|| ||firstname.lastname@example.org, email@example.com|
|| ||[NF-HIPAC RELEASE] High Performance Packet Classification for Netfilter|
|| ||Sat, 24 Aug 2002 22:31:14 +0200|
nf-hipac aims to become a drop-in replacement for the iptables
packet filtering module. It implements a novel framework for
packet classification which uses an advanced algorithm to
reduce the number of memory lookups per packet.
The module is ideal for environments where large rulesets and/or
high bandwidth networks are involved.
The project started in August 2001, but this is the first public release
of nf-hipac. The algorithm code itself is designed in a way that it can be
verified in userspace, so the algorithm code can be considered correct.
The remaining files nfhp_mod.[ch] and the userspace tool (nf-hipac.[ch]) are
not tested in depth and might contain bugs.
More information about the project can soon be found at http://www.hipac.org
The releases will be published on http://sourceforge.net/projects/nf-hipac/
We'd love to get some feedback from you. What do you think about
the tool, in which scenario are you using nf-hipac, what is missing,
what should be improved? Please send your e-mail to <firstname.lastname@example.org>.
- optimized for high performance packet classification
with moderate memory usage
- completely dynamic:
data structure isn't rebuild from scratch when inserting or
deleting rules, so fast updates are possible
- userspace tool syntax is very similar to the iptables syntax
- kernel does not need to be patched
- compatible to iptables: you can use iptables and nf-hipac at
the same time:
for example you could use the connection tracking module from
iptables and match the states with nf-hipac
- match support for:
+ source/destination ip
+ in/out interface
+ protocol (udp, tcp, icmp)
+ source/destination ports (udp, tcp)
+ icmp type
+ tcp flags
+ state match (conntrack module must be loaded)
You can download the release from:
| Michael Bellion | Thomas Heinz |
| <email@example.com> | <firstname.lastname@example.org> |