论文标题:Linux平台下BPF模型的研究与实现
The Research & Implementation of BPF Model on Linux
论文作者 楼炳梁
论文导师 曹敬,论文学位 硕士,论文专业 计算机应用技术
论文单位 河海大学,点击次数 112,论文页数 53页File Size2043k
2004-04-29论文网 http://www.lw23.com/lunwen_85589637/ 网络信息安全;入侵检测与防御系统;BPF;Netfilter;mybpf
Network Information Security;Intrusion Detection&Prevention System;BPF;Netfilter;mybpf
实现网络入侵检测与防御系统离不开具有数据包捕获和过滤功能的软件工具包。 本文首先比较了具有代表性的包过滤机制如CSPF(CMU/Stanford Packet Filter)和BPF(Berkeley Packet Filter)等的优缺点,详细分析了BPF模型;其次,本文在Netfilter功能框架的基础上以内核模块的方式在Linux下实现了BPF模型,即mybpf模块。该模块以字符设备文件的形式为应用程序提供接口,并在Netfilter框架为IPv4定义的NF_IP_PRE_ROUTING钩子上挂接了一个钩子函数,该钩子函数实现BPF虚拟机,完成对数据包的捕获;最后,本文对mybpf模块作了相应的测试并与在SOCK_PACKET套接口上实现的BPF做了性能比较。
The implementation of Intrusion Detection & Prevention System depends on some software saddlebags to capture and filter packets.This paper makes a comparison firstly on the merits and the shortcomings of some typical packet filtering models, such as NIT, CSPF (CMU/Stanford Packet Filter) and BPF (Berkeley Packet Filter) etc. Among them, BPF model is discussed in detail. Secondly, we implement a BPF model called mybpf on Linux as a kernel module. It can collect packets within the Netfilter frame, provide the applications with an interface in char device file manner and be attached to the NF_IP_PRE_ROUTING hook defined by Netfilter frame for IPv4 as a hook function. Finally, we evaluate the performance between mybpf and other BPF on SOCK_PACKET socket.
|
