Skip to Main Content
We propose a stateless packet filtering technique based on finite-state automata (FSA). FSAs provide a comprehensive framework with well-defined composition operations that enable the generation of stateless filters from high-level specifications and their compilation into efficient executable code without resorting to various opportunistic optimization algorithms. In contrast with most traditional approaches, memory safety and termination can be enforced with minimal run-time overhead even in cyclic filters, thus enabling full parsing of complex protocols and supporting recursive encapsulation relationships. Experimental evidence shows that this approach is viable and improves the state of the art in terms of filter flexibility, performance, and scalability without incurring in the most common FSA deficiencies, such as state-space explosion.