Fast Firewall Implementations for Software-Based Routers
Routers must perform packet classification at high speeds to efficiently implement functions such as firewalls. The classification can be based on an arbitrary number of prefix arid range fields in the packet header. The classification required for firewalls is beyond the capabilities offered by standard Operating System classifiers such as BPF, DPF, PathFinder and others. In fact there are theoretical results that show the general firewall classification problem.