描述語言包含足夠的比對參數 種類，以滿足便利與彈性的需求; b) 描述 語言編譯器(script language compiler)將描 述語言翻譯成程式碼，自動地將規則寫進 規則資料庫內，以提供狀態化內容分類引 擎(stateful content-based classification engine) 分類封包時的依據; c) 分類引擎 將分類程序切割成多個階段，每個階段由 不同的建構模組來進行分類程序; 以及d) 維持與追蹤通訊協定狀態。 本計畫所提出的SConPaC 封包分類 架構，不但符合現今封包分類的要求(狀態 化及內容檢視)，同時也提出了獨創的概念 及設計。In this year of the project, we developed a new stateful content-based packet classification called SConPaC. The motivation for developing SConPaC is stated as follow: compared to the traditional packet classifier, this architecture is capable to inspect the packet application content, maintain and track protocol state transition dynamically, and handle both IPv4 and IPv6 packets. We study numerous applications and protocols in wide-spread use. We generalize their features which are commonly utilized when inspecting the application content and packet header. Our Script Language covers sufficient types of matches to satisfy the requirement of convenience and flexibility. Script Language Compiler compiles the script language into codes and stores the rule specifications into a rule table. Along with the rule s, SConPaC Engine can perform the procedure of packet classification. SConPaC Engine comprises several functional components. Separating the filtering procedure into multiple stages is one of the features of Classification Engine. Each stage is implemented as different building blocks consistent with the characteristics of the matches. In addition, classification engine maintains and tracks the state transition of protocols in order to understand the evolution of connections. The architecture we proposed not only meets the requirements of current packet classification (stateful and content inspection), but also brings up some original ideas and design.application/pdf99986 bytesapplication/pdfzh-TW國立臺灣大學資訊管理學系暨研究所封包分類狀態內容檢視Packet ClassificationPacket ClassifierStatefulContent Inspectionotherhttp://ntur.lib.ntu.edu.tw/bitstream/246246/18848/1/932213E002113.pdf