| Summary: | 碩士 === 淡江大學 === 資訊工程學系碩士班 === 99 === As the network speed becomes faster, network security technology must be more efficient in dealing with high traffic flow. The traditional security measures such as firewalls, intrusion detection systems must confirm the packets are correct and untampered after receiving them from the network, therefore, the efficiency of packet capturing in high speed network is very important. Packet capturing usually cause packet lose, for that reason, we use the PF_RING packet capturing library to improve this problem. In addition to the packet capture, PF_RING can also do the packet content filtering by writing plug-ins. In this study, we use PF_RING to implement a packet filtering system and rewrite the packet content matching mechanism in kernel module of PF_RING. We add the regular expression compared library Regex, compare and analysis with the original performance of the PF_RING, hoping to enhance the performance of packet filtering in high-speed network. Confirmed after the experiment, the time spend of packet content comparing in Regex is less than the Textsearch which defaults in PF_RING, and after using Regex we can write pattern by regular expression, the performance is better than using simple string matching.
|
|---|
