From: Şeref Tufan Şen (tufan@itu.edu.tr)
Date: Thu 26 Sep 2002 - 11:13:35 EEST
Belki ilginizi çeker diye gönderiyorum.
Begin forwarded message:
Date: Thu, 26 Sep 2002 00:41:56 +0200
From: nf@hipac.org
To: linux-kernel@vger.kernel.org
Subject: [ANNOUNCE] NF-HIPAC: High Performance Packet Classification for Netfilter
Hi,
nf-hipac aims to become a drop-in replacement for the iptables packet
filtering module. It implements a novel framework for packet classification
which uses an advanced algorithm to reduce the number of memory lookups per
packet. The module is ideal for environments where large rulesets and/or
high bandwidth networks are involved.
The algorithm code is designed in a way that it can be verified in userspace,
so the algorithm code itself can be considered correct. We are not able to
really verify the remaining files nfhp_mod.[ch] and the userspace tool
(nf-hipac.[ch]), but they are tested in depth and shouldn't contain any
critical bugs.
We have the results of some basic performance tests available on our web page.
The test compares the performance of the iptables filter table to the
performance of nf-hipac. Results are pretty impressive :-)
You can find the performance test results on our web page http://www.hipac.org
The releases can be downloaded from http://sourceforge.net/projects/nf-hipac/
Features:
- optimized for high performance packet classification
with moderate memory usage
- completely dynamic:
data structure isn't rebuild from scratch when inserting or
deleting rules, so fast updates are possible
- userspace tool syntax is very similar to the iptables syntax
- kernel does not need to be patched
- compatible to iptables: you can use iptables and nf-hipac at
the same time:
for example you could use the connection tracking module from
iptables and match the states with nf-hipac
- match support for:
+ source/destination ip
+ in/out interface
+ protocol (udp, tcp, icmp)
+ source/destination ports (udp, tcp)
+ icmp type
+ tcp flags
+ ttl
+ state match (conntrack module must be loaded)
- /proc/net/nf-hipac:
+ algorithm statistics available via
# cat /proc/net/nf-hipac
+ allows to dynamically limit the maximum memory usage
# echo > /proc/net/nf-hipac
Enjoy,
+-----------------------+----------------------+
| Michael Bellion | Thomas Heinz |
| <mbellion@hipac.org> | <creatix@hipac.org> |
+-----------------------+----------------------+
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
-- Şeref Tufan Şen İTÜ-BİDB Sistem Destek Grubu----------------------------------------------------------------------- Liste üyeliğiniz ile ilgili her türlü işlem için http://liste.linux.org.tr adresindeki web arayüzünü kullanabilirsiniz.
Listeden çıkmak için: 'linux-guvenlik-request@linux.org.tr' adresine, "Konu" kısmında "unsubscribe" yazan bir e-posta gönderiniz. -----------------------------------------------------------------------