Enabling precise traffic filtering based on protocol encapsulation rules

Current packet filters have a limited support for expressions based on protocol encapsulation relationships and some constraints are not supported at all, such as the value of the IP source address in the inner header of an IP-in-IP packet. This limitation may be critical for a wide range of packet filtering applications, as the number of possible encapsulations is steadily increasing and network operators cannot define exactly which packets they are interested in. This paper proposes a new formalism, called eXtended Finite State Automata with Predicates (xpFSA), that provides an efficient implementation of filtering expressions, supporting both constraints on protocol encapsulations and the composition of multiple filtering expressions. Furthermore, it defines a novel algorithm that can be used to automatically detect tunneled packets. Our algorithms are validated through a large set of tests assessing both the performance of the filtering generation process and the efficiency of the actual packet filtering code when dealing with real network packets.

Enabling precise traffic filtering based on protocol encapsulation rules / Cerrato, Ivano; Risso, Fulvio. - In: COMPUTER NETWORKS. - ISSN 1389-1286. - STAMPA. - 136(2018), pp. 51-67.

SFX


Titolo: Enabling precise traffic filtering based on protocol encapsulation rules
Autori: 
CERRATO, IVANO
RISSO, FULVIO GIOVANNI OTTAVIO
Data di pubblicazione: 2018
Rivista: 
COMPUTER NETWORKS  
Digital Object Identifier (DOI): http://dx.doi.org/10.1016/j.comnet.2018.02.027
Appare nelle tipologie:1.1 Articolo in rivista

File in questo prodotto:
FileDescrizioneTipologiaLicenza 
18Comnet-Filtering.pdf 2. Post-print / Author's Accepted ManuscriptVisibile a tuttiVisualizza/Apri
18Comnet-Filtering-published.pdf 2a Post-print versione editoriale / Version of RecordNon Pubblico - Accesso privato/ristrettoAdministrator   Richiedi una copia
Utilizza questo identificativo per citare o creare un link a questo documento:
http://hdl.handle.net/11583/2707749

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
 
 
 
Powered by IRIS-about IRIS-Utilizzo dei cookie
Logo CINECA  Copyright © 2021