Hardware Assisted Packet Filtering Firewall

A packet filter is a hardware or software mechanism that can be configured to select packets from a traffic stream based on some criteria. Many research works have been done in the past in the area of classifying packets based on one or more packet header fields. Those works are directed towards finding efficient algorithms and implementation architectures for high speed routing, Quality of Service (QoS), security enforcement through the use of firewalls, and other similar applications. This paper presents an overview of existing packet classification schemes, with particular attention to the ones that deal with classification based on multiple fields, are suitable for firewalls, and have possibility of efficient implementation using hardwares such as Content Addressable Memories (CAMs). With the availability of more flexible and faster CAMs in the past few years, their use in search applications has become more promising. Therefore, a major portion of this document also goes into discussing the possibilities of using CAMs for packet filtering.