However, this is exactly analogous to a linear search for exact matching. Next, comparing the TCP port numbers in the packet to each of the 500 port pairs specified in each of the 500 filters is not obvious waste. Doing each filter sequentially would require comparing the Ethernet type of the packet 500 times against the (same) IP Ethernet type field and comparing the IP protocol field 500 times against the (same) TCP protocol value. To motivate the Pathfinder solution, imagine there are 500 filters, each of which is exactly the same (Ethernet type field is IP, IP protocol type is TCP) except that each specifies a different TCP port pair. This allows scaling to a large number of users. Pathfinder goes beyond BPF by providing composability. The need to deal with this change in environment (user-level networking) led to another successful mutation called Pathfinder ( Bailey et al., 1994). In particular, each TCP connection may provide a filter, and the number of concurrent TCP connections in a busy server can be large. However, this is not true if early demultiplexing is used to discriminate between a large number of packet streams or paths. For example, a typical tcpdump application may provide only a few filters to BPF. Fortunately, this is not a problem for typical BPF usage. Thus the processing time grows with the number of filters.
However, every packet must still be compared with each filter in turn. George Varghese, Jun Xu, in Network Algorithmics (Second Edition), 2022 8.5 Pathfinder: factoring out common checksīPF is a more refined adaptation than CSPF because it increases speed for a single filter.
0 kommentar(er)
