Packet filtering specifies which type of traffic is allowed to/from organizational network. Each data packet is compared against a rule set. The number of comparisons that must be performed is increased when the size of the rule set is increased. In high bandwidth networks the packet filtering becomes a time consuming task which can reduce the overall throughput. To solve this problem a wide range of researches have been done to improve the overall throughput of packet filtering firewalls. In this paper, comparison of data packet against the rule set for IPTables is performed in user-space by employing parallel processing capability of Graphics Processing Unit. The results show that the CPU-GPU parallel code brings higher throughput over CPU version of IPTables code. The overall throughput for 80 bytes packet size and rule set size of 10,000 is about 400,000 Packets-Per-Second which is 43 times faster than CPU version code.
Karimi,K. , Ahmadi,A. and Ahmadi,M. (2014). Parallel Implementation of Linux Packet Filtering. (e215845). The CSI Journal on Computer Science and Engineering, 11(2), e215845
MLA
Karimi,K. , , Ahmadi,A. , and Ahmadi,M. . "Parallel Implementation of Linux Packet Filtering" .e215845 , The CSI Journal on Computer Science and Engineering, 11, 2, 2014, e215845.
HARVARD
Karimi K., Ahmadi A., Ahmadi M. (2014). 'Parallel Implementation of Linux Packet Filtering', The CSI Journal on Computer Science and Engineering, 11(2), e215845.
CHICAGO
K. Karimi, A. Ahmadi and M. Ahmadi, "Parallel Implementation of Linux Packet Filtering," The CSI Journal on Computer Science and Engineering, 11 2 (2014): e215845,
VANCOUVER
Karimi K., Ahmadi A., Ahmadi M. Parallel Implementation of Linux Packet Filtering. CSIonJCSE, 2014; 11(2): e215845.
The CSI Journal on Computer Science and Engineering