隨著網路速度越來越快,網路安全的技術也必須隨之提昇,以往的網路安全防衛措施如防火牆、入侵偵測系統等都是先讀入封包,確認接收到的封包為正確而未經竄改之後,再對封包作進一步的處理,因此對於高速網路中的封包擷取就非常重要。在高速網路的環境下擷取封包容易產生封包流失現象,因此我們使用了PF_RING這套封包擷取函式庫來改善這個問題。而PF_RING除了封包擷取之外還能透過撰寫外掛程式來進行封包內容過濾,在本研究即利用PF_RING實做出封包過濾系統,並且將PF_RING核心模組中的封包內容比對機制改寫,加入Regex正則表達式比對函式庫,與原先之PF_RING進行效能的比對分析,希望能夠將高速網路下的封包過濾效能更加提昇。經過我們的實驗證實Regex在比對封包內容所花的時間比PF_RING預設之Textsearch字串比對函式庫來得少,且改成Regex後可用Regular Expression來表示Pattern,效率比單純用字串比對來得更好。 As the network speed becomes faster, network security technology must be more efficient in dealing with high traffic flow. The traditional security measures such as firewalls, intrusion detection systems must confirm the packets are correct and untampered after receiving them from the network, therefore, the efficiency of packet capturing in high speed network is very important. Packet capturing usually cause packet lose, for that reason, we use the PF_RING packet capturing library to improve this problem. In addition to the packet capture, PF_RING can also do the packet content filtering by writing plug-ins. In this study, we use PF_RING to implement a packet filtering system and rewrite the packet content matching mechanism in kernel module of PF_RING. We add the regular expression compared library Regex, compare and analysis with the original performance of the PF_RING, hoping to enhance the performance of packet filtering in high-speed network. Confirmed after the experiment, the time spend of packet content comparing in Regex is less than the Textsearch which defaults in PF_RING, and after using Regex we can write pattern by regular expression, the performance is better than using simple string matching.
