Concept
Netfilter
Related publications (9)
Verification of Software Network Functions with No Verification Expertise
Software network functions (NFs), such as a network address translator, load balancer, or proxy,
promise to bring flexibility and rapid innovation to computer networks and to reduce operational costs.
However, continuous updates and flexibility typically c ...
EPFL2020A Formally Verified NAT Stack
George Candea, Solal Vincenzo Pirelli, Arseniy Zaostrovnykh
Prior work proved a stateful NAT network function to be semantically correct, crash-free, and memory safe. Their toolchain verifies the network function code while assuming the underlying kernel-bypass framework, drivers, operating system, and hardware to ...
2018A Formally Verified NAT Stack
George Candea, Solal Vincenzo Pirelli, Arseniy Zaostrovnykh
Prior work proved a stateful NAT network function to be, crash-free, memory safe and semantically correct [29]. Their toolchain verifies the network function code while assuming the underlying kernel-bypass framework, drivers, operating system, and hardwar ...
ASSOC COMPUTING MACHINERY2018How to Measure the Killer Microsecond
Datacenter-networking research requires tools to both generate traffic and accurately measure latency and throughput. While hardware-based tools have long existed commercially, they are primarily used to validate ASICs and lack flexibility, e.g. to study n ...
Assoc Computing Machinery2017Optimal Filtering of Source Address Prefixes: Models and Algorithms
How can we protect the network infrastructure from malicious traffic, such as scanning, malicious code propagation, and distributed denial-of-service (DDoS) attacks? One mechanism for blocking malicious traffic is filtering: access control lists (ACLs) can ...
2009Network coding for efficient communication in extreme networks
Jean-Yves Le Boudec, Jörg Widmer
Some forms of ad-hoc networks need to operate in extremely performance- challenged environments where end-to-end connectivity is rare. Such environments can be found for example in very sparse mobile networks where nodes ”meet” only occasionally and are ab ...
2005A Test-Bed for Misbehavior Detection in Mobile Ad-hoc Networks - How Much Can Watchdogs Really Do?
Jean-Yves Le Boudec, Cédric Tissières, Sonja Buchegger
Several misbehavior detection and reputation systems have been proposed for mobile ad-hoc networks, relying on direct network observation mechanisms, so-called watchdogs. While these approaches have so far only been evaluated in simulations and restricted ...
2004A Test-Bed for Misbehavior Detection in Mobile Ad-hoc Networks --- How Much Can Watchdogs Really Do?
Jean-Yves Le Boudec, Cédric Tissières, Sonja Buchegger
Several misbehavior detection and reputation systems have been proposed for mobile ad-hoc networks, relying on direct network observation mechanisms, so-called watchdogs. While these approaches have so far only been evaluated in simulations and restricted ...
2003Preferential Treatment of Acknowledgment Packets in a Differentiated Services Network
In the context of Differentiated Services (DiffServ), we investigate the effect of acknowledgment marking on the throughput of TCP connections. We carry out experiments on a testbed offering three classes of service (Premium, Assured and Best-Effort), and ...
2001